But even checking with Process Explorer (which I am quite new to), I can't really see which handle for svchost.exe is the new one, as I have never listed what was normal before on paper (I think I shall today just so I'll know in future what is new). All handles appear to be legitimate Windows and security apps. One responder in the BBR forum thread (Noah Vail's post) thinks it is the HTTP SSL service. But my w3ssl.dll file properties shows it was created August 2004 & last modified on 4/14/2008 (not 2009). FWIW, my HTTP SSL service isn't even in Started status and is set to manual start type, and I have had no problems on-line on 3 different bank sites I use. So I'm not convinced this is what is causing the new instance of svchost.exe after updates.
FYI these are the items listed by Process Explorer for the now 6 instances of svchost.exe:
DCOM Server Process Launcher
Remote Procedurre Call
SSDP Discovery Service
TCP/IP NetBios Helper
Windows Image Acquisition
COM+ Event System
Distributed Link Tracking Client
Help & Support
Network Location Awareness
Remote Access Connection
Shell Hardware Detection
System Event Notification
System Restore Service
Windows Management Instrumentation
All look like legitimate WinXP services I have set on manual or auto. Anyone have any thoughts on this?
Edited by buttoni, 19 April 2009 - 10:25 AM.