This is a Security issue, but more!!!

Page 5 of 13 FirstFirst ... 34567 ... LastLast

  1. Posts : 186
    Windows 7 Ultimate x64
       #41

    Hi,

    This is a very long post so sorry if this has been covered already but I didn't see if you are behind a router. If so does it support WPA2 and does it have the latest firmware?

    Are you the only person with physical access and control of the router, if so
    I would reset all my passwords on the router and create a new WPA2 key using a random password generator like: https://www.grc.com/passwords.htm

    On the subject on reformatting the drive did you use a tool to Zero the drive?
    If you chose to reinstall and reformat the drive I'd run this tool first:
    Darik's Boot and Nuke: Darik's Boot And Nuke | Hard Drive Disk Wipe

    Good luck
      My Computer


  2. Posts : 57
    Windows 7
    Thread Starter
       #42

    OK. Loki thanks for your response, and I will answer it. But I am getting more interested in the party or parties responsible for this.

    Another thing I have noticed when I have had all of these problems is that Firefox is never available... It is always installed since I installed it, but it never shows-up in my start menu, except in the form "Firefox Safe Mode" which I know means to add-ons or extensions... at least that is how I understand it.

    Also, in the past, when I look at IE, it always shows me the icon for "Internet Explorer without add-ons" which I realize is the equivalent for safe mode in firefox.

    Ok, also, it seems as if my laptop is encouraging me to install java in my browser. It was installed before I took out my wireless NIC, wiped the drive and reinstalled win-7. I never needed to install java, so I didn't but little things like adobe updates or other strange things (like the java plug-in download page suddenly pooping up out of nowhere perhaps 2 days ago).

    THen today, I needed the plug-in for something. I installed it, and then I went to the Tools menu in firefox, and first it I see "Java Console". I click on it and nothing happens. So then I open the Tools menu again but now the Java console is grayed out.

    I then went to firefox addons and downloaded a "Java Console" and an add-on called "Event Spy" which is an enhanced Java console.

    Neither of these addons work.....! Also, a few posts back, I mentioned that there were services that I cannot touch, modify turn off or on, or do anything to because under properties, everything on every tab is grayed out. Each of these services became inaccessible after I either shut them down, or if they were essential and I did not want to shut them down, I changed it so it would log in not under local system, or local service (which most are logged on under and this may be normal, but I don't know) but instead they would log on under the "Administrator" user. The services I listed were: PlugNPlay, Group Policy Client, RPCSS, RPC Endpoint mapper, and DCOM SERVER. In addition as an FYI, the following services are also now inaccessible..... Windows Driver Foundation - User-mode Driver Framework, Power, and the service brought to my attention by Jacee..... called NZNEQPXT.

    I am attaching for Jacee, 4 screenshots each showing a tab in the above service in question, NZNEQPXT. This whole thing is getting stranger as I never noticed this server EVER before, and I remember going through each one.....

    Also, although perhaps not directly related, but part of the overall problem, I am attaching to screen shots of my firefox error console (which I checked after Java console would not. I am not sure if this provides additional information, but if it does, please let me know. Thanks....

    Loki, I am using open wireless networks in each occassion. First 3 months back, 5 miles from where am now, and again a this moment where I am residing. I have no control whatsoever to the router. Also, any hotspots I go to where this problem continues, I obviously do not have control of the router. I am not foolish as far as security....I have always used a firewall on past workstations or laptops. And even intitially on this laptop. But since these problems began I could never get Kaspersky to work, so when my internet started working 2 days ago after I pulled the NIC, and re-installed, I didn't want to "push my luck" (see an earlier post of mine where I discuss this) and try to install Kaspersky (which Dwarf told me has now expired anyway). I asked in one my recent posts if anyone had suggestions on a firewall or if the Windows firewall was sufficient.....

    That question remains open as well. As soon as I can get this laptop to perform like it should...I want to have adequate firewall protection.

    Paul
    Attached Thumbnails Attached Thumbnails This is a Security issue, but more!!!-services-pt-1.jpg   This is a Security issue, but more!!!-services-pt-2.jpg   This is a Security issue, but more!!!-services-pt-3.jpg   This is a Security issue, but more!!!-services-pt-4.jpg   This is a Security issue, but more!!!-errorconsolerev.jpg  

      My Computer


  3. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #43

    Tyler, let's do this please .... open notepad, don't use any other text application or this won't work. Hopefully this will work with Win 7 :)

    copy the following text (in the 'quote box') into a new file:

    sc config NZNEQPXT start= disabled
    sc stop NZNEQPXT
    sc delete NZNEQPXT


    Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

    Locate remove.bat on the Desktop and double-click on it to run it. A DOS box should will open and close, that is normal.
    If any errors errors encountered please post.

    Restart the computer normally.

    Post a fresh HJT log .... copy and paste the contents, don't post a picture.
      My Computer


  4. Posts : 57
    Windows 7
    Thread Starter
       #44

    Does the character format matter? the "save as" dialog box comes up with ANSI. I want to make sure we do this correctly....I wouldn't think it would matter if it was ascii or unicode or ansi, but I have my doubts because in the past, I have tried ~300 line batch programs which included both SC and NETSH commands and when I ran them, I would get "invalid option" type output from both. The secedit commands would run, or other informational type commands, but not SC or NETSH.

    Let me know and I will do it immediately.

    Paul

    (Note: I used Tyler, because I would rename the user name and the computer name every time I would install because I hoped it might make it more difficult to get some sort of network app running with new names.....)
      My Computer


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #45

    Yes...
      My Computer


  6. Posts : 57
    Windows 7
    Thread Starter
       #46

    Ran the batch program....

    Here is the Hijackthis log:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:38:17 PM, on 3/21/2009
    Platform: Unknown Windows (WinNT 6.01.2904)
    MSIE: Internet Explorer v8.00 (8.00.7000.0000)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Users\Tyler\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Tyler\Desktop\HiJackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    O4 - HKCU\..\Run: [googletalk] C:\Users\Tyler\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix: 
    O20 - AppInit_DLLs: acaptuser32.dll
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    
    --
    End of file - 4294 bytes
    Last edited by Airbot; 22 Mar 2009 at 02:20. Reason: cleaned up post..
      My Computer


  7. Posts : 57
    Windows 7
    Thread Starter
       #47

    I checked in services and it does not seem to be there anymore. That seemed too easy.

    Below is the output of pslist.exe (sysinterals) run as administrator (I tried to keep the spaces in separating the columns, but they would not paste -- even after I tried reformatting them in word). Are the items highlighted normal???

    Process information for CAIRO:

    Code:
      Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time 
    Idle                  0   0   2    0      0    15:33:06.434     0:00:00.000
    System                4   8 105  566   1672     0:03:47.667     8:20:35.950
    smss                284  11   2   29    264     0:00:00.078     8:20:35.950
    csrss               380  13   9  389   1224     0:00:02.028     8:20:28.633
    wininit             440  13   3   98    896     0:00:00.202     8:20:22.565
    csrss               448  13  10  347   6644     0:00:07.956     8:20:22.549
    services            496   9   7  188   3848     0:00:05.959     8:20:21.067
    lsass               512   9   8  741   3844     0:00:05.709     8:20:20.958
    lsm                 520   8  11  150   1452     0:00:00.390     8:20:20.958
    winlogon            552  13   5  115   1900     0:00:00.436     8:20:20.896
    svchost             668   8  11  373   2908     0:00:15.194     8:20:20.287
    svchost             748   8  10  291   2896     0:00:03.369     8:20:19.835
    svchost             836   8  21  553  22364     0:00:03.307     8:20:19.710
    svchost             896   8  25  806  51332     0:03:55.748     8:20:19.539
    svchost             920   8  42 1258  15868     0:00:22.760     8:20:19.507
    svchost            1076   8  12  336   5576     0:00:01.591     8:20:19.071
    svchost            1208   8  13  489  15404     0:00:11.107     8:20:18.805
    spoolsv            1380   8  12  296   4728     0:00:00.218     8:20:18.162
    svchost            1416   8  18  432   9620     0:00:03.291     8:20:18.089
    taskhost           1880   8  10  218   7504     0:00:00.468     8:20:13.535
    dwm                1940  13   5  152  97328     0:06:07.881     8:20:13.401
    explorer           2044   8  44 1287  48464     0:03:01.897     8:20:13.091
    rundll32           1196   8   3   91   1436     0:00:00.046     8:20:11.328
    acrotray           1260   8   2   54    948     0:00:00.031     8:20:11.313
    SearchIndexer      1808   8  13  691  22532     0:00:10.670     8:20:06.239
    svchost            2064   8  11  201   3428     0:00:00.390     8:20:05.179
    sppsvc             3656   8   4  146   5256     0:00:03.510     8:18:13.634     Is Key Management Service for windows server 2003 normal?
    svchost            3716   8  11  364  48320     0:00:38.438     8:18:13.141
    googletalk         3884   8  16  486  39992     0:00:40.373     8:05:18.906
    taskhost           2628   6  11  274  10232     0:00:07.316     7:33:31.031
    audiodg            3468   8   7  133  15212     0:00:00.296     0:09:53.253
    firefox            2980   8  14  345  63324     0:00:32.089     0:09:31.347
    WUDFHost           2412   8   8  231   1548     0:00:00.062     0:03:59.600
    WmiPrvSE            724   8   8  138   2156     0:00:00.187     0:03:00.905
    cmd                3360   8   1   18   1724     0:00:00.109     0:00:45.500
    conhost             568   8   2   73   1004     0:00:00.592     0:00:45.494
    pslist             4012  13   1  208   2056     0:00:00.265     0:00:02.756
    dllhost            4092   8   6  110   1152     0:00:00.031     0:00:01.635
    Following is output of tasklist /svc run at (presumably) an elevated prompt.

    Code:
    Image Name                     PID Services                                    
    ========================= ======== ============================================
    System Idle Process              0 N/A                                         
    System                           4 N/A                                         
    smss.exe                       284 N/A                                         
    csrss.exe                      380 N/A                                         
    wininit.exe                    440 N/A                                         
    csrss.exe                      448 N/A                                         
    services.exe                   496 N/A                                         
    lsass.exe                      512 KeyIso, SamSs                               
    lsm.exe                        520 N/A                                         
    winlogon.exe                   552 N/A                                         
    svchost.exe                    668 DcomLaunch, PlugPlay, Power                 
    svchost.exe                    748 RpcEptMapper, RpcSs                         
    svchost.exe                    836 Audiosrv, Dhcp, EventLog,                   
                                       HomeGroupProvider, lmhosts, wscsvc          
    svchost.exe                    896 AudioEndpointBuilder, CscService, Netman,   
                                       PcaSvc, SysMain, TrkWks, UxSms, Wlansvc,    
                                       WPDBusEnum, wudfsvc                         
    svchost.exe                    920 AeLookupSvc, Appinfo, BITS, EapHost, gpsvc, 
                                       IKEEXT, iphlpsvc, LanmanServer, MMCSS,      
                                       ProfSvc, Schedule, SENS, ShellHWDetection,  
                                       Themes, Winmgmt, wuauserv                   
    svchost.exe                   1076 EventSystem, fdPHost, netprofm, nsi,        
                                       sppuinotify, WdiServiceHost                 
    svchost.exe                   1208 CryptSvc, Dnscache, LanmanWorkstation,      
                                       NlaSvc                                      
    spoolsv.exe                   1380 Spooler                                     
    svchost.exe                   1416 BFE, DPS, MpsSvc                            
    taskhost.exe                  1880 N/A                                         
    dwm.exe                       1940 N/A                                         
    explorer.exe                  2044 N/A                                         
    rundll32.exe                  1196 N/A                                         
    acrotray.exe                  1260 N/A                                         
    SearchIndexer.exe             1808 WSearch                                     
    svchost.exe                   2064 FDResPub, SSDPSRV                           
    sppsvc.exe                    3656 sppsvc                                      
    svchost.exe                   3716 WinDefend                                   
    googletalk.exe                3884 N/A                                         
    taskhost.exe                  2628 N/A                                         
    audiodg.exe                   3468 N/A                                         
    firefox.exe                   2980 N/A                                         
    WUDFHost.exe                  2412 N/A                                         
    WmiPrvSE.exe                   724 N/A                                         
    SearchProtocolHost.exe        2564 N/A                                         
    SearchFilterHost.exe          1676 N/A                                         
    cmd.exe                       2948 N/A                                         
    conhost.exe                   2764 N/A                                         
    tasklist.exe                  1192 N/A                                         
    WmiPrvSE.exe                  2276 N/A
    Last edited by Airbot; 22 Mar 2009 at 02:23. Reason: cleaned up post..
      My Computer


  8. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #48

    Your HJT log looks clean.

    Now, when I said to change all of your passwords from a *known* clean machine, I did not mean from a public computer such as Kinko's!! Goodness knows what's on one of those computers

    If you have a friend/neighbor who does not use such things as keygens, cracks or torrents (for illegal/copywrite) downloads, then ask to use their computer for a bit to change all passwords.

    I believe you had a 'hacktool' on your computer.

    If you are still having problems after doing the above instructions, then let me know because I have another way to go to help you out :)
      My Computer


  9. Posts : 15
    all windows and tiger
       #49

    Having read a lot of info. And not seeing a few things talked about please let me know if you have sorted the prob out or are you hard at work penning out your book
      My Computer


  10. Posts : 57
    Windows 7
    Thread Starter
       #50

    Hello:

    I know you all have been losing sleep about my issue since I have not posted in quite some time. However, there is more excitement ahead!!

    First I want to thank everyone' for their patient and intelligent feedback and assistance with my problem from this thread. In the end, I just sold the damn laptop (it was due for a replacement anyway), and bought a new HP dv4 1225 (4G ram, 250G HD, and dual core AMD Turion).

    However, I feel comfortable enough with everyone here to tell you that I have to be the most incompetent fool since the guy in charge of security during the Lee Harvey Oswald prison transfer.

    You can read about my mistake, my idea to fix it, and offer any help you see fit here... in this post I tagged onto the end of one by darco. As follows:

    Unable to install 7077 x64
      My Computer


 
Page 5 of 13 FirstFirst ... 34567 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:59.
Find Us