Major spyware raid and Trojan help

[coVert]

Hello, I recently came back home from college to find that our home computer was having major problems. Not to mention my brother downloading everything from kazaa. Well here is the problem. I ran adaware and believe it or not it found 200+ instances of spyware (only 5 were foreign cookies). Adaware deleted most of them but not the CWS. It took me forever to delete registry strings and rescan. My virus scan turned up 11 trojans which appeared to just be different variants of the Agent trojan. I deleted those with housecall. Now when I run adaware I get 1 entry being this...

Windows RegData Vulnerability HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"Shell" () Shell Possibly Compromised

I have tried to delete this string but it comes right back. I have included my hijack this log so you guys can hopefully help me sort anything out that shouldn't be there. Thanks for any help.

[muert0]

With that much trash I'd reformat. But maybe someone with more experience thinks otherwise.

[groovicus]

Your log is clean except for this line:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/273135c799f7368...p/RdxIE601.cab

As far as the error you are getting, you probably removed something that you shouldn't have. You mentioned having a CWS infection, how did you remove it?? And what variant was it? If your system is working fine, then ignore the warning.

Without knowing what you had before, it's hard to say what you had, or still have. Check out this link:
http://www.uniras.gov.uk/l1/l2/l3/te...alnote0803.htm

EDIT: I guess I should ask whether or not the weather.exe was installed by someone that wanted it?

[muert0]

http://antivirus.about.com/cs/allabout/a/bmpagent.htm
here's what I got when I searched agent trojan. Where all 11 the same instance of trojan?

[youdidwhat?]

You might want to scan with Panda Antivirus' online scan, it finds things housecall doesn't find. Here's the url:

http://www.pandasoftware.com/actives..._principal.htm

[ric-o]

1. Go with scanning your PC first using one of the Internet scanning sites (Panda as someone mentioned, Symantec) and remove anything found. You may have to follow special instructions if anything is found.
2. Run this utility (CWShredder) http://www.spywareinfo.com/~merijn/files/CWShredder.exe (make sure you update it prior to scanning). Fix/remove any problems.
3. Boot into safe mode and try anti-virus scan again

Then protect yourself, resources:
* Replace HOSTS file with file located here http://www.mvps.org/winhelp2002
* Browser Hijacking info: http://www.spywareinfo.com/articles/hijacked/
* Preventing spyware from being installed: http://www.spywareinfo.com/articles/...ed/prevent.php

Good luck.

[coVert]

Thanks guys for all the help. I ran Panda's active scan and it did find 4 more virii. All four were the downloader.gk trojan. The weird thing is that it disinfected two of them but left the other two. However it appears that the stubborn cool web search is gone. That cws shredder couldn't find the problem but I read somewhere that there is a new variant that would stay masked from it. Now I have to figure out how to get rid of these two trojans. With all of this being on this computer I am wondering if there is the possibility of a rootkit on the system since I am finding all of these trojans that have a severe rating. It's getting late so I am going to wait till morning to have another go at deleting them. Later

[meeeeeee]

Try running an anti-trojan: download, update and run the A2 (A squared) anti-trojan. You can download it free at http://www.emsisoft.com/en/software/free/ . Let it fix whatever it wants to.