Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Hi all -- let me thank you for your advice ahead of time -- this forum is the only site I found on Google that seemed helpful.

Heres the nitty gritty:

I was hit with some Hijack-ware (PS Guard) about a week ago, I tried removing PS Guard, no go -- it kept reinstalling itself on my machine. I decided to reformat since the machine was new, but I would get this error @ about 78% on the progress bar when formating the drive:

error 0x000000CE (driver unloaded without cancelling pending operations)/partmgr.sys. After mucking around, & trying to reformat several times, I gave up. Each time I got the same error. I figured the virus killed the HD. So... I bought a new one...

Not long after getting the new disk in, I started getting this error:

System shutdown by NT Authority/System - services.exe

This only happens when I'm connected to the internet. What I don't understand is how I STILL have a virus on a 100% clean disk. Is it a Bios virus, or what?

I scanned the computer with AdAware, and it found nothing but browser cookies.


Here is the Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:39 PM, on 10/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\alexia1\Desktop\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Please let me know what I can do.

Also, is there a way to 100% COMPLETELY clean a system? (HD, Bios, Memory -- am I missing something?) -- I would prefer this because I have ZERO data on to lose & would probably be less hassle.

THANKS!
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Your log is clean. Nothing could have survived if you installed a new hard drive so your issue isn't related to malware/virus. That first error "partmgr.sys" is a partition manager error...which you shouldn't get unless your using some sort of program.

That said...you likely picked up something new as you have no protection on this system. Make sure Windows 2000 has all security updates installed. Move to IE6. You have NO virus protection or firewall. These need installed NOW!!

Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • Tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:


In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:




In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top