LOST ?

Sons and Nephews,should listen to their elders,and not venture into dangerous waters,but they do not listen.this PC has been infected,and hijacked with some malware that redirects the web searches to their own sites.
I have tried the regular disinfection technique,but I gotten nowhere.
1)it disabled my installed MalwareBytes software,and it will not allow me to reintall it.
2) I ran SuperantiSpyware,and foun a couple of trojans,and supposedely removed them, I will post an scan later.
3) AVG Free edition,found a couple of trojans and supposedely removed them.
4) Ran SmithFraudFix,and I am posting the Log
5) Ran gMer,and did not finish,I will post that Log
6) I tried to install ComboFix,and it would not let me install it!
7) I ran HijackThis,and I am posting the Log after all the other scans.

Your assistance with this sick “puppy” will be greatly appreciated. ???
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:13, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21115)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\vista aero\TrueTransparency.exe
C:\SmithFraudFix\SmitfraudFix\Policies.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM..\Run: [Lexmark 4200 Series] “C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [relasupar] Rundll32.exe “c:\windows\system32\kavunize.dll”,a
O4 - HKCU..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”
O4 - HKCU..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU..\Run: [Google Update] “C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU..\Run: [upsqCMP] rundll32.exe “C:\Documents and Settings\Administrator\Local Settings\Application Data\upsqCMP\upsqCMP.dll”, DllInit
O4 - HKUS\S-1-5-19..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\RunOnce: [VistaDrives®] %Windir%\ABioDESK\Vistadrive\vsdrv.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘Default user’)
O4 - HKUS.DEFAULT..\RunOnce: [VistaDrives®] %Windir%\ABioDESK\Vistadrive\vsdrv.exe (User ‘Default user’)
O4 - Global Startup: TrueTransparency.lnk = C:\Program Files\vista aero\TrueTransparency.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\kavunize.dll,fuyizeve.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: wohivepew - {ea2ffb6e-0b6c-4cdb-9837-4d40990d73ae} - c:\windows\system32\kavunize.dll
O22 - SharedTaskScheduler: jugezatag - {ea2ffb6e-0b6c-4cdb-9837-4d40990d73ae} - c:\windows\system32\kavunize.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

–
End of file - 7528 bytes

SmitFraudFix v2.424

Scan done at 18:15:23.57, Fri 12/11/2009
Run from C:\SmithFraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\vista aero\TrueTransparency.exe
C:\SmithFraudFix\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-11 12:20:13
Windows 5.1.2600 Service Pack 3
Running: 8khynuy6.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdipow.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF73A40D0]
SSDT sptd.sys ZwEnumerateKey [0xF73A9FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF73AA340]
SSDT sptd.sys ZwOpenKey [0xF73A40B0]
SSDT sptd.sys ZwQueryKey [0xF73AA418]
SSDT sptd.sys ZwQueryValueKey [0xF73AA298]
SSDT sptd.sys ZwSetValueKey [0xF73AA4AA]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF679E380, 0x5414D5, 0xE8000020]
.text USBPORT.SYS!DllUnload F66E18AC 5 Bytes JMP 86EA21C8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F73BB06C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73BB018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73DD9AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F73BB06C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73A4AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73A4C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73A4B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73A5748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73A561E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73BA29A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FD11E8
Device \FileSystem\Fastfat \FatCdrom 86944790
Device \Driver\NetBT \Device\NetBT_Tcpip_{5FFB9F28-4014-4F75-ADFB-CBCA53D23482} 869591E8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 86EA11E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F671E8
Device \Driver\dmio \Device\DmControl\DmConfig 86F671E8
Device \Driver\dmio \Device\DmControl\DmPnP 86F671E8
Device \Driver\dmio \Device\DmControl\DmInfo 86F671E8
Device \Driver\usbuhci \Device\USBPDO-1 86EA11E8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD31E8
Device \Driver\Cdrom \Device\CdRom0 86F35790
Device \Driver\Cdrom \Device\CdRom1 86F35790
Device \Driver\atapi \Device\Ide\IdePort0 [F72F8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F72F8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72F8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F72F8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F72F8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F72F8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 869591E8
Device \Driver\NetBT \Device\NetbiosSmb 869591E8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{06211B70-46EB-43EE-BE04-92D6D314E899} 869591E8

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 86EA11E8
Device \Driver\usbuhci \Device\USBFDO-1 86EA11E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8694B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8694B1E8
Device \Driver\Ftdisk \Device\FtControl 86FD31E8
Device \FileSystem\Fastfat \Fat 86944790

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86927790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5E 0x36 0x0A 0xA1 …
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5E 0x36 0x0A 0xA1 …

---- EOF - GMER 1.0.15 ----

SUPERAntiSpyware Scan Log

Generated 12/10/2009 at 04:33 PM

Application Version : 4.31.1000

Core Rules Database Version : 3469
Trace Rules Database Version: 1803

Scan type : Complete Scan
Total Scan Time : 03:32:26

Memory items scanned : 222
Memory threats detected : 0
Registry items scanned : 6652
Registry threats detected : 6
File items scanned : 118509
File threats detected : 0

Trojan.Unclassified/C00-WL
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY__C0072400
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY__C0072400#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY__C0072400#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY__C0072400#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY__C0072400#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY__C0072400#Logon

Let’s start with this

It’s called a-squared free

download it ----> update it -----> run it ------> and then most importantly clean it

after running this, post a new highjack this log.
I’ll look at it in the morning

P.S. do you use skype???

You can start with updating java
http://download.java.net/jdk6/binaries/
jre-6u18-ea-bin-b05-windows-i586-18_nov_2009.exe, 14.53 MB (MD5 Checksum) <—choose this

I’ve seen this before
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll <—delete this

Do you use googletoolbar
Do you you skype
Please run a-squared-free then post a new hijack this log (I’m asking this because some malware uses the same name as actual software and it would be easier to help you)

Sons and Nephews,should listen to their elders,and not venture into dangerous waters,but they do not listen

There's one solution to this 1) Change the password for the administrator account 2) Create a guest account click start ---> control panal --->user accounts ---> add a guest account

With the guest account, they can still do stuff online, but they CAN’T download software OR do major changes with out the administrator password. They can still use Microsoft word or any other program ALREADY installed, save files and stuff (like for school and other projects ) add movies/music from the cd/dvd plaver etc

This should solve your problems in the future

Ok Guys: Thanks for your responses.
I scan the computer with A-Squared,and I will be posting the Log.But,first,I want to tell you what else I have been trying to solve this predicament,these “%*? !!!” got me into.This is a Doozy,thes hackers are getting more,and more sophisticated for their own sake!
Anyhow! I ran Symantec VundoFix,it told me it could not find any trojans?
I tried to remove the following items,that “HijackThis” found in one of the scans,they all belong to the “kavunise trojan family”,not even in Safe Mode I could remove them.The same with those I found on the Windows\System32 folder.
I am going to continue fighting,since we can not let,those “Illegitimus” hackers win the battle.
FOUND THESE AFTER A HIJACKTHIS SCAN!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM..\Run: [relasupar] Rundll32.exe “c:\windows\system32\kavunize.dll”,a

O20 - AppInit_DLLs: c:\windows\system32\kavunize.dll,fuyizeve.dll

O21 - SSODL: wohivepew - {ea2ffb6e-0b6c-4cdb-9837-4d40990d73ae} - c:\windows\system32\kavunize.dll

O22 - SharedTaskScheduler: jugezatag - {ea2ffb6e-0b6c-4cdb-9837-4d40990d73ae} - c:\windows\system32\kavunize.dll

WINDOWS\SYSTEM32 FOLDER

c:\windows\system32\kavunize.dll
c:\windows\system32\kavunize.dll,fuyizeve.dll

Locate and delete this one too; fuyizeve.dll

Here it is the A-Square Log:

-squared Free - Version 4.5
Last update: N/A

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:, F:
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 12/12/2009 12:46:31 PM

c:\documents and settings\all users\start menu\programs\trojan guarder gold version detected: Trace.Directory.Trojan Guarder!A2
c:\program files\trojan guarder gold version detected: Trace.Directory.Trojan Guarder!A2
c:\program files\fdrlab detected: Trace.Directory.Windows Password Cracker 3.0!A2
c:\program files\bittorrent detected: Trace.Directory.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent detected: Trace.Directory.Bittorrent 5.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Living Marine Aquarium Screen Saver → DisplayIcon detected: Trace.Registry.Living Marine Aquarium Screen Saver 1.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Living Marine Aquarium Screen Saver → DisplayName detected: Trace.Registry.Living Marine Aquarium Screen Saver 1.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Living Marine Aquarium Screen Saver → DisplayVersion detected: Trace.Registry.Living Marine Aquarium Screen Saver 1.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Living Marine Aquarium Screen Saver → HelpLink detected: Trace.Registry.Living Marine Aquarium Screen Saver 1.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Living Marine Aquarium Screen Saver → Publisher detected: Trace.Registry.Living Marine Aquarium Screen Saver 1.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Living Marine Aquarium Screen Saver → UninstallString detected: Trace.Registry.Living Marine Aquarium Screen Saver 1.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Living Marine Aquarium Screen Saver → URLInfoAbout detected: Trace.Registry.Living Marine Aquarium Screen Saver 1.0!A2
Value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent → Order detected: Trace.Registry.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\trojan guarder gold version\help.lnk detected: Trace.File.Trojan Guarder!A2
c:\documents and settings\all users\start menu\programs\trojan guarder gold version\trojan guarder gold version.lnk detected: Trace.File.Trojan Guarder!A2
c:\documents and settings\all users\start menu\programs\trojan guarder gold version\visit our site.lnk detected: Trace.File.Trojan Guarder!A2
c:\program files\trojan guarder gold version\hook.dll detected: Trace.File.Trojan Guarder!A2
c:\program files\trojan guarder gold version\products.htm detected: Trace.File.Trojan Guarder!A2
c:\program files\trojan guarder gold version\trojan guarder help.chm detected: Trace.File.Trojan Guarder!A2
c:\program files\trojan guarder gold version\trojan guarder.exe detected: Trace.File.Trojan Guarder!A2
c:\program files\trojan guarder gold version\trojan.update detected: Trace.File.Trojan Guarder!A2
c:\program files\trojan guarder gold version\visit our site.url detected: Trace.File.Trojan Guarder!A2
c:\program files\bittorrent\bittorrent.exe detected: Trace.File.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent\bittorrent.lnk detected: Trace.File.Bittorrent 5.0!A2
c:\documents and settings\administrator\desktop\bittorrent.lnk detected: Trace.File.Bittorrent 5.0!A2
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ac detected: Trace.Registry.Ace Password Sniffer 1.4!A2
Value: HKEY_CLASSES_ROOT\CLSID{51131DA7-1D24-40E5-AE07-5E3750F5DE3C}\InprocServer32 → ThreadingModel detected: Trace.Registry.Internet Cleanup 5.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{51131DA7-1D24-40E5-AE07-5E3750F5DE3C}\InprocServer32 → ThreadingModel detected: Trace.Registry.Internet Cleanup 5.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan Guarder Gold Version_is1 → DisplayIcon detected: Trace.Registry.Trojan Guarder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan Guarder Gold Version_is1 → DisplayName detected: Trace.Registry.Trojan Guarder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan Guarder Gold Version_is1 → Inno Setup: App Path detected: Trace.Registry.Trojan Guarder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan Guarder Gold Version_is1 → Inno Setup: Icon Group detected: Trace.Registry.Trojan Guarder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan Guarder Gold Version_is1 → Inno Setup: Setup Version detected: Trace.Registry.Trojan Guarder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan Guarder Gold Version_is1 → Inno Setup: User detected: Trace.Registry.Trojan Guarder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan Guarder Gold Version_is1 → UninstallString detected: Trace.Registry.Trojan Guarder!A2
C:\All Downloads\Black Ice Internet Security\ISS.BlackICE.PC.Protection.v3.6.crg.Incl.Keymaker-CORE.rar/keygen.exe detected: Virus.Win32.Agent!IK
C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39865.8270996065.WCU/BIT5.tmp detected: Trojan.Spammer!IK
C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39865.8270996065.WCU/BIT8.tmp detected: Trojan.Spammer!IK
C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39865.8270996065.WCU/BITB.tmp detected: Trojan.Spammer!IK
C:\Documents and Settings\Administrator\My Documents\Downloads\Lotto 2007\Lotto 2\Lotto Creo Professional v5.0\cjx0213a.rar/keygen.exe detected: Riskware.Keygen.LottoCreo!IK
C:\Documents and Settings\Administrator\My Documents\Downloads\Lotto 2007\Lotto_Creo_Professional_v5.0.rar/keygen.exe detected: Riskware.Keygen.LottoCreo!IK
C:\Documents and Settings\Administrator\My Documents\Downloads\Lotto 2007\Lotto_Creo_Professional_v5.0.rar/lc_setup.exe detected: Riskware.Keygen.LottoCreo!IK
C:\Downloads May 09\Adobe CS4 Master Collection\Adobe CS4 Keygen & Activation.zip/Adobe CS4 Master Collection Keygen.exe detected: Riskware.Keygen.Adobe!IK
C:\Downloads May 09\Adobe CS4 Master Collection\Adobe CS4 Keygen & Activation.zip/disable_activation.cmd detected: Riskware.patch.Adobe!IK
C:\Downloads May 09\Honestech VHS to DVD 3.0 Deluxe\PATCH\Patch.exe detected: Riskware.Patch.VHStoDVD!IK
C:\Downloads May 09\Honestech VHS to DVD 3.0 Deluxe + ■■■■■ [App][Ingles][www.zonatorrent.com].rar/Patch.exe detected: Riskware.Patch.VHStoDVD!IK
C:\Downloads May 09\Honestech VHS to DVD 3.0 Deluxe + ■■■■■ [App][Ingles][www.zonatorrent.com].rar/data1.cab detected: Riskware.Patch.VHStoDVD!IK
C:\DVD Players\DVD XcOPY\dvdnextcopy3.ult.3041.res.rar/DVDneXtCOPY3.Ultimate.v3.0.4.1-RES-patch.exe detected: Trojan.Generic!IK
C:\DVD Players\DVD XcOPY\dvdnextcopy3.ult.3041.res.rar/RESURRECTiON.nfo detected: Trojan.Generic!IK
C:\Lotto Pro\Lotto Pro\Lotto Pro 6.72\■■■■■\ArmAccess.dll detected: Riskware.■■■■■.Registry-Mechanic!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\ADVD_6.1.7.0.rar/Keygen.exe detected: Riskware.patch.AnyDVD!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_audio.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_copy.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_data.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_erase.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_multierase.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\Error Smart Repair\Error_Smart_2.7.2861.900_SAW.rar/Patch by DCrack.exe detected: Backdoor.Pigeon!IK
C:\Matsunichi Drive 10 23 08\Error Smart Repair\Error_Smart_2.7.2861.900_SAW.rar/setupxv.exe detected: Riskware.FraudTool.Win32.ErrorSmart!IK
C:\Matsunichi Drive 10 23 08\New Trojan Remover with Patch\TroanRmvr.rar/rmt.dta detected: Trojan.Win32.AgentBypass!IK
C:\Matsunichi Drive 10 23 08\SIM Card Data Recovery Software\sim-card.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\System Volume Information_restore{03294F2B-90A0-4C02-BEC7-6D2C7697C8EF}\RP4\A0000380.exe detected: Riskware.patch.AnyDVD!IK
C:\Matsunichi Drive 10 23 08\Trojan Hunter 4\Trojan Hunter 4.2\4xx_2006_03_09 Update Files\Gen.dll detected: Trojan.Win32.Zapchast!IK
C:\Matsunichi Drive Files 08\DVD Santa\DVDSanta 4.0.6001 Retail\setup.exe detected: Trojan.Generic!IK
C:\Matsunichi Drive Files 08\Error Smart Repair\Error_Smart_2.7.2861.900_SAW.rar/Patch by DCrack.exe detected: Backdoor.Pigeon!IK
C:\Matsunichi Drive Files 08\Error Smart Repair\Error_Smart_2.7.2861.900_SAW.rar/setupxv.exe detected: Riskware.FraudTool.Win32.ErrorSmart!IK
C:\Matsunichi Drive Files 08\SIM Card Data Recovery Software\sim-card.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{03294F2B-90A0-4C02-BEC7-6D2C7697C8EF}\RP4\A0000380.exe detected: Riskware.patch.AnyDVD!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026227.dll detected: Trojan.Win32.Zapchast!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026254.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026255.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026256.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026259.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026264.exe detected: Trojan-Spy.Win32.Banbra!IK
C:\More Downloads 03 09\CellPhone Unlocker 1\Unlock Code Generator (Handy)\Uni Calc.exe detected: Trojan-Downloader.Win32.VB.afg!IK
C:\More Downloads 03 09\CellPhone Unlocker 1\Unlock_Code_Generator__Handy_.rar/Uni Calc.exe detected: Trojan-Downloader.Win32.VB.afg!IK
C:\More Programs\Black Ice Internet Security\ISS.BlackICE.PC.Protection.v3.6.crg.Incl.Keymaker-CORE.rar/keygen.exe detected: Virus.Win32.Agent!IK
C:\More Programs\New Trojan Remover with Patch\TroanRmvr.rar/rmt.dta detected: Trojan.Win32.AgentBypass!IK
C:\More Programs\Webroot Spysweeper V_6.1.rar/SpySweeper_Setup_EN.exe detected: Trojan.Crypt!IK
C:\New Downloads 01 09\Abbyy Fine Reader\Webroot Spysweeper V_6.1.rar/SpySweeper_Setup_EN.exe detected: Trojan.Crypt!IK
C:\New Downloads 01 09\Multilanguage translator\387MT.rar/Patch.exe detected: Virus.Win32.Delf.ICC!IK
C:\New Downloads 01 09\Windows Key Generator\2\Windows_XP_CD_Key_and_Product_ID_Changer.zip/Windows XP CD Key and Product ID Changer.exe detected: Riskware.Hacktool.Win32.WXP-PID-changer!IK
C:\PNY F\InkSaver\InkSaver.2.Retail.eng+keygen.by.Zoid\keygen\keygen.exe detected: Riskware.Keygen.InkSaver!IK
C:\Program Files\ISOpen\StdVcl40.dll detected: Trojan-Banker.Win32.Banker!IK
C:\Program Files\Multimedia\Audio Utilities\MP3Tools\Other\Mp3FileNameRectifier.exe detected: Trojan.Generic!IK
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe detected: Trojan.Win32.Agent!IK
C:\Program Files\Utilities\RegShot\Regshot.exe detected: Riskware.AdWare.Win32.WinAD!IK
C:\Program Files\Windows Sidebar\sidebar.exe detected: Trojan.Win32.Patched!IK
C:\Program Files\Windows Sidebar\wlsrvc.dll detected: Trojan.Win32.Patched!IK
C:\SmithFraudFix\SmitfraudFix\Reboot.exe detected: Riskware.RiskTool.Win32.Reboot.f!A2
C:\Supporting Programs\Customization\WindowBlinds Skins & Suites\SatinXP_WB6_by_TechErrant\SatinXp-WB6\Needed\LS Patch\LSPatch.exe detected: Riskware.RiskTool.Win32.CloseApp!IK
C:\Supporting Programs\Programs\Your Uninstaller 2008 Pro.rar/Keygen.exe detected: Riskware.keygen.UninstallerPro!IK
C:\WINDOWS\restart.exe detected: Riskware.RiskTool.Win32.Shutdown!IK

Scanned

Files: 95277
Traces: 365065
Cookies: 0
Processes: 11

Found

Files: 60
Traces: 35
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 12/12/2009 11:08:54 PM
Scan time: 10:22:23

C:\Program Files\Windows Sidebar\sidebar.exe Deleted Trojan.Win32.Patched!IK
C:\Program Files\Windows Sidebar\wlsrvc.dll Deleted Trojan.Win32.Patched!IK
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe Deleted Trojan.Win32.Agent!IK
C:\Program Files\ISOpen\StdVcl40.dll Deleted Trojan-Banker.Win32.Banker!IK
C:\New Downloads 01 09\Multilanguage translator\387MT.rar/Patch.exe Deleted Virus.Win32.Delf.ICC!IK
C:\More Programs\Webroot Spysweeper V_6.1.rar/SpySweeper_Setup_EN.exe Deleted Trojan.Crypt!IK
C:\New Downloads 01 09\Abbyy Fine Reader\Webroot Spysweeper V_6.1.rar/SpySweeper_Setup_EN.exe Deleted Trojan.Crypt!IK
C:\More Downloads 03 09\CellPhone Unlocker 1\Unlock Code Generator (Handy)\Uni Calc.exe Deleted Trojan-Downloader.Win32.VB.afg!IK
C:\More Downloads 03 09\CellPhone Unlocker 1\Unlock_Code_Generator__Handy_.rar/Uni Calc.exe Deleted Trojan-Downloader.Win32.VB.afg!IK
C:\Matsunichi Drive 10 23 08\Trojan Hunter 4\Trojan Hunter 4.2\4xx_2006_03_09 Update Files\Gen.dll Deleted Trojan.Win32.Zapchast!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026227.dll Deleted Trojan.Win32.Zapchast!IK
C:\Matsunichi Drive 10 23 08\New Trojan Remover with Patch\TroanRmvr.rar/rmt.dta Deleted Trojan.Win32.AgentBypass!IK
C:\More Programs\New Trojan Remover with Patch\TroanRmvr.rar/rmt.dta Deleted Trojan.Win32.AgentBypass!IK
C:\Matsunichi Drive 10 23 08\Error Smart Repair\Error_Smart_2.7.2861.900_SAW.rar/Patch by DCrack.exe Deleted Backdoor.Pigeon!IK
C:\Matsunichi Drive Files 08\Error Smart Repair\Error_Smart_2.7.2861.900_SAW.rar/Patch by DCrack.exe Deleted Backdoor.Pigeon!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_audio.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_copy.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_data.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_erase.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_multierase.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive 10 23 08\SIM Card Data Recovery Software\sim-card.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\SIM Card Data Recovery Software\sim-card.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026254.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026255.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026256.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026259.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\Matsunichi Drive Files 08\System Volume Information_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026264.exe Deleted Trojan-Spy.Win32.Banbra!IK
C:\DVD Players\DVD XcOPY\dvdnextcopy3.ult.3041.res.rar/DVDneXtCOPY3.Ultimate.v3.0.4.1-RES-patch.exe Deleted Trojan.Generic!IK
C:\Matsunichi Drive Files 08\DVD Santa\DVDSanta 4.0.6001 Retail\setup.exe Deleted Trojan.Generic!IK
C:\Program Files\Multimedia\Audio Utilities\MP3Tools\Other\Mp3FileNameRectifier.exe Deleted Trojan.Generic!IK
C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39865.8270996065.WCU/BIT5.tmp Deleted Trojan.Spammer!IK
C:\All Downloads\Black Ice Internet Security\ISS.BlackICE.PC.Protection.v3.6.crg.Incl.Keymaker-CORE.rar/keygen.exe Deleted Virus.Win32.Agent!IK
C:\More Programs\Black Ice Internet Security\ISS.BlackICE.PC.Protection.v3.6.crg.Incl.Keymaker-CORE.rar/keygen.exe Deleted Virus.Win32.Agent!IK

Deleted

Files: 43
Traces: 0
Cookies: 0

Quarantined

Files: 7
Traces: 0
Cookies: 0

Quarantined

Thanks again guys! ???

I am sorry.I forgot to post the latest HijackThis Log.
I am posting in hers!
Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:21, on 12/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21115)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\vista aero\TrueTransparency.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM..\Run: [Lexmark 4200 Series] “C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [relasupar] Rundll32.exe “c:\windows\system32\kavunize.dll”,a
O4 - HKCU..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”
O4 - HKCU..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU..\Run: [Google Update] “C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU..\Run: [upsqCMP] rundll32.exe “C:\Documents and Settings\Administrator\Local Settings\Application Data\upsqCMP\upsqCMP.dll”, DllInit
O4 - HKUS\S-1-5-19..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\RunOnce: [VistaDrives®] %Windir%\ABioDESK\Vistadrive\vsdrv.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘Default user’)
O4 - HKUS.DEFAULT..\RunOnce: [VistaDrives®] %Windir%\ABioDESK\Vistadrive\vsdrv.exe (User ‘Default user’)
O4 - Global Startup: TrueTransparency.lnk = C:\Program Files\vista aero\TrueTransparency.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: fuyizeve.dll c:\windows\system32\kavunize.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: wohivepew - {ea2ffb6e-0b6c-4cdb-9837-4d40990d73ae} - c:\windows\system32\kavunize.dll
O22 - SharedTaskScheduler: jugezatag - {ea2ffb6e-0b6c-4cdb-9837-4d40990d73ae} - c:\windows\system32\kavunize.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

–
End of file - 7653 bytes

Let me explain the about some of the software from what has been downloaded

C:\Program Files\Windows Sidebar\sidebar.exe Deleted Trojan.Win32.Patched!IK C:\Program Files\Windows Sidebar\wlsrvc.dll Deleted Trojan.Win32.Patched!IK C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe Deleted Trojan.Win32.Agent!IK C:\Program Files\ISOpen\StdVcl40.dll Deleted Trojan-Banker.Win32.Banker!IK C:\New Downloads 01 09\Multilanguage translator\387MT.rar/Patch.exe Deleted Virus.Win32.Delf.ICC!IK C:\More Programs\Webroot Spysweeper V_6.1.rar/SpySweeper_Setup_EN.exe Deleted Trojan.Crypt!IK C:\New Downloads 01 09\Abbyy Fine Reader\Webroot Spysweeper V_6.1.rar/SpySweeper_Setup_EN.exe Deleted Trojan.Crypt!IK C:\More Downloads 03 09\CellPhone Unlocker 1\Unlock Code Generator (Handy)\Uni Calc.exe Deleted Trojan-Downloader.Win32.VB.afg!IK C:\More Downloads 03 09\CellPhone Unlocker 1\Unlock_Code_Generator__Handy_.rar/Uni Calc.exe Deleted Trojan-Downloader.Win32.VB.afg!IK C:\Matsunichi Drive 10 23 08\Trojan Hunter 4\Trojan Hunter 4.2\4xx_2006_03_09 Update Files\Gen.dll Deleted Trojan.Win32.Zapchast!IK C:\Matsunichi Drive Files 08\System Volume Information\_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026227.dll Deleted Trojan.Win32.Zapchast!IK C:\Matsunichi Drive 10 23 08\New Trojan Remover with Patch\TroanRmvr.rar/rmt.dta Deleted Trojan.Win32.AgentBypass!IK C:\More Programs\New Trojan Remover with Patch\TroanRmvr.rar/rmt.dta Deleted Trojan.Win32.AgentBypass!IK C:\Matsunichi Drive 10 23 08\Error Smart Repair\Error_Smart_2.7.2861.900_SAW.rar/Patch by DCrack.exe Deleted Backdoor.Pigeon!IK C:\Matsunichi Drive Files 08\Error Smart Repair\Error_Smart_2.7.2861.900_SAW.rar/Patch by DCrack.exe Deleted Backdoor.Pigeon!IK C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_audio.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_copy.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_data.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_erase.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive 10 23 08\DVD Copiers\uNZIPPED\BurnAware.Professional.v2.0.0.600.WinAll.Cracked-l33t3r\■■■■■\burnaware_multierase.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive 10 23 08\SIM Card Data Recovery Software\sim-card.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive Files 08\SIM Card Data Recovery Software\sim-card.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive Files 08\System Volume Information\_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026254.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive Files 08\System Volume Information\_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026255.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive Files 08\System Volume Information\_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026256.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive Files 08\System Volume Information\_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026259.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\Matsunichi Drive Files 08\System Volume Information\_restore{6E2242D8-04C9-4B38-9BFD-627A7E07CFF1}\RP19\A0026264.exe Deleted Trojan-Spy.Win32.Banbra!IK C:\DVD Players\DVD XcOPY\dvdnextcopy3.ult.3041.res.rar/DVDneXtCOPY3.Ultimate.v3.0.4.1-RES-patch.exe Deleted Trojan.Generic!IK C:\Matsunichi Drive Files 08\DVD Santa\DVDSanta 4.0.6001 Retail\setup.exe Deleted Trojan.Generic!IK C:\Program Files\Multimedia\Audio Utilities\MP3Tools\Other\Mp3FileNameRectifier.exe Deleted Trojan.Generic!IK C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39865.8270996065.WCU/BIT5.tmp Deleted Trojan.Spammer!IK C:\All Downloads\Black Ice Internet Security\ISS.BlackICE.PC.Protection.v3.6.crg.Incl.Keymaker-CORE.rar/keygen.exe Deleted Virus.Win32.Agent!IK C:\More Programs\Black Ice Internet Security\ISS.BlackICE.PC.Protection.v3.6.crg.Incl.Keymaker-CORE.rar/keygen.exe Deleted Virus.Win32.Agent!IK

also

Deleted Trojan-Spy.Win32.Banbra!IK

Just to let you know, banbra is a banker trojan (one of the worst kinds), I seriously RECOMMEND you Reformat and reinstall windows because it can no longer be trusted. A banker trojan will monitor for personal information especially banking info and usernames and password (like e-mail or any place were you got to login (like at comodo for example) Those infections that were deleted are only the known ones that are already detected by anti-virus companys. Not to mention the ones that are not-detected. Not just the banker trojan, but you also have multi-able infections of various types of malware Again, I seriously RECOMMEND you Reformat and reinstall windows because it can no longer be trusted. I also know that this is not the answer your really looking for, but it's the right answer :'(

Let’s look at the infected pirated software

1. \ISS.BlackICE.PC.Protection.v3.6.crg.Incl.Keymaker <—this is a very ■■■■■■ firewall and I’m NOT just saying this because it’s a comodo forum either

2. trojan guarder gold version ← you should know that proper torrents will never be called (Gold edition) just a word to the wise. Not only that, I never even heard of “trojan guarder” ???

3. bittorrent.exe detected: Trace.File.Bittorrent 5.0!A2 <----Why don’t you use "utorrent or “vuze” for p2p software like most other people and it’s malware free and will cost NOTHING

4) detected: Trace.Directory.Windows Password Cracker 3.0!A2

who's going to ■■■■■ who's password :) I not going to say which proper ones to get :P

5) Trace.Registry.Ace Password Sniffer 1.4!A2

remeber this: Sons and Nephews,should listen to their elders. :-La I think the sons and nephews think they know it all and are using "wannbe hacker tools" I'm also going to guess that their going to install this and the other one " 4) " to ■■■■■ someone elses password on a different computer AND IT'S GOING TO INFECT THEIR COMPUTER TOO!!

6. SIM Card Data Recovery Software\sim-card.exe detected: Trojan-Spy.Win32.Banbra!IK <—This is the banker infection I was writing about eariler.

7. CellPhone Unlocker 1\Unlock Code Generator (Handy)\Uni Calc.exe detected: Trojan-Downloader.Win32.VB.afg!IK <— I don’t even know what to say about this

8. Business Logic\UWC\Backup\J39865.8270996065.WCU/BIT5.tmp detected: Trojan.Spammer!IK <—Why not use comodo backup, it’s free

9. Your Uninstaller 2008 Pro.rar/Keygen.exe detected <— why not use “revouninstaller” It’s free

10. Windows Key Generator\2\Windows_XP_CD_Key_and_Product_ID_Changer.zip <— I hope you you that 90% of these are bogus and infected

Lotto Pro 6.72\■■■■■\ArmAccess.dll detected: Riskware.■■■■■.Registry-Mechanic!IK

My personal favorite, Using an illegal activation method(■■■■■) to activate Lotto Pro, THE BEST PART IS THE "ILLEGAL ACTIVATION METHOD (■■■■■ A.KA. PATCH) IS FOR --{REGISTRY MECHANIC}--- Why not use "comodo system cleaner" it's free ;)

That’s all I’m going to write, Seriously reformat the computer and reinstall windows AND use a long password because your “sons and nephews” will propably try to ■■■■■ the administrator password and get the computer infected again. ALSO activate the “guest account for everybody else”

P.S. Some of this is propably not what you want to hear, but I’m explaining some of this stuff based on the hijack this log. With multiable infections, reformating it the only way to go

P.S.S. Feel free to print this out post and show your sons and nephews this, have them explain each of these especially number 4) and 5) :-TU

Hi Jay: I think you are correct.That PC is so much infected,that even if some of the spyware is cleaned up,always some leftover will remain. I will follow your reccomendations,and reformat the hard drive,and install a new Windows system.
I also will print the notice to the kids,so they will not venture again into murky waters.I am hoping,they would listen,but you you this new generation ,they think they are invincible.

Thanks again for your assistance!
Take care! ;D

A few thing to remember

1. Since your computer was infected, after installing windows, please change all your e-mail passwords and any site that requires one

I also will print the notice to the kids

Please ask for the reasons why they need a "password sniffer and a windows password decoder"

you this new generation ,they think they are invincible.

I'm generation X and we are invincible.

Please require people to use the “guest account” If anything like software is need. The administrator (propably you) will need to type in the password

I will follow your recomendations,and pass the message to the invincible kids.
Thanks again for your help,Jay.
Take care,and keep up the good work!
“COGITO ERGO SUM”