Hey there! Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Hi there,
When I look at my task manager I see svchost.exe is there 8 times.
User Name = SYSTEM - 6 times
User Name = NETWORK SERVICE - 1 time
User Name = LOCAL SERVICE = 1 time
The question I have is can I remove some of them for the startup process?
Here's a patial dump of the scan from Hijackthis (I've allso attached the complete file). Note that it's loaded from C:\WINDOWS\system32\ 3 times and from C:\WINDOWS\system32\drivers\etc\ 3 times;
StartupList report, 3/27/2004, 6:55:00 AM
StartupList version: 1.52
Started from : E:\Downloads\Utilities\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\etc\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\etc\svchost.exe
C:\WINDOWS\system32\drivers\etc\svchost.exe
c:\windows\system32\drivers\etc\SysMgmt.exe
c:\windows\system32\drivers\etc\spoolsv.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\Grxp4exe.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
E:\Downloads\Utilities\hijackthis\HijackThis.exe
--------------------------------------------------
This svchost is valid and it is normal for there to be more than one instance of it:
C:\WINDOWS\system32\svchost.exe
The other ones, I'm not sure of, but svchost is not a startup process. It is called by other services in Windows, so if you see it as a start up, then you have a problem.
Would be wise to post a hijack log (not the start up list) to get a check up.