Hi Kimsland, just a quick couple of points. In the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions I believe it's important to tell users to rename HijackThis.exe to Crusty.exe or some other such name. This is because some malware can actually hide from the HijackThis.exe filename. Also, you may not be aware, but the CastleCops website is no more and therefore the link for instructions to disable real time monitoring programmes no longer works. Feel free to add these instructions if you wish. I hope this proves useful. Sorry for posting this here, but I couldn't send it via a pm due to length restrictions. I also couldn't post in the main thread as it is closed.