My teenage son got keygen.exe from internet

After i came home from work, i noticed that my teenage son got keygen.exe from internet. I google it and saw that it is a back door virus. I immediately unhooked internet and used Process Monitor to see what it does. It opens hundreds of files and Win32 for god knows what reason. I used Ad-Aware 2007, Spy boat and AVG Free edition to detect malwares or viruses, but all the test results said that my pc is clean. I did online Panda Active Scan test and results was clean too.
My question is i am really clean? I have my credit card information under a Master password (i use Firefox.)
Should i change all my passwords? But if i am not clean and even if i change the passwords some thing again, I guess.
Please advice.
Thanks.

 

Please check my logs to see if i am really clean

I followed the instructions to clean my pc. None of the scans detect any threat but please check my logs. April 25th was the date my son downloaded keygen.exe
Thanks all in advance

 

More Logs

Thanks

 

Hi chrisalvin2005,
Welcome to the Malware Forum!

Your logs are clean. I have some very small changes you can make for the benefit of your computer. How keygen.exe came into your computer matters and where it installed would give youi more information as to whether it was harmful or not. It seems like you picked it up fairly quickly. How did you notice it? Did your antivirus give you an alert? Do you think you caught it prior to a reboot?

Please do the following:

1) Please disable your guest account if this hasn't already been done.

2) Go to add/remove programs and uninstall the below:

- Java(TM) 6 Update 5

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


6) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java_Save\jre1.6.0_05\bin\jusched.exe"

After you click fix, just close hijackthis.

7) Now run CCleaner at the default setting with the Windows tab as the top one.

8) After you finish the above, please go through the final cleanup steps:

abri