My son has this intrusion on his XP laptop. For now I have disabled the startup reference to it so he can boot without the error... and also deleted the file in the downloaded folder. Will running Ad Aware clean it out completely and does this remove the 04 HKLM reference that always shows up in folks HijackThis logs who also have it, or can this be done manually without needing to use HijackThis if Ad Aware doesn't do this. I need to keep it simple for him as he doesn't live with me, or else I may need to spend some time doing a clean up for him if these methods don't work. I also see a reference to a system DLL to be removed... so I am guessing that this has to be done manually after un-hiding these files. Is this a serious threat... he seems to be able to use his system as normal at the moment as far as I am aware. It seems quite common.