Odd Problems with wlnotify.dll and Svchost.exe

December 4, 2013 at 00:23:40
Specs: Windows XP
Every time I start up Windows XP on my desktop I see it pop up that its executing C:/windows/system32/wlnotify.dll
On top of that I currently have 6 svchost.exe processes running in my background. I have ran Hi-Jack this and I will post the report in just a moment.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:26:52 AM, on 12/4/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)

FIREFOX: 25.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zone54.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

End of file - 4229 bytes

Any help would be greatly appreciated!

message edited by MeanBeanMachine

See More: Odd Problems with wlnotify.dll and Svchost.exe

Report •

December 4, 2013 at 02:23:39
Did you read your other post?


I think this is a different comp, will go through HJT log now.

Report •

December 4, 2013 at 02:34:33
Nothing obvious in the HJT log, that doesn't mean you are clean.

1: Download & run Unhide
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please.
Make sure you uncheck > Enable free trial < during install.
If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan

message edited by Johnw

Report •

December 4, 2013 at 03:20:27
Yes, This is my desktop at my house...so its another computer....thanks for the tips!

Report •

Related Solutions

December 4, 2013 at 03:54:42
"thanks for the tips!"

"Let me know what you decide to do"

Report •

December 5, 2013 at 12:05:14

Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:

Program started at: 12/04/2013 12:59:26 AM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 29847 files processed.

The C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!

Program finished at: 12/04/2013 01:01:03 AM
Execution time: 0 hours(s), 1 minute(s), and 52 seconds(s)

Report •

December 5, 2013 at 17:30:23
Malware Bytes Log

Malwarebytes Anti-Malware

Database version: v2013.12.05.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: COMPUTER-7636 [administrator]

12/5/2013 7:21:25 AM
mbam-log-2013-12-05 (07-21-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198392
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


Think I may just re-format and re-install windows on this hard drive just to be safe...all these svchost.exe processes seem to be slowing my computer down to a snail like speed.What do you think?

message edited by MeanBeanMachine

Report •

December 5, 2013 at 18:13:46
"What do you think?"
I have 12 running on mine, it is something you have installed or an infection.

Did you download the the latest version of RogueKiller & try?

Try performing an advanced clean-boot of XP to isolate the problem:

Report •

December 6, 2013 at 18:31:25
I will get back to you on this...I am in the process on adding a second 160gb Maxtor HD drive to my machine...as soon as I get this all sorted out I will be able to find out...hell it may not be a virus at all...after all this desktop is sadly sadly outdated....
Im currently running a makeshift Dell Dimension 3000 with the following specs...
Windows XP Pro 32 Bit SP3
Intel Celeron 320 Prescott 90nm Technology
512mb Dual-Channel DDR @ 166 MHZ
Dell default motherboard with no options hardly whatsoever.
Built in Mobo Video card
56GB Western Digital HD and trying to add this 160 GB Maxtor I got the other day...
I really just need to do a complete rebuild but am on a very tight budget atm.

Report •

December 6, 2013 at 18:57:51
dell dimension 3000 specs memory
http://is.gd/vGFcut ( Australian price from Dell )

This is where to spend the money, shop around for price.
Your comp will take 2 sticks of 1gb each.

Report •

Ask Question