ReadMe: "Continuing Education"

O'Reilly - 802.11 Wireles Networks The Definitive Guide.pdf O'Reilly - Essential Blogging.chm
O'Reilly - Active Directory 2nd Edition.chm O'Reilly - Ethernet Definitive Guide.pdf
O'Reilly - Active Directory Cookbook for Windows Server 2003 and Windows 2000.chm O'Reilly - HTML & XHTML The Definitive Guide 5th Edition.chm
O'Reilly - C Pocket Reference.chm O'Reilly - Internet Core Protocols The Definitive Guide 2000.chm
O'Reilly - Cascading Style Sheets The Definitive Guide 2nd Edition.chm O'Reilly - Knoppix Hacks.chm
O'Reilly - CSS Cookbook.chm O'Reilly - Network Security Assessment.chm
O'Reilly - Designing Active Server Pages.pdf O'Reilly - Network Security Hacks.chm
O'Reilly - Designing Large-Scale LANs.pdf O'Reilly - Network Troubleshooting Tools.pdf
O'Reilly - DHCP for Windows 2000.pdf O'Reilly - PC Hardware in a Nutshell 3rd Edition.chm
O'Reilly - Digital Photography Hacks.chm O'Reilly - Windows XP Annoyances.chm
O'Reilly - Digital Photography Pocket Guide.pdf O'Reilly - Windows XP Hacks.chm
O'Reilly - Dynamic HTML The Definitive Reference.pdf O'Reilly - Windows XP Pocket Reference.chm

Sample Hosts file


Building an XP-SP2 Recovery Disc. By: Karp, David A.. PC Magazine, 2/8/2005, Vol. 24 Issue 2, p76, 2p, 3c


Protect Sensitive Files in Windows XP

August 2003 (PC Magazine)

If you share a computer with others, you may want a bit more protection for your personal files than Windows XP offers by default. There are two easy ways to achieve this: Create a password-protected compressed folder or encrypt an existing folder.

Password-protected compressed folders can be created on NTFS or FAT32 partitions. Opening a password-protected folder requires the right password. To protect files using a compressed folder, right-click in the desired location and choose New | Compressed (zipped) folder. Name the folder and move the files into it. Open the compressed folder and select File | Add password.

Encrypted folders are supported only on NTFS partitions. Rather than requiring you to enter a password, these folders are available only to you. If you want to encrypt a folder and its contents, right-click on the folder, choose Sharing and Security from the Context menu, click on the General tab, and click on the Advanced button. In the Advanced Attributes dialog, check the box Encrypt contents to secure data. Click on OK and then OK again. Win XP will encrypt the folder and its contents.

You won't notice any change except that the folder name displays in a different color. Other users, however, will no longer have access to the folder.


Create Start-Up Disks in Windows XP

(PC Magazine)

There are times when you can't boot your system from the hard drive, thanks to either a system problem, a lost password, or the simple fact that the OS hasn't been installed. Windows XP offers a number of options for booting from floppy disks, but you must prepare them before they're needed.

A computer with no operating system installed will usually boot from the Windows XP CD. For that rare system that won't, Microsoft offers downloadable programs to create the necessary set of bootable floppy disks. Navigate to http://support.microsoft.com and search for article 310994. Find the download link for your Win XP version and language. The downloaded program will create six setup disks, which can be used to start your system up and begin installing the OS from a CD in a nonbootable drive.

If something goes wrong with the boot drive, you may be able to recover the system using a bootable floppy disk. Don't just format a disk with the box Create an MS-DOS Startup disk checked; you want to boot Windows XP, not MS-DOS. Start by formatting the disk without checking that box. Then copy the three files Boot.ini, Ntdetect.com, and Ntldr from the root directory of the boot drive (C:\) to the floppy disk. Boot the computer from this disk and verify that Windows XP starts (this may require that you change BIOS settings to boot from a floppy disk). Label the disk clearly and store it in a safe place.

If you ever forget your password, a password reset floppy disk can save the day. This isn't the same as writing down your password and storing it in a safe. The password reset disk lets you reset your password without revealing what the previous password was. The precise technique for creating and using a password reset disk varies by account type and log-on type. Search on password reset disk in the Help and Support applet for details specific to your situation.

Use the Windows XP Recovery Console
(PC Magazine)

The Recovery Console, which has a DOS-like interface, is a flexible tool that lets you access and save data when your system won't boot. Using the Recovery Console, you can copy and delete files on FAT32 and NTFS partitions or even access the CD-ROM drive.

There are three main ways to load the Recovery Console. You can install it on your hard drive and access it when booting your system, you can launch it from the Windows XP start-up disks, or you can use the Windows XP CD.

To install the Recovery Console on your system, put your Windows XP installation CD in your CD drive, click on Start | Run, and type d:\ i386\winnt32.exe/cmdcons, where d is your CD-ROM drive letter. Press OK and you will be asked whether you want to install the Recovery Console. Click on Yes. Once this application is installed, it will add Microsoft Windows Recovery Console as an option on the boot menu.

To start the Recovery Console using the Windows XP CD, boot your system from the CD (be sure your BIOS is set to boot from CD-ROM before the hard drive). Once you're past the welcome screen, press R and the Recovery Console will start.

Inside the Recovery Console you can obtain a list of possible commands by typing recovery console commands or help at the command prompt and pressing Enter. For more information about a specific command, type help commandname. From here, you can copy important data off your hard drive or, if you are a more advanced user, troubleshoot and replace corrupt files that are preventing your system from booting properly.


Securing Your Wireless Network
By Scott Nesbitt
March 04, 2007

Linksys WRT54GS router

A home wireless network is an easy and convenient way to share an Internet connection and other resources among the computers in your home. While some people choose to leave their wireless networks available to anyone and everyone, most of us want to keep our home wireless networks private. If you're looking at wireless home networking for the first time, please continue to read.

The core of your wireless network is the router. By carrying out some easy-to-do configuration on your router, you can ensure that only the people who you want to have access to your network will be able to.

Note: The procedures in this article for configuring a router are for a Linksys WRT54GS router. You'll probably have to modify the specific instructions if you're using a router from another vendor, but the concepts are the same.

 

Passwords on Your RouterPasswords on Your Router

You configure most routers using a Web browser. When connect to the router, you need to log in. Every router has a default password, like admin. As this article points out, most people don't bother to change that password. Doing that is simple, though.

Log into your router. Then, click Administration > Management. Enter a password in the Router Password and Re-enter to confirm fields. You should rotate this password regularly. I generally do it every two weeks to a month. If you need to create a strong and secure password, then check out the Strong Password Generator Web site.

 

Locking Down MAC Addresses

Wirelesscard

All Ethernet adapters, which enable users to access a network, each have a unique 12-digit identifier called a MAC address. MAC is short for Media Access Control, and it's a way for the network to ensure that a computer is allowed to access a network. Most routers allow you to specify which MAC addresses are allowed to connect to your network.Command Prompt

How do you find a MAC address? If you're using a computer with a wireless card, you can find the MAC address by flipping the card over and looking for a block of characters like this: 00:A0:C9:14:C8:29.

If, on the other hand, your computer has a built-in wireless card, and the MAC address isn't on the sticker on the bottom, you can use the tools on the system to find the MAC address. In Windows, click Start > Run. In the Run dialog box, type cmd and then click OK. This opens a command prompt. At the command prompt, type ipconfig /all. Look for the section Ethernet Adapter Wireless Network Connection. Your MAC address is the third entry, beside the heading Physical Address.

On a Mac running OS X, do this: select About this Mac from the Apple menu. On the dialog box that appears, click More Info. Then, select Network from the menu on the side of the dialog box. Look for the Wireless Address setting.

Now that you have the MAC address, you can enter it into your router. Select Wireless > MAC Address > Wireless Mac Filter. Then, click Enable. Click the Permit only PCs listed to access the wireless network option, and then click the Edit MAC Filter List button.
Type the MAC addresses, one to a field, in this dialog box. Then, click Save Settings.

The beauty of using this method is that you can give friends or guests access to your network and then easily remove their access privileges later on.

 

If you want to keep your data safe, encryption is a must. Encryption not only enables authorized users to securely access your network, but it also ensures that their data is kept safe from prying eyes. Most routers give you a choice of two encryption schemes: WiFi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Of the two, WPA is the more secure option.

WPA uses a password to encrypt data and to restrict access to your network. When someone tries to access your network for the first time, they'll have to enter the password.

Add or change the password by selecting Wireless > Wireless Security. Select Pre-Shared Key from the Security Mode dropdown list. Then, enter your passphrase in the WPA Shared Key field and click Save Settings.

As with the router password, it's a good idea to rotate your password frequently. Once again, the Strong Password Generator Web site comes in handy.

Enabling the Firewall

A firewall on your computer can help keep unwanted visitors out. The same applies to the firewall on a wireless router. And a router firewall is easy to set up. To do so, click Security > Firewall. Then, click the Firewall Protection: Enable option. Also, click the Block Anonymous Internet Requests option. This will ensure that any unsolicited attempts to access your router will be denied.

Keep in mind, though, that some cable Internet providers (like mine) don't play nicely with router firewalls. You might find that your connection gets intermittently dropped or you lose it all together.

Other Things You Can Do

All routers are identified by a Service Set Identifier (SSID). This is just the name of your network. Every router comes with a default SSID (mine was 'linksys'). People use the SSID to identify your network. And malicious users can use the SSID to break into your wireless network. So, you should change your router's SSID. Do this by selecting Wireless > Basic Wireless Settings. Enter a unique name in the Wireless Network Name (SSID) field.

To make it easy for others to jump aboard your wireless network, routers by default broadcast their SSIDs to the world. Once again, malicious users can take advantage of this information to jump on or take control of your wireless network. You can do this by clicking the Wireless SSID Broadcast: Disable option on the Basic Wireless Settings screen.

As I mentioned earlier, you log into your router using a Web browser. You can do this either from the computer directly connected to the router, or from anywhere on the Web. Being able to remotely administer your router can be useful, but it also opens the door to someone else logging on and gaining control of your router. You can disable remote administration by selecting Administration > Management and then selecting the Remote Administration: Disable option.

If, on the other hand, you really want to enable secure remote administration of your router click Administration > Management. Then, select the Remote Administration: Enable and Use https options. Selecting the Use https option creates a secure connection to your router from a browser.

Conclusion

Adding a bit of security to your wireless network is easy and doesn't take a lot of time. That said, one of the people who I talked to while researching this article commented that no matter how well you secure your wireless network, there will always be someone who can break in. But, that's true for any other kinds of security, too. If someone is determined enough, a deadbolt on your door won't stop them from entering your home. However, the fact that you've put some security in place will put off most people trying to illegally use or hijack your wireless network, and that alone is worth the effort.

Copyright 1996-2007 Geeks.com™ All Rights Reserved


Wireless Security: WPA Step by Step
Published in PC MAGAZINE
ARTICLE DATE:  10.14.03
By  Craig Ellison

Odds are, your wireless network is not secure. Even if you've enabled WEP (Wired Equivalency Protocol) encryption, the flaws in that standard are well documented, and hackers can break WEP easily. You need WPA (Wi-Fi Protected Access), a far stronger protocol that fixes the weaknesses in WEP.

Here we'll take you through the process of upgrading your networking equipment and enabling WPA security for your home WLAN. To upgrade your wireless security to WPA, you must have three critical components:

  • an access point (AP) or wireless router that has WPA support;
  • a wireless network card that has WPA drivers available;
  • a client (called a supplicant) that supports WPA and your operating system.

    WPA replaces WEP in small-office or home routers, so moving to WPA is an all-or-nothing proposition. For you to consider an upgrade, every wireless device on your network must have WPA capabilities. This includes any wireless bridges you might use for your Microsoft Xbox (or other gaming device), digital camera, home audio gateway, and print server.

    If you haven't purchased wireless hardware already, buying WPA-capable networking equipment is easy. The Wi-Fi Alliance began certifying products for WPA interoperability in April. In addition, all new products submitted for certification after August 2003 must have WPA capability. Any product that passes Wi-Fi WPA compatibility testing will have the Wi-Fi Protected Access box checked on its package label (Figure 1).

  • You can also visit the Wi-Fi Alliance's Web site and search for WPA-certified products (www.wi-fi.org/OpenSection/certified_products.asp?TID=2).

    If you already own wireless networking hardware, upgrading may not be possible. You must check the Web sites of your hardware makers for WPA upgrades. WPA is designed so that legacy wireless hardware can be upgraded via drivers, but with the product cycles of wireless gear being about six months, most manufacturers do not provide WPA upgrades for legacy products. If you find WPA support, it will probably be for relatively new products. If you don't find driver upgrades for your hardware, you'll either have to buy new equipment or live with WEP.

    For this article, we selected the Linksys WRT54G broadband router and the Linksys WPC54G client card. Both products are widely available and have online driver and firmware upgrades for WPA.

    Update Your OS

    The easiest part of the process is adding WPA support to your OS. Microsoft provides a free WPA upgrade, but it works only with Windows XP. If you are running an OS other than Win XP, you'll need a third-party supplicant. The client software is available from either Funk Software (www.funk.com) or Meetinghouse Data Communications (www.mtghouse.com). For now, we'll assume that you're running Win XP.

    The WPA client is not available as an automatic Windows update. You can find it in the Microsoft Knowledge Base Article 815485 (http://support.microsoft.com/default.aspx?scid=kb;en-us;815485). Download the file into a new directory. Double-click on it to install it. (The file is self-extracting and self-installing) Once you've installed the update, reboot your machine. The software adds additional dialog boxes to the Network Control Panel to support the new authentication and encryption options of WPA. You can check to be sure that the upgrade has been installed by opening the Control Panel, double-clicking on Add or Remove Programs, and checking for Windows XP Hotfix (SP2) Q815485.

    Update the Firmware

    Now you must download the upgrades for your router and network cards. We recommend that you download everything before upgrading anything. For the Linksys router, go to the company's Web site, click on Support | Downloads, select the product (WRT54G), and click on Downloads for this Product. When the page loads and click on Firmware.

    From this page, you can choose to download the firmware file, manually update your router, or use an automatic update program. We'll use the automatic utility. If you need to download drivers for your wireless adapter, follow the same procedure and enter the name of your adapter (WPC54G), then download the file Wpc54g_driver_utility_v1.21.zip to an empty directory, such as C:\downloads\linksys. Click on the link to download the utility and save the file on your computer. Once the download is complete, click on Open.

    After your router reboots, log on to it. If possible, use a wired connection to change the security settings, because if you change the settings wirelessly, you won't be able to communicate with your router until after you've configured your client.

    Configure WPA Settings

    Your router's home page will change as a result of the firmware upgrade. To set up the WPA encryption for your router, click on the Enable button and then Edit Security Settings. The following page has your WPA options.

  • In the Security Mode field, select WPA Pre-Shared Key (no authentication server required).
  • For WPA Algorithms, select TKIP. This is the approved and certified algorithm. Though some products support AES (Advanced Encryption System), interoperability among various vendors' products hasn't been certified. You could try AES on your router and client; if it works, AES provides even greater security than WPA.
  • For the WPA Pre-Shared Key, create a key that won't be easily compromised. Write it down, as you'll need to enter the same key when you configure your network card.
  • Leave the Group Key Renewal row set at 3600, then click on Apply.

    Update Your Network Card

    Now you're ready to update your network card.

  • Unzip the driver file you downloaded earlier. The directory where you unzipped the file contains the driver you need (Bcmwl5.sys) along with the INF file. Make a note of this location. Although you can uninstall the old drivers from the Add or Remove Programs applet and reinstall the entire package you've downloaded, it's much easier to update the driver via the Device Manager (Figure 7).
  • From the Control Panel, double-click on the System icon and click on the Hardware tab. Click on Device Manager.
  • Right-click on the wireless adapter.
  • Select Properties and click on Driver. If your card hasn't been upgraded, you'll see a driver date prior to 5/26/2003. If you driver is dated May 26 or later, it already supports WPA. You can click on Cancel and jump to the step that shows the Wireless Networks dialog (Figure 8).
  • Click on Update Driver.
  • Tell the wizard to search specific locations for the driver. Type in the directory where you unzipped the upgrade file.
  • Click on Next.
  • The updated driver will show a date of 5/26/2003 or later.

    Don't give up yet. We're almost finished!
     

  • Open the Network applet in the Control Panel, right-click on your wireless card, and click on the Wireless Networks tab.
  • In the Available networks window, select the name of your network. This is the same as the SSID (network name) you configured in your router.
  • Click on Configure.
  • Under Network Authentication, select WPA-PSK. If you don't select the correct authentication mode, you won't be allowed to select the correct encryption mode (TKIP). If you leave network authentication set to Open, the only encryption options you'll see are WEP or Disabled.
  • In Data encryption, select TKIP (or AES if you selected AES earlier).
  • In Network key, type in the same WPA Shared Key you entered into the AP configuration and type it again under Confirm network key. Then click on OK.

    Because you enabled WPA security on your AP previously, when you finish your client configuration, you should be able to associate with your access point and use the network as you did before. Only now you have a secure wireless link.

    Copyright (c) 2005 Ziff Davis Media Inc. All Rights Reserved.
     

    How to Enter a New Validation Key Without Reinstalling Windows XP

    The Genuine Advantage Product Key Update Tool is only valid for users attempting to change their current non-genuine Product Key to a genuine COA sticker or genuine Product Key - all without a reinstall.

    http://go.microsoft.com/fwlink/?LinkId=50346&clcid=0x409

    Note: This is provided no core system files are corrupted. If they are, a clean install of the system will be needed.
    To verify the updated Product key has been accepted, run the WGA Diagnostics (downloaded from http://go.microsoft.com/fwlink/?linkid=52012)


    Description of Svchost.exe in Windows XP Professional Edition http://support.microsoft.com/kb/314056

    INTRODUCTION

    This article describes Svchost.exe and its functions. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).
    Note: Tasklist is not included in Windows XP Home Edition

    MORE INFORMATION

    The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services allows for better control and easier debugging.

    Svchost.exe groups are identified in the following registry key:

            HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost
    Each value under this key represents a separate Svchost group and appears as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service names that are extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
     
            HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service

    To view the list of services that are running in Svchost:

        1. Click Start on the Windows taskbar, and then click Run
        2. In the Open box, type CMD, and then press ENTER
        3. Type Tasklist /SVC, and then press ENTER

    Tasklist displays a list of active processes. The /SVC switch shows the list of active services in each process. For more information about a process, type the following command, and then press ENTER:

            Tasklist /FI "PID eq processID" (with the quotation marks)

    The following example of Tasklist output shows two instances of Svchost.exe that are running.

    Image Name         PID      Services
    ============= ======= =====================================
    System Process 0 N/A
    System 8 N/A
    Smss.exe 132 N/A
    Csrss.exe 160 N/A
    Winlogon.exe 180 N/A
    Services.exe 208 AppMgmt,Browser,Dhcp,Dmserver,Dnscache, Eventlog,LanmanServer,LanmanWorkstation, LmHosts,Messenger,PlugPlay,ProtectedStorage, Seclogon,TrkWks,W32Time,Wmi
    Lsass.exe 220 Netlogon,PolicyAgent,SamSs
    Svchost.exe 404 RpcSs
    Spoolsv.exe 452 Spooler
    Cisvc.exe 544 Cisvc
    Svchost.exe 556 EventSystem,Netman,NtmsSvc,RasMan, SENS,TapiSrv
    Regsvc.exe 580 RemoteRegistry
    Mstask.exe 596 Schedule
    Snmp.exe 660 SNMP
    Winmgmt.exe 728 WinMgmt
    Explorer.exe 812 N/A
    Cmd.exe 1300 N/A
    Tasklist.exe 1144 N/A

    The registry setting for the two groupings for this example are as follows:

            HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost:
            Netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
            RApcss :Reg_Multi_SZ: RpcSs
     

    Description of Svchost.exe in Windows 2000  http://support.microsoft.com/kb/250320/

    SUMMARY

    Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

    Svchost.exe groups are identified in the following registry key:

     
            HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost

    Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
     
            HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service

    MORE INFORMATION

    To view the list of services that are running in Svchost:

        1. From the Windows 2000 installation CD's Support\Tools folder, Extract the Tlist.exe utility from the Support.cab file.
        2. On the Start menu, click Run, and then type cmd.
        3. Change folder to the location from which you extracted the Tlist.exe utility.
        4. Type tlist -s.

    Tlist.exe displays a list of active processes. The -s switch shows the list of active services in each process. For more information about the process, type tlist pid.

    The following sample Tlist output shows two instances of Svchost.exe running:

        0  System Process
        8  System
        132  smss.exe
        160  csrss.exe Title:
        180  winlogon.exe Title: NetDDE Agent
        208  services.exe Svcs:   
        AppMgmt,Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,LanmanWorkstation,LmHosts,Messenger,PlugPlay,ProtectedStorage,seclogon,TrkWks,W32Time,Wmi
        220  lsass.exe Svcs: Netlogon,PolicyAgent,SamSs
        404  svchost.exe Svcs: RpcSs
        452  spoolsv.exe Svcs: Spooler
        544  cisvc.exe Svcs: cisvc
        556  svchost.exe Svcs: EventSystem,Netman,NtmsSvc,RasMan,SENS,TapiSrv
        580  regsvc.exe Svcs: RemoteRegistry
        596  mstask.exe Svcs: Schedule
        660  snmp.exe Svcs: SNMP
        728  winmgmt.exe Svcs: WinMgmt
        852  cidaemon.exe Title: OleMainThreadWndName
        812  explorer.exe Title: Program Manager
        1032  OSA.EXE Title: Reminder
        1300  cmd.exe Title: D:\WINNT5\System32\cmd.exe - tlist -s
        1080  MAPISP32.EXE Title: WMS Idle
        1264  rundll32.exe Title:
        1000  mmc.exe Title: Device Manager
        1144  tlist.exe

    The registry setting for the two groupings for this example are as follows:

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost:
        netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
        rpcss :Reg_Multi_SZ: RpcSs
     

    How to identify what's really running as SVCHOST.EXE on XP+ (adapted from Wired Prairie)

    What is this SVCHOST.EXE and why is it [fill in the blank]?

    FYI: SVCHOST.EXE is generic computer application that runs "background" computer processes. If that doesn't make any sense, just think of it as an application that helps make your computer run. Services don't directly have user interfaces -- they just run in the background, normally quiet and hopefully out of the way, but performing often critical functions that keep your computer running -- things like making your Internet connection work.

    There are occasions when a "SVCHOST.EXE" is using far too much CPU, causing the machine to slow to a crawl. But, how does one know which service is causing the problem?
    The tools are available in XP.

    Go to a Command Prompt and type:

    TASKLIST /SVC /FI "IMAGENAME EQ SVCHOST.EXE"

    The output looks like this:

    For each SVCHOST.EXE that is running on your machine, the PID (or process ID) is listed along with the named services running under that process. A number of services are actually all running under the same process. Process ID 364 is currently utilizing 82 threads which explains how all of those services are actually running under the same process (and interestingly enough, it's also consuming 91MB of RAM right now).

    If there's a particular SVCHOST process you're interested in, you can extend the command line easily:

    TASKLIST /SVC /FI "IMAGENAME EQ SVCHOST.EXE" /FI "PID EQ ###"

    Where the highlighted ### represent the process ID (PID)

    TASKLIST /SVC /FI "IMAGENAME EQ SVCHOST.EXE" /FI "PID EQ 364"

    to see what services were running within the SVCHOST instance that is consuming so much memory and so many threads

    To do a final match up of the somewhat cryptic service name to something more meaningful, you'll need to go to the service browser in Windows. An easy way to get there when running XP is to click the Start menu, right click on "My Computer", and select "Manage". This opens the "Computer Management" application. On the left side there is a variety of locations. Choose "Services and Applications"

    Expand that (use the +), and click on the first item, "Services".

    Now comes the tricky part. Use some intuition and logic to try to match the human readable name of the service with Windows' name of the service. For example, one of the named services in the list on was PID 700, BthServ. Look through the lists of names and the most likely service is "Bluetooth Support Service."  Double-click on the entry which shows the properties for that service:

    In this case, the "Service Name" exactly matches what I was looking for: BthServ. For further confirmation, double check the "Path to Executable" if you want to be more certain you've found the right service. What you want to see there is that the executable that is being run is "svchost.exe". In this case, it is. So, PID 700 is the Bluetooth Support Service.

    Be ABSOLUTELY careful about starting/stopping/etc services. But at least one can locate which services are masquerading as SVCHOST.EXE.

    To get a list all of the running services, regardless of whether they are running in SVCHOST.EXE, just type this:

        TASKLIST /SVC

    This will display all of the services without filtering them (the /FI command line switch does the filtering). If there's a N/A in the column, it's not a service.