XP Total Security 2011

- infects .exe file association in registry
- does not show up as an image hijack in autoruns!

Removal:
1. determine random executable name it chose for itself by looking at registry
2. use process explorer to suspend the process (easier than killing it, since
it respawns)
3. rename the exe file to .disabled
4. kill the process
5. clean all mentions of it out of the registry
6. search the entire filesystem for duplicate copies of the exe. its sums are:

60e5edbe849cb2bc986cb1de0cef6f18c230f54e
551ca7298619649f019932e8688ea5f6

(note: it may have mutated, so get the md5sum of your version from the .disabled file)

7. disable/uninstall java, because that's how it got aboard (browser security is irrelevant)