Started getting this message and then I get a countdown to termination after 20 mins or so. I am not to proficient at this so I hope I can help someone help me.
If I push the notification windows off to the side I can keep working until the countdown begins(60 Seconds).
I am in US

Logfile of HijackThis v1.99.1
Scan saved at 1:10:14 PM, on 6/5/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\PeoplePC\ISP6130\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6130\Browser\PPShared.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6130\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

Thnx for looking and any help will be much appreciated

You get a windows shutdown box popup?

You can goto a command shell window and type SHUTDOWN -A to abort the shutdown, but that doesn't help with why it keeps coming back.

Anything in your startup folders?

Welcome to http://www.pcguide.com/ubb/pcgubb.gif forums....

I split your post and created a new thread

First:

How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.[/QUOTE]

Second:

Now run Combofix...follow the instructions, exactly.

Please do the following:


Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.


Note:

Do not mouseclick Combofix's window while it is running. That may cause the program to stall...

Third:

IN THE ORDER LISTED BELOW

Re-boot the system
Post the Combofix Log
Post the MBAM log
Post a new HJT log
Please tell me your country of origin
Tell us how the system is running.

did all u prescribed and it is working good now, lost my e-mail ability with peoplepc but I am working on that.

have not had any other problems since thx

I am in the US

Malwarebytes' Anti-Malware 1.37
Database version: 2250
Windows 5.1.2600 Service Pack 1

6/9/2009 7:52:29 PM
mbam-log-2009-06-09 (19-52-29).txt

Scan type: Quick Scan
Objects scanned: 124129
Time elapsed: 18 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3f143c3a-1457-6cca-03a7-7aa23b61e40f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n ew_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\n ew_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\icasServ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\ttool (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\new_drv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rnr.dll (Trojan.Agent) -> Quarantined and deleted successfully.


(cont next post)

wouldn't all fit on one post

ComboFix 09-06-09.06 - Gus 06/09/2009 20:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.254.126 [GMT -4:00]
Running from: c:\documents and settings\Gus\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 1
'PV' is not recognized as an internal or external command


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Gus\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Gus\LOCALS~1\Temp\tmp2.tmp
c:\windows\d.exe
c:\windows\netdx.dat
c:\windows\patch.exe
c:\windows\Readme.txt
c:\windows\system32\_002524_.tmp.dll
c:\windows\system32\_002699_.tmp.dll
c:\windows\system32\_002700_.tmp.dll
c:\windows\system32\_002701_.tmp.dll
c:\windows\system32\_002702_.tmp.dll
c:\windows\system32\_002709_.tmp.dll
c:\windows\system32\_002710_.tmp.dll
c:\windows\system32\_002711_.tmp.dll
c:\windows\system32\_002712_.tmp.dll
c:\windows\system32\_002714_.tmp.dll
c:\windows\system32\_002715_.tmp.dll
c:\windows\system32\_002718_.tmp.dll
c:\windows\system32\_002719_.tmp.dll
c:\windows\system32\_002721_.tmp.dll
c:\windows\system32\_002722_.tmp.dll
c:\windows\system32\_002723_.tmp.dll
c:\windows\system32\_002725_.tmp.dll
c:\windows\system32\_002726_.tmp.dll
c:\windows\system32\_002727_.tmp.dll
c:\windows\system32\_002728_.tmp.dll
c:\windows\system32\_002732_.tmp.dll
c:\windows\system32\_002733_.tmp.dll
c:\windows\system32\_002735_.tmp.dll
c:\windows\system32\_002738_.tmp.dll
c:\windows\system32\_002740_.tmp.dll
c:\windows\system32\_002741_.tmp.dll
c:\windows\system32\_002742_.tmp.dll
c:\windows\system32\_002743_.tmp.dll
c:\windows\system32\_002744_.tmp.dll
c:\windows\system32\_002747_.tmp.dll
c:\windows\system32\_002749_.tmp.dll
c:\windows\system32\_002750_.tmp.dll
c:\windows\system32\_002751_.tmp.dll
c:\windows\system32\_002755_.tmp.dll
c:\windows\system32\bthux.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\tcpservice2.exe
c:\windows\system32\wstart.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NEW_DRV
-------\Legacy_SCAGENT
-------\Legacy___NS_SERVICE_3
-------\Service_scagent


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-08 22:25 . 2009-06-08 22:25 -------- d-----w- c:\documents and settings\Gus\Application Data\Malwarebytes
2009-06-08 22:25 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 22:25 . 2009-06-08 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 22:25 . 2009-06-08 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 22:25 . 2009-05-26 17:19 18456 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-09 21:52 . 2006-01-29 21:01 1978 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-04-13 20:28 . 2009-04-13 20:28 -------- d-----w- c:\program files\DIFX
2009-04-04 23:00 . 2009-04-04 22:54 288 ----a-w- c:\windows\EReg077.dat
2004-12-05 06:16 . 2004-11-05 23:25 4 ----a-w- c:\program files\index.tmp
2004-06-02 04:01 . 2004-06-02 04:01 2569 --sha-w- c:\windows\afwoq.dat
2004-06-22 19:35 . 2004-06-22 19:35 2814 --sha-w- c:\windows\fdplq.dat
2004-06-05 14:29 . 2004-06-05 14:29 2569 --sha-w- c:\windows\hiwbr.dat
2004-06-09 14:20 . 2004-06-09 14:20 2814 --sha-w- c:\windows\jqkny.dat
2004-06-23 21:59 . 2004-06-23 21:59 2814 --sha-w- c:\windows\oskpp.dat
2004-06-01 09:40 . 2004-06-01 09:40 2569 --sha-w- c:\windows\SYSTEM32\ggtnz.dat
2004-06-28 14:52 . 2004-06-28 14:52 2814 --sha-w- c:\windows\SYSTEM32\iaylx.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2005-01-07 36972]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-04-16 77824]
"Bart Station"="c:\program files\PeoplePC\ISP6130\BIN\PPCOLink.exe" [2005-05-13 20480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-09-10 151597]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2003-08-04 159744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-9-10 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-9-3 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"P2P Networking"=c:\windows\System32\P2P Networking\P2P Networking.exe /AUTOSTART
"lar"=c:\windows\system32\llass.exe
"AltnetPointsManager"=c:\program files\altnet\points manager\points manager.exe -s
"Internat Conf"=c:\windows\System32\bootconf.exe
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"IgfxTray"=c:\windows\System32\igfxtray.exe

R1 fwdrv;Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fwdrv.sys [9/26/2005 12:05 PM 286720]
R1 khips;Kerio HIPS Driver;c:\windows\SYSTEM32\DRIVERS\khips.sys [9/26/2005 12:05 PM 81920]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DR IVERS\mbamswissarmy.sys [6/8/2009 6:25 PM 40160]
S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiF iltr.sys [9/12/2003 11:41 PM 23296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
uploadmgr
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\McAfee.com Update Check (D1YHPG31-Owner).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-09-13 22:25]

2009-06-10 c:\windows\Tasks\McAfee.com Update Check (ONLY-Gus).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2003-09-13 22:25]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Host - (no file)
HKCU-Run-MSMsgSvc - (no file)
HKLM-Run-mswspl - (no file)
HKLM-Run-WMC_AutoUpdate - (no file)


.
------- Supplementary Scan -------
.
mSearchURL = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Gus\Application Data\Mozilla\Firefox\Profiles\c5yacdrf.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2009-06-09 21:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U? S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x??????????????? ????x???X???????x???x???????????x???x???????x???x? ??????????????????????p??????????????????w???????? ????j??w????x???x??????????????

scanning hidden files ...


************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\cisvc.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\program files\PeoplePC\ISP6130\Browser\BartShel.exe
c:\program files\PeoplePC\ISP6130\Browser\PPShared.exe
c:\windows\SYSTEM32\taskmgr.exe
.
************************************************** ************************
.
Completion time: 2009-06-10 21:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 01:13

Pre-Run: 29,260,599,296 bytes free
Post-Run: 32,634,982,400 bytes free

200

(cont)

Logfile of HijackThis v1.99.1
Scan saved at 10:52:58 PM, on 7/2/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PeoplePC\ISP6130\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6130\Browser\PPShared.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\PeoplePC\ISP6130\Browser\Bartshel.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6130\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E759B74-672D-4A1D-A8D5-85C0C4FFDE5D}: NameServer = 207.69.188.167 207.69.188.166
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe


thanx for your help