please help

this is my hijack this log---computer running real slow and cannot remove soem of the spyware.

Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Documents and Settings\David Davis\Desktop\RPADMIN.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Documents and Settings\David Davis\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\System32\wsaupdater.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

QT4HPOT = C:\Program Files\HPQ\One-Touch\OneTouch.EXE
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
WinFaxAppPortStarter = wfxsnt40.exe
AVG_CC = C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
RegProt = c:\documents and settings\david davis\desktop\regprot.exe /start
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
mswspl =
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CTRegRun = C:\WINDOWS\CTRegRun.EXE
CARPService = carpserv.exe
Windows SA = C:\Program Files\WindowsSA\omniscient.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
E6TaskPanel = "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\3DLOVE~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
EarthLink Popup Blocker - C:\Program Files\EarthLink TotalAccess\PnEL.dll - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\2_0_1browserhelper2.dll - {83DE62E0-5805-11D8-9B25-00E04C60FAF2}
(no name) - C:\Documents and Settings\All Users\Application Data\X0FF\X0FF1.dll - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83}
(no name) - C:\Documents and Settings\All Users\Application Data\x0ff\x0ff.dll - {D319662B-D5BF-4538-ADF3-8D3E36362608}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Backup.job
Backup1.job
Backup2.job

--------------------------------------------------

Enumerating Download Program Files:

[{00000EF1-0786-4633-87C6-1AA7A44296DA}]
CODEBASE = http://www.addictivetechnologies.net/DM0/cab/fr03tp.cab

[TSAEButton Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TSAEbutn.dll
CODEBASE = https://www.cwinsider.com/cwi/frntd/advantedge/TSAEButn.cab

[{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\BridgeX.dll
CODEBASE = http://public.windupdates.com/get_file.php?bt=ie&p=e92d611de8be57b7ce0f6e65a59b4aabd25fab1eca95e95258b5129dfa48e612c92bffd188f98fcbfa72f978f19fb906cb 2e72:5e17f82db4671e0d17ebad4bf17236ad

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[AimSp32 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\aimsp32.dll
CODEBASE = http://makeover.ivillage.co.uk/save/makeover.cab

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yahoo.com/dl/installs/yinst0401.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://software-dl.real.com/261ea779957350a59606/netzip/RdxIE601.cab

[Blockwerx Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BLOCKW~1.OCX
CODEBASE = http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

[Yahoo! Webcam Upload Wrapper]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yuplapp.dll
CODEBASE = http://chat.yahoo.com/cab/yuplapp.cab

[Wwlaunch Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wwlaunch.ocx
CODEBASE = http://mirror.worldwinner.com/games/shared/wwlaunch.cab

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
CODEBASE = http://63.243.21.114/activex/AxisCamControl.cab

[{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}]
CODEBASE = http://install.wildtangent.com/bgn/partners/earthlink/bounce/install.cab

[ClearStream Accelerator]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\csa.dll
CODEBASE = http://www.riversoftware.net/x0ff.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab

[{E62A47D8-74B1-4A93-963A-E5E43B7CC5C2}]
CODEBASE = http://www.zuvio.com/opnste/UCSearch.CAB

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,602 bytes
Report generated in 0.090 seconds

You posted a similar thread in the Windows forum. Please don't cross post and give people time to respond.

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site #1

or

HijackThis Download Site #2


Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers, Malware, & Spyware