Can you please see if that file is visible in Windows Explorer (make sure hidden files and folders is enabled):
C:\WINDOWS\SYSTEM32\wmproxt.dll
If you locate it please check the size and date on the file, and see if there are any DLLs with with a matching date and/or size.

You can also double-check by opening a command prompt and typing:
cd\
Hit Enter
Copy or paste in the following command:
dir /a C:\WINDOWS\SYSTEM32\wmproxt.dll
Hit Enter
Tell me the results

Next, please open Autoruns.

Click Options on the Menu Bar
Uncheck:
Include Empty Sections

Check:
Hide Signed Microsoft Entries
Verify Code Signatures

Click the Explorer Tab and Hit F5 on your keyboard (to refresh the screen)

See if you can locate an entry for :
ProxyExtExt Extension Proxy Extension Module with an image path of c:\windows\system32\wmproxt.dll
If see it, right-click that entry and click delete

Let me know if you the results for each action please.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

It doesn't show in Windows Explorer. cmd prompt just said "file not found". Going to AutoRuns now...

Ok...I found it as you described, in Autoruns and deleted it.

Tomorrow we'll look in Process Explorer for any DLLs running within Explorer.exe.

Let me know if you are still getting the popups - could be TrojanHunter was successful in removing the file.

Also, check back in Autoruns to make sure the autostart key was not restored, especially if you reboot - OK?

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

I haven't had the pop-ups and it didn't re-appear in Autoruns.

Since you are no longer experiencing popups, I think we can safely skip using Process Explorer to find infected DLLs.

From what I have read, your computer probably have acquired this Cydoor infection from game patch downloads.Please delete these two infected items detected by your Kaspersky scan:
C:\Documents and Settings\The Kirksey's\My Documents\game patches\cs1005.exe
C:\SIERRA\Counter-Strike\hltv.#xe

Next, do a repeat Trojan Hunter scan to make sure that nothing new has cropped up, and that your system is clean.

If any detections are found, please post back the TrojanHunter scan report.

If nothing new is detected, other than items in your System Volume Information, then you should flush your system restore points to remove the malware footprints:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK, reboot.

Here is some reading material on how to Prevent Reinfection in the future. Please follow the prevention measures and the advice on surfing safely.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

Negster, everything seems to be working well. I cleared the restore points and rebooted. I figured I should turn them back on so I went back in and did. Scans look clean. I do still see NSIS Media Extension in my "add and remove programs" list. Should I try and uninstall it? I know the last time I did it tried to download something. I really appreciate all your help. Can I send you a basket of shiney fruit or something?

I'm happy to help you but thanks for the fruit offer, all the same.

If you want to uninstall it, you have to remove all internet access by physically disconnecting from your modem.

First, make sure the NSIS folder is no longer present. If it is, delete it. You can use that as an indicator to gauge reinfection (if it reappears after ARP removal).

Then you can try it, but it may try to reinfect once your connections are re-established, and the infective DLL may be different a second time around.

If it does reinfect, SpySweeper will notify you as before, and you will have to repeat the disinfection procedure with Autoruns and TrojanHunter.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

That's what I was thinking. Done!