Thank you for the assistance in advance.... I have a user that continues to be reinfected by Hijack.ControlPanelStyle and Heuristics Reserved.Word.Exploit. We clean the pc with malwarebytes and the next day it is back on the system causing shutdown times to extend to 5 minutes +. No external drives were attached during this time. The user did receive email and was on the network at the time. 1.) How are these viruses spread? Email? Malware sites? via external drives? What is their general threat? 2.) Can they house themselves within Restore points in XP eventhough malwarebytes cleans the system? 3.) If so how can you prevent this or remove them from the restore or remove the restore point? Below is the log file from malwarebytes. I don't have the Hijack this log Frank Malwarebytes' Anti-Malware 1.36 Database version: 2060 Windows 5.1.2600 Service Pack 3 5/7/2009 4:33:59 PM mbam-log-2009-05-07 (16-33-59).txt Scan type: Quick Scan Objects scanned: 111654 Time elapsed: 30 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)