Hello everybody. I need some help cleaning up my daughter's laptop. She had installed Kazaa, and it was full of searchbars, gators, gains, you name it. I convinced her to get rid of it, then ran Spybot and tried to do some cleaning, but I'm afraid this is too much for me. I'm posting a hijackthis log, and need advice. Thank you in advance.

Logfile of HijackThis v1.97.7
Scan saved at 13:08:44, on 22/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\ARCHIV~1\Launch Manager\LaunchAp.exe
C:\ARCHIV~1\Launch Manager\PowerKey.exe
C:\ARCHIV~1\Launch Manager\HotkeyApp.exe
C:\ARCHIV~1\Launch Manager\CtrlVol.exe
C:\ARCHIV~1\Launch Manager\Wbutton.exe
C:\Archivos de programa\Acer\Notebook Manager\almxptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\ltmoh\Ltmoh.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\ARCHIV~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\ARCHIV~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\ARCHIV~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\ARCHIV~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\ARCHIV~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Archivos de programa\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F35F808-3273-43FB-A4F1-BB0D47982300}: NameServer = 80.58.0.33,80.58.32.97

Hi yolagp,

It looks like you did a pretty good job of cleaning it up. Others might see things that I'm missing though.

If she doesn't use MS Office much you might want to have HJT fix this entry:

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

It's considered a resource hog and doesn't need to run at startup. Of course, if she uses it often let it stay.

If your daughter really wants to continue with P2P file sharing, she might want to consider using WinMX. No viruses or spyware...:)

Steve is right, you log looks clean... If you are still having problems there are a couple of other scans we can try.....

Yes,
I would do an online trojan scan.

Thank you for your replies. I will do an online scan. Is GFI Trojanscan engine ok?

I don't know that one, but you might try mjc's list of AV/AntiTrojans on the top of this Applications and Security Forum. If it is on Wilders site it is probably OK. IMHO
:D

You could also run an online virus scan just to be sure.... There are a couple in my links and more in mjc's security thread....

I followed your instructions, scanned for trojans once, updated Norton and renewed subscription, scanned for viruses also with Trend Housecall, and seems everything is clean. She wants to go on with file sharing, so I installed Emule (she didn't like Winmx). Everything looks fine now. Let's hope it lasts. Thank you all for your help and advice.