From my experience of fighting against trojans I realized that (for Windows) a lot of them are downloader viruses and download stuff of the internet. They are randomly named ".dll" files which are located in the: /HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENT VERSION/WINLOGON/ ..... After that .... it changes from XP to Vista. In XP I remember it was Notify32, or something like that. And it gives you all the OS dll's. While in Vista it is something else. Do you know what I am talking about? So my questions are: 1)What is the analogue of that Registry location for Vista? 2)Are these dll rootkits? I am asking because I once had difficulty removing a trojan off my computer because it was a .dll file which make the OS thing it was a system file. But AVG Anti-Spyware had this nice feature to delete on reboot which solved the problem.