Removed: facemoods.dll, facemoodssrv.exe, facemoodsTlbr.dll, MessengerAssist.exe (adware MarketScore)

Dmitry Sokolov recommends UnHackMe!


UnHackMe quickly removes pop-up ads, search redirecting, browser hijack, spyware, keyloggers, PC slowdown issues. Download Now!

Download free e-book [PDF]: "How to Easily Remove Malware with UnHackMe"

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)


Share This:

Malware: SetupMessengerAssist.exe

Removed: C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: {64182481-4F71-486b-A045-B233BD0DA8FC}
Author: facemoods.com BHO
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\BH\FACEMOODS.DLL
Type: Browser Helper Objects


Your Vote?
0 0

Item Name: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
Author: facemoods.com
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\FACEMOODSTLBR.DLL
Type: Toolbars

Item Name: facemoods
Author: facemoods.com
Related File: C:\PROGRAM FILES\FACEMOODS.COM\FACEMOODS\1.4.17.0\FACEMOODSSRV.EXE
Type: Registry Run

Item Name: Messenger Assist.lnk
Author: BookmarkSoft
Related File: C:\PROGRAM FILES\MESSENGER ASSIST\MESSENGERASSIST.EXE
Type: Common Startup Folder

Item Name: MessengerAssist.exe
Author:
Related File: C:\PROGRAM FILES\MESSENGER ASSIST\MESSENGERASSIST.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\facemoods
Value: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe” /md I”

Folders:
C:\Documents and Settings\Administrator\Application Data\facemoods.com
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist
C:\Program Files\facemoods.com\facemoods
C:\Program Files\Messenger Assist

Files:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist on the Web.url
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Uninstall.lnk
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\Messenger Assist\facemoods.exe
C:\Program Files\Messenger Assist\InternalUtils.dll
C:\Program Files\Messenger Assist\Interop.iTunesLib.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe

—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16160.0 2010.10.25 Gen:Adware.Heur.qq1@R8TEFdhi
Kaspersky 7.0.0.125 2010.10.25 -
Microsoft 1.6301 2010.10.24 -
NOD32 5560 2010.10.24 Win32/Adware.MarketScore.A

—————————————————————————————————————————-

MD5 8b619ceff228486a661158e448598fb5

SHA1 907f3ef94ba09be7de0e9336db8f95552e607416

SHA256 0e858b47025a2ff4be970c9ebaa676b46ae20b39903eb153eb912677f7c8c6cc

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:209
———————————-
HKLM\Software\Classes\AppID\escort.DLL
HKLM\Software\Classes\AppID\esrv.EXE
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data
HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ProgID
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\Programmable
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\TypeLib
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Implemented Categories
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\InitPropertyBag
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\ProgID
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Programmable
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\TypeLib
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\ProgID
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\Programmable
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\TypeLib
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\ProgID
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\Programmable
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\TypeLib
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ProgID
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\Programmable
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\TypeLib
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\ProgID
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\Programmable
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\TypeLib
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\ProgID
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\Programmable
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\TypeLib
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\VersionIndependentProgID
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\HELPDIR
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR
HKLM\Software\Classes\escort.escortIEPane
HKLM\Software\Classes\escort.escortIEPane\CLSID
HKLM\Software\Classes\escort.escortIEPane\CurVer
HKLM\Software\Classes\escort.escortIEPane.1
HKLM\Software\Classes\escort.escortIEPane.1\CLSID
HKLM\Software\Classes\escort.escrtBtn.1
HKLM\Software\Classes\escort.escrtBtn.1\CLSID
HKLM\Software\Classes\escort.escrtBtn.1\CurVer
HKLM\Software\Classes\esrv.escrtSrvc
HKLM\Software\Classes\esrv.escrtSrvc\CLSID
HKLM\Software\Classes\esrv.escrtSrvc\CurVer
HKLM\Software\Classes\esrv.escrtSrvc.1
HKLM\Software\Classes\esrv.escrtSrvc.1\CLSID
HKLM\Software\Classes\facemoods.dskBnd
HKLM\Software\Classes\facemoods.dskBnd\CLSID
HKLM\Software\Classes\facemoods.dskBnd\CurVer
HKLM\Software\Classes\facemoods.dskBnd.1
HKLM\Software\Classes\facemoods.dskBnd.1\CLSID
HKLM\Software\Classes\facemoods.facemoodsHlpr
HKLM\Software\Classes\facemoods.facemoodsHlpr\CLSID
HKLM\Software\Classes\facemoods.facemoodsHlpr\CurVer
HKLM\Software\Classes\facemoods.facemoodsHlpr.1
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\CLSID
HKLM\Software\Classes\facemoods.xtrnl
HKLM\Software\Classes\facemoods.xtrnl\CLSID
HKLM\Software\Classes\facemoods.xtrnl\CurVer
HKLM\Software\Classes\facemoods.xtrnl.1
HKLM\Software\Classes\facemoods.xtrnl.1\CLSID
HKLM\Software\Classes\facemoodsApp.appCore
HKLM\Software\Classes\facemoodsApp.appCore\CLSID
HKLM\Software\Classes\facemoodsApp.appCore\CurVer
HKLM\Software\Classes\facemoodsApp.appCore.1
HKLM\Software\Classes\facemoodsApp.appCore.1\CLSID
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}
HKLM\Software\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1
HKLM\Software\facemoods.com
HKLM\Software\facemoods.com\facemoods
HKLM\Software\facemoods.com\facemoods\Instl
HKLM\Software\facemoods.com\facemoods\Instl\Install
HKLM\Software\Google
HKLM\Software\Google\chrome
HKLM\Software\Google\chrome\Extensions
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
HKCU\Software\facemoods.com
HKCU\Software\facemoods.com\facemoods
HKCU\Software\facemoods.com\facemoods\instl
HKCU\Software\facemoods.com\facemoods\instl\Install

———————————-
Values added:250
———————————-
HKLM\Software\Classes\AppID\escort.DLL\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\AppID\esrv.EXE\AppID: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\afltId: “falco”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\cntrlId: “ac332ff6000000000000000c2982064b”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\hrdId: “ac332ff6000000000000000c2982064b”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\instlDay: 0x00003A3B
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\prtnrId: “facemoods.com”
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\Instl\Data\sftId: “40e99abc12034c1db8364f5c9f95b592″
HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}\: “escort”
HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}\: “esrv”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\VersionIndependentProgID\: “facemoods.facemoodsHlpr”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ProgID\: “facemoods.facemoodsHlpr.1″
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\: “CescrtHlpr Object”
HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\InitPropertyBag\URL: “about:blank”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\VersionIndependentProgID\: “escort.escortIEPane”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\ProgID\: “escort.escortIEPane.1″
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\Instance\CLSID: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\: “facemoods.com”
HKLM\Software\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\VersionIndependentProgID\: “facemoods.xtrnl”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\TypeLib\: “{B12E99ED-69BD-437C-86BE-C862B9E5444D}”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\ProgID\: “facemoods.xtrnl.1″
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\: “escrtAx Object”
HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\AppID: “”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\VersionIndependentProgID\: “facemoodsApp.appCore”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\TypeLib\: “{D7EE8177-D51E-4F89-92B6-83EA2EC40800}”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\ProgID\: “facemoodsApp.appCore.1″
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\: “appCore Object”
HKLM\Software\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\AppID: “”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\VersionIndependentProgID\: “facemoods.dskBnd”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\TypeLib\: “{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ProgID\: “facemoods.dskBnd.1″
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\: “facemoods Toolbar”
HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\AppID: “”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\VersionIndependentProgID\: “escort.escrtBtn.1″
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\ProgID\: “escort.escrtBtn.1″
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\: “escrtBtn Object”
HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\AppID: “{5B1881D1-D9C7-46df-B041-1E593282C7D0}”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\VersionIndependentProgID\: “esrv.escrtSrvc”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\TypeLib\: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\ProgID\: “esrv.escrtSrvc.1″
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32\: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe””
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\LocalServer32\ThreadingModel: “apartment”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\: “escrtSrvc Object”
HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}\AppID: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}\: “IxpEmphszr”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}\: “IwebAtrbts”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}\: “IXmlCnfg”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}\: “IXtrnlBsc”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib\: “{AD25754E-D76C-42B3-A335-2F81478B722F}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}\: “IescrtSrvc”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib\: “{B12E99ED-69BD-437C-86BE-C862B9E5444D}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}\: “IescrtAx”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}\: “Ixtrnlmain”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}\: “IappInfo”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}\: “IesrvXtrnl”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}\: “IReporter”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib\: “{D7EE8177-D51E-4F89-92B6-83EA2EC40800}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}\: “IappCore”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}\: “IIEWndFct”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}\: “IescrtHlpr”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}\: “IRegmapDisp”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}\: “IEHostWnd”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib\: “{09C554C3-109B-483C-A06B-F14172F1A947}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}\: “IescrtBtn”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib\: “{12A5F606-B1EC-474C-83ED-95E99FD8058E}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}\: “IEvntCntr”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\”
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\1.0\: “escort 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe\2″
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}\1.0\: “facemoodsCmn 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\: “escorTlbr 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}\1.0\: “esrv 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\1.0\: “escortEng 1.0 Type Library”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR\: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\”
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\: “escortApp 1.0 Type Library”
HKLM\Software\Classes\escort.escortIEPane\CurVer\: “escort.escortIEPane.1″
HKLM\Software\Classes\escort.escortIEPane\CLSID\: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\escort.escortIEPane\: “escortIEPane Object”
HKLM\Software\Classes\escort.escortIEPane.1\CLSID\: “{929801A8-4AEF-4d12-BE31-D85BF666452B}”
HKLM\Software\Classes\escort.escortIEPane.1\: “escortIEPane Object”
HKLM\Software\Classes\escort.escrtBtn.1\CurVer\: “escort.escrtBtn.1″
HKLM\Software\Classes\escort.escrtBtn.1\CLSID\: “{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}”
HKLM\Software\Classes\escort.escrtBtn.1\: “escrtBtn Object”
HKLM\Software\Classes\esrv.escrtSrvc\CurVer\: “esrv.escrtSrvc.1″
HKLM\Software\Classes\esrv.escrtSrvc\CLSID\: “{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}”
HKLM\Software\Classes\esrv.escrtSrvc\: “escrtSrvc Object”
HKLM\Software\Classes\esrv.escrtSrvc.1\CLSID\: “{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}”
HKLM\Software\Classes\esrv.escrtSrvc.1\: “escrtSrvc Object”
HKLM\Software\Classes\facemoods.dskBnd\CurVer\: “facemoods.dskBnd.1″
HKLM\Software\Classes\facemoods.dskBnd\CLSID\: “{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}”
HKLM\Software\Classes\facemoods.dskBnd\: “CDskBnd Object”
HKLM\Software\Classes\facemoods.dskBnd.1\CLSID\: “{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}”
HKLM\Software\Classes\facemoods.dskBnd.1\: “CDskBnd Object”
HKLM\Software\Classes\facemoods.facemoodsHlpr\CurVer\: “facemoods.facemoodsHlpr.1″
HKLM\Software\Classes\facemoods.facemoodsHlpr\CLSID\: “{64182481-4F71-486b-A045-B233BD0DA8FC}”
HKLM\Software\Classes\facemoods.facemoodsHlpr\: “CescrtHlpr Object”
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\CLSID\: “{64182481-4F71-486b-A045-B233BD0DA8FC}”
HKLM\Software\Classes\facemoods.facemoodsHlpr.1\: “CescrtHlpr Object”
HKLM\Software\Classes\facemoods.xtrnl\CurVer\: “facemoods.xtrnl.1″
HKLM\Software\Classes\facemoods.xtrnl\CLSID\: “{A5B99E41-E157-4209-8AAC-DB003A816079}”
HKLM\Software\Classes\facemoods.xtrnl\: “escrtAx Object”
HKLM\Software\Classes\facemoods.xtrnl.1\CLSID\: “{A5B99E41-E157-4209-8AAC-DB003A816079}”
HKLM\Software\Classes\facemoods.xtrnl.1\: “escrtAx Object”
HKLM\Software\Classes\facemoodsApp.appCore\CurVer\: “facemoodsApp.appCore.1″
HKLM\Software\Classes\facemoodsApp.appCore\CLSID\: “{AD20D01C-C939-4dd2-8C55-56935A48987E}”
HKLM\Software\Classes\facemoodsApp.appCore\: “appCore Object”
HKLM\Software\Classes\facemoodsApp.appCore.1\CLSID\: “{AD20D01C-C939-4dd2-8C55-56935A48987E}”
HKLM\Software\Classes\facemoodsApp.appCore.1\: “appCore Object”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\Policy: 0×00000003
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\AppName: “facemoodssrv.exe”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}\AppPath: “C:\Program Files\facemoods.com\facemoods\1.4.17.0″
HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant: “http://start.facemoods.com/?a=falco&s={searchTerms}&f=4″
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}: “facemoods Toolbar”
HKLM\Software\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob: 04 00 00 /…/ 4E 86 04
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\: “facemoods Helper”
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\NoExplorer: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\facemoods: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe” /md I”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\DisplayName: “facemoods”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\UninstallString: “”C:\Program Files\facemoods.com\facemoods\1.4.17.0\uninstall.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\NoModify: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods\NoRepair: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Setup Version: “5.3.6 (a)”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: App Path: “C:\Program Files\Messenger Assist”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\InstallLocation: “C:\Program Files\Messenger Assist\”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Icon Group: “Messenger Assist”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: User: “Administrator”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Selected Tasks: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Inno Setup: Deselected Tasks: “desktopicon,quicklaunchicon”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\DisplayName: “Messenger Assist 1.1″
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\UninstallString: “”C:\Program Files\Messenger Assist\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\QuietUninstallString: “”C:\Program Files\Messenger Assist\unins000.exe” /SILENT”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\Publisher: “BookmarkSoft. IM tools”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\URLInfoAbout: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\HelpLink: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\URLUpdateInfo: “http://www.MessengerAssist.com/”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\NoModify: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\NoRepair: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9388F8B2-B5F1-4E9B-A3EB-BC510F317690}_is1\InstallDate: “20101025″
HKLM\Software\facemoods.com\facemoods\Instl\Install\SearchAssistant: “”
HKLM\Software\facemoods.com\facemoods\Instl\Install\Use Custom Search URL: 0×00000000
HKLM\Software\facemoods.com\facemoods\Instl\InstallDir: “C:\Program Files\facemoods.com\facemoods\1.4.17.0″
HKLM\Software\facemoods.com\facemoods\Instl\afltKey: “ac332ff6000000000000000c2982064b ”
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif\path: “C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx”
HKLM\Software\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif\version: “1.2.0″
HKCU\Software\Microsoft\Internet Explorer\Main\Use Custom Search URL: 0×00000000
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\URL: “http://start.facemoods.com/?a=falco&s={searchTerms}&f=4″
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\DisplayName: “Search”
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Type: 0×00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Flags: 0×00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Count: 0×00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 2D 00 20 03
HKCU\Software\facemoods.com\facemoods\instl\Install\Start Page: “about:blank”
HKCU\Software\facemoods.com\facemoods\instl\Install\newTabSrch: “res://ieframe.dll/tabswelcome.htm”
HKCU\Software\facemoods.com\facemoods\instl\tlbrSrchUrl: “http://start.facemoods.com/?a=falco&f=3″
HKCU\Software\facemoods.com\facemoods\instl\DNSErrUrl: “http://start.facemoods.com/?a=falco&f=5″

———————————-
Values modified:9
———————————-
(-) HKLM\Software\Microsoft\Internet Explorer\AboutURLs\Tabs: “res://ieframe.dll/tabswelcome.htm”
(+) HKLM\Software\Microsoft\Internet Explorer\AboutURLs\Tabs: “http://start.facemoods.com/?a=falco&f=2″
(-) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “about:blank”
(+) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “http://start.facemoods.com/?a=falco”
(-) HKCU\Software\Microsoft\Internet Explorer\PhishingFilter\ShownVerifyBalloon: 0×00000002
(+) HKCU\Software\Microsoft\Internet Explorer\PhishingFilter\ShownVerifyBalloon: 0×00000003
(-) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
(+) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{0D7562AE-8EF6-416d-A838-AB665251703A}”
(-) HKCU\Software\Microsoft\Internet Explorer\Security\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\UserFile: 01 00 00 /…/ 9B C9 B7
(+) HKCU\Software\Microsoft\Internet Explorer\Security\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\UserFile: 01 00 00 /…/ 13 BD 6F
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count: 0×00000009
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count: 0x0000000B
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time: DA 07 0A 00 01 00 0B 00 08 00 2B 00 35 00 AC 03
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 20 00 DC 01
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Count: 0×00000009
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Count: 0x0000000B
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Time: DA 07 0A 00 01 00 0B 00 08 00 2B 00 36 00 60 00
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Time: DA 07 0A 00 01 00 19 00 05 00 20 00 20 00 88 02

———————————-
Files added:71
———————————-
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\chrome.manifest
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But2.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbhome.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbmsgs.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbphotos.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbprofile.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbsettings.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbshare.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\fbuploads.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\ibario_ball.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\JSonButtons.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\Loader.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\PPCB.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\prefman.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\utils.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\install.rdf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\vssver.scc
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist on the Web.url
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Messenger Assist.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist\Uninstall.lnk
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchfalco.xml
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.0\facemoodsTlbr.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.0\uninstall.exe
C:\Program Files\Messenger Assist\facemoods.exe
C:\Program Files\Messenger Assist\InternalUtils.dll
C:\Program Files\Messenger Assist\Interop.iTunesLib.dll
C:\Program Files\Messenger Assist\MessengerAssist.exe
C:\Program Files\Messenger Assist\unins000.dat
C:\Program Files\Messenger Assist\unins000.exe

———————————-
Files deleted:1
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions.cache

———————————-
Files [attributes?] modified:2
———————————-
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

———————————-
Folders added:18
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\chrome
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\components
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\images
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\content\preferences
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences
C:\Documents and Settings\Administrator\Application Data\facemoods.com
C:\Documents and Settings\Administrator\Application Data\facemoods.com\facemoods
C:\Documents and Settings\Administrator\Local Settings\Application Data\Messenger Assist
C:\Documents and Settings\Administrator\Local Settings\Temp\is-K64SB.tmp
C:\Documents and Settings\All Users\Start Menu\Programs\Messenger Assist
C:\Program Files\facemoods.com
C:\Program Files\facemoods.com\facemoods
C:\Program Files\facemoods.com\facemoods\1.4.17.0
C:\Program Files\facemoods.com\facemoods\1.4.17.0\bh
C:\Program Files\Messenger Assist

———————————-
Total changes:560
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

1. Download UnHackMe free 30-day version

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.

Enjoy!

Dmitry Sokolov - author of UnHackMe

  • http://na szilveszter

    Not too hard to remove, as the uninstaller is in the folder, after that u should unregister the kept dll-s with regasm (in some IE cases with regsvr32) after that if u using mozilla just remove from users/appdata/urprofile(win 7 roaming)/mozilla/profile/xxx/extension/xxxfacemoods just delete the whole folder and here we go.:)

  • http://greatis.com/blog/ NightWatcher

    :)

  • BobboGbg

    In Europe you have to find facemoods under C:programfacemoods. Go out into DOS and after the prompt in C:Program write erase C:facemoods and the system will ask – y or n – (in scandinavian countries- j or n) – That will do it! If you do reg. scan later and delete all lose connections – facemoods have disapeared.

  • BobboGbg

    I am sorry but I was a bit hasty in my previous message, facemoods is a bit more difficult than I indicated, I will be back! For the moment the damned program has just hide somewhere…

    I am rather interessed in these small apps, programs or what you call them, I am sure that Microsoft who have open the whole browser for the those programs as they are more irritating than viruses, viruses are nothing compared to these small devils…

    I am also sure that GNU and Mozilla will gain in the end…, but they are interesting small bastard!

    Sorry…, again for my hasty message.

    bobbogbg