Directly after booting up my computer, I see in CTRL+ALT+DEL Processes tab that I have 7 svchost.exe files running. How can I tell if they are legitimate or bad? Here are the paths:

c:\WINDOWS\$NTServicePackUninstall$ (I think this is a hidden file--I have hidden files turned off and it's in blue)
c:\WINDOWS\Prefetch
c:\WINDOWS\system32
c:\WINDOWS\ServicePackFiles\i386

d:\WINDOWS\system 32

That's is what I get when I do a drive search for svchost.exe.
I see that I have WINDOWS twice in my computer--on the c: drive and the d: drive. I'll have to ask about that later.

I think my computer is running slower than it used to and I am checking out my startup files.
RAM: 1.61 GHz, 384MB of RAM
Free Space: 7.08 GB
Windows XP Home

Try this:

1. Download Process Explorer (Free from Microsoft)
2. Run Process Explorer (no installation needed)
3. You should see a list of all running processes and their vital statistics
4. Hold your mouse over each instance of svhost.exe to see a list of which programs are utilizing that instance (there's usually a couple)

That'll give you a clue as to what's happening.

Thank you Andrew. I ran the Process Explorer and here’s what I got when I ran my curser over each svchost.exe. All of them are in C:\WINDOWS\System32\svchost.exe. Does anyone see anything suspicious or maybe why my Internet Explorer is being hijacked (I’m getting help on that in another forum).

PID DESCRIPTION COMPANY

Svchost.exe 852 Generic Host Process for Win32 Services Microsoft Corporation
Services:
DCOM Server Process Launcher [DcomLaunch]
Terminal Services [TermService]

Svchost.exe 912 Generic Host Process for Win32 Services Microsoft Corporation
Services:
Remote Procedure Call (RPC) [RpcSs]

Svchost.exe 1004 Generic Host Process for Win32 Services Microsoft Corporation
Services:
Com+ Event System [Event System]
Computer Browser [Browser]
Cryptographic Services [CryptSvc]
DHCP Client [Dhcp]
Distributed Line Tracking Client [TrkWks]
Error Reporting Service [ERSvc]
Fast User Switching Compatibility [FastUserSwitchingCompatibility]
Messenger [Messenger]
Network Connections [Netman]
Network Location Awareness (NLA) [Nla]
Remote Access Connection Manager [RasMan]
Secondary Logon [seclogon]
Security Center [wscsvc]
Server [lanmanserver]
Shell Hardware Detection [ShellHWDetection]
System Event Notification [SENS]
System Restore Service [srservice]
Telephony [TapiSrv]
Themes [Themes]
Windows Audio [AudioSrv]
Windows Firewall/Internet Connection Sharing {ICS}[SharedAccess]
Windows Management Instrumentation [winmgmt]
Windows Time [W32Time]
Wireless Zero Configuration [WZCSVC]
Workstation [lanmanworkstation]

Svchost.exe 1184 Generic Host Process for Win32 Services Microsoft Corporation
Services:
DNS Client [Dnsache]

Svchost.exe 1296 Generic Host Process for Win32 Services Microsoft Corporation
Services:
Alerter [Alerter]
SSDP Discovery Service [SSDPSRV]
TCP/IP NetBIOS Helper [LmHosts]

Svchost.exe 1576 Generic Host Process for Win32 Services Microsoft Corporation
Services:
HTTP SSL [HTTPFilter]

Svchost.exe 229 Generic Host Process for Win32 Services Microsoft Corporation
Services:
Automatic Updates [wuauserv]

Looks fine to me!