Advertising Hijack, Require Assistance

Ok, I've go a new problem here.

There's this **** ad that pops up over legitimate ads periodically. First it was my wife who found the ad plastered in her Star Wars newsletter. Then it was the ad that popped in while I was looking up game information at Gamespot. Mind you, the site's ad replaces the previous ad, not opening up a new window.

We're getting these ads at legitimate sites all over the 'net now, including depression.com, Gamespot, and Yahoo. We've run Ad-aware, and AVG Anti-Virus scans to no avail. This is getting rediculous. My 4-year-old looks over our shoulders when checking e-mail and whatnot. I've no other recourse but to ask you for help.

I'm also getting some pop-up ads too from security-updater, and haven't any idea how to remedy that either. If you could advise on that as well, my family would appreciate it.

HijackThis log is to follow. Thank you very much.



Logfile of HijackThis v1.99.1
Scan saved at 2:36:58 AM, on 11/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\lxbscoms.exe
F:\Archives and Patches\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKCU\..\Run: [dpnwsock] C:\WINDOWS\System32\dpnwsock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnecta\wmtray.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

 

I would remove the item TonyT lists as 'questionable'. I could not find any legitimate executable by that name, although there is a legit DirectX file named dpnwsock.DLL. This is a common trick for a malicious file.

 

I'll remove the questionable file immediately.

By the way, I've managed to locate the source of these foul ads. Shortly after I removed the 4 recommended files at the start of the list, these ads started appearing again in places like Gamespot and Hotmail. So I opened the properties window, and found this site as the source:

http://promo.ktvad1.com

Further, I'm plagued with additional popup windows from videozapping.com and security-updater.com

I'm having a hell of a time getting rid of this problem. Please advise further.

 

Hello,
If you are still having problems, please run HiJack This and post your new log so someone can help you.
Thank you.

 

Here it is then. I am also enclosing the results of the InstalledPrograms script for your convenience.

Any other advice as to scan methods would be more than helpful. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 9:49:50 PM, on 12/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\wmconnect\wwm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Archives and Patches\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnecta\wmtray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5B8E38D-3E50-4058-8E18-1172DA44393B}: NameServer = 205.188.146.145
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

INSTALLED SOFTWARE (94) - MAINCOMP - 12/23/2005 9:51:57 PM

Ad-Aware SE Personal Ver: 1.06
Adobe Acrobat 5.0 Ver: 5.0
Adobe Download Manager 2.0 (Remove Only) Ver: 2.0
Adobe Photoshop Album 2.0 Starter Edition Ver: 2.00.100 Installed: 1/8/2005
Adobe Reader 7.0.5 Ver: 7.0.5 Installed: 11/17/2005
AVG Free Edition
aykogsemj (!--What is this? I don't recognize this.--)
Battle.net
Business Contact Manager for Outlook 2003 Ver: 1.0.2002.1 Installed: 6/6/2004
Community Expansion Pack version 1.01b Ver: 1.0.1.1
Diablo
Diablo II
DrDemento Screensaver
ewido security suite
FileZilla (remove only)
Green Eggs and Ham
Guild Wars
HijackThis 1.99.1 Ver: 1.99.1
ICQ Toolbar
InCD (Ahead Software)
Internet Explorer Exception pack
Internet Explorer ReadMe
Java 2 Runtime Environment, SE v1.4.2_05 Ver: 1.4.2_05 Installed: 8/4/2004
Lexmark 810 Series
Lexmark Precision Photo Ver: 1.20 Installed: 7/26/2005
Lexmark Precision Photo Ver: 1.20 Installed: 7/26/2005
ljyerhmp (!--This is unfamiliar too.--)
Macromedia Flash Player 8 Ver: 8
MailSkinner
Messenger Control Plugin for Ad-aware Ver: 1.31
Mickey Mouse Preschool Ver: 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 6/13/2005
Microsoft DirectX Transform optional components
Microsoft FrontPage Client - English Ver: 7.00.9209 Installed: 10/1/2004
Microsoft Internet Explorer 6 SP1
Microsoft J# Browser Controls v1.1 Ver: 1.1.3262 Installed: 6/26/2004
Microsoft Office Professional Edition 2003 Ver: 11.0.5614.0 Installed: 6/19/2004
Microsoft Visual Basic .NET Step by Step - Version 2003 eBook
Microsoft Visual J# .NET Redistributable Package 1.1 Ver: 1.1.4322 Installed: 10/1/2004
Microsoft Visual Studio .NET Academic 2003 - English
Monopoly
MSDN Library for Visual Studio .NET 2003 Ver: 7.38.3053 Installed: 10/21/2004
MSN Add-in for Windows Messenger
MSN Gaming Zone
MSN Music Assistant
My Wal-Mart Digital Photo Center Ver: 1.4.0.0 Installed: 9/20/2005
Nero - Burning Rom Ver: 5.5.9.9 Installed: 4/15/2005
Neverwinter Nights
NVIDIA Display Driver
PCI Audio Applications
PCI Audio Driver
PowerDVD
QuickTime
RealPlayer Basic
RTLSetup for Realtek RTL8139/810x Family NIC 3.00
Snes9x
Sound Blaster Live!
Spybot - Search & Destroy 1.4 Ver: 1.4
SpywareBlaster v3.4 Ver: 3.4.0
Starcraft
TeamSpeak 2 RC2 Ver: 2.0.32.60
Trillian
Visual Basic .NET 2003 SBS
Visual Studio .NET Academic 2003 - English Ver: 7.1.3088 Installed: 10/1/2004
Visual Studio.NET Baseline - English Ver: 7.1.3088 Installed: 10/1/2004
Wal-Mart Connect
Warcraft II BNE
WebFldrs XP Ver: 9.50.5318 Installed: 6/6/2004
Winbond HWDoctor
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix (SP1) [See Q312370 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170 Ver: 20030102.115458
Windows XP Hotfix (SP1) Q810577 Ver: 20021118.133626
Windows XP Hotfix (SP1) Q810833 Ver: 20021203.200852
Windows XP Hotfix (SP1) Q817606 Ver: 20030331.103325
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix - KB823559 Ver: 20030701.220428
Windows XP Hotfix - KB828741 Ver: 20040305.180454
Windows XP Hotfix - KB829558 Ver: 20031008.112408
Windows XP Hotfix - KB833407 Ver: 20040119.115651
Windows XP Hotfix - KB834707 Ver: 20040929.091901
Windows XP Hotfix - KB835732 Ver: 20040329.172537
Windows XP Hotfix - KB842773 Ver: 20040805.140010
WinZip Ver: 9.0 SR-1 (6224)
Xfire (remove only)
Yahoo! Address AutoComplete
Yahoo! Internet Mail
Yahoo! Messenger

Thanks again guys, you're a great help.

 

looks like you know what you are doing so I "ll try not to bore you with details.
Looks clean to me.
A list for you to go over even though it looks like you use 1 or 2 of these.
Mostly performance related but minor risk factors on first 2. more so on second 1.
you should shut down any of these that you dont use:
Script debuging for browsers.
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
obvious what this is.
> C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
utility manager for office accessibility apps such as SAM, onscreen keyboard, etc.
> C:\WINDOWS\System32\ctfmon.exe
you should register your soundcard so this will go away
> O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
developer software for your card. not necessary unless that is what you do or like playing with it.
> O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
Did you read EULA on these? I have never used so dont know.
>O4 - Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
>O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnecta\wmtray.exe

ran quick search on these 2 programs in a couple data bases. 0 results.
May have came bundled in with 1 of your games or something.

aykogsemj
ljyerhmp


or could be left over from what you fixed.
have you tried any other scanners than what you have installed?

CWShredder at http://www.trendmicro.com/cwshredder/
or at http://www.intermute.com/spysubtract/cwshredder_download.html

You could try uninstall provided you have all the disks for your video/sound/etc drivers and such. reinstall whatever you needed if something quit on you.
If it comes down to it and you cant uninstall them, try these:

Brute Force Uninstaller at http://www.spywareinfo.com/~merijn/downloads.html
Killbox at http://www.downloads.subratam.org/KillBox.zip

someone else around here might have better idea.
Keep us posted to the progress or if anything surfaces please