Failed HD; NT Authority System shutdown/services.exe -- and more

b_j0rdan · 10-18-2005, 05:16 PM

Hi all -- let me thank you for your advice ahead of time -- this forum is the only site I found on Google that seemed helpful.

Heres the nitty gritty:

I was hit with some Hijack-ware (PS Guard) about a week ago, I tried removing PS Guard, no go -- it kept reinstalling itself on my machine. I decided to reformat since the machine was new, but I would get this error @ about 78% on the progress bar when formating the drive:

error 0x000000CE (driver unloaded without cancelling pending operations)/partmgr.sys. After mucking around, & trying to reformat several times, I gave up. Each time I got the same error. I figured the virus killed the HD. So... I bought a new one...

Not long after getting the new disk in, I started getting this error:

System shutdown by NT Authority/System - services.exe

This only happens when I'm connected to the internet. What I don't understand is how I STILL have a virus on a 100% clean disk. Is it a Bios virus, or what?

I scanned the computer with AdAware, and it found nothing but browser cookies.

Here is the Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:39 PM, on 10/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\alexia1\Desktop\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Please let me know what I can do.

Also, is there a way to 100% COMPLETELY clean a system? (HD, Bios, Memory -- am I missing something?) -- I would prefer this because I have ZERO data on to lose & would probably be less hassle.

THANKS!

skfiroz · 09-27-2007, 06:10 AM

Quote:

Originally Posted by b_j0rdan

Hi all -- let me thank you for your advice ahead of time -- this forum is the only site I found on Google that seemed helpful.

Heres the nitty gritty:

I was hit with some Hijack-ware (PS Guard) about a week ago, I tried removing PS Guard, no go -- it kept reinstalling itself on my machine. I decided to reformat since the machine was new, but I would get this error @ about 78% on the progress bar when formating the drive:

error 0x000000CE (driver unloaded without cancelling pending operations)/partmgr.sys. After mucking around, & trying to reformat several times, I gave up. Each time I got the same error. I figured the virus killed the HD. So... I bought a new one...

Not long after getting the new disk in, I started getting this error:

System shutdown by NT Authority/System - services.exe

This only happens when I'm connected to the internet. What I don't understand is how I STILL have a virus on a 100% clean disk. Is it a Bios virus, or what?

I scanned the computer with AdAware, and it found nothing but browser cookies.

Here is the Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:39 PM, on 10/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\alexia1\Desktop\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Please let me know what I can do.

Also, is there a way to 100% COMPLETELY clean a system? (HD, Bios, Memory -- am I missing something?) -- I would prefer this because I have ZERO data on to lose & would probably be less hassle.

THANKS!

skfiroz · 09-27-2007, 06:11 AM

sir please give the solution

skfiroz · 09-27-2007, 06:12 AM

System shutdown by NT Authority/System - services.exe

This only happens when I'm connected to the internet. What I don't understand is how I STILL have a virus on a 100% clean disk. Is it a Bios virus, or what?

I scanned the computer with AdAware, and it found nothing but browser cookies.

Here is the Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:39 PM, on 10/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

C:\WINNT\system32\lsass.exe

09-27-2007, 06:21 PM

One question first: Are these two people having the same problem, or one person posting under two IDs?

In either case: I strongly advise you to follow the Five Steps (Click on the red text). Do not delete/unstall/quarantine anything yet

Quote:

Originally Posted by skfiroz

System shutdown by NT Authority/System - services.exe

This only happens when I'm connected to the internet. What I don't understand is how I STILL have a virus on a 100% clean disk. Is it a Bios virus, or what?

I scanned the computer with AdAware, and it found nothing but browser cookies.

Here is the Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:39 PM, on 10/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

C:\WINNT\system32\lsass.exe

10-18-2005, 05:16 PM	#1 (permalink)
b_j0rdan Registered User Join Date: Oct 2005 Posts: 2 OS: Win 2000	Failed HD; NT Authority System shutdown/services.exe -- and more Hi all -- let me thank you for your advice ahead of time -- this forum is the only site I found on Google that seemed helpful. Heres the nitty gritty: I was hit with some Hijack-ware (PS Guard) about a week ago, I tried removing PS Guard, no go -- it kept reinstalling itself on my machine. I decided to reformat since the machine was new, but I would get this error @ about 78% on the progress bar when formating the drive: error 0x000000CE (driver unloaded without cancelling pending operations)/partmgr.sys. After mucking around, & trying to reformat several times, I gave up. Each time I got the same error. I figured the virus killed the HD. So... I bought a new one... Not long after getting the new disk in, I started getting this error: System shutdown by NT Authority/System - services.exe This only happens when I'm connected to the internet. What I don't understand is how I STILL have a virus on a 100% clean disk. Is it a Bios virus, or what? I scanned the computer with AdAware, and it found nothing but browser cookies. Here is the Hijack This log file: Logfile of HijackThis v1.99.1 Scan saved at 12:41:39 PM, on 10/16/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINNT\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe C:\WINNT\system32\wuauclt.exe C:\Documents and Settings\alexia1\Desktop\HijackThis.exe O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Please let me know what I can do. Also, is there a way to 100% COMPLETELY clean a system? (HD, Bios, Memory -- am I missing something?) -- I would prefer this because I have ZERO data on to lose & would probably be less hassle. THANKS!

09-27-2007, 06:11 AM	#3 (permalink)
skfiroz Registered User Join Date: Sep 2007 Posts: 3 OS: win 2000 professional	Re: Failed HD; NT Authority System shutdown/services.exe -- and more sir please give the solution

09-27-2007, 06:12 AM	#4 (permalink)
skfiroz Registered User Join Date: Sep 2007 Posts: 3 OS: win 2000 professional	Re: Failed HD; NT Authority System shutdown/services.exe -- and more System shutdown by NT Authority/System - services.exe This only happens when I'm connected to the internet. What I don't understand is how I STILL have a virus on a 100% clean disk. Is it a Bios virus, or what? I scanned the computer with AdAware, and it found nothing but browser cookies. Here is the Hijack This log file: Logfile of HijackThis v1.99.1 Scan saved at 12:41:39 PM, on 10/16/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) C:\WINNT\system32\lsass.exe