This is my highjackthis log after running, adaware & spybot. I am not able to update my windows xp , when i access windows update the "install updates " is greyed out, and so is the "installation history

Logfile of HijackThis v1.99.0
Scan saved at 5:09:59 PM, on 1/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\program files\Telstra\Signup\tbpt.exe
H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
H:\Program Files\PopUp Killer\PopUpKiller.EXE
H:\Vet\VetTray.exe
H:\Program Files\QuickTime\qttask.exe
H:\WINDOWS\System32\RUNDLL32.EXE
H:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
H:\WINDOWS\System32\rundll32.exe
H:\PROGRA~1\Webshots\webshots.scr
H:\Vet\isafe.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
H:\WINDOWS\System32\svchost.exe
H:\Vet\VetMsg.exe
E:\g\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
http://ls0.net/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://ls0.net/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=127.0.0.1:1080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E0715207-F0E3-3236-6233-7B76E86CE91E} - H:\WINDOWS\system32\appoq32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
H:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
H:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\ycomp5_5 _7_0.dll
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] H:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [PopUpKiller] H:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [VetTray] H:\Vet\VetTray.exe
O4 - HKLM\..\Run: [NeroCheck] H:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] H:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ViewMgr] H:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [MSSVC] "H:\WINDOWS\System32\svcsys.exe" 8192
O4 - HKCU\..\Run: [Generic Host Process32 System Backup] scvhost32d.exe
O4 - Startup: Webshots.lnk = H:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm185XXUS
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - H:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Richfind - {FF2E587B-4F16-427E-8BB3-6C4C364E4923} - H:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .mpeg: H:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: H:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {0296A2DC-0718-40F7-6472-5EF3290FAD79} - http://82.179.166.72/1/rdgAU208.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mhtml!http://81.9.3.86//scripts//dw//chm.chm?id=vad::/win.exe
O16 - DPF: {2F79C2C5-7A39-05A9-486B-1E9A4EF4C7A9} - http://82.179.166.72/1/rdgAU208.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...b_site.cab?110
0242696000
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/au/games4.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/AU618_102.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O23 - Service: CA ISafe - Computer Associates International, Inc. - H:\Vet\isafe.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPPoE Service - Unknown - H:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - H:\Vet\VetMsg.exe

1. Download AboutBuster http://www.downloads.subratam.org/AboutBuster.zip

Unzip it to your desktop but don't run it yet.

2. Download Ad-aware from here. Open the Ad-aware program and near the bottom click the Check For Updates link. This will open the update manager. Follow the prompts to update your Ad-aware Reference File. Close Ad-aware for now, we will use it later.

3. You may want to print out these instructions for further reference when completing the following steps.

4. Ensure you are showing Hidden Files and Folders as per instructions here.

5. Then reboot your PC into Safe Mode. If you don't know how to do this, see here for further instructions.

6. Restart Hijack This and put a checkmark next to the following entries and click Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
http://ls0.net/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://H:\WINDOWS\system32\ozejs.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://ls0.net/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E0715207-F0E3-3236-6233-7B76E86CE91E} - H:\WINDOWS\system32\appoq32.dll (file missing)
O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [MSSVC] "H:\WINDOWS\System32\svcsys.exe" 8192
O4 - HKCU\..\Run: [Generic Host Process32 System Backup] scvhost32d.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZRxdm185XXUS
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {0296A2DC-0718-40F7-6472-5EF3290FAD79} - http://82.179.166.72/1/rdgAU208.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mhtml!http://81.9.3.86//scripts//dw//chm.chm?id=vad::/win.exe
O16 - DPF: {2F79C2C5-7A39-05A9-486B-1E9A4EF4C7A9} - http://82.179.166.72/1/rdgAU208.exe
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/AU618_102.exe

Then delete the following files and folders. Search for and delete files without a specific location:

H:\WINDOWS\System32\svcsys.exe
vsmon.exe
scvhost32d.exe

7. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

8. Scan with Adaware and let it remove any bad files found.

9. Download SSS from here. Run the program and on the items to clear tab select both "Temporary Files" options and the "Recycle Bin" option. Then click Clear Selected Items.

10. Reboot to normal mode

11. Finally, pay a visit to Housecall. Scan for and remove any infected files found on your system.

Post a fresh HijackThis log and the AboutBuster report back here please.

Thank you for the quick reply to my about blank problem. Looks like i managed to get rid of it with the instructions and programs i saw at your forum. Phewwww !!!! . Seems to be gone now. I will print out the instructions anyway, just in case.

Thank you . Wilpen