Virus affects Google searches

First off, thanks in advance to anyone who can help. I've got a relatively new laptop that picked up a virus (or a couple viruses) in the last three months. One problem is that about 50% of the time I do a Google search, when I click on a link, it hijacks the URL, directs it to some other site, and then redirects it to one of various spam sites. I'm not sure if the second problem is related, but every once in a while, when IE is just sitting, it'll cause a brand new window to popup, to a spam site. This popup is caused without direct "clicking" and all my security settings on IE are set to disable windows with no URL bar (how it's ignoring this, I have no idea). I've run about 5 different spyware finding programs (Adaware, Spybot, CWShredder, etc), but hasn't fixed the problem. If anyone has suggestions, I'd appreciate it. Thanks.

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:06:36 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\winsystems16.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Krack\Media\Downloads\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.angryvolcano.com/start/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\vphdvsus.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: (no name) - {643501F9-6932-4E40-B126-EDA2D612D2C4} - C:\WINDOWS\system32\mllmn.dll
O2 - BHO: (no name) - {6746EAFE-3E7F-4A3B-9D05-FB0E10C8EF31} - C:\WINDOWS\system32\viglevnv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - C:\WINDOWS\system32\ljjifee.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\fdwyiald.dll",setvm
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: ljjifee - C:\WINDOWS\SYSTEM32\ljjifee.dll
O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll
O20 - Winlogon Notify: pmnnlih - C:\WINDOWS\SYSTEM32\pmnnlih.dll
O20 - Winlogon Notify: qomjkli - C:\WINDOWS\SYSTEM32\qomjkli.dll
O20 - Winlogon Notify: ssqonoo - C:\WINDOWS\SYSTEM32\ssqonoo.dll
O20 - Winlogon Notify: yayaaaa - C:\WINDOWS\SYSTEM32\yayaaaa.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8559 bytes

Welcome to Lockergnome.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download AVG Anti-Spyware at http://www.ewido.net/en/download/ and install it.

Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. Once that's done, exit.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Download VundoFix at http://www.atribune.org/ccount/click.php?id=4 and save it to your desktop.
* Double-click VundoFix.exe to run it.
* Click 'Scan for Vundo' button.
* Once it's done scanning, click the 'Remove Vundo' button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer. click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt here.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/forums/index.php?showtutorial=61 ).

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\vphdvsus.dll
O2 - BHO: (no name) - {643501F9-6932-4E40-B126-EDA2D612D2C4} - C:\WINDOWS\system32\mllmn.dll
O2 - BHO: (no name) - {6746EAFE-3E7F-4A3B-9D05-FB0E10C8EF31} - C:\WINDOWS\system32\viglevnv.dll
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - C:\WINDOWS\system32\ljjifee.dll
O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\fdwyiald.dll",setvm
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O20 - Winlogon Notify: ljjifee - C:\WINDOWS\SYSTEM32\ljjifee.dll
O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll
O20 - Winlogon Notify: pmnnlih - C:\WINDOWS\SYSTEM32\pmnnlih.dll
O20 - Winlogon Notify: qomjkli - C:\WINDOWS\SYSTEM32\qomjkli.dll
O20 - Winlogon Notify: ssqonoo - C:\WINDOWS\SYSTEM32\ssqonoo.dll
O20 - Winlogon Notify: yayaaaa - C:\WINDOWS\SYSTEM32\yayaaaa.dll

Locate and delete the following:

C:\WINDOWS\system32\fdwyiald.dll
C:\WINDOWS\SYSTEM32\ljjifee.dll
C:\WINDOWS\system32\ljjifee.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\SYSTEM32\pmnnlih.dll
C:\WINDOWS\SYSTEM32\qomjkli.dll
C:\WINDOWS\SYSTEM32\ssqonoo.dll
C:\WINDOWS\system32\viglevnv.dll
C:\WINDOWS\system32\vphdvsus.dll
C:\WINDOWS\system32\winsystems16.exe
C:\WINDOWS\SYSTEM32\yayaaaa.dll

CleanUp! deletes EVERYTHING out of your temp/temporary folders. It does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the CleanUp! button. Let it run. After it's done, click the Close button and choose Yes to logoff.

Make sure all windows are closed. Run AVG Anti-Spyware.
On the main screen select the 'Update' icon.
Next select the 'Start Update' button. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the Settings screen, click on 'Recommended actions' and then select 'Quarantine'.

Under Reports:
Select 'Automatically generate report after every scan'.
Un-Select 'Only if threats were found'.

Click on the Scan tab and choose to run the 'Complete System Scan' .

Restart. Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)


Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.[/li][li]
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log