I`ve read many times about running processes in uppercase a concern could be a trojan/virus? especially SVCHOST.EXE, i find my processes are in both upper & lowercase, they seem to change around eachday or reboot, anyone know whats the deal with this??

Unless a virus or spyware scan tells you you have a virus or trojan it's more than likely a good file. Here is a good site for checking start up items: http://www.windowsstartup.com/ or here is a quick explaination: http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/ all my svchost files are lower case also most the time they should be at 0% CPU usage and use 2k to about 17k in system memory. I have 4 running all the time.

Thanks for your post and info. I guess they are ok then, I have 5 svchost running in uppercase approx similar memory usuage, I keep my AV updated and scan regulary.I`ve been a little concernd as my firewall alerts picking up (sub7) 9 times in past few hours :s

XP systems seem to be almost always (??) lower case with one or more running processes in upper case. On this box in task manager, all are lower case except for IEXPLORE.exe at the moment. Sometimes the windows\system32\svchost.exe has been in upper case so , possibly due to where and how generic host services get loaded. But as you say, some parasites exhibit an uppercase form but these can be identified usually by their folder locations. eg. the legit svchost.exe is found in the system32 folder in XP. ie. C:\windows\system32\svchost.exe In Win 2K/NT, the legit file is C:\WINNT\system32\svchost.exe which sometimes presents as C:\WINNT\SYSTEM32\SVCHOST.exe so there's no hard and fast rule, paricularly in an upgrade to XP. Always post a HjT log if you are unsure of which svchost.exe is running, and always check the properties of the file first for identity information. *normally there is no svchost.exe in 95/98/ME. hth, Ice

Thanks, It must be all ok, i`ve checked my system32 svchost file looks to be legit. no other similar files found on my HD.