How do I get rid of HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe? "CoolWebSearch Ctfmon32 parasite variant" I located this with a Hijackthis scan.Thank you very much. Curious George

...Variant 10: CWS.Ctfmon32 Approx date first sighted: September 22, 2003 Symptoms: Start page and Search pages changed to www.slawsearch.com, 'Customize Search Assistant' closing after opening it, hijack coming back after a reboot. Cleverness: 3/10 Manual removal difficulty: Involves some Registry editing This variant surfaced after a quiet time. CWShredder could fix it, but it would return after rebooting the computer. Apart from the new filename 'CTFMON32.EXE' (note that 'CTFMON.EXE' is the real Windows system file) it worked pretty much the same way as CWS.Bootconf: the file loads at startup, resetting homepages and search pages, and then closes. Deleting the file and changing everything back to normal fixes it Grrrr "...pentathol makes you sing like a canary" ... got brain freeze