I've just had a very productive few hours clearing several trojans off my machine thanks to this forum and hijack this. Thanks.

I'm now left feeling uncomfortable about svchost.exe.

Zone Alarms is registering two separate instances for svchost.exe.

The first is identified as "Generic Host Process for Win32 Services" and is located at c:\windows\system32\svchost.exe

If I block this with my firewall Internet Explorer fails to work.

The second is svchost.exe and Zonealarms gives its locations c:\windows\system32\drivers\svchost.exe

However, if I look at that folder with explorer or the console I cannot find this file. It only contains .sys files.

Blocking this with the firewall makes no difference to my Internet use.

I've attached my HijackThis log file.

Thanks for all the help so far.

Also, I'm using XP so should I be seeing uauclt.exe? Isn't that for Me only?

Also, I'm using XP so should I be seeing uauclt.exe? Isn't that for Me only?

The one in c:\windows\system32 is the Windows system file and should not be touched.

The one in c:\windows\system32\drivers is however a trojan or worm, and that file should be deleted.


Finally, wuauclt.exe also exists in Windows XP file, so not to worry.

_________________
Tony CLSID List

wuauclt.exe is an auto-update thing for windows.
svchost.exe is a required program for windows. it is very common to have multiple instances of it running at once. many viruses take the name svchost.exe in the task manager. if its not run by the system, local, or network service, its a virus of some sort

Thanks. I've removed the file and all is well.