Avast Internet Mail Shield - acting weird

[Flashfire]

Hi I have a problem with the on access protection, particularly the internet mail shield. For the past two days it pops up every few seconds scanning outgoing mail. The email addresses are not known to me nor the recipients. My outlook mail box is closed. I have no idea of where these emails are being sent from or why Avast is scanning them. I have run virus scans both with Avast and online virus scanners, I have run adaware, spybot and a couple of others and there is no evidence of spyware, trojans, worms. Nothing and yet the email scanner keeps popping up regular as clockwork scanning outgoing mail, can anyone tell me what might be going on?

[Lisandro]

Probably you're infected and the malware is trying to send emails from your computer.

It would be good a full scanning:
1) avast boot time scanning. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
2) AVG Antispyware
3) SUPERantispyware
4) Spyware Terminator
5) a-squared

Can you post the scanning results?

[Flashfire]

Thank you, I have downloaded those programs, Superantispyware was one I had already used which came up with nothing, but I will run it again and post the logs, I also have hijack this if you want that log as well.

[DavidR]

What is your firewall ?
It should be capable of blocking unauthorised outbound Internet Connections. That should dtop unauthorised outbound connections. It probably isn't using Outlook but its own very small smtp program.

Try running SAS from safe mode and see if it makes any difference, then try some of the other ones Tech gave links for probably in the order he gave also.

[Flashfire]

Windows Firewall - I only recently installed Sygate Personal Firewall, trouble is I am an amateur, I have no idea of what should be blocked adn dwhat should be allowed. As Avast is my usual outgoing mail scanner, I didn't block it. Which is just as well otherwise I would not have known that I had an infection.

During the boot scan 5 infected files were found. Funny how none of the other scans found them at all. I will run the other scans and post the logs tomorrow, but not tonight its time for me to sleep.

[DavidR]

One of the problems with Sygate is that it has a vulnerability that you accidentally discovered for yourself, it can't cope with what is called the localhost loopback, sygate challenges the localhost proxy of avasts, internet mail provider (ashMaiSv.exe) and you correctly allow it. The problem is, all email traffic using ports 25 (smtp), 110 (pop3), etc. is intercepted by the internet mail provider so that it can be scanned and then dispatched goes through the proxy and sygate can't tell the difference, so it goes unchallenged.

So in both cases XP firewall (it doesn't check outbound connections) and sygate, it has a weakness and allows stuff through unchallenged if it uses a localhost loopback. So you need a firewall that provides that outbound protection and can differentiate between the proxy and the program using it.

- There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.
See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php. Also see http://www.thefreecountry.com/security/firewalls.shtml
Also see http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php later set of results

There are many forum members using both PC Tools Firewall Plus and the Comodo firewall.

[Lisandro]

I'm a happy Comodo firewall user.

During the boot scan 5 infected files were found. Funny how none of the other scans found them at all.

Funny or weird?
The report file is created automatically in <avast4>\Data\Report\aswBoot.txt
Can you post it here?

[Flashfire]

Wow, thanks for you help. Its been a long evening, scan after scan...it appeared as if those programs had removed things and I was quite pleased, I ran them all in safe mode and as soon as I restarted the computer and it connected to the internet, the Avast email scanner immediately came online and started sending emails <sigh> seems as if my optimism was short lived. But here are the logs of all those scans hopefully something can be pin pointed.

I meant funny as in unusual, I have run multiple scans over the past couple of days and nothing has been found until now.

As far as advice on firewalls, thank you again. I have already uninstalled Sygate and shut down Windows Firewall, I have downloaded PC Tools to the lap top and Comodo to the desktop to see which is best.


Avast Boot Schedule Log:

06/08/2007 16:57
Scan of all local drives
File C:\WINDOWS\system32\max1d1641.exe is infected by Win32:Dialer-407 [Trj], Deleted
File C:\WINDOWS\system32\xpdx.sys Error 0xC0000034 {Object Name not found.}

Scanning aborted

Number of searched folders: 4025
Number of tested files: 53381
Number of infected files: 1

----------------------------------------
06/23/2007 03:03
Scan of all local drives
File C:\WINDOWS\system32\faatekhy.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\gmumeogf.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\lnjggpuy.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\ootnpuxo.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\sfbkqjvo.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\xpdx.sys Error 0xC0000034 {Object Name not found.}
File D:\Lee's Files\Desktop\UXTheme Multi-Patcher 1.01.exe\%SYS32%\dllcache\uxtheme.dll Error 42146 {Installer archive is corrupted.}
File D:\Lee's Files\Desktop\UXTheme Multi-Patcher 1.01.exe\%SYS32%\dllcache\uxtheme.dll Error 42146 {Installer archive is corrupted.}
File D:\Lee's Files\Setups\Desktop\nw_uxtheme.zip\UXTheme Multi-Patcher (Neowin Edition) 2.5.1.exe\%SYS%\dllcache\uxtheme.dll Error 42146 {Installer archive is corrupted.}
File D:\Lee's Files\Setups\Desktop\nw_uxtheme.zip\UXTheme Multi-Patcher (Neowin Edition) 2.5.1.exe\%SYS%\dllcache\uxtheme.dll Error 42146 {Installer archive is corrupted.}

Number of searched folders: 5391
Number of tested files: 156068
Number of infected files: 5

AVG Spyware Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   5:58:11 PM 23/06/2007

 + Scan result:   



C:\Documents and Settings\Lee\Desktop\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.
C:\Documents and Settings\Lee\My Documents\Other\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.
C:\Documents and Settings\Lee\Cookies\lee@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Lee\Cookies\lee@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Lee\Cookies\lee@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Lee\Cookies\lee@toplist[1].txt -> TrackingCookie.Toplist : No action taken.


::Report end

[Flashfire]

Hi guys, I only managed to get half the logs posted as I have suddenly developed a new problem, as I was posting the logs from my desktop computer (the nasty one) I suddenly got this popup, saying that the services application (??) had a problem and needed to close. Then a second window popped up saying something (and I cannot remember the exact wording) NT/authority was shutting down C:/windows/system32/services.exe was shutting down error code 203. It rebooted, to immediately pop up the same window, but this time the error code was 1073741819 each time the computer reboots, it pops that error and shuts down in 40 seconds, I cannot get it to boot up and stay booted so at this point I cannot post the rest of the logs, I will persevere with it for a little bit longer, but I am afraid I can see a format, reinstall windows coming on....


And in case you are wondering, I am posting this from the laptop, if I can keep the desktop up and running for more than 40 seconds, I will try and transfer the logs to my USB stick and post here.

[Lisandro]

File C:\WINDOWS\system32\max1d1641.exe is infected by Win32:Dialer-407 [Trj], Deleted
File C:\WINDOWS\system32\xpdx.sys Error 0xC0000034 {Object Name not found.}

Infected files. You can send them to Chest.

Scanning aborted

Why?

File C:\WINDOWS\system32\faatekhy.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\gmumeogf.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\lnjggpuy.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\ootnpuxo.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\sfbkqjvo.dll is infected by Win32:BHO-ES [Trj]
File C:\WINDOWS\system32\xpdx.sys Error 0xC0000034 {Object Name not found.}

Infected files. You can send them to Chest.

File D:\Lee's Files\Desktop\UXTheme Multi-Patcher 1.01.exe\%SYS32%\dllcache\uxtheme.dll Error 42146 {Installer archive is corrupted.}
File D:\Lee's Files\Desktop\UXTheme Multi-Patcher 1.01.exe\%SYS32%\dllcache\uxtheme.dll Error 42146 {Installer archive is corrupted.}
File D:\Lee's Files\Setups\Desktop\nw_uxtheme.zip\UXTheme Multi-Patcher (Neowin Edition) 2.5.1.exe\%SYS%\dllcache\uxtheme.dll Error 42146 {Installer archive is corrupted.}
File D:\Lee's Files\Setups\Desktop\nw_uxtheme.zip\UXTheme Multi-Patcher (Neowin Edition) 2.5.1.exe\%SYS%\dllcache\uxtheme.dll Error 42146 {Installer archive is corrupted.}

Don't worry: avast couldn't unpack and scan the files. Seems safe files.

C:\Documents and Settings\Lee\Desktop\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.
C:\Documents and Settings\Lee\My Documents\Other\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.

Too much worry from AVGas... That is a known file for tweak the number of TCP/IP connections.

C:\Documents and Settings\Lee\Cookies\lee@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Lee\Cookies\lee@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Lee\Cookies\lee@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Lee\Cookies\lee@toplist[1].txt -> TrackingCookie.Toplist : No action taken.

Well... just tracing cookies to be deleted.

[Flashfire]

Quote from: Flashfire on Today at 12:46:12 PM
Scanning aborted
Why?

Don't know, it just stopped. I thought it had finished scanning.

[Lisandro]

1073741819

Please, Google this... you're infected...

[DavidR]

No problem, glad we could help.

I noticed on one of the actions you chose delete, deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

You also have dealt with a number of infected files in the system folders prevention is better than cure. You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

Cookies for the most part aren't a problem, you should periodically clear your browser cache and cookies, so much so in the Settings of AVG-AS I have tracking cookies unchecked, as I have the firefox CookieSafe extension. With that I have a greater control over cookies anyway.

[Flashfire]

1073741819

Please, Google this... you're infected...

I know its infected, its just a matter of what and how to get rid of it.

on with the logs:

Spyware Terminator


     Scan Progress (Full Scan) 
  Start time: 23/06/2007 6:51:10 PM
  Database: 1.0.804.560
 
  Processes Scanning
  PowerProfile : c:\windows\system32\POWRPROF.dll
  Explorer : C:\WINDOWS\Explorer.EXE
  Shdocvw : C:\WINDOWS\system32\SHDOCVW.dll
  Avast : C:\Program Files\Alwil Software\Avast4\ashShell.dll
  Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
  Startup Scanning
  Ctfmon : C:\WINDOWS\system32\ctfmon.exe
  Ctfmon : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon.exe
  MessengerService : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  MessengerService : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MsnMsgr
  Roboform : C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
  Roboform : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RoboForm
  SUPERAntiSpyware : C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  SoundMan : C:\WINDOWS\SOUNDMAN.EXE
  SoundMan : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SoundMan
  ATIPTA : C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
  ATIPTA : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ATIPTA
  Avast : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
  Avast : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run avast!
  SunJavaUpdateSched : C:\PROGRAM FILES\JAVA\JRE1.6.0_01\BIN\JUSCHED.EXE
  SunJavaUpdateSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched
  SygateAgentFirewall : C:\Program Files\Sygate\SPF\Smc.exe
  SygateAgentFirewall : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SmcService
  !AVG Anti-Spyware : C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
  a-squared : C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\A2GUARD.EXE
  Explorer : C:\WINDOWS\Explorer.exe
  Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
  BootExecute : C:\WINDOWS\system32\LSDELETE.EXE
  Toolbars Scanning
  Roboform : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
  Roboform : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {724d43a0-0d85-11d4-9908-00400523e39a}
  Roboform : HKCR\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a}
  Shdocvw : C:\WINDOWS\System32\shdocvw.dll
  Shdocvw : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
  Shdocvw : HKCR\CLSID\{4D5C8C25-D075-11d0-B416-00C04FB90376}
  Shdocvw : explorer.exe PID: 876
  Shdocvw : avgas.exe PID: 1028
  Shdocvw : SUPERAntiSpyware.exe PID: 944
  Shdocvw : SpywareTerminator.exe PID: 1612
  Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
  Shdocvw : HKCR\CLSID\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
  Browser Helper Objects Scanning
  Spybot S&amp;D : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
  Spybot S&amp;D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  Spybot S&amp;D : HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}
  IE Explorer Bars
  IE Extensions
  Avast : C:\Program Files\Alwil Software\Avast4\ashShell.dll
  Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
  Services Scanning
  Avast : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
  Avast : HKLM\SYSTEM\CurrentControlSet\Services\aswUpdSv
  Avast : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
  Avast : HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus
  Avast : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
  Avast : HKLM\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner
  Avast : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
  Avast : HKLM\SYSTEM\CurrentControlSet\Services\avast! Web Scanner
  Google Toolbar : C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
  Google Toolbar : HKLM\SYSTEM\CurrentControlSet\Services\gusvc
  SygateAgentFirewall : C:\Program Files\Sygate\SPF\smc.exe
  SygateAgentFirewall : HKLM\SYSTEM\CurrentControlSet\Services\SmcService
  Protocol filters Scanning
  Protocol handlers Scanning
  WinSock2 Scanning
  Uninstallers Scanning
  C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\UNINS000.EXE
  C:\WINDOWS\ISUNINST.EXE
  C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
  C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
  Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
  Shockwave Installer : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
  C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RFWIPEOUT.EXE
  C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
  C:\WINDOWS\SYSTEM32\ATIIIEXX.DLL
  C:\Program Files\Alwil Software\Avast4\Setup\SetIFace.dll
  Avast : C:\Program Files\Alwil Software\Avast4\Setup\SetIFace.dll
  Avast : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
  C:\Program Files\Azureus\Uninstall.exe
  C:\PROGRAM FILES\CCLEANER\UNINST.EXE
  C:\Program Files\CleanUp!\uninstall.exe
  C:\Program Files\eCleaner\UNWISE.EXE
  C:\HIJACKTHIS\HIJACKTHIS.EXE
  D:\PROGRAM FILES\HP\DIGITAL IMAGING\DOCUMENTVIEWER\HPZSCR01.EXE
  D:\PROGRAM FILES\HP\DIGITAL IMAGING\DEVICEMANAGEMENT\HPZSCR01.EXE
  D:\PROGRAM FILES\HP\DIGITAL IMAGING\UNINSTALL\HPZSCR01.EXE
  D:\PROGRAM FILES\HP\DIGITAL IMAGING\ESUPPORT\HPZSCR01.EXE
  D:\PROGRAM FILES\HP\DIGITAL IMAGING\OCR\HPZSCR01.EXE
  C:\WINDOWS\$NTSERVICEPACKUNINSTALLIDNMITIGATIONAPIS$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
  C:\WINDOWS\$NTUNINSTALLKB929123$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\$NTUNINSTALLKB933566$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\$NTUNINSTALLKB935839$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\$NTUNINSTALLKB935840$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\INF\LHTTSENG.INF
  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
  C:\WINDOWS\$NTUNINSTALLMSCOMPPACKV1$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\INF\MSCSR.INF
  C:\WINDOWS\INF\MSDAPP.INF
  C:\WINDOWS\INF\MSTTS.INF
  C:\WINDOWS\$NTSERVICEPACKUNINSTALLNLSDOWNLEVELMAPPING$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\system32\SETUPAPI.DLL
  D:\PROGRAM FILES\PICASA2\UNINSTALL.EXE
  C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\UNINS000.EXE
  C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
  Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
  Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1
  C:\WINDOWS\ST6UNST.EXE
  C:\Program Files\Virtual Hypnotist\uninst.exe
  C:\PROGRAM FILES\WINDOWS LIVE SAFETY CENTER\WLSCCORE.DLL
  C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMSETSDK.EXE
  C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
  C:\Program Files\WinRAR\uninstall.exe
  WinRAR : C:\Program Files\WinRAR\uninstall.exe
  WinRAR : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
  D:\PROGRAM FILES\WINZIP\WINZIP32.EXE
  C:\WINDOWS\$NTUNINSTALLWMFDIST11$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\$NTUNINSTALLWUDF01000$\SPUNINST\SPUNINST.EXE
  C:\WINDOWS\system32\MSIEXEC.EXE
  C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
  D:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
  C:\PROGRAM FILES\DIVX\CONVERTERUNINSTALL.EXE
  C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
  C:\PROGRAM FILES\DIVX\DIVXCODECUNINSTALL.EXE
  D:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
  C:\PROGRAM FILES\DIVX\DIVXPLAYERUNINSTALL.EXE
  C:\Program Files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
  D:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
  C:\PROGRAM FILES\DIVX\DIVXWEBPLAYERUNINSTALL.EXE
  D:\PROGRAM FILES\HP\DIGITAL IMAGING\{BDBE2F3E-42DB-4D4A-8CB1-19BA765DBC6C}\SETUP\HPZSCR01.EXE
  C:\PROGRAM FILES\DIVX\DIVXCONTENTUPLOADERUNINSTALL.EXE
  d:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe

[mauserme]

... each time the computer reboots, it pops that error and shuts down in 40 seconds ...

See if you can quickly click then Start Button, then Run.  In the empty filed type

shutdown -a

and click OK.


EDIT:

If you're able to keep the computer running, download ComboFix from Here or Here to your Desktop.
 
Double click combofix.exe and follow the prompts.
 
When finished, it shall produce a log for you. Post that log and a HiJackthis log (instructions below) in your next reply
 
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  
• Put a check by Create a desktop icon then click Next again.
  
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.