I picked up this trojan recently, somehow it slipped through AVG. I used spybot S&D which found the problem and appeared to fix most of it. However, according to Spybot I still have the following entries in the registry: Win32.Agent.pz: Library C:\WINDOWS\system32\wsnpoem\audio.dll Win32.Agent.pz: Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=...C:\WINDOWS\system32\ntos.exe,... Win32.Agent.pz: Program directory C:\WINDOWS\system32\wsnpoem\ Win32.Agent.pz: Library C:\WINDOWS\system32\wsnpoem\video.dll Win32.Agent.pz: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ Win32.Agent.pz: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ Win32.Agent.pz: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\UID Win32.Agent.pz: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID Win32.Agent.pz: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID I've searched manually for these files/folders and they are nowhere to be found, even when I search hidden system files. Does this mean the virus still exists or is it just the leftovers in the registry? AVG scan came back fine and Hijackthis doesn't show any obvious problems apart from the ntos.exe entry (don't want to edit it as I know userinit.exe is an important windows file). Thanks.