Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: This is a Security issue, but more!!!

20 Mar 2009   #31
Microsoft MVP

Windows 7 Ultimate 32bit SP1

The CSV\v2.06 is most likely okay, because it's also on my computer

It's a *Command line compiler* for Microsoft C# it gets installed with the .NET SDK

I can't find anything on DXP\Task ....
It could be a backdoor Trojan
Troj/VB-DXP Trojan - Sophos security analysis

In which case I would suggest that you go to a known 'clean' computer and change all your passwords. Don't try to do this on a suspected, infected machine.

Next, download HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Now, flush your DNS Cache:
Sometimes a bad DNS entry will be cached and you will need to either flush the DNS cache to get rid of it, or wait up to 24 hours for it to be dropped from the cache automatically.

Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe
enter ipconfig /flushdns press 'enter'

You might see if Kaspersky online Virus scanner will run now.

My System SpecsSystem Spec
20 Mar 2009   #32
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Ah Ha! I found DXP on my machine too ... looks to be safe :)
DXP - Device Experience Platform Microsoft Corporation c:\windows\system32\dxp.dll
My System SpecsSystem Spec
20 Mar 2009   #33


No. And I am not (to my knowledge) using any proxies. Which address was did that resolve from? Was it ipv6?

I have always been ready to admit I was wrong in this. But I am still left with countless questions as to why so many things starting happening all at the same time, and virtually all in response to a defense of my actions which were either investigatory (no deletion or changing of files or the registry), and why it seemed to behave in this way with so many outbound UDP packets (according to Kaspersky) to the same address. And why would any OS feature, reach out and change permissions in accessing peripheral drives (the WD 500GB drive, flash drives,etc.) which not even the esteemed, invoke-only-as-needed "Administrator" user would be able to access or change on a stand-alone workstation (or more accurately, my laptop), unless they were doing something which from all perspectives I can envision seem furtive, possessing element of concealment, agression, and even a very real sense that at times, the OS was taking steps simply for punitive purposes??? And why after using Slackware (from a persistent changes, 4GB Flash drive) for a year, would my switching to a conventional HD installation of Ubuntu soon after all of these problems started cause a different but stable and highly regarded OS such as Ubuntu Linux to have adapter problems and odd environmental events such as the sudden disappearance of my ability to use iwconfig, or have ipconfig output look radically different than to what I am accustomed. I mean bash is bash pretty much and ubuntu worked fine for about an hour, then it was like my Luddite ghost had returned to wreak havoc on my life.....?????

attached is the MBAM log.... All clear!!!

Attached for

Attached Files
File Type: txt mbam-log-2009-03-20 (14-27-13).txt (842 Bytes, 27 views)
My System SpecsSystem Spec

20 Mar 2009   #34

article that may be enlightening

FIrst, attached I included a HijackThis! log. I know there are many things that should not be there... I have deleted them before, and I just stopped even trying a few weeks ago...

But, on a stronger note, the following link is to an article that gives me a little comfort as to why I see many things I see....

Security in Windows 7: Firewall and Networking - Reviews by PC Magazine

My System SpecsSystem Spec
20 Mar 2009   #35


Oh, and thank you Jacee for the helpful info...I feel relieved that there are other competent and skilled individuals who may not recognize some items as typical windows components. I will take all the steps you outline--I want to research this a bit more to know what kind of trojan this may be. Also, when you say a clean machine, you mean head on over to Kinkos or something right???? And by passwords, you mean any web app passwords, correct???

In connection with my last post and the link contained therein, what is everyone's take on having a third party commercial firewall? Do I need one???

Thanks as always
My System SpecsSystem Spec
20 Mar 2009   #36


This is just to confirm the HijackThis log made it through the upload... Didn't see it when I refreshed...

Oh see the problem now....I forgot about those file extension limitations on uploads....

Attached Files
File Type: txt hijackthis.txt (4.1 KB, 32 views)
My System SpecsSystem Spec
20 Mar 2009   #37
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Stop/disable this in services:

Upload to jotti's:

and have this file scanned:

If jotti's is too busy then try - The Multi-Engine Virus Scanner v1.02, Supports 37 AntiVirus Engines!

Copy and paste the findings log back here.
My System SpecsSystem Spec
20 Mar 2009   #38


Strange... but though the file NZNEQPXT shows as active in HijackThis, it does not look quite the same in services.... see screenshot attached...

Also, I cannot enable the Administrator (which always happens when I cannot open a prompt "As an administrator"....

THe task manager no longer has the "Run this task as Administrator" checkbox (I have seen this before). My "RUN" in the start menu (which is a fight as it is to enable in the start menu properties) no longer has the "Run as Administrator" checkbox option... and "Runas" at the command prompt gives me some weird error like "class is not installed"....

I feel like Bruce Willis in Die Hard when he says to the all the police and SWAT on the ground below "welcome to the party!!" . This is only a fracion of the same stuff I have been seing for weeks on end despite wipes, reformats and reinstalls from a Microsoft download.... I know the installation disk is clean..... this point (if I did not otherwise have the internet up and running as I do now), I would usually reformat and reinstall.

As I responded above (mostly to Darkassassin who said my reformatting 40 times was excessive, and to which I agree) I believe I have tried most other recovery methods that do not involve a full re-installation.... but as I said in the post a few back, I am working from Administrator books for Vista, so if you have some idea.... let me know...

GIven all that I have said, if this is a trojan or a worm, could it be in protected storage????


Attached Thumbnails
This is a Security issue, but more!!!-services.jpg  
My System SpecsSystem Spec
20 Mar 2009   #39
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Right click on the service again and choose properties. Click on the dropdown box and set it to disabled. Click 'stop', apply and ok your way out.
Please see if you can get C:\Users\Tyler\AppData\Local\Temp\NZNEQPXT.exe
scanned by one or both links supplied above.

go to this link and download whoamI?
wng's blog: WhoAmI
This is a small script that will be a notepad .txt file on your desktop. Post it.

Mine looks like this because I have not turned UAC off:
WhoAmI by wng_z3r0
9:22 PM
Operating system:
Microsoft Windows 7 Ultimate
Ram: 3325 mb
Accounts on this computer:
Current User: Jacee
User is not an admin
End of file
My System SpecsSystem Spec
21 Mar 2009   #40


So I did this. See screenshot...

Attached Thumbnails
This is a Security issue, but more!!!-services.jpg  
My System SpecsSystem Spec
Closed Thread

 This is a Security issue, but more!!!

Thread Tools

Similar help and support threads
Thread Forum
Security issue: IE10 Security message when opening MSN
I normally use MSN as my home page when I browse with IE10 as my default browser. This morning when I checked my email I had a message that purported to be from Microsoft that stated thew following: Microsoft account Security alert We think that someone else might have accessed the...
Browsers & Mail
Security Issue
Hi golden i have MWB as well and thought of myself as pretty secure however i let my parents get ahold of the comp and theres trojans and text files and crazy shiz neway i follow the path provided to where one of the virus's resided and low and behold i couldnt get to the dang cookies neway i...
System Security
Ad-Hoc Security Issue
Ok I hope you can help me out here. I'm convinced this is a security issue. From time to time my laptop drops wireless signal & when I try to re-connect to my router, I notice there's this available ad-hoc network to connect to called hp.nomodel etc... I of course have never connected to this...
System Security
Please help me! Security issue
Hi all.. sorry about the uppercase title but Im desperate.. I have a sony vaio windows 7, since Im 20 and my mom wanted to use my laptop at times I HAD to make her an independent account and manage my sharing and security settings, so I denied her account all permissions etc.. but now I cant...
Network & Sharing
Urgent!!! security issue
I apologise if i am posting this in the wrong place but this is quite urgent. 2 of my accounts have just been hacked,, and it seems my windows live account had a hack attempt on it. I am trying to reset my passwords, but i beleive there is either a keylogger on the pc or smth wrong with windows...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:46.
Twitter Facebook Google+