Today my avast said that I had a virus. I have done a boot scan and move 4 infected files to the chest. I am currently running malwarebytes and waiting for the results. I alreadt had to go through this a few months ago and am wondering why this keeps happening? Is it that I have a infected file (ex video) that keeps opening it when I open the video or is my computer that vulnerable? I am experiencing the same symptoms as before. I thought that by moving the files to the chest or deleting them that it should resolve the problem.

I have also done HJT and here is the result:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:19 PM, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [NvCplDaemon1] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..\Run: [type32] “C:\Program Files\Microsoft IntelliType Pro\type32.exe”
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM..\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\point32.exe”
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM..\Run: [prunnet] “C:\WINDOWS\system32\prunnet.exe”
O4 - HKLM..\RunOnce: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU..\Run: [prunnet] “C:\WINDOWS\system32\prunnet.exe”
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra ‘Tools’ menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

–
End of file - 6661 bytes

This was also what was sent to my chest:
Scanning of selected files

Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\marcie\LOCALS~1\Temp_avast4_\unp57645214.tmp
FileID: 0000000032 Original file name: C:\Documents and Settings\marcie\Local Settings\Temp\winvsnet.tmp New folder: C:\DOCUME~1\marcie\LOCALS~1\Temp_avast4_\unp57645214.tmp\32.tmp

Scan files in the temporary folder: C:\DOCUME~1\marcie\LOCALS~1\Temp_avast4_\unp57645214.tmp
C:\DOCUME~1\marcie\LOCALS~1\Temp_avast4_\unp57645214.tmp\32.tmp Win32:Trojan-gen {Other}

Action was completed successfully!

Could you direct me further and tell me which files are infected and can be deleted? I have windows xp and all my anitviruses are updated. I also have other files that are in my chest that I would like to delete but am unsure if i should. Should I copy those to?
Thank you

Hi bearclaw37.
I’m not an expert at analysing these, but I can tell you straight away that your Java is out of date. Your version is 7; current version is 12. I’d suggest JaVaRa http://raproducts.org/ which is a nice little application that will both remove old versions of Java, and update to new. Or you could go to the Java site http://java.com/en/download/index.jsp make sure the old version is removed afterwards. This could represent a vulnerability.
Other than that, there is no malware evident in that log.
Are you using a firewall? I can’t see the process running, but it could be under any of the generic Ms processes. (I use a non-windows firewall, so can’t remember the windows firewall process.)

The malware ID is for a generic trojan. Without the original file name, can’t really comment much more than that.( It would seem that SpywareTerminator didn’t do much to recognize or stop it.)

In the chest, there are different sections. Only ever delete files from the “infected files” section. The files in that section can be submitted to Avast, and left in the chest pretty much forever - they aren’t getting out. However, if they are confirmed malware they can be deleted.

Hello…thanks for the response. Thought I would give you an update of my malwarebytes scan:
Malwarebytes’ Anti-Malware 1.34
Database version: 1760
Windows 5.1.2600 Service Pack 3

12/02/2009 9:26:45 PM
mbam-log-2009-02-12 (21-26-36).txt

Scan type: Full Scan (C:|)
Objects scanned: 168086
Time elapsed: 1 hour(s), 15 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 18
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\khfCvwUo.dll (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\mlJArPHX.dll (Trojan.Vundo) → No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{45d11c58-e62d-4997-9e98-09a9ef3da8cf} (Trojan.Vundo.H) → No action taken.
HKEY_CLASSES_ROOT\CLSID{45d11c58-e62d-4997-9e98-09a9ef3da8cf} (Trojan.Vundo.H) → No action taken.
HKEY_CLASSES_ROOT\CLSID{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljarphx (Trojan.Vundo) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{45d11c58-e62d-4997-9e98-09a9ef3da8cf} (Trojan.Vundo.H) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zjkarcfo (Rootkit.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zjkarcfo (Rootkit.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zjkarcfo (Rootkit.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\seneka (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) → No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) → No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) → Data: c:\windows\system32\khfcvwuo → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) → Data: c:\windows\system32\khfcvwuo → No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\khfCvwUo.dll (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\oUwvCfhk.ini (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\oUwvCfhk.ini2 (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\mlJArPHX.dll (Trojan.Vundo) → No action taken.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) → No action taken.
C:\Documents and Settings\marcie\DoctorWeb\Quarantine\gxB102i.exe (Adware.WebHancer) → No action taken.
C:\Documents and Settings\marcie\DoctorWeb\Quarantine\Mirar_V77_LOG_IESC_AFF_ATD_TID_noMDNS_RPT_AVM_FLX_ADB_876984.exe (Adware.Mirar) → No action taken.
C:\Documents and Settings\marcie\DoctorWeb\Quarantine\webhdll.dll (Adware.WebHancer) → No action taken.
C:\Documents and Settings\marcie\DoctorWeb\Quarantine\whinstaller.exe (Adware.WebHancer) → No action taken.
C:\Documents and Settings\marcie\Local Settings\Temp\prun.tmp (Trojan.Downloader) → No action taken.
C:\WINDOWS\system32\nnnmjjJd.dll (Trojan.Vundo) → No action taken.
C:\WINDOWS\system32\drivers\sqnqvaky.sys (Rootkit.Agent) → No action taken.
C:\WINDOWS\system32\senekamlwakdqv.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\senekanhowbgix.dat (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\senekaurujduxf.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\senekavymrdktq.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\senekawbwxjipu.dat (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\drivers\senekawwejpyac.sys (Trojan.Agent) → No action taken.

There has to be something as my computer screen keeps blinking on and off and the last time It did this, there was a virus/malware. Is there somewhere else I could look for it? Avast had detected a virus once I had Shareaza opened and my daughter was watching a video file. Any other ideas? in your opinion, could I delete everything from the HJT scan and Maleware scan? I don’t know why I am having this problem again. I’m wondering if it’s a file that keeps doing it once it’s opened. I have the windows firewall which ironically had turn off on me today by itself.

Try running MBAM in safe mode and quarantine all the infections.

What JTaylor83 said.
Consider not using Shareaza. At least, not until you get a two way firewall, and preferably a virtual environment to run it in. Lot of malware around on p2p applications. The application itself might be ok; what is downloaded sometimes isn’t as it says.
Also recommend a hosts file. This blocks the browser opening known bad sites.

Also the Sun Java is down level and has security exposures.

Go to Add/Remove Programs and un-install all Sun Java applications.

Download JavaRa then unpack it then run it to remove any Sun Java remnants:
http://raproducts.org

Download and install Version 6 Update 12:
http://java.com/en/download/manual.jsp

Run Secunia Online Software Inspector to find other vulnerable applications:
http://secunia.com/vulnerability_scanning/online

For a good HOSTS file please read:
http://www.mvps.org/winhelp2002/hosts.htm

virus i believe is gone but i do have a question in regards to yokenny’s post. I had followed all the websites he posted. tried to remove my java and reinstall it but now when i try to scan my computer with the online software inspector, it’s says that there was a problem with my java and that it was not detected yet when I did reinstall, it said that I had successfully had version 6 update 12. Any ideas? Did I delete something I shouldn’t have?

Hi guys,
I know that your for avast but I am hoping that you can direct me to the right area as I am still having problems with using the Secunia website as suggested by yokenny. Originally, I was able to run the scan before I deleted my java and once I did that and reinstalled, I have had problems since. I have ran a HJT scan again and hope that someone can tell me if I am missing something. I have contacted javasun and secunia with no help. I am told from both that they have tried ‘many’ different things with no problems that I am reporting. Since I have deleted and updated my java I get an error from Secunia when trying to use their scan that reads:

I get a window box that says "warning-security with the follwing message: publisher cannot be verified by a trusted source. Code will be treated as unsigned, NAME: SecuniaSoftwareInspector: sun.security.validatorexception: PKIX pathvalidation failed: java.security.cert.certpathvalidatorexception: Must specify the location of an OCSP responder

I was told by secunia that my windows/ie is blocking secunia’s osi scan but when I check everything, everything is checked accordingly (or so that I know of). I am wondering if I deleted more than I should of when I attempted to delete my older version of java. I just need to know what is going on. I have tried to search the web with no available answers. My java seems to be enabled correctly as well.

Here is my scan from HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:45 AM, on 28/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Java\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC04.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [NvCplDaemon1] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..\Run: [type32] “C:\Program Files\Microsoft IntelliType Pro\type32.exe”
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM..\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\point32.exe”
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “E:\Java\bin\jusched.exe”
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra ‘Tools’ menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://.secunia.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235685701990&h=f4c8dd7a9261c4a6b4c12e0a566ac711/&filename=jinstall-6u12-windows-i586-jc.cab
O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll (file missing)
O20 - Winlogon Notify: iifggec - iifggec.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Java\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

–
End of file - 7301 bytes

also I cannot seem to access the microsoft newsgroups as I get this message:
You must enable ActiveX controls in order to browse Discussion Groups. However, I never changed any of these. When I goto sign in, I get the:
Internet explore cannot display the web page.

Are you really sure?
This is a tricky action of virus to load in the machine.
Check with the administrator of the group and be sure your computer is not redirecting you to another site, not the legit one.

What is the location of the Java file that Secunia detects as bad?

You need to reboot to let the RunOnce item run.

If you use Shareaza then you are opening up your system to all kinds of malware as this is an easy way for the malware purveyors to get access yo your system.