Inactive google redirects to other search engines

[Inactive] google redirects to other search engines

hi there, i jsut want to say thanks in advance for anyhelp i get.

its seems that when i search on google, i am redirected to other search sites.
i ran shaw secure, spybot sd, registrery repair wizard and got no results. i used a previous backup of my registery via registery repair wizard, and it made things worse. i used a system restore point to get back to a prevoius settings. i looked on other forums and used the program unhackme.
i tried updating windows but it say there was error code 80072efe and cant update. othertimes i get a message saying that the host process for windows service stopped working.


i have a HPG60 laptop with windows vista,
for protection i am using shaw secure, spybot sd, spywareblaster and registery repair wizard. i have disabled windows firewall, and am using a router with a static ip. i do not use windows defender etc. vista is only updated till 03/03/2010

panda active scan results

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-06-05 15:41:03
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Shaw Secure 9.01 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon
00007432 Univ Virus No 0 Yes No c:\program files\shaw secure\fsaua\content\aquawin32\1275742270\cran.cvd
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\extra\appdata\roaming\microsoft\windows\cookies\extra@trafficmp[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\prabhjit\appdata\roaming\microsoft\windows\cookies\prabhjit@com[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\extra\appdata\roaming\microsoft\windows\cookies\extra@apmebf[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\extra\appdata\roaming\microsoft\windows\cookies\extra@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\extra\appdata\roaming\microsoft\windows\cookies\extra@bluestreak[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\program files\shaw secure\hips\fshs.sys
No g:\bleach 2\precracked-winrar.3.71\winrar.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


malwarebyte results

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

05/06/2010 2:52:00 AM
mbam-log-2010-06-05 (02-52-00).txt

Scan type: Quick scan
Objects scanned: 132853
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

sorry about that i tried posting the dds again but i might have made a duplicate.
the kapersky scanner website says that the scanner is down


DDS (Ver_10-03-17.01) - NTFSx86
Run by SYSTEM at 16:01:48.73 on 05/06/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.2.1033.18.2814.1386 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Shaw Secure 2.0 7.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\config\systemprofile\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\shaw secure\nrs\iescript\baselitmus.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\shaw secure\nrs\iescript\baselitmus.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [c:\progra~1\canon\zoombr~1\program\canonm~1.dll] c:\windows\system32\regsvr32.exe /s "c:\progra~1\canon\zoombr~1\program\CANONM~1.DLL "
mRunOnce: [c:\progra~1\canon\camera~1\camera~1\stireg~1.dll] c:\windows\system32\regsvr32.exe /s "c:\progra~1\canon\camera~1\camera~1\STIREG~1.DLL "
mRunOnce: [c:\progra~1\canon\zoombr~2\stireg~1.dll] c:\windows\system32\regsvr32.exe /s "c:\progra~1\canon\zoombr~2\STIREG~1.DLL "
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Office Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\shaw secure\fsps\program\FSLSP.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\windows\system32\config\system~1\appdata\roaming\mozilla\firefox\profiles\aotoz5cw.default\
FF - component: c:\program files\shaw secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-2-14 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\shaw secure\hips\drivers\fshs.sys [2010-2-14 68064]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-11-2 35792]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-11-2 71040]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\shaw secure\anti-virus\minifilter\fsvista.sys [2008-11-2 12384]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\shaw secure\anti-virus\fsgk32st.exe [2008-11-2 215648]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-5 361808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2008-11-2 113856]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2010-2-14 55992]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-6-3 35816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-11 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-5 193840]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-6-3 24416]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2008-11-2 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2008-11-2 25184]

=============== Created Last 30 ================

2010-06-05 18:28:48 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-05 18:28:31 0 d-----w- c:\program files\Panda Security
2010-06-05 07:41:21 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\Malwarebytes
2010-06-05 07:41:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-05 07:41:12 0 d-----w- c:\programdata\Malwarebytes
2010-06-05 07:41:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-05 07:41:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 05:45:51 0 d-sh--r- C:\desktop.ini
2010-06-04 05:45:51 0 d-sh--r- C:\comment.htt
2010-06-04 05:45:51 0 d-sh--r- C:\autorun.inf
2010-06-04 05:00:09 0 d-----w- c:\windows\system32\catroot2
2010-06-04 01:08:54 0 d-----w- c:\windows\RestoreSafeDeleted
2010-06-04 00:57:16 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-06-04 00:44:05 2 --shatr- c:\windows\winstart.bat
2010-06-04 00:43:53 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-06-04 00:43:52 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-06-04 00:43:32 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-06-04 00:43:21 0 d-----w- c:\program files\UnHackMe
2010-06-03 16:31:17 0 ----a-w- C:\div9388.tmp
2010-06-03 16:31:14 0 ----a-w- C:\div888F.tmp
2010-06-03 05:19:04 0 d-----w- C:\$regrest
2010-06-03 05:08:56 0 d-----w- c:\programdata\Hitman Pro
2010-05-20 04:03:53 0 d-----w- c:\program files\common files\PX Storage Engine

==================== Find3M ====================

2010-06-05 18:20:36 683776 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-05 18:20:36 135064 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-05 18:19:23 127444 ----a-w- c:\programdata\nvModes.dat
2010-01-19 07:20:07 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-01-19 07:20:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-19 07:20:04 86016 ----a-w- c:\windows\inf\infstor.dat
2009-01-26 01:45:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-08-05 10:34:31 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-08-05 10:34:31 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-08-05 10:34:31 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-08-05 10:34:31 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-03 00:54:02 22 --sha-w- c:\windows\sminst\HPCD.sys
2008-08-05 10:37:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:03:29.96 ===============