Doug said:
These are not valid Windows files. Boot the computer into Safe Mode
and re-scan your system.
Also I am further confused as found tthis info on web suggesting they are
system files??? :
A Description of Svchost.exe in Windows XP
Applies To
This article was previously published under Q314056
For a Microsoft Windows 2000 version of this article, see 250320.
SUMMARY
This article describes Svchost.exe and its functions. Svchost.exe is a
generic host process name for services that run from dynamic-link libraries
(DLLs).
MORE INFORMATION
The Svchost.exe file is located in the %SystemRoot%\System32 folder. At
startup, Svchost.exe checks the services portion of the registry to
construct a list of services that it needs to load. Multiple instances of
Svchost.exe can run at the same time. Each Svchost.exe session can contain a
grouping of services, so that separate services can run, depending on how
and where Svchost.exe is started. This allows for better control and easier
debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost
Each value under this key represents a separate Svchost group and is
displayed as a separate instance when you are viewing active processes. Each
value is a REG_MULTI_SZ value and contains the services that run under that
Svchost group. Each Svchost group can contain one or more service names that
are extracted from the following registry key, whose Parameters key contains
a ServiceDLL value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service
To view the list of services that are running in Svchost:
1.. Click Start on the Windows taskbar, and then click Run.
2.. In the Open box, type CMD, and then press ENTER.
3.. Type Tasklist /SVC, and then press ENTER.
Tasklist displays a list of active processes. The /SVC switch shows the list
of active services in each process. For further information about a process,
type the following command, and then press ENTER:
Tasklist /FI "PID eq processID" (with the quotation marks)
The following example of Tasklist output shows two instances of Svchost.exe
that are running.
Image Name PID Services
========================================================================
System Process 0 N/A
System 8 N/A
Smss.exe 132 N/A
Csrss.exe 160 N/A
Winlogon.exe 180 N/A
Services.exe 208 AppMgmt,Browser,Dhcp,Dmserver,Dnscache,
Eventlog,LanmanServer,LanmanWorkstation,
LmHosts,Messenger,PlugPlay,ProtectedStorage,
Seclogon,TrkWks,W32Time,Wmi
Lsass.exe 220 Netlogon,PolicyAgent,SamSs
Svchost.exe 404 RpcSs
Spoolsv.exe 452 Spooler
Cisvc.exe 544 Cisvc
Svchost.exe 556 EventSystem,Netman,NtmsSvc,RasMan,
SENS,TapiSrv
Regsvc.exe 580 RemoteRegistry
Mstask.exe 596 Schedule
Snmp.exe 660 SNMP
Winmgmt.exe 728 WinMgmt
Explorer.exe 812 N/A
Cmd.exe 1300 N/A
Tasklist.exe 1144 N/A
The registry setting for the two groupings for this example are as
follows: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Svchost:
Netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto
Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
RApcss :Reg_Multi_SZ: RpcSs
dllhost - dllhost.exe - Process Information
Process File: dllhost or dllhost.exe
Process Name: DCOM DLL Host Process
Description: The DCOM DLL Host process supports DLL based COM objects and is
used by many Windows programs.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A
