CPF found these

I am liking CPF have a few questions about what it blocks.

tgcmd.exe when googled it came back could be from Comcast cable supprt although I use Charter I used the Charter install CD. CPF also says support.com Scheduler & Command Dispacter

svhost.exe -parent services.exe Googled it found it could be My Doom worm
on this forum found that it is used to update your IP address wiil lose connection if
you block it.

iexplorer.exe - CPF reported loaded sdcidle.dll global hook key logger
googled sdcidle.ll it could be Java related I do have Sun Java
I loose internet connection when blocking this

I downloade some vids when playing them WMP CPF pops up with wmplayer.exe trying to connect to internet remote location I deny on per turn basis it still works but

some feedback would be appreciated   

     regards   stillen


tgcmd.exe: I cannot comment on this as it is used by an ISP, you may wish to contact your ISP to see what it is.

Is it located in the same folder as the Charter install files are?

svhost.exe: This is a component in Windows that helps your PC access the internet. The MyDoom worms will sometimes make a file named svhost.exe to fool the user into making it look like a legitimate file. In your case it is probably a legitimate file.

iexplorer.exe: If you use Java then you are fine with allowing what Comodo Firewall has warned you about. As Java is installed and now part of Internet Explorer you need to allow it to get internet access.

Hope this helps,

justin thanx for the reply.

svhost.exe and iexplorer.exe have been added to trusted zone

  tgcmd.exe  gonna have to research that a bit more  will deny as per it pops up to request access for now.

(R) thanx again stillen

As previously stated - you need to be EXACT about the spelling.

You wrote above “svhost.exe -parent services.exe Googled it found it could be My Doom worm. on this forum found that it is used to update your IP address wiil lose connection if you block it.”

There is a HELL of a difference between SVHOST.EXE and SVCHOST.EXE.

In exactly the same manner, there is a HELL of a difference between IEXPLORER.EXE and EXPLORER.EXE and IEXPLORE.EXE.

Please, please, please, double and triple check the spellings on the alerts you’re getting.

If possible, can you attach screenshots of the alerts, just to avoid confusion.

Ewen :slight_smile:

Ok here it is On CPF activity found this (:KWL)


Application C:\Windows32\system32\svhost.exe
Parent C:\Windows\system32\services.exe
Protocol UDP In

iexplorer.exe is the spelling of that jotted it down whle CPF had it flagged   loaded from sdcidle.dll

     Went to connections on CPF this is what it showed 

svhost.exe UDP in/out
iexplorer.exe UDP in/out
svhost.exe UDP in/out
system UDP in/out

         the one constant is svhost.exe UDP in/out   the last three come and go in the  listing

thanx stillen

stillen, if the application, as you have typed, is svhost.exe, as opposed to svchost.exe, then you have most likely been infected by a nasty. :frowning:

You will, however, note that the difference is in the letter ‘c’ and seems to be a common typing mistake. That’s why I’ve taken steps to differentiate that.

If you will actually capture a screenshot and post here under Additional Options (use your Connections window, Application Monitor; wherever it shows that application/connection), that will eliminate any confusion caused by relayed information.



Thank you for the advice I am going to Reformat my PC in a week or so .

I have also been to Pandas Nanocscan it found nothing also went to Trendmicro’s online scanner it found one grayware issue it removed.

Also will not reinstall with Charter intsall CD so as won’t have to deal with tgcmd.exe will manually do my conection.
Also have done a Hijackthis post on a forum and found nothing.

  OK here it is  On CPF   Activity then Connections this is what   it shows                                    iexplore.exe and svchost.exe

thank you all for the advice
regards stillen

Tnx, stillen ~

With it being svchost.exe, you’re probably okay on that; it does not seem out of the ordinary to me, for svchost.exe to be connecting in that way.