Friday
2008-11-29, 18:50
The following instructions have been created to help you to get rid of "NSIS Media.VB" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
trojan
Description:
Files pretend to be related to Microsoft Windows Explorer. The Version information are faked.
Supposed Functionality:
supposed to be a Microsoft Windows Explorer file
Removal Instructions:
Files:
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{F097AD02-E0EA-4D7B-BD5A-5C165590D36B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{060FDC78-71C0-4766-B430-5DB4DFC29F90}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2CB98AF7-2312-47FF-9E56-917F92C14195}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C0394DAE-2A3B-42E0-9F46-57CF94EDEBDB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D3035DA0-2BBF-4549-A465-1F3DA531CB70}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D4A4061F-EEB6-437D-A8CB-3BC6D2C0E993}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{45BA24BD-00E9-4EB8-B09E-161466B448E7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{03B678D3-E239-4685-BD83-01700D7D8D41}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{19DB8765-001A-4BAC-83E2-568CA62A20B8}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{24D0D7D2-1D72-4ADA-82DE-AE07910CA084}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2B4F61EF-C289-4246-AD35-2147717F2009}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{367ED525-044D-4D11-B463-F0BBC6072CA2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{583B440F-0793-4ED8-ACB1-700926DF1137}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{7480E38D-D050-490E-A5D3-56A8107B9052}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{74992B63-ED3D-42E0-807C-1796C62E2F84}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{7AEF5663-A220-4F7A-84BE-5ACBA60B6D10}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{82F15BD6-9D8F-4374-A251-9059939E702A}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C153A82C-F4B6-428F-BAF6-005E3DB08425}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C684E35D-16E6-40CE-B977-020C89E873DF}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CA0C9A39-57A7-48A8-A6C9-96AB754EFC57}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{FF85B75C-3D74-40A0-8ADB-B7910CDCACF2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{11064298-B741-48FA-BF3A-39A98FD0B8F2}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{16A335DF-9B11-448B-8166-64DB621E4CFF}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{24B1FCAF-45A5-4292-91E5-40F1160E4CA9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{37921689-7C53-4F8C-A11D-89739C6E9297}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{58BEE14B-D6AE-42BB-81E3-5C73ED6D1054}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5C379F93-2821-4521-8734-FC265C60ABCC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{62C89DBD-FBE6-440F-AFA7-38ED506C00EE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{630FD826-AD39-43F4-875A-CCBFE29AF0E4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{677BC30C-E801-4B9A-A897-C0DDEFB8E644}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8DAC4A72-BA26-4329-B66E-8D973035B524}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9224144F-F2DA-42D4-83C2-54D24ECE9701}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{96AD89E2-DC38-4A74-B659-4DCBF7CD7771}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A16A0130-9975-4AA8-A2FB-BC7087DCE9E7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D4AA2063-BDED-4D31-B2E3-4FEDF283A81D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{22EE7CF3-C0F6-4104-A084-60CD01E20C6B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{058A54C7-EAFF-488D-95CA-8A248141C489}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{0A917968-07F6-4613-85B0-0CEE831CD479}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9C6A786C-A07A-442B-9647-3295E18174B0}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C4858A6D-9C67-4244-9E84-42776B64D1C4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FDE541BC-0C9D-4539-93BE-1C8D9B3042C4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D9E32116-699C-43FC-8B55-3EB9A3E47336}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{205CBD99-439F-457A-B3C6-536959EEE8F9}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{77983BD3-3E0B-4A1A-A178-244B7A19E470}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{8196B6CB-44E3-45B3-90D6-8541816E7E74}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{81F04EF2-A31E-41CE-A72E-69DC8A290C79}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{86AFEB99-5530-4380-8023-67250DB49E41}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{F6EEA23B-522B-4E23-87E8-1F3544380659}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{1A3A1EB9-F5A5-4346-9297-A24B856C34E0}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{15092578-B341-4C22-8B18-743C74FF2F38}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{1524261A-00A0-41E1-9C51-5AF12C4F41D7}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3A0847A4-E5E7-4C0A-A1B8-689C54103D34}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{414042AA-4ECF-4EF3-8E15-70DB62753941}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{5ECEEF27-C9AF-49A9-9852-E9CA5355A562}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{67390CF4-8813-471B-AD23-61504C0D3DEE}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6DADF4D3-4735-4D18-83A5-13492DE9DC45}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{78E4BE47-F8C7-405E-87A6-84F4ABAB32EC}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{823E288B-4F41-4402-BB10-5232ADE91622}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{96400208-899F-46F8-B9EB-3CD8D9E908FF}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{9BE32A9C-02F3-419E-BF83-6683A3C037D4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{E3CA43B5-6AF5-4B72-9AB7-F34E501AE49B}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{F3E1ADD2-64EB-48C8-93F7-A56071DC8418}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{FB9F16D0-1FF5-4A80-AACE-DEB7DD8F7106}" at "HKEY_CLASSES_ROOT\TypeLib\".
A key in HKEY_CLASSES_ROOT\ named "wshpwd.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "kbdtdu.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "odbvge.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "rsvuac.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "swpxau.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wkajaxc.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "actssd.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "atmkma.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Audese.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "avtmsk.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "dmubsw.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "lochsh.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "minrsv.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "mspksp.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "msrrwb.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "mtxtme.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "schuue.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "usrflex.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wmiv3p.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wpdcmo.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "xmlfef.clsdll", plus associated values.
If NSIS Media.VB uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
trojan
Description:
Files pretend to be related to Microsoft Windows Explorer. The Version information are faked.
Supposed Functionality:
supposed to be a Microsoft Windows Explorer file
Removal Instructions:
Files:
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{F097AD02-E0EA-4D7B-BD5A-5C165590D36B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{060FDC78-71C0-4766-B430-5DB4DFC29F90}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2CB98AF7-2312-47FF-9E56-917F92C14195}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C0394DAE-2A3B-42E0-9F46-57CF94EDEBDB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D3035DA0-2BBF-4549-A465-1F3DA531CB70}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D4A4061F-EEB6-437D-A8CB-3BC6D2C0E993}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{45BA24BD-00E9-4EB8-B09E-161466B448E7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{03B678D3-E239-4685-BD83-01700D7D8D41}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{19DB8765-001A-4BAC-83E2-568CA62A20B8}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{24D0D7D2-1D72-4ADA-82DE-AE07910CA084}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2B4F61EF-C289-4246-AD35-2147717F2009}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{367ED525-044D-4D11-B463-F0BBC6072CA2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{583B440F-0793-4ED8-ACB1-700926DF1137}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{7480E38D-D050-490E-A5D3-56A8107B9052}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{74992B63-ED3D-42E0-807C-1796C62E2F84}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{7AEF5663-A220-4F7A-84BE-5ACBA60B6D10}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{82F15BD6-9D8F-4374-A251-9059939E702A}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C153A82C-F4B6-428F-BAF6-005E3DB08425}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C684E35D-16E6-40CE-B977-020C89E873DF}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CA0C9A39-57A7-48A8-A6C9-96AB754EFC57}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{FF85B75C-3D74-40A0-8ADB-B7910CDCACF2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{11064298-B741-48FA-BF3A-39A98FD0B8F2}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{16A335DF-9B11-448B-8166-64DB621E4CFF}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{24B1FCAF-45A5-4292-91E5-40F1160E4CA9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{37921689-7C53-4F8C-A11D-89739C6E9297}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{58BEE14B-D6AE-42BB-81E3-5C73ED6D1054}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5C379F93-2821-4521-8734-FC265C60ABCC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{62C89DBD-FBE6-440F-AFA7-38ED506C00EE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{630FD826-AD39-43F4-875A-CCBFE29AF0E4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{677BC30C-E801-4B9A-A897-C0DDEFB8E644}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8DAC4A72-BA26-4329-B66E-8D973035B524}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9224144F-F2DA-42D4-83C2-54D24ECE9701}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{96AD89E2-DC38-4A74-B659-4DCBF7CD7771}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A16A0130-9975-4AA8-A2FB-BC7087DCE9E7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D4AA2063-BDED-4D31-B2E3-4FEDF283A81D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{22EE7CF3-C0F6-4104-A084-60CD01E20C6B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{058A54C7-EAFF-488D-95CA-8A248141C489}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{0A917968-07F6-4613-85B0-0CEE831CD479}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9C6A786C-A07A-442B-9647-3295E18174B0}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C4858A6D-9C67-4244-9E84-42776B64D1C4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FDE541BC-0C9D-4539-93BE-1C8D9B3042C4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D9E32116-699C-43FC-8B55-3EB9A3E47336}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{205CBD99-439F-457A-B3C6-536959EEE8F9}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{77983BD3-3E0B-4A1A-A178-244B7A19E470}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{8196B6CB-44E3-45B3-90D6-8541816E7E74}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{81F04EF2-A31E-41CE-A72E-69DC8A290C79}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{86AFEB99-5530-4380-8023-67250DB49E41}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{F6EEA23B-522B-4E23-87E8-1F3544380659}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{1A3A1EB9-F5A5-4346-9297-A24B856C34E0}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{15092578-B341-4C22-8B18-743C74FF2F38}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{1524261A-00A0-41E1-9C51-5AF12C4F41D7}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3A0847A4-E5E7-4C0A-A1B8-689C54103D34}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{414042AA-4ECF-4EF3-8E15-70DB62753941}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{5ECEEF27-C9AF-49A9-9852-E9CA5355A562}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{67390CF4-8813-471B-AD23-61504C0D3DEE}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6DADF4D3-4735-4D18-83A5-13492DE9DC45}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{78E4BE47-F8C7-405E-87A6-84F4ABAB32EC}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{823E288B-4F41-4402-BB10-5232ADE91622}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{96400208-899F-46F8-B9EB-3CD8D9E908FF}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{9BE32A9C-02F3-419E-BF83-6683A3C037D4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{E3CA43B5-6AF5-4B72-9AB7-F34E501AE49B}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{F3E1ADD2-64EB-48C8-93F7-A56071DC8418}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{FB9F16D0-1FF5-4A80-AACE-DEB7DD8F7106}" at "HKEY_CLASSES_ROOT\TypeLib\".
A key in HKEY_CLASSES_ROOT\ named "wshpwd.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "kbdtdu.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "odbvge.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "rsvuac.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "swpxau.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wkajaxc.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "actssd.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "atmkma.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Audese.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "avtmsk.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "dmubsw.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "lochsh.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "minrsv.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "mspksp.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "msrrwb.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "mtxtme.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "schuue.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "usrflex.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wmiv3p.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wpdcmo.clsdll", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "xmlfef.clsdll", plus associated values.
If NSIS Media.VB uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.