STORM2K

why would i have svchost.exe running 6 times?

also in microsofts spyware it has found this -

About Winsock Layered Service Providers: LSP (Layered Service Provider) are sometime manipulated by spyware applications known as Winsock Hijackers. LSP's are a way to chain a piece of software to your Winsock 2 implementation on your computer. Since the LSP's are chained together, when Winsock is used, the data is also transported through each of the LSPs in the chain. Spyware can use LSPs to see all traffic being transported over your Internet connection. You should use extreme caution when deleting these objects. If it is removed without properly fixing the gap in the chain, you can have loss of Internet access.

how can i get rid of it????

thanks in advance!

do a search for svchost.exe and see what program it's associated with. I think i had it open several times and i just closed all but one.

thanks mama!

why would i have svchost.exe running 6 times?

also in microsofts spyware it has found this -

About Winsock Layered Service Providers: LSP (Layered Service Provider) are sometime manipulated by spyware applications known as Winsock Hijackers. LSP's are a way to chain a piece of software to your Winsock 2 implementation on your computer. Since the LSP's are chained together, when Winsock is used, the data is also transported through each of the LSPs in the chain. Spyware can use LSPs to see all traffic being transported over your Internet connection. You should use extreme caution when deleting these objects. If it is removed without properly fixing the gap in the chain, you can have loss of Internet access.

how can i get rid of it????

thanks in advance!

If you have Windows 2000, or Windows XP, use the control-alt-delete, and open task manager (DO NOT log out). Go to the processes tab, and see the svchost.exe as a running process--it should be listed 6 times. CLOSE all of them, and then close task manager.

I would suggest going to lavasoft.com, and downloading adaware. It is a spyware remover, and it gives good instructions to get rid of spyware, that can activate dormant processes in the registry. Download it (it is free), install it, and read the directions, and run it to quarrantine adware.

If the winsock were corrupted, you would not be able to connect to the internet. There is a repair tool for it, but it is tricky.

thanks david. this was all found by microsofts new antisyware program and then it tells you hardly anything. i also have spy sweeper running as well as 2 firewalls, and antivirus programs. it just gets me that no matter how much protection i have something seems to always happen! so there is no way to get rid of the winsock thing by myself, huh?

SUMMARY
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service
Back to the top

MORE INFORMATION
To view the list of services that are running in Svchost: 1. From the Windows 2000 installation CD's Support\Tools folder, Extract the Tlist.exe utility from the Support.cab file.
2. On the Start menu, click Run, and then type cmd.
3. Change folder to the location from which you extracted the Tlist.exe utility.
4. Type tlist -s.
Tlist.exe displays a list of active processes. The -s switch shows the list of active services in each process. For more information about the process, type tlist pid.

The following sample Tlist output shows two instances of Svchost.exe running:
0 System Process
8 System
132 smss.exe
160 csrss.exe Title:
180 winlogon.exe Title: NetDDE Agent
208 services.exe Svcs: AppMgmt,Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,LanmanWorkstation,LmHosts,Messenger,PlugPlay,ProtectedStorage,seclogon,TrkWks,W32Time,Wmi
220 lsass.exe Svcs: Netlogon,PolicyAgent,SamSs
404 svchost.exe Svcs: RpcSs
452 spoolsv.exe Svcs: Spooler
544 cisvc.exe Svcs: cisvc
556 svchost.exe Svcs: EventSystem,Netman,NtmsSvc,RasMan,SENS,TapiSrv
580 regsvc.exe Svcs: RemoteRegistry
596 mstask.exe Svcs: Schedule
660 snmp.exe Svcs: SNMP
728 winmgmt.exe Svcs: WinMgmt
852 cidaemon.exe Title: OleMainThreadWndName
812 explorer.exe Title: Program Manager
1032 OSA.EXE Title: Reminder
1300 cmd.exe Title: D:\WINNT5\System32\cmd.exe - tlist -s
1080 MAPISP32.EXE Title: WMS Idle
1264 rundll32.exe Title:
1000 mmc.exe Title: Device Manager
1144 tlist.exe
The registry setting for the two groupings for this example are as follows:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost:
netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
rpcss :Reg_Multi_SZ: RpcSs

Back to the top


--------------------------------------------------------------------------------

APPLIES TO
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Professional Edition

Back to the top

Keywords: kbinfo KB250320

Back to the top

thanks raindband. wonder if xp has that utility??

thanks raindband. wonder if xp has that utility??

It does.

ok david - how do i use it??? lol please....

Try a cold reboot first. (Complete shut down). You really don't want to mess with the winsock if you can access the internet. See if it just goes away as a warning before doing anything else.