Originally Posted by b_j0rdan

Hi all -- let me thank you for your advice ahead of time -- this forum is the only site I found on Google that seemed helpful.

Heres the nitty gritty:

I was hit with some Hijack-ware (PS Guard) about a week ago, I tried removing PS Guard, no go -- it kept reinstalling itself on my machine. I decided to reformat since the machine was new, but I would get this error @ about 78% on the progress bar when formating the drive:

error 0x000000CE (driver unloaded without cancelling pending operations)/partmgr.sys. After mucking around, & trying to reformat several times, I gave up. Each time I got the same error. I figured the virus killed the HD. So... I bought a new one...

Not long after getting the new disk in, I started getting this error:

System shutdown by NT Authority/System - services.exe

This only happens when I'm connected to the internet. What I don't understand is how I STILL have a virus on a 100% clean disk. Is it a Bios virus, or what?

I scanned the computer with AdAware, and it found nothing but browser cookies.


Here is the Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:39 PM, on 10/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\alexia1\Desktop\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Please let me know what I can do.

Also, is there a way to 100% COMPLETELY clean a system? (HD, Bios, Memory -- am I missing something?) -- I would prefer this because I have ZERO data on to lose & would probably be less hassle.

THANKS!