need help

computer has Win32 Trojan-gen

i can us spybot, adaware, and avast but it comes back as soon as i hook up my cable modum. I have used hijackthis but i dont know what to do with the results. please help

Click on the link in my signature and visit the HJT section.
It has all you need (to know) about HijackThis

But I suggest you 1st visit the MS update site and make Windows, IE and Office up-to-date.
Your system is very much outdated and therfor very vulnarably to infections/hacking attacks and such.

This is the result of my HijackThis log analyzer:


CHECKING HIJACKTHIS, INTERNET EXPLORER, WINDOWS AND SOFTWARE FIREWALL:

You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.


THESE ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :

\windows\system32\msupdate.cmd
r3 - default urlsearchhook is missing
f2 - reg:system.ini: userinit=c:\windows\system32\wsaupdater.exe,
o2 - bho: (no name) - software - (no file)
o3 - toolbar: tadow! search bar - {1973395e-67f8-4723-bcc0-832cf4a5ddbc} - c:\windows\downloaded program files\toolbar.dll (file missing)
o4 - hklm..\run: [wintimer] “c:\windows\system32\msupdate.cmd”
o8 - extra context menu item: &tadow! search bar search - res://c:\windows\downloaded program files\toolbar.dll/search.html
o16 - dpf: {26cbf141-7d0f-46e1-aa06-718958b6e4d2} - http://download.ebay.com/turbo_lister/us/install.cab
o16 - dpf: {df780f87-ff2b-4df8-92d0-73db16a1543a} (popcaploader object) - http://antu.popcap.com/games/popcaploader_v5.cab


THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:

o4 - hklm..\run: [fasttvsync] “c:\program files\common files\intervideo\fasttvsync\fasttvsync.exe”
o4 - hklm..\run: [clonedvdelbydelay] “c:\program files\elaborate bytes\clonedvd\elbycheck.exe” /l elbydelay
o4 - hkcu..\run: [msmsgs] “c:\program files\messenger\msmsgs.exe” /background
o4 - hkcu..\run: [spyware begone] c:\freescan\freescan.exe -fastscan


WE HAVE NO INFO ON THE FOLLOWING ITEMS. THEY CAN BE BAD OR GOOD.
YOU HAVE TO VERIFY THEM MANUALLY. PLEASE TELL US IF YOU HAVE INFO ON THEM :

o4 - hklm..\run: [kihupabqcng] c:\windows\system32\cflxaq.exe

@ Eddy,

Why telling him to remove parts of Avast?
Also as there no info on “cflxaq.exe” i think its safe to say its Malware.

@ htracey,

Don’t remove these:

o23 - service: avast! mail scanner - unknown owner - c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
o23 - service: avast! web scanner - unknown owner - c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)

A bug in Hijackthis reported them as not there, this should be fixed in the next release.

Also you may want to remove this:

o4 - hklm..\run: [kihupabqcng] c:\windows\system32\cflxaq.exe

And them delete the file:

c:\windows\system32[b]cflxaq.exe[/b]

Also run/use the scanners suggested on Eddys site that you havn’t used yet. (CWShredder/spywareblaster etc).

–lee

thank you after running hijackthis should i remove all but the 2 you mentioned, or should i just remove the 1 you mentioned??

Remove all but the ones i said not to remove :wink:

–lee

also when i go into safe mode to run and remove items should i disconnect cable modum?

also what kind of problems can be caused by running computer with this trojan?

also when i go into safe mode to run and remove items should i disconnect cable modum?

A common mistake is to go into safe mode and run scanners etc, if you do this, most malware would not of started and therefore will remain on your system, run hijackthis in “normal” mode and remove the items suggested.

Also, are you saying that the hijackthis log you posted was done from safe mode?

also what kind of problems can be caused by running computer with this trojan?

Its not a trojan, its malware ;), more commonly known as Spyware/adware, one of the names avast gives these Spyware/adware is Win32 Trojan-gen.

–lee