I am running Vista Ultimate, with full updated Nod32. Yesterday, I got an error from Vista that winini.exe could not run properly, so I started to investigate. In task manager, I saw iexplore.exe running, without that I opened it. So I killed ie, and winini.exe tried again to run, but failed. Short after the error message, iexplore started again. I scanned the HD in safe mode, complete, but nod32 did not find anything wrong... So I restarted using another admin account, removed the registry entries, deleted winini.exe, temp folders and so on, and now all is clean. Why did nod32 not detect this quiet old trojan? It was NOT in the windows folder (because it would need admin rights to write there), it was in c:\users\<username>\appdata, it also created an addon.dat in the same location. Both re-appeared immediately after I deleted them.