anybody can help me how to solve the problem.
http://i28.photobucket.com/albums/c245/miecom/untitled-5.jpg

thanks for support.

Well, that indicates an infection...but you still haven't answered whether or not you've recently uninstalled NAV (Norton AntiVirus) or and Symantec software..

If you can actually run anything, I would like to see a Hijack This (http://www.merijn.org/downloads.html).

Yes Sir,
I Uninstall Norton Antivirus Then How To Solve The Problem,what File I Want Download For Settle The Problem.sorry Sir,i Cant Understand What Do You Teach.please Teach Me Detail.

Thanks So Much.

now my pc auto shoutdown after 10minute.

please help.

tq

You are infected...with what I'm not entirely sure, yet.

You will need to download and then run Hijack This. It will automatically open Notepad and show the log. You will need to copy and paste the contents of that file into a post...ctrl-a to highlight it, ctrl-c to copy and ctrl-v to paste it...all of that can be done in less than 10 minutes. If you can't, then the log will also be saved...copy that file to a floppy disk or something and then transfer it to a working machine and then post it here.

Logfile of HijackThis v1.99.1
Scan saved at 8:41:29 PM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe vmmdiag32.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Mail Bombing By Snake87] C:\Documents and Settings\Administrator\Desktop\Mail Bombing v 2[1].2\Mail Bombing v 2.2 by Snake87.exe
O4 - HKLM\..\Run: [Eps_Reg.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Eps_Reg.exe /L /NSmartCard2000
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url]http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2298FC8-40EA-45A0-B068-BA44761CD0B4}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

and please solve my problemss

Now My Pc Restart Every Few Minutes.
Please Help Me.
Urgent.......................

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4)
to your desktop.

Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

VundoFix V6.0.1

Checking Java version...

Java version is 1.5.0.6

Scan started at 12:37:22 AM 8/18/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...


that logs from c:/vundo.txt

and after restart,out one message at the screen.

THE SYSTEM HAS RECOVERED FROM A SERIOUS ERROR
A log of this error has been created





TQ.

I am afraid this even worse than I thought... At least one of the Trojan's you have here is a password stealer, so you may need to contact any financial institution you deal with on the web and change all passwords, account numbers and so on... You probably need to keep an idea on all such accounts as well... The only way to be sure your computer is truly safe is to wipe it completely and reinstall Windows... If you choose to try to clean it, here is an option that should do most of it anyway...

Download haxfix.exe (http://users.telenet.be/marcvn/tools/haxfix.exe).
Save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon".
Click "Next".
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
Click "Finish".
A red "dos window" (dos box) will open.

Close all other open windows since this step requires a reboot.

Select option 2. Run auto fix by typing 2, and then pressing Enter.
If an infection is found, you'll get a message to close all other open windows.
Close them, except the red dos window from haxfix and then press Enter.
The computer will reboot.
After reboot a logfile will open.
Post the contents of that logfile along with a new hijackthislog.

after delete virus in regedit,my computer good condition but today i have one problem.I can't install .exe file,when i double click for install one message out at the screen.

setup.exe has encountered a problem and needs to close.We are sorry for the inconvenience.
if you were in the middle of something,the information you were working on might be lost.

Please tell Microsoft about this problem.

Mr Budfred please help me to solve the problem.

Thanks for support.

I am sorry, but I have no idea what you are talking about... Did you follow my instructions?? What did you delete in Regedit?? Do you even know what you are doing in Regedit?? Are you taking what I said seriously?? This is a rootkit infection which means that you can't even see most of it... It is also likely to have stolen any financial info you have revealed on this PC... Are you addressing that??

Sorry Sir,
I said my pc problem is can't install .exe file.why sir?
I not understand what the message show....

setup.exe has encountered a problem and needs to close.We are sorry for the inconvenience.
if you were in the middle of something,the information you were working on might be lost.

Please tell Microsoft about this problem.



CAN U TELL ME SIR!!!! :confused:

THANKS FOR SUPPORT.

Sorry Sir,
I said my pc problem is can't install .exe file.why sir?
I not understand what the message show....

setup.exe has encountered a problem and needs to close.We are sorry for the inconvenience.
if you were in the middle of something,the information you were working on might be lost.

Please tell Microsoft about this problem.

CAN U TELL ME SIR!!!! :confused:

THANKS FOR SUPPORT.
Repeating the same message doesn't tell me anything more about the problem... What "exe file" can you not install?? Did you run HaxFix?? What did you do to your Registry?? I can't tell you anything about your problem if you don't give me information... Shouting at me isn't going to help either...