Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are My 7 Svchost.exe Files Running At Startup Legitimate?


  • Please log in to reply
3 replies to this topic

#1 michele2007

michele2007

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 10 December 2007 - 05:11 PM

Directly after booting up my computer, I see in CTRL+ALT+DEL Processes tab that I have 7 svchost.exe files running. How can I tell if they are legitimate or bad? Here are the paths:

c:\WINDOWS\$NTServicePackUninstall$ (I think this is a hidden file--I have hidden files turned off and it's in blue)
c:\WINDOWS\Prefetch
c:\WINDOWS\system32
c:\WINDOWS\ServicePackFiles\i386

d:\WINDOWS\system 32

That's is what I get when I do a drive search for svchost.exe.
I see that I have WINDOWS twice in my computer--on the c: drive and the d: drive. I'll have to ask about that later.

I think my computer is running slower than it used to and I am checking out my startup files.
RAM: 1.61 GHz, 384MB of RAM
Free Space: 7.08 GB
Windows XP Home

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:09:01 PM

Posted 11 December 2007 - 02:55 AM

Try this:

1. Download Process Explorer (Free from Microsoft)
2. Run Process Explorer (no installation needed)
3. You should see a list of all running processes and their vital statistics
4. Hold your mouse over each instance of svhost.exe to see a list of which programs are utilizing that instance (there's usually a couple)

That'll give you a clue as to what's happening.

#3 michele2007

michele2007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 11 December 2007 - 07:53 PM

Thank you Andrew. I ran the Process Explorer and hereís what I got when I ran my curser over each svchost.exe. All of them are in C:\WINDOWS\System32\svchost.exe. Does anyone see anything suspicious or maybe why my Internet Explorer is being hijacked (Iím getting help on that in another forum).

PID DESCRIPTION COMPANY

Svchost.exe 852 Generic Host Process for Win32 Services Microsoft Corporation
Services:
DCOM Server Process Launcher [DcomLaunch]
Terminal Services [TermService]

Svchost.exe 912 Generic Host Process for Win32 Services Microsoft Corporation
Services:
Remote Procedure Call (RPC) [RpcSs]

Svchost.exe 1004 Generic Host Process for Win32 Services Microsoft Corporation
Services:
Com+ Event System [Event System]
Computer Browser [Browser]
Cryptographic Services [CryptSvc]
DHCP Client [Dhcp]
Distributed Line Tracking Client [TrkWks]
Error Reporting Service [ERSvc]
Fast User Switching Compatibility [FastUserSwitchingCompatibility]
Messenger [Messenger]
Network Connections [Netman]
Network Location Awareness (NLA) [Nla]
Remote Access Connection Manager [RasMan]
Secondary Logon [seclogon]
Security Center [wscsvc]
Server [lanmanserver]
Shell Hardware Detection [ShellHWDetection]
System Event Notification [SENS]
System Restore Service [srservice]
Telephony [TapiSrv]
Themes [Themes]
Windows Audio [AudioSrv]
Windows Firewall/Internet Connection Sharing {ICS}[SharedAccess]
Windows Management Instrumentation [winmgmt]
Windows Time [W32Time]
Wireless Zero Configuration [WZCSVC]
Workstation [lanmanworkstation]

Svchost.exe 1184 Generic Host Process for Win32 Services Microsoft Corporation
Services:
DNS Client [Dnsache]

Svchost.exe 1296 Generic Host Process for Win32 Services Microsoft Corporation
Services:
Alerter [Alerter]
SSDP Discovery Service [SSDPSRV]
TCP/IP NetBIOS Helper [LmHosts]

Svchost.exe 1576 Generic Host Process for Win32 Services Microsoft Corporation
Services:
HTTP SSL [HTTPFilter]

Svchost.exe 229 Generic Host Process for Win32 Services Microsoft Corporation
Services:
Automatic Updates [wuauserv]

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:09:01 PM

Posted 11 December 2007 - 08:03 PM

Looks fine to me!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users