NSIS Media Popups- (Resolved caused By Foxie Browser) As a computer programmer, I never get malware installed on my computer and when I do, I usually can get rid of it. But this one has got me. About a week ago, I started getting popups when running Firefox. The popups are launch with explorer.exe, not with IE and they randomly launch while using IE, Firefox and Maxthon browsers. They don't launch while using Opera however. The popups are blank probably because they are either blocked by my host file or another one of my security programs (NOD32, SpySweeper, Spybot, SpywareBlaster, Sygate Pro). The dialog box on the header displays "Advertisment NSIS Media" mis-spelled. Malware Info: Location- C:\Program Files\Common Files\NSIS Files in the folder- uninst.exe, ns24.dll Actions that I have tried: 1.Ran the "uninst.exe" in the above folder, it says NSIS Media Extention is uninstalled and computer must reboot. I reboot, then the problem is still there but now there is another file in the same folder "ns48.dll". Each time I run the "uninst.exe" another file appears in that same folder. (ns68.dll, example ns+two random numbers+dll). 2. Turn Off System Restore and Deleted the above folder in safe mode and emptied the Recycle Bin. Used the Registry Editor and manually deleted all keys, subkeys and values for NSIS. The folder and files still come back after reboot. 3. Scanned my computer with NOD32, SpySweeper, Ad-Aware, Spybot, TrojanHunter, BitDefender online, McAfee online, TrendMicro HouseCall online, Symantec online, McAfee Stinger. Nothing was found except for the "uninst.exe" by TrojanHunter it said it was "Adware.PurityScan.312" and removed it, but it still came back after reboot. 4. Ran HijackThis and nothing was found. 5. Check running programs with ProcessExplorer and that how I found out that it uses explorer.exe to launch, but still can't find the string. Nothing else shows up in the Task Manager. I know this has to be either a hiden trojan or hiden worm. I have no idea how it got installed or how it got passed by security programs. I have searched all of the web trying to find some info, but there is not much there that can help. Any help would be appreciated. Thanks.