I already deleted "Total Security" from my startup, but I'm suspicious.
It was like 162538363.exe and _Abrw.exe
See anything else?
Thanks
Chuck
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:35 AM, on 8/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\Explorer.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
G:\PROGRA~1\AVG\AVG8\avgtray.exe
G:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\CorelIOMonitor.exe
G:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\locate32\locate32.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\Program Files\Micro Niche Finder\srvany.exe
G:\Program Files\Micro Niche Finder\bggoogle.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\PROGRA~1\AVG\AVG8\avgam.exe
G:\PROGRA~1\AVG\AVG8\avgrsx.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\PROGRA~1\AVG\AVG8\avgnsx.exe
G:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\alg.exe
G:\Program Files\AVG\AVG8\avgui.exe
G:\WINDOWS\system32\taskmgr.exe
G:\Program Files\AVG\AVG8\avgscanx.exe
G:\Program Files\AVG\AVG8\avgcsrvx.exe
G:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\uninstaller.exe
G:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe
K:\C 2009-04-30 00;05;56\Program Files\Trend Micro\HijackThis\HijackThis.exe
G:\Program Files\Mozilla Firefox\firefox.exe
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=G:\WINDOWS\system32\userinit.exe,G:\WINDOWS\system32\sdra64.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Corel Photo Downloader] "G:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\CorelIOMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 3044 bytes