Removed: m.28.tmp.exe, Desktop Security 2010.exe, securitycenter.exe, 10eec3caf828c4d67b5838ad685001b6.exe, ManagerHlfViewer.exe, Drivervmmouse.exe, MicrosoftSoap1.02.814.0.exe, EngineSpeech.exe, SAPI5WindowsTM.exe (FakeAV – Desktop Security 2010)

May 9, 2010 by NightWatcher
Filed under: FakeAV, Malware 
: Solved!

You should Download Removal Tool here...

Malware: C:\Sand-Box\10eec3caf828c4d67b5838ad685001b6.exe

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\m.28.tmp.exe
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\Desktop Security 2010.exe
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securitycenter.exe
C:\Sand-Box\10eec3caf828c4d67b5838ad685001b6.exe
C:\Program Files\Far\Plugins\HlfViewer\ManagerHlfViewer.exe
C:\Program Files\VMware\VMware Tools\Drivers\mouse\Drivervmmouse.exe
C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033\MicrosoftSoap1.02.814.0.exe
C:\Program Files\Common Files\SpeechEngines\Microsoft\EngineSpeech.exe
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\SAPI5WindowsTM.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: e783gauwcv4m
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\M.28.TMP.EXE
Type: Registry Run

Item Name: Desktop Security 2010
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP SECURITY 2010\DESKTOP SECURITY 2010.EXE
Type: Registry Run

Item Name: SecurityCenter
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP SECURITY 2010\SECURITYCENTER.EXE
Type: Registry Run

Item Name: 10eec3caf828c4d67b5838ad685001b6
Author: Unknown
Related File: C:\SAND-BOX\10EEC3CAF828C4D67B5838AD685001B6.EXE
Type: Registry Run

Item Name: HlfViewerManager
Author: Unknown
Related File: C:\PROGRAM FILES\FAR\PLUGINS\HLFVIEWER\MANAGERHLFVIEWER.EXE
Type: Registry Run

Item Name: vmmousevmmouse
Author: Unknown
Related File: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\DRIVERS\MOUSE\DRIVERVMMOUSE.EXE
Type: Registry Run

Item Name: MicrosoftSoap
Author: Unknown
Related File: C:\PROGRAM FILES\COMMON FILES\MSSOAP\BINARIES\RESOURCES\1033\MICROSOFTSOAP1.02.814.0.EXE
Type: Registry Run

Item Name: EngineSpeech
Author: Unknown
Related File: C:\PROGRAM FILES\COMMON FILES\SPEECHENGINES\MICROSOFT\ENGINESPEECH.EXE
Type: Registry Run

Item Name: SAPI5Operating
Author: Unknown
Related File: C:\PROGRAM FILES\COMMON FILES\SPEECHENGINES\MICROSOFT\TTS\1033\SAPI5WINDOWSTM.EXE
Type: Registry Run

Item Name: MSSOAPRMicrosoft
Author: Unknown
Related File: C:\PROGRAM FILES\COMMON FILES\MSSOAP\BINARIES\RESOURCES\1033\MICROSOFTSOAP1.02.814.0.EXE
Type: Registry Run

Item Name: 10eec3caf828c4d67b5838ad685001b6.exe
Author: Unknown
Related File: C:\SAND-BOX\10EEC3CAF828C4D67B5838AD685001B6.EXE
Type: Running Processes

Item Name: managerhlfviewer.exe
Author: Unknown
Related File: C:\PROGRAM FILES\FAR\PLUGINS\HLFVIEWER\MANAGERHLFVIEWER.EXE
Type: Running Processes

Item Name: drivervmmouse.exe
Author: Unknown
Related File: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\DRIVERS\MOUSE\DRIVERVMMOUSE.EXE
Type: Running Processes

Item Name: microsoftsoap1.02.814.0.exe
Author: Unknown
Related File: C:\PROGRAM FILES\COMMON FILES\MSSOAP\BINARIES\RESOURCES\1033\MICROSOFTSOAP1.02.814.0.EXE
Type: Running Processes

Item Name: enginespeech.exe
Author: Unknown
Related File: C:\PROGRAM FILES\COMMON FILES\SPEECHENGINES\MICROSOFT\ENGINESPEECH.EXE
Type: Running Processes

Item Name: sapi5windowstm.exe
Author: Unknown
Related File: C:\PROGRAM FILES\COMMON FILES\SPEECHENGINES\MICROSOFT\TTS\1033\SAPI5WINDOWSTM.EXE
Type: Running Processes

Item Name: m.28.tmp.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\M.28.TMP.EXE
Type: Running Processes

Item Name: Desktop Security 2010.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP SECURITY 2010\DESKTOP SECURITY 2010.EXE
Type: Running Processes

Item Name: securitycenter.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP SECURITY 2010\SECURITYCENTER.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.04.29 Suspicious:W32/Malware!Gemini
Kaspersky 7.0.0.125 2010.04.29 Packed.Win32.Katusha.l
Microsoft 1.5703 2010.04.29 -
NOD32 5073 2010.04.29 -

—————————————————————————————————————————-
Additional information
File size: 139776 bytes
MD5 : 8adb9dd38539c15711687d6b0ee3d45f
SHA1 : 58445102e531a7dce640a3206beb793cee3d295b
SHA256: 7b886df214750e62148d11fc4417f374e3baf2ab10f274354895d7040b326bea
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:8
———————————-
HKLM\Software\Microsoft\MediaPlayer\Setup\Files
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Internet Explorer\International\CpMRU
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010
HKCU\Software\Desktop Security 2010

———————————-
Values added:43
———————————-
HKLM\Software\Microsoft\MediaPlayer\Setup\Files\1: 59 7A 70 63 63 48 4A 76 5A 33 4A 68 62 53 42 6D 61 57 78 6C 63 31 78 68 63 32 68 68 62 58 42 76 62 31 78 68 63 32 68 68 62 58 42 76 62 79 42 31 62 6D 6C 75 63 33 52 68 62 47 78 6C 63 69 41 30 58 47 46 7A 61 47 6C 75 5A 58 52 31 62 6D 6C 75 63 33 52 68 62 47 78 6C 63 69 35 6C 65 47 55 3D
HKLM\Software\Microsoft\MediaPlayer\Setup\Files\2: 59 7A 70 63 63 48 4A 76 5A 33 4A 68 62 53 42 6D 61 57 78 6C 63 31 78 6A 62 32 31 74 62 32 34 67 5A 6D 6C 73 5A 58 4E 63 62 58 4E 7A 62 32 46 77 58 47 4A 70 62 6D 46 79 61 57 56 7A 58 48 4A 6C 63 32 39 31 63 6D 4E 6C 63 31 77 78 4D 44 4D 7A 58 47 31 70 59 33 4A 76 63 32 39 6D 64 48 4E 76 59 58 41 78 4C 6A 41 79 4C 6A 67 78 4E 43 34 77 4C 6D 56 34 5A 51 3D 3D
HKLM\Software\Microsoft\MediaPlayer\Setup\Files\3: 59 7A 70 63 63 48 4A 76 5A 33 4A 68 62 53 42 6D 61 57 78 6C 63 31 78 6A 62 32 31 74 62 32 34 67 5A 6D 6C 73 5A 58 4E 63 63 33 42 6C 5A 57 4E 6F 5A 57 35 6E 61 57 35 6C 63 31 78 74 61 57 4E 79 62 33 4E 76 5A 6E 52 63 5A 57 35 6E 61 57 35 6C 63 33 42 6C 5A 57 4E 6F 4C 6D 56 34 5A 51 3D 3D
HKLM\Software\Microsoft\MediaPlayer\Setup\Files\4: 59 7A 70 63 63 48 4A 76 5A 33 4A 68 62 53 42 6D 61 57 78 6C 63 31 78 6A 62 32 31 74 62 32 34 67 5A 6D 6C 73 5A 58 4E 63 63 33 42 6C 5A 57 4E 6F 5A 57 35 6E 61 57 35 6C 63 31 78 74 61 57 4E 79 62 33 4E 76 5A 6E 52 63 64 48 52 7A 58 44 45 77 4D 7A 4E 63 63 32 46 77 61 54 56 33 61 57 35 6B 62 33 64 7A 64 47 30 75 5A 58 68 6C
HKLM\Software\Microsoft\MediaPlayer\Setup\Files\5: 59 7A 70 63 63 48 4A 76 5A 33 4A 68 62 53 42 6D 61 57 78 6C 63 31 78 6D 59 58 4A 63 63 47 78 31 5A 32 6C 75 63 31 78 6F 62 47 5A 32 61 57 56 33 5A 58 4A 63 62 57 46 75 59 57 64 6C 63 6D 68 73 5A 6E 5A 70 5A 58 64 6C 63 69 35 6C 65 47 55 3D
HKLM\Software\Microsoft\MediaPlayer\Setup\Files\6: 59 7A 70 63 63 48 4A 76 5A 33 4A 68 62 53 42 6D 61 57 78 6C 63 31 78 32 62 58 64 68 63 6D 56 63 64 6D 31 33 59 58 4A 6C 49 48 52 76 62 32 78 7A 58 47 52 79 61 58 5A 6C 63 6E 4E 63 62 57 39 31 63 32 56 63 5A 48 4A 70 64 6D 56 79 64 6D 31 74 62 33 56 7A 5A 53 35 6C 65 47 55 3D
HKLM\Software\Microsoft\MediaPlayer\Setup\Files\7: 59 7A 70 63 63 32 46 75 5A 43 31 69 62 33 68 63 4D 54 42 6C 5A 57 4D 7A 59 32 46 6D 4F 44 49 34 59 7A 52 6B 4E 6A 64 69 4E 54 67 7A 4F 47 46 6B 4E 6A 67 31 4D 44 41 78 59 6A 59 75 5A 58 68 6C
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\10eec3caf828c4d67b5838ad685001b6: “c:\sand-box\10eec3caf828c4d67b5838ad685001b6.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HlfViewerManager: “C:\program files\far\plugins\hlfviewer\managerhlfviewer.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\vmmousevmmouse: “c:\program files\vmware\vmware tools\drivers\mouse\drivervmmouse.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftSoap: “c:\program files\common files\mssoap\binaries\resources\1033\microsoftsoap1.02.814.0.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EngineSpeech: “c:\program files\common files\speechengines\microsoft\enginespeech.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SAPI5Operating: “c:\program files\common files\speechengines\microsoft\tts\1033\sapi5windowstm.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MSSOAPRMicrosoft: “c:\program files\common files\mssoap\binaries\resources\1033\microsoftsoap1.02.814.0.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\10eec3caf828c4d67b5838ad685001b6: “c:\sand-box\10eec3caf828c4d67b5838ad685001b6.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\mstDfSDKDefrag1.72: “c:\program files\ashampoo\ashampoo uninstaller 4\ashinetuninstaller.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\SoapMSSOAPR: “c:\program files\common files\mssoap\binaries\resources\1033\microsoftsoap1.02.814.0.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\HlfViewerManager: “C:\program files\far\plugins\hlfviewer\managerhlfviewer.exe”
HKCU\Software\Microsoft\Internet Explorer\International\CpMRU\Enable: 0×00000001
HKCU\Software\Microsoft\Internet Explorer\International\CpMRU\Size: 0x0000000A
HKCU\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits: 0×00000064
HKCU\Software\Microsoft\Internet Explorer\International\CpMRU\Factor: 0×00000014
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\: “”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\e783gauwcv4m: “C:\Documents and Settings\Administrator\Local Settings\Temp\m.28.tmp.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Desktop Security 2010: “”C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\Desktop Security 2010.exe” /STARTUP”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SecurityCenter: “C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securitycenter.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010\DisplayName: “Desktop Security 2010″
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010\UninstallString: “”C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securityhelper.exe” /UNINSTALL”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010\DisplayIcon: “”C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securityhelper.exe”,1″
HKCU\Software\Microsoft\Windows\Shell\BagNumber: “43″
HKCU\Software\Desktop Security 2010\BuyUrl: “CC4D3EA3DDB6BBF891702B112A915C715A848B271B0D2112F11BCF676105A0E436457C2DC305210D4AA2415F500FABF255100DEBE574B41B383346A7C06BF5B1E289CF754C86398FEAAE5A”
HKCU\Software\Desktop Security 2010\: “C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010″
HKCU\Software\Desktop Security 2010\ADVid: “43″
HKCU\Software\Desktop Security 2010\InstallDir: “C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010″
HKCU\Software\Desktop Security 2010\SoftID: “Desktop Security 2010″
HKCU\Software\Desktop Security 2010\ScanSystemOnStartup: 0×00000001
HKCU\Software\Desktop Security 2010\AutomaticallyUpdates: 0×00000001
HKCU\Software\Desktop Security 2010\MinimizeOnStart: 0×00000000
HKCU\Software\Desktop Security 2010\BackgroundScan: 0×00000001
HKCU\Software\Desktop Security 2010\BackgroundScanTimeout: 0×00000001
HKCU\Software\Desktop Security 2010\LastTimeStamp: 0×00000026
HKCU\Software\Desktop Security 2010\LastUpdateDate: “2010/4/18″
HKCU\Software\Desktop Security 2010\BaseStamp: 0x0001B8CA

———————————-
Values modified:3
———————————-
(-) HKLM\System\CurrentControlSet\Services\SharedAccess\Start: 0×00000002
(+) HKLM\System\CurrentControlSet\Services\SharedAccess\Start: 0×00000004
(-) HKLM\System\CurrentControlSet\Services\wscsvc\Start: 0×00000002
(+) HKLM\System\CurrentControlSet\Services\wscsvc\Start: 0×00000004
(-) HKLM\System\CurrentControlSet\Services\wuauserv\Start: 0×00000002
(+) HKLM\System\CurrentControlSet\Services\wuauserv\Start: 0×00000004

———————————-
Files added:82
———————————-
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\Desktop Security 2010.exe
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\mfc71.dll
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\MFC71ENU.DLL
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\msvcp71.dll
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\msvcr71.dll
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securitycenter.exe
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securityhelper.exe
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\taskmgr.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\02c9c3c35bdx5.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\17dkf.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\472a10e2ebxd9.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\56493.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\8gmsed-bd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ae0965a7157cd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\al3erfa3.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\alerfa.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\backd-efq.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\brdss.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\bzqa43d.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cocksucker.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cosock.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cunifuc.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dc_3.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dd10x10.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ddhelp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ddoll3342.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dkfjd93.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ds7hw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\eelnvd13.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\eephilpe.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\exppdf_w.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\fe.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\format.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\gedx_ae09.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\gpupz2a.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hardwh.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hhbboll_2.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hiphop.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hodeme.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\htfad4.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hvipws9.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jdhellwo3.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jofcdks.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\kilslmd.exex
C:\Documents and Settings\Administrator\Local Settings\Temp\kjdh_gf_jjdhgd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\kock.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\lols.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\lorsk.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\m.28.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\m.28.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ploper.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ppddfcfux.exxe
C:\Documents and Settings\Administrator\Local Settings\Temp\pswwg3c.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\qwedvor.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\qwklrvjhqlkj.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\r0life.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\rator.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\rtfme.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\safe.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\snowif.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sycre.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\test.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\timem.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\warsddd_w.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wergfq.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\winlogoff.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wqefqw7e.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wrcud12.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wrfwe_di.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_A.tmp
C:\Documents and Settings\Administrator\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Desktop Security 2010.lnk
C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\ashinetUnInstaller.exe
C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033\MicrosoftSoap1.02.814.0.exe
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\SAPI5WindowsTM.exe
C:\Program Files\Common Files\SpeechEngines\Microsoft\EngineSpeech.exe
C:\Program Files\Far\Plugins\HlfViewer\ManagerHlfViewer.exe
C:\Program Files\VMware\VMware Tools\Drivers\mouse\Drivervmmouse.exe

———————————-
Folders added:2
———————————-
C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010
C:\Documents and Settings\Administrator\Start Menu\Programs\Desktop Security 2010

———————————-
Total changes:138
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: 10eec3caf828c4d67b5838ad685001b6.exe, Desktop Security 2010, Desktop Security 2010.exe, Drivervmmouse.exe, EngineSpeech.exe, m.28.tmp.exe, ManagerHlfViewer.exe, MicrosoftSoap1.02.814.0.exe, SAPI5WindowsTM.exe, securitycenter.exe

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.