Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: This is a Security issue, but more!!!

21 Mar 2009   #41

Windows 7 Ultimate x64


This is a very long post so sorry if this has been covered already but I didn't see if you are behind a router. If so does it support WPA2 and does it have the latest firmware?

Are you the only person with physical access and control of the router, if so
I would reset all my passwords on the router and create a new WPA2 key using a random password generator like:

On the subject on reformatting the drive did you use a tool to Zero the drive?
If you chose to reinstall and reformat the drive I'd run this tool first:
Darik's Boot and Nuke: Darik's Boot And Nuke | Hard Drive Disk Wipe

Good luck

My System SpecsSystem Spec
21 Mar 2009   #42


OK. Loki thanks for your response, and I will answer it. But I am getting more interested in the party or parties responsible for this.

Another thing I have noticed when I have had all of these problems is that Firefox is never available... It is always installed since I installed it, but it never shows-up in my start menu, except in the form "Firefox Safe Mode" which I know means to add-ons or extensions... at least that is how I understand it.

Also, in the past, when I look at IE, it always shows me the icon for "Internet Explorer without add-ons" which I realize is the equivalent for safe mode in firefox.

Ok, also, it seems as if my laptop is encouraging me to install java in my browser. It was installed before I took out my wireless NIC, wiped the drive and reinstalled win-7. I never needed to install java, so I didn't but little things like adobe updates or other strange things (like the java plug-in download page suddenly pooping up out of nowhere perhaps 2 days ago).

THen today, I needed the plug-in for something. I installed it, and then I went to the Tools menu in firefox, and first it I see "Java Console". I click on it and nothing happens. So then I open the Tools menu again but now the Java console is grayed out.

I then went to firefox addons and downloaded a "Java Console" and an add-on called "Event Spy" which is an enhanced Java console.

Neither of these addons work.....! Also, a few posts back, I mentioned that there were services that I cannot touch, modify turn off or on, or do anything to because under properties, everything on every tab is grayed out. Each of these services became inaccessible after I either shut them down, or if they were essential and I did not want to shut them down, I changed it so it would log in not under local system, or local service (which most are logged on under and this may be normal, but I don't know) but instead they would log on under the "Administrator" user. The services I listed were: PlugNPlay, Group Policy Client, RPCSS, RPC Endpoint mapper, and DCOM SERVER. In addition as an FYI, the following services are also now inaccessible..... Windows Driver Foundation - User-mode Driver Framework, Power, and the service brought to my attention by Jacee..... called NZNEQPXT.

I am attaching for Jacee, 4 screenshots each showing a tab in the above service in question, NZNEQPXT. This whole thing is getting stranger as I never noticed this server EVER before, and I remember going through each one.....

Also, although perhaps not directly related, but part of the overall problem, I am attaching to screen shots of my firefox error console (which I checked after Java console would not. I am not sure if this provides additional information, but if it does, please let me know. Thanks....

Loki, I am using open wireless networks in each occassion. First 3 months back, 5 miles from where am now, and again a this moment where I am residing. I have no control whatsoever to the router. Also, any hotspots I go to where this problem continues, I obviously do not have control of the router. I am not foolish as far as security....I have always used a firewall on past workstations or laptops. And even intitially on this laptop. But since these problems began I could never get Kaspersky to work, so when my internet started working 2 days ago after I pulled the NIC, and re-installed, I didn't want to "push my luck" (see an earlier post of mine where I discuss this) and try to install Kaspersky (which Dwarf told me has now expired anyway). I asked in one my recent posts if anyone had suggestions on a firewall or if the Windows firewall was sufficient.....

That question remains open as well. As soon as I can get this laptop to perform like it should...I want to have adequate firewall protection.


Attached Thumbnails
This is a Security issue, but more!!!-services-pt-1.jpg   This is a Security issue, but more!!!-services-pt-2.jpg   This is a Security issue, but more!!!-services-pt-3.jpg   This is a Security issue, but more!!!-services-pt-4.jpg   This is a Security issue, but more!!!-errorconsolerev.jpg  

My System SpecsSystem Spec
21 Mar 2009   #43
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Tyler, let's do this please .... open notepad, don't use any other text application or this won't work. Hopefully this will work with Win 7 :)

copy the following text (in the 'quote box') into a new file:

sc config NZNEQPXT start= disabled
sc stop NZNEQPXT
sc delete NZNEQPXT

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Locate remove.bat on the Desktop and double-click on it to run it. A DOS box should will open and close, that is normal.
If any errors errors encountered please post.

Restart the computer normally.

Post a fresh HJT log .... copy and paste the contents, don't post a picture.
My System SpecsSystem Spec

21 Mar 2009   #44


Does the character format matter? the "save as" dialog box comes up with ANSI. I want to make sure we do this correctly....I wouldn't think it would matter if it was ascii or unicode or ansi, but I have my doubts because in the past, I have tried ~300 line batch programs which included both SC and NETSH commands and when I ran them, I would get "invalid option" type output from both. The secedit commands would run, or other informational type commands, but not SC or NETSH.

Let me know and I will do it immediately.


(Note: I used Tyler, because I would rename the user name and the computer name every time I would install because I hoped it might make it more difficult to get some sort of network app running with new names.....)
My System SpecsSystem Spec
21 Mar 2009   #45
Microsoft MVP

Windows 7 Ultimate 32bit SP1

My System SpecsSystem Spec
21 Mar 2009   #46


Ran the batch program....

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:17 PM, on 3/21/2009
Platform: Unknown Windows (WinNT 6.01.2904)
MSIE: Internet Explorer v8.00 (8.00.7000.0000)
Boot mode: Normal

Running processes:
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Users\Tyler\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKCU\..\Run: [googletalk] C:\Users\Tyler\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

End of file - 4294 bytes
My System SpecsSystem Spec
21 Mar 2009   #47


I checked in services and it does not seem to be there anymore. That seemed too easy.

Below is the output of pslist.exe (sysinterals) run as administrator (I tried to keep the spaces in separating the columns, but they would not paste -- even after I tried reformatting them in word). Are the items highlighted normal???

Process information for CAIRO:

  Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time 
Idle                  0   0   2    0      0    15:33:06.434     0:00:00.000
System                4   8 105  566   1672     0:03:47.667     8:20:35.950
smss                284  11   2   29    264     0:00:00.078     8:20:35.950
csrss               380  13   9  389   1224     0:00:02.028     8:20:28.633
wininit             440  13   3   98    896     0:00:00.202     8:20:22.565
csrss               448  13  10  347   6644     0:00:07.956     8:20:22.549
services            496   9   7  188   3848     0:00:05.959     8:20:21.067
lsass               512   9   8  741   3844     0:00:05.709     8:20:20.958
lsm                 520   8  11  150   1452     0:00:00.390     8:20:20.958
winlogon            552  13   5  115   1900     0:00:00.436     8:20:20.896
svchost             668   8  11  373   2908     0:00:15.194     8:20:20.287
svchost             748   8  10  291   2896     0:00:03.369     8:20:19.835
svchost             836   8  21  553  22364     0:00:03.307     8:20:19.710
svchost             896   8  25  806  51332     0:03:55.748     8:20:19.539
svchost             920   8  42 1258  15868     0:00:22.760     8:20:19.507
svchost            1076   8  12  336   5576     0:00:01.591     8:20:19.071
svchost            1208   8  13  489  15404     0:00:11.107     8:20:18.805
spoolsv            1380   8  12  296   4728     0:00:00.218     8:20:18.162
svchost            1416   8  18  432   9620     0:00:03.291     8:20:18.089
taskhost           1880   8  10  218   7504     0:00:00.468     8:20:13.535
dwm                1940  13   5  152  97328     0:06:07.881     8:20:13.401
explorer           2044   8  44 1287  48464     0:03:01.897     8:20:13.091
rundll32           1196   8   3   91   1436     0:00:00.046     8:20:11.328
acrotray           1260   8   2   54    948     0:00:00.031     8:20:11.313
SearchIndexer      1808   8  13  691  22532     0:00:10.670     8:20:06.239
svchost            2064   8  11  201   3428     0:00:00.390     8:20:05.179
sppsvc             3656   8   4  146   5256     0:00:03.510     8:18:13.634     Is Key Management Service for windows server 2003 normal?
svchost            3716   8  11  364  48320     0:00:38.438     8:18:13.141
googletalk         3884   8  16  486  39992     0:00:40.373     8:05:18.906
taskhost           2628   6  11  274  10232     0:00:07.316     7:33:31.031
audiodg            3468   8   7  133  15212     0:00:00.296     0:09:53.253
firefox            2980   8  14  345  63324     0:00:32.089     0:09:31.347
WUDFHost           2412   8   8  231   1548     0:00:00.062     0:03:59.600
WmiPrvSE            724   8   8  138   2156     0:00:00.187     0:03:00.905
cmd                3360   8   1   18   1724     0:00:00.109     0:00:45.500
conhost             568   8   2   73   1004     0:00:00.592     0:00:45.494
pslist             4012  13   1  208   2056     0:00:00.265     0:00:02.756
dllhost            4092   8   6  110   1152     0:00:00.031     0:00:01.635
Following is output of tasklist /svc run at (presumably) an elevated prompt.

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       284 N/A                                         
csrss.exe                      380 N/A                                         
wininit.exe                    440 N/A                                         
csrss.exe                      448 N/A                                         
services.exe                   496 N/A                                         
lsass.exe                      512 KeyIso, SamSs                               
lsm.exe                        520 N/A                                         
winlogon.exe                   552 N/A                                         
svchost.exe                    668 DcomLaunch, PlugPlay, Power                 
svchost.exe                    748 RpcEptMapper, RpcSs                         
svchost.exe                    836 Audiosrv, Dhcp, EventLog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                    896 AudioEndpointBuilder, CscService, Netman,   
                                   PcaSvc, SysMain, TrkWks, UxSms, Wlansvc,    
                                   WPDBusEnum, wudfsvc                         
svchost.exe                    920 AeLookupSvc, Appinfo, BITS, EapHost, gpsvc, 
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,      
                                   ProfSvc, Schedule, SENS, ShellHWDetection,  
                                   Themes, Winmgmt, wuauserv                   
svchost.exe                   1076 EventSystem, fdPHost, netprofm, nsi,        
                                   sppuinotify, WdiServiceHost                 
svchost.exe                   1208 CryptSvc, Dnscache, LanmanWorkstation,      
spoolsv.exe                   1380 Spooler                                     
svchost.exe                   1416 BFE, DPS, MpsSvc                            
taskhost.exe                  1880 N/A                                         
dwm.exe                       1940 N/A                                         
explorer.exe                  2044 N/A                                         
rundll32.exe                  1196 N/A                                         
acrotray.exe                  1260 N/A                                         
SearchIndexer.exe             1808 WSearch                                     
svchost.exe                   2064 FDResPub, SSDPSRV                           
sppsvc.exe                    3656 sppsvc                                      
svchost.exe                   3716 WinDefend                                   
googletalk.exe                3884 N/A                                         
taskhost.exe                  2628 N/A                                         
audiodg.exe                   3468 N/A                                         
firefox.exe                   2980 N/A                                         
WUDFHost.exe                  2412 N/A                                         
WmiPrvSE.exe                   724 N/A                                         
SearchProtocolHost.exe        2564 N/A                                         
SearchFilterHost.exe          1676 N/A                                         
cmd.exe                       2948 N/A                                         
conhost.exe                   2764 N/A                                         
tasklist.exe                  1192 N/A                                         
WmiPrvSE.exe                  2276 N/A
My System SpecsSystem Spec
21 Mar 2009   #48
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Your HJT log looks clean.

Now, when I said to change all of your passwords from a *known* clean machine, I did not mean from a public computer such as Kinko's!! Goodness knows what's on one of those computers

If you have a friend/neighbor who does not use such things as keygens, cracks or torrents (for illegal/copywrite) downloads, then ask to use their computer for a bit to change all passwords.

I believe you had a 'hacktool' on your computer.

If you are still having problems after doing the above instructions, then let me know because I have another way to go to help you out :)
My System SpecsSystem Spec
09 Apr 2009   #49

all windows and tiger

Having read a lot of info. And not seeing a few things talked about please let me know if you have sorted the prob out or are you hard at work penning out your book
My System SpecsSystem Spec
16 Apr 2009   #50



I know you all have been losing sleep about my issue since I have not posted in quite some time. However, there is more excitement ahead!!

First I want to thank everyone' for their patient and intelligent feedback and assistance with my problem from this thread. In the end, I just sold the damn laptop (it was due for a replacement anyway), and bought a new HP dv4 1225 (4G ram, 250G HD, and dual core AMD Turion).

However, I feel comfortable enough with everyone here to tell you that I have to be the most incompetent fool since the guy in charge of security during the Lee Harvey Oswald prison transfer.

You can read about my mistake, my idea to fix it, and offer any help you see fit here... in this post I tagged onto the end of one by darco. As follows:

Unable to install 7077 x64
My System SpecsSystem Spec
Closed Thread

 This is a Security issue, but more!!!

Thread Tools

Similar help and support threads
Thread Forum
Security issue: IE10 Security message when opening MSN
I normally use MSN as my home page when I browse with IE10 as my default browser. This morning when I checked my email I had a message that purported to be from Microsoft that stated thew following: Microsoft account Security alert We think that someone else might have accessed the...
Browsers & Mail
Security Issue
Hi golden i have MWB as well and thought of myself as pretty secure however i let my parents get ahold of the comp and theres trojans and text files and crazy shiz neway i follow the path provided to where one of the virus's resided and low and behold i couldnt get to the dang cookies neway i...
System Security
Ad-Hoc Security Issue
Ok I hope you can help me out here. I'm convinced this is a security issue. From time to time my laptop drops wireless signal & when I try to re-connect to my router, I notice there's this available ad-hoc network to connect to called hp.nomodel etc... I of course have never connected to this...
System Security
Please help me! Security issue
Hi all.. sorry about the uppercase title but Im desperate.. I have a sony vaio windows 7, since Im 20 and my mom wanted to use my laptop at times I HAD to make her an independent account and manage my sharing and security settings, so I denied her account all permissions etc.. but now I cant...
Network & Sharing
Urgent!!! security issue
I apologise if i am posting this in the wrong place but this is quite urgent. 2 of my accounts have just been hacked,, and it seems my windows live account had a hack attempt on it. I am trying to reset my passwords, but i beleive there is either a keylogger on the pc or smth wrong with windows...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:18.
Twitter Facebook Google+