Over 1 million tech questions and answers.

dllhost.exe generates several rundll, svchost, and regsvr processes

Q: dllhost.exe generates several rundll, svchost, and regsvr processes

The processes listed in the title have slowed down my internet browsing and consume a lot of CPU and memory. When I notice these processes running, at least 500 MB of temporary internet files accumulate at least once per day. In task manager, there is one dllhost process that denies my access from altering it. It seems to resurrect another dllhost process as well as several of the other processes mentioned in the title at random intervals of up to 10 minutes.
 
When I boot up my computer, the dllhost process that I can't alter sometimes isn't active, but it reactivates if I open my libraries or try to open any files by going through the directory.
 
I suspect this may be the remnants of the same (or another) dllhost-named malware that was generating iexplorer.exe and other dllhost processes that consumed high memory and CPU a few weeks ago. It may have been removed by Malwarebytes and CCleaner, but I don't remember.
 
I was afraid to use combofix by myself, which is why I'm seeking help to get rid of this malware for good. McAfee and Malewarebytes haven't detected a problem either. I backed up my data and am attaching the dds logs.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.55.2
Run by Spencer at 16:31:56 on 2014-11-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8061.3961 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxedserv.exe
C:\Windows\system32\lxedcoms.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Windstream\8.3.1.7\ma\bin\MAHostService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Windstream\8.3.1.7\ma\bin\node.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\CCDashServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Tegrity\Recorder\TegrityTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k swprv
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\dvdupgrd.exe
C:\Windows\syswow64\cmmon32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PhotoshopElements8SyncAgent] c:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Windstream Service Agent.exe] "C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe" /AUTORUN
mRun: [DiagnosticTools.exe] "C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe" /AUTORUN
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Tegrity Recorder] C:\Program Files (x86)\Tegrity\Recorder\TegrityTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{808B28CD-1017-4B73-82CE-2B44AE2C007A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{808B28CD-1017-4B73-82CE-2B44AE2C007A}\245737973456461627 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{808B28CD-1017-4B73-82CE-2B44AE2C007A}\245737973456461627D27657563747 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{F28A50CE-3C45-418E-9C6A-F923E96BB1E3} : DHCPNameServer = 13.35.0.103
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\WiFi\bin\CCDashServer.exe /startup
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [lxedmon.exe] "C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-22 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 348552]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-12-18 32544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-22 55856]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-1-9 328928]
R2 HsdService;HsdService;C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [2013-6-13 1393976]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-22 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-7-22 193536]
R2 lxed_device;lxed_device;C:\Windows\System32\lxedcoms.exe -service --> C:\Windows\System32\lxedcoms.exe -service [?]
R2 lxedCATSCustConnectService;lxedCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxedserv.exe [2012-8-9 45736]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2014-1-9 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-1-9 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-1-9 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-1-9 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-1-9 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2014-1-9 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-7-22 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-7-22 189912]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-25 231752]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-22 363800]
R2 Windstream MAHostService;Windstream MAHostService;C:\Program Files (x86)\Windstream\8.3.1.7\ma\bin\MAHostService.exe [2014-4-16 321024]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 72128]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2014-7-27 176000]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-22 331264]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2012-7-22 26504]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-22 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-22 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-8-20 445512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-22 685160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-22 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-7-22 224704]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-8-20 96592]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-7-22 398144]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-30 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-7-22 313448]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-30 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-30 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-9 1255736]
S4 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2014-7-1 15400]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-1-12 1014096]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-1-12 1304912]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-1-12 1104208]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 201304]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2014-8-27 369152]
S4 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2014-8-27 460800]
S4 ServicepointService;ServicepointService;C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [2013-6-13 10315064]
S4 TegSrv;TegSrv;C:\Program Files (x86)\Tegrity\Recorder\TegSrv.exe [2014-7-15 164864]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-19 13:28:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 13:28:10 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 13:28:10 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 13:28:10 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-13 13:35:25 -------- d-sh--w- C:\Users\Spencer\AppData\Local\EmieBrowserModeList
2014-11-12 13:18:22 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-12 13:17:57 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 13:17:57 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 13:17:57 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 13:17:56 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 13:17:55 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 13:17:52 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 13:17:51 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-04 14:00:51 -------- d-----w- C:\Windows\pss
2014-10-31 21:03:33 -------- d-----w- C:\Program Files\Adblock Plus for IE
2014-10-31 13:38:03 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-31 13:38:03 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-10-31 13:36:33 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-31 13:36:33 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-30 14:15:53 -------- d-----w- C:\Windows\SysWow64\NV
2014-10-30 14:15:53 -------- d-----w- C:\Windows\System32\NV
2014-10-30 14:05:07 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-10-30 14:05:07 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-10-30 14:05:05 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-10-30 14:05:05 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-10-30 14:05:05 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-10-30 13:57:35 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M  ====================
.
2014-11-25 18:21:38 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-25 18:15:39 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-11-25 18:15:27 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-11-25 18:15:27 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2014-11-23 20:43:50 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2014-11-11 22:48:17 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-11 22:48:17 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-20 01:55:15 0 ----a-w- C:\Windows\System32\qmchocq.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-01 15:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 15:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 15:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
============= FINISH: 16:32:14.14 ===============
 

RELEVANCY SCORE 200
Preferred Solution: dllhost.exe generates several rundll, svchost, and regsvr processes

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: dllhost.exe generates several rundll, svchost, and regsvr processes

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Read other 14 answers
RELEVANCY SCORE 85.6

Hi there,
 
Recently, I noticed that my laptop was running extremely slowly to the point where it would crash. Since it's never happened before, it certainly got me worried. I used ProcessExplorer to look around for what was taking up all the memory, and I found 15 or more dllhosts.exe all running. Deleting them was no use, as they would keep popping back up. 
After figuring out what the problem could be, I experimented and suspended two certain dllhost.exe processes, which somehow prevented all the others from popping up. Then I saw that two processes, rundll.exe and powershell.exe would periodically show up, try to what I believe create another dllhost.exe, and then exit. 
 
I noticed that the dllhost.exe has a sort of influence on my internet connection, though I'm not quite sure how to explain it. Some internet programs only run if I let one dllhost.exe resume, then suspend it after the program starts working again.
 
My assumption is that the computer is infected with Poweliks? Any help would be greatly appreciated!
 
 
 
Here is the DDS log.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.55.2
Run by Bao Nguyen at 18:16:37 on 2014-09-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3635 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-8... Read more

A:Multiple dllhost.exe processes when rundll.exe and powershell.exe pop up

Hi there,My assumption is that the computer is infected with Poweliks?This would be my first guess, too. But we need a FRST log to confirm it:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 10 answers
RELEVANCY SCORE 68.8

Every time i log on to my computer it takes a lot of time to load (approx. 3min) and when i check in the task manager i see svchost.exe & regsvr in the processes using the maximum cpu. Once i end these two programs my system becomes normal. I even disabled them thru msconfig but again it continues. Need help.

Thanx in advance.

A:svchost.exe & regsvr?

Hi mohan12e,

regsvr is a virus/trojan, and in some cases (dependant on file location) svchost.exe is too. Don't delete them yet.

You'll need to post a some logs for analysis in the HiJackThis Log Help forum.
Begin here:
http://www.techsupportforum.com/secu...oval-help.html

Read other 1 answers
RELEVANCY SCORE 67.6

I there are virus in my computer. See the HijackThis log file:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:00, on 10/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\regsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\28463\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\regsvr.exe
E:\PROCESSEXPLORER\PROCEXP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://goggleonline.blogspot.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goggleonline.blogspot.com/
F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killvirus.vbs
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF... Read more

Read other answers
RELEVANCY SCORE 60

I am trying to help a friend out with an extremely slow computer. It is a Dell Inspiron 6000 running XP Home Edition. It has 2 user profiles, and regardless of which profile is chosen first, it is absolutely unusable because of it being so low. If I log off of one profile and choose the other then there are no issues, and only about 87 processes running, but the first profile shows 257 processes running consitently, most are svchost.exe and all are showing memory usage between 2600 and 4000. I am unable to check anything on the profile because the windows never open. Any input will be greatly appreciated!

Thank you!

A:HUNDREDS of SVCHOST.EXE running in processes! 257 processes total.

We recommend that you read this article…
"NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the Virus/Trojan/Spyware Help section of the forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the Virus/Trojan/Spyware Help Forum; not back here in this one.

When carrying out The Malware Removal Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to the Virus/Trojan/Spyware Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

After your system has been verified as clean, if your are still experiencing those problems come back here and we will assist you further.

Read other 4 answers
RELEVANCY SCORE 58.4

I'm having an issue with replicating dllhost processes that is basically rendering my pc unusable.  I have previously tried multiple methods (malwarebyes, ccleaner, etc)  to no avail.
 
I am in the need of expert advice/help in resolving this issue.
 
Thank you,
Joe

A:Replicating dllhost processes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554670 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 5 answers
RELEVANCY SCORE 58.4

Hi,
 
I'm having trouble with a Windows 7 PC.  There are multiple instances of dllhost.exe running, 19 as of now.  They all come from Windows/System32, and a few of them are hogging a lot of memory. The description on all of them is COM Surrogate. I'm not really sure where to go from here, as I would rather not reinstall Windows.  If I try to kill one of the processes, another will pop up.  I haven't ruled out malware as being the problem, even though I have ran many scanners including MBAM.  and rootkit scanners.  These processes are literally taking up over 50% of my system memory.
 
Randomly, the system (upon boot sometimes) will tell me that COM Surrogate has failed, or something to that nature.  Another, apparently random thing that pops up is a small Internet Explorer window that asks me if I'm sure I'd like to leave this page.  Even if I'm not browsing.  Both of these can pop up immediately after boot, but not routinely.
 
Any thoughts?

A:Many dllhost.exe processes running

Tryhttp://support.kaspersky.com/viruses/rescuediskRun from bootup

Read other 3 answers
RELEVANCY SCORE 58.4

Hello,
 My computer CPU Usage is at 100% with all the dllhost.exe*32 processes opening. Also something has affected my ability to download anything. I have to open tools then internet options, security, custom level and scroll down to Downloads and click Enable. Then when the dllhost.exe*32 starts blasting my computer, it Disables my downloads again. I have to leave my task manager open while on the computer and continually stop the dllhost.exe*32 from running so I can continue working on the computer. I hope you can help!! DDS.txt log below
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.9.2
Run by Rolands at 7:36:07 on 2014-11-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3668.2287 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* ::: TOP BAR: Sign in / register or user drop down and notification alerts ::: 1
SP: Norton 360 *Enabled/Updated* ::: TOP BAR: Sign in / register or user drop down and notification alerts ::: 0
SP: Windows Defender *Disabled/Outdated* ::: BRANDING STRIP: Logo and search box ::: 9
FW: Norton 360 *Enabled* ::: BRANDING STRIP: Logo and search box ::: 8
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystem... Read more

A:dllhost.exe*32 COM Surrogate processes using up CPU

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Re-enable downloads in Internet ExplorerPress the + R on your keyboard at the same time. Type inetcpl.cpl and click OK. Click the Security tab and then on Step 2Please download Powelikscleaner (by ESET)... Read more

Read other 13 answers
RELEVANCY SCORE 58.4

Currently I have over 20 dllhost.exe*32 processes running on my windows 7 HP Touchsmart 610.  Everything is very slow even when I booted up in safe mode. I have scanned for viruses with Norton, Roguekiller and Malwarebytes and found nothing.  The DDS scan took over 10 minutes to run.  I have attached a DDS log and an FRST log.  Any help would be greatly appreciated. Thank you in advance.Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014Ran by dayse (administrator) on DAYSE-HP on 29-09-2014 18:22:15Running from C:\Users\dayse\DesktopLoaded Profile: dayse (Available profiles: dayse)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Safe Mode (with Networking)Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:... Read more

A:I have 20 dllhost.exe*32 processes running

Greetings nd13jones and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

Read other 12 answers
RELEVANCY SCORE 58.4

Hello!  I am running Windows 7 with IE 10. The other day my computer kept locking up.  Looking at the Task Manager there are a bunch of dllhost.exe *32 processes that seem to do nothing other than eating up memory.  I have run RogueKiller.  The log is posted below.  Thanks in advance for your help.
 
 
RogueKiller V9.3.0.0 [Oct  6 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 10/06/2014  12:15:37
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3595923046-1354672136-1613720867-1176\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.longrealty.com/  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3595923046-1354672136-1613720867-1176\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.longrealty.com/  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3595923046-1354672136-1613720867-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.longrealty.com/  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3595923046-1354672136-1613720867-500\Software\Microsoft\Inter... Read more

A:dllhost.exe *32 processes keep spawning

welcome to Bleeping Computer,please run the following:Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Read other 15 answers
RELEVANCY SCORE 58.4

Hello,
 
I believe I have the same issue as posted here - http://www.bleepingcomputer.com/forums/t/514186/30-dllhostexe32-com-surrogate-processes-are-running/
 
I have gone ahead and downloaded the FRST software, ran a scan, and below are the results. Would appreciate any help in getting rid of this issue. Thanks!
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Scott (administrator) on SCOTT-PC on 27-06-2014 09:19:15
Running from J:\
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Lexmark International, Inc.) C:\WINDOWS\System32\LEXBCES.EXE
() C:\WINDOWS\System32\LEXPPS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Dev... Read more

A:dllhost.exe com surrogate processes

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

Read other 22 answers
RELEVANCY SCORE 58.4

Have several dllhost.exe *32 COM processes & IE explore task running but no actual browsers open.  Installed and ran Malwarebytes Anti-Malware and ran scan.  It quarantined several items.  Then installed Adwcleaner, ran scan, and cleaned.  Then installed Farbar Recovery Scan tool(64 bit) and ran a scan.  The problem has seem to go away but am not sure if it really is.  Could you please review the log files and let me know if there is something else that I need to do.  Below are the DDS and Log files
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by Daniel at 20:36:26 on 2014-11-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8100.4986 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svcho... Read more

A:Have several dllhost.exe *32 COM processes running & IE

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555307 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 9 answers
RELEVANCY SCORE 58.4

I have 2 dllhost and 2 csrss processes showing in my taskmanager. When I click on the dllhost, they disappear.(very strange) And when i click on the csrss and right click on "go to service" it will go to the service window but does not show what service it is. i am attaching pics of my taskmngr with the dual file and one pic after i click on dllhost
 taskmngr.PNG   29.76KB
  3 downloads
Is this a virus or spyware and if so, how do i get rid of it. thank you for your support!!

A:2 dllhost.exe and 2 csrss.exe processes?

Hi, Welcome to BC.Lets try a few scans.Please Download Malwarebytes AKA MBAMUpdate Malwarebytes via the update tab.Run a full scanWhen the scan finnishes please select Remove Selected and make sure all of the boxs are checkedPlease post the resultsThe log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log toinclude the top portion which shows MBAM's database version and your operating system.Please Download Tdsskiller Run TDSSKiller.exe Click on Change Parameters Put a check in the box of Detect TDLFS file system Start scan When it is finished the utility outputs a list of detected objects with descriptions: The utility automatically selects an action (Cure or Delete) for malicious objects and asks you what to do with suspicious objects (Skip, by default) Just stick with the default options and click Continue If it wants to reboot please allow it to do so and let me know Click on Report and post the contents of the text file that will open By default, the utility outputs the log into system disk (it is usually the disk where the operating system is installed, C:\) root folder. The Log will have a name like: TDSSKiller.Version_Date_Time_log.txt.DownloadESET online scannerInstall itClick on START, it should download the virus definitionsWhen scan completes, click on LIST of found threatsExport the list to desktop, copy the... Read more

Read other 1 answers
RELEVANCY SCORE 58.4

Having a similar problem I have seen posted here recently.  Dllhost.ext com surrogate starts self propagating in the processes and eats up system resources to the point I have to hard reset my computer.  I have run Norton, malwarebytes, and super antispyware without much help.  Super antispyware did resolve the problem  or at least keep it at bay for 3 hours.  The issue was even changing the security settings for me in Internet explorer and not allowing me to download files.  Attaching the results of my farber recovery scan.  Any help is appreciated.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by Kevin Trolene (administrator) on KEVINTROLENE-PC on 20-10-2014 16:41:04
Running from C:\Users\Kevin Trolene\Desktop
Loaded Profile: Kevin Trolene (Available profiles: Kevin Trolene)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creati... Read more

A:dllhost.exe self propagating processes

Hello muteroar I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

Read other 5 answers
RELEVANCY SCORE 57.6

I apologize if this is in the wrong place, but it seemed the most likely place to put it.

I have a Toshiba laptop running Windows 7 that has been fairly unproblematic for most of its life. On Firday, I downloaded Audacity and MP3 Slkkype recorder. The computer functioned fine for the rest of the night, but on Saturday, it was running with a ridiculous lag. I opened the task manager to take a look, and the CPU was at 10% use. I looked in processes, and found about fifteen different dllhost.exe processes. Malwarebytes and my regular antivirus turned up no related issues.

I took a look at it with Process Monitor, and the majority of the processes either had to do with a supposedly Microsoft published software file that I couldn't find, or Internet Explorer temporary files, most notably for a site or search term that I don't think anyone has ever made use of (it read "driving sports").

When my internet went offline due to the power going off today, all of the processes dwindled until they were gone. CPU percentages remained erratic and moving around, but they rarely rose above twenty percent. When the connection came back, so did the dllhost.exe processes.

Does anyone know how I might be able to fix this?

A:High CPU Use (100%), suspected to be due to dllhost.exe processes

Hello and welcome Tech mate things I would be running would be sfc and a chkdsk for starters. Some system specs would be real good too

SFC /SCANNOW Command - System File Checker

Disk Check

System Info - See Your System Specs

Personally I would run these too


http://www.superantispyware.com/

http://www.malwarebytes.org/products/malwarebytes_free/

http://www.bleepingcomputer.com/download/adwcleaner/

download from bleeping computer

Plus if you have not got it already run CCleaner CCleaner - Download

from piriform just check the cookies for ones that are linked to sites you need a password for.

Read other 1 answers
RELEVANCY SCORE 57.6

Hello,
 
Well I have an issue with the proverbial "parent's computer" that usually I can figure out how to clean but this time I am stumped. I cannot say for 100% sure what was done with this machine prior to it coming into my possession but hopefully we can work it out.
 
There seems to be several similar topics in this forum, so let me describe as best I can.
 
Computer is a Dell Vostro 200 running Windows Vista Home Basic. After bootup, the cooling fans remaining running at full blast all the time (it did not always do this but sometime in teh last few months this started). Task managaer shows multiple dllhost.exe processes taking up memeory and CPU time. Responsiveness of teh computer grinds almost to a complete halt, it is very slow to accomplish anything, even something as simple as a mouse click to open a dialog box.
 
MalwareBytes and Windows Security Essentials did not find anything.
 
I removed the CPU heatsink and cleaned it off (was actually pretty clogged with dust), then reapplied with Arctic Silver 5, hoping that the CPU was just overheating and throttling down due to insufficient cooling. No such luck, the fan actually stayed off on bootup for a little while but is now back to being on full blast all the time.
 
The slowdown in performance occurs both when logged in as a normal user, and in Safe Mode.
 
It appears the first step will be to run this FarBar tool, please advise whether that should be done in Safe Mode or under t... Read more

A:DLLhost processes slowing down system

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click the to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will r... Read more

Read other 22 answers
RELEVANCY SCORE 57.6

Hello! Long time lurker, first time poster.
 
Having some small experience with dealing with troublesome computers, a friend asked me to take a look at his, after reporting that it's been acting very sluggish. It runs Webroot SecureAnywhere, which scans clean. The first thing I did was run MBAM, which also came up clean. But after the scan, I noticed that the real time website protection in MBAM was tossing up tons and tons of warnings of Microsoft processes trying to access various websites.
 
I loaded up Process Explorer and saw that said processes were being launched under dllhost.exe. It would have one process at a time, that would run for a minute or two, trying to access said websites. Then it would kill it, and another MS verified process would start up. If I manually killed the process, yet another one would start up within a minute or so.
 
A few of the processes it runs are:
 
rundll32.exe
systray.exe
logagent.exe
netstat.exe
dplaysvr.exe
ctfmon.exe
wextract.exe
 
And a sample of the websites it tries to access are:

 
195.2.240.67
a020f0.com
9400d3.com

 
I'm not spotting anything else suspicious.
 
There's also MASSIVE activity in appdata\local\temp, with hundreds of directories being created every day.
 
Hopefully I've included everything I should have. Thanks in advance for your help.

A:Suspicious Random MS Processes Under dllhost.exe

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3306580011-4053643636-40677765-1000\...\Policies\Explorer\Run: [EagleSoft] => C:\Users\admin\AppData\Roaming\cvsgbasf\sisubhsc.exe
HKU\S-1-5-21-3306580011-4053643636-40677765-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disab... Read more

Read other 1 answers
RELEVANCY SCORE 57.6

Symptoms:
~31 instances of the "dllhost.exe" process are running
BSOD occurs spontaneously, but not everyday (will run Memtest86)
Hovers around 100% CPU Usage, most stemming from the "dllhost.exe" instances
Memory usage is NOT out-of-control, but several hundred MB are due to "dllhost.exe" instances
There are NO pop-ups, NO visible ransomware, NO softwares installed in Appwiz.cpl that I do not recognize, and NO issues accessing any function of Windows (taskmgr, all files visible, can install programs)
Windows Error message appears constantly: "powershell.exe - Application Error" - "The application failed to initialize properly (0xc0000142). Click on OK to terminate the application."
Attempted Solutions:
Ran "rkill.exe" (nothing found)
Ran "tdsskiller.exe" (nothing found)
Ran "unhide.exe" (could already see all the files)
Installed, updated, ran AVG (no results)
Installed, updated, ran SuperAntiSpyware (tracking cookies and one Trojan removed)
Installed, updated, ran Malwarebytes (11 tracking cookies and 4 Trojans removed)
------------------------------------------------------
DDS Log
------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by midas at 17:27:55 on 2014-08-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.1519 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.... Read more

A:Infection: 31 "dllhost.exe" Processes & BSODs

Hi there,please run the following scans:Step 1Please download Combofix (by sUBs) and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start Combofix.exe and follow its instructions.Do not use the computer while the scan is running. This may cause the program to stall.When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).Please copy and paste the contents of this file into your next post.Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.(You can find more detailed instructions in this guide on using Combofix.)Step 2Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 10 answers
RELEVANCY SCORE 57.6

Hi, I have 31 dllhost.exe*32 COM SURROGATE processes running, which seem to be completely bogging my computer down.  Nothing I've done can get rid of them, kill them, or stop them.  I have run every tool I know how to use.  Is there anything I can do to remove these from my computer?  I will wait for instruction.  Thank you, in advance, for your help!Edit: Moved topic from Windows 7 to the more appropriate forum. Deleted duplicate topic in Virus, Trojan, Spyware, and Malware Removal Logs forum due to lack of any logs included with topic.~ Animal

A:31 dllhost.exe*32 COM SURROGATE processes running

Please scan your computer with ESET OnlineScan
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
 
 
Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 

 
Click on Update Now, af... Read more

Read other 29 answers
RELEVANCY SCORE 57.6

Several days ago, about 5 ads were running on my computer at the same time, but no visuals, only audio. I couldn't find out where htey were coming form so I had to shut my computer down.  Then, Adobe Flash would send me security messages that say
 
"Adobe Flash Player has stopped a potentially unsafe operation. The following local application on your computer or network: javascript:window ["contents"] is trying to communicate with this Internet-enabled location: static.adsafeprotected.com (or it is s0.2mdn.net, or cdn.adnxs.com, or ds.serving-sys.com). To let this application communicate with the Internet, click Settings. You must restart the application after changing yoru settings."
 
I uninstalled and reinstalled Flash, and the security warnings haven't reappeared, but there are 30 processes running in the task manager running anywhere from 4000K to 70,000K EACH of memory.  I have researched these processes, and have not found a satisfactory answer as to why they might be running.  I have run every security scan I can find, and while they have found nasty things, they haven't gotten rid of these or what is causing them.
 
Thank you for your help!
 
Here is my DDS file:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by D at 23:16:16 on 2013-11-15
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp:/... Read more

A:30 dllhost.exe*32 COM SURROGATE processes are running

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514186 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 25 answers
RELEVANCY SCORE 57.6

When I attempt to load any of the applications I use on a daily basis, I start to notice a massive decrease in performance. Upon looking at the task manager processes, I have about 15 dllhost.exe processes taking up 80% of my CPU and a lot of memory also.
 
It seems I'm suppose to download FRST and run a scan with additional.txt selected, here are the results:
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by JJ (administrator) on JJ-PC on 24-10-2014 15:28:36
Running from C:\Users\JJ\Downloads
Loaded Profile: JJ (Available profiles: JJ)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:... Read more

A:Several dllhost.exe processes taking up CPU / Memmory.

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Press the + R on your keyboard at the same time. Type notepad and click OK.Copy the entire content of the codebox below and paste into the notepad document:
CloseProcesses:
HKLM-x32\...\Run: [] => ... Read more

Read other 8 answers
RELEVANCY SCORE 57.6

Hi,
 
I believe I have the same issue as posted here - http://www.bleepingcomputer.com/forums/t/525236/30-dllhostexe32-com-surrogate-processes-running-cant-kill/
 
I have gone ahead, downloaded the FRST software, ran a scan, and below are the results. Would appreciate any help in getting rid of this issue. Thanks! (will posted the Addition file text in a second window):
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014
Ran by TEST ACCOUNT (administrator) on COMP7 on 05-03-2014 13:05:15
Running from C:\Users\Jim Malone\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Microsoft Corp.) C:\Program Files (... Read more

A:30 dllhost.exe*32 COM SURROGATE processes running - Help!

Second file scan results below:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014
Ran by TEST ACCOUNT at 2014-03-05 13:05:59
Running from C:\Users\Jim Malone\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AI Viewer (HKLM-x32\...\{8C8292F3-7D93-4D40-9738-B24165D7E7CD}_is1) (Version:  - IdeaMK)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80... Read more

Read other 15 answers
RELEVANCY SCORE 57.6

Computer slows, Task manager shows approx. 20 instances of dllhost.exe*32 COM Surrogate. Resets IE security to block file downloads. Previously was trying to upload to web sites Appsrumors.com and Searchnet.Blinkxcore.com. Have run SuperAntispyware, MicrosoftSecurity Essentials, Malwarebytes, AdwCleaner, and others, they've slowed down the culprit but it comes back again and again. System is running Windows 7. Any suggestions?

A:Multiple dllhost.exe*32 COM Surrogate processes.

I haven't applied this to a laptop I have at home but here is a link to fixing this "Poweliks Virus." Please post on if it works or not :-)Mod Edit by quietman7: link to non-Bleeping Computer malware removal guide removed.

Read other 14 answers
RELEVANCY SCORE 57.6

The past few days I've noticed a huge slow down in my computer's speed.  I opened up the task manager and there were 31 dllhost.exe COM Surrogate processes running and taking up 100% cpu usage.  After killing these processes the computer seemed to go back to running normally, but about 5 minutes later they reappeared and brought my pc to a grinding hault.  I've read several forums about this issue, but I know every situation is unique and I'm really hoping that I can get some help.
 
Running windows 7 64 bit.  Again, any help is GREATLY appreciated!

A:31 dllhost.exe COM Surrogate processes running

HI. I'm Rootk and I will be helping you with your problem.
 
We need to see some additional information about what is happening in your machine.
Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.scr
DDS.pif

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/paste both logs into your next reply.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Read other 2 answers
RELEVANCY SCORE 57.6

Dear Bleeping Computer
 
Numerous dllhost.exe processes running at the same time - slowing computer to unusable state
 
I have read a number of posts and your informative replies assisting people with the subject problem.
 
I seem to be having the same problem, and would be grateful if you could assist me too.
 
I have run a number of Malware/Virus scanners, and whilst they all seem to detect some threat or another, the problem remains.
 
When I try to end the numerous dllhost.exe processes in Task Manager, they just keep reappearing.
 
My Security Center also seems to have been turned off, and am told when I try to turn it back on that it can't be started. How do I fix this as well?
 
I have copied the relevant initial logs that I see others have provided below.
 
Thank you very much, I appreciate any help you can give me.
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by Sean (administrator) on SEAN-PC on 23-09-2014 18:31:13
Running from C:\Users\Sean\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, ... Read more

A:Numerous dllhost.exe Processes - Malware

Dear Bleeping Computer
 
Numerous dllhost.exe processes running at the same time - slowing computer to unusable state
 
I have read a number of posts and your informative replies assisting people with the subject problem.
 
I seem to be having the same problem, and would be grateful if you could assist me too.
 
I have run a number of Malware/Virus scanners, and whilst they all seem to detect some threat or another, the problem remains.
 
When I try to end the numerous dllhost.exe processes in Task Manager, they just keep reappearing.
 
My Security Center also seems to have been turned off, and am told when I try to turn it back on that it can't be started. How do I fix this as well?
 
I have copied the relevant initial logs that I see others have provided below.
 
Thank you very much, I appreciate any help you can give me.
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by Sean (administrator) on SEAN-PC on 23-09-2014 18:31:13
Running from C:\Users\Sean\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, ... Read more

Read other 31 answers
RELEVANCY SCORE 57.6

When running, my computer runs a ton of dllhost processes, many services are running with a *32, and now I am getting a URL:Mal infection threat warning from Avast. The computer does not sleep properly, and often is difficult to start up and get online. I need help soon. I couldn't get online and helpbot locked my first cry for help after no one responded. I just tried messaging a moderator. This is my first time being able to get online in 5 days. This computer is quickly becoming a paperweight unless someone can help me.
Shaun
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by Wilbert Family at 10:27:48 on 2014-11-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6048.3413 [GMT -5:00]
.
AV: ESET Smart Security 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: ESET Smart Security 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP Simp... Read more

A:dllhost, 32 bit processes and URL:Mal warnings from Avast

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Re-enable downloads in Internet ExplorerPress the + R on your keyboard at the same time. Type inetcpl.cpl and click OK. Click the Security tab and then on Step 2Please download Powelikscleaner (by ESET)... Read more

Read other 3 answers
RELEVANCY SCORE 57.6

Hi,
 
Back again after 2 trouble free years. I was able to find and remove malware using the usual tools but still am still getting multiple dllhost.exe with Com Surrogate in the description processes spawning. I end them and they still come back. Not sure if related, but:
 
IE keeps changing security settings to disable file downloads whether I set the Internet zone to default or Custom.
Getting blue screen DRIVER IRQL for netw5v64.sys but downloading latest intel driver seems to have fixed it
 
Thanks for the help,
Larry

A:Multiple dllhost processes & malware

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Sca... Read more

Read other 2 answers
RELEVANCY SCORE 57.6

Sorry for repeating a problem that is currently locked on this forum however, soon after being infected with 2 cases of ransomware: CryptoLocker and Cryptorbit, I started noticing my machine was slowing down when connected to the internet. Checking processes running I found: in excess of 30 dllhost.exe*32 COM SURROGATE processes running. I found a thread on this board with many troubleshooting proceedures being given by the "bot". Should I just follow that thread to try and eliminate the problem I'm having?
 
Thanks in advance.

A:30 dllhost.exe*32 COM SURROGATE processes are running

Follow the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help from item 6.  Once you have posted your log, please pay particular attention to the advice in item 8 - the response time may be less than that quoted.

Read other 5 answers
RELEVANCY SCORE 57.6

I have experienced some extreme slowdown at times when I am gaming, and just general slowness when I am using the internet.
 
Initially, I thought it was my video card because I had suddenly started receiving a BSOD after a driver update. I cleaned up my drivers and did a clean re-install, and that problem has stopped. However, when I started experiencing the slowness again, I realized I had dozens of dllhost.exe *32 processes running.
 
I had SUPERantispyware on my PC, and that scan found nothing. Malwarebytes found several problems, and I quarantined them. However, I still seem to be having the problems.
 
Below is my DDS log:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.67.2
Run by dawasum at 14:15:54 on 2014-09-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8174.5078 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe ... Read more

A:Slowdown in PC, and dozens of dllhost.exe *32 processes

Hi there,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 6 answers
RELEVANCY SCORE 57.6

Hello, I have a computer that seems to be infected with Zero access. 
 
I have installed Malwarebytes, Hitmanpro, Combofix, TDSS Killer, Norton Power Eraser, AWCleaner, and Rougekiller all to no success.
When malwarebytes is installed and active it blocked multiple calls to outside IP Addresses without a browser open.
 
Here is my DDS Log file. 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/5/2013 7:15:11 PM
System Uptime: 7/10/2014 9:38:01 AM (4 hours ago)
.
Motherboard: BIOSTAR Group |  | A960G+
Processor: AMD FX™-4100 Quad-Core Processor             | CPU 1 | 3600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 1863 GiB total, 1676.464 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 228 GiB total, 100.873 GiB free.
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro L7600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP93: 7/8/2014 9:28:43 AM - Checkpoint by HitmanPro
RP94: 7/8/2014 9:31:43 AM - Checkpoint by HitmanPro
RP95: 7/8/2014 11:23:55 AM - Restore Op... Read more

A:Multiple DLLHOST.EXE processes/Zero Access?

Also I have preemptively ran FRST Scan
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Dennis (administrator) on DENNIS-PC on 10-07-2014 14:16:19
Running from C:\Users\Dennis\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Bitdefender) C:\Program Files\Bitdefender\Endpoint\endpointintegration.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint\endpointservice.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\Endpoint Agent\epag.exe
(Microsoft Corporation) C:\Windows\SysWO... Read more

Read other 19 answers
RELEVANCY SCORE 57.6

Hello guys, as the title says my Toshiba laptop has a problem where multiple processes of dllhost.exe COM surrogate, which I think is a virus but I am not 100% sure, are appearing in my task manager and slowing down my laptop. There will be one normal file: dllhost.exe and then 30+ dllhost.exe*32 processes that slows down my computer to a point where its not even usable. Please I need your guys help.

A:Mutiple dllhost.exe *32 processes consuming CPU

Hi there,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 33 answers
RELEVANCY SCORE 57.6

Hello all,
I've been browsing the forum for a few days now and trying multiple different fixes to cure my issue but nothing seems to be working.  A few days ago my computer started slowing down and becoming almost impossible to even use.   I found that the DLLHost.exe was using up copious ammounts of CPU.  I immediately ran Avast, Spybot and MalwareBytes and found a few things to delete/quarantine but the issue was still not resolved.
 
Next, I downloaded the Process Explorer program and ended the DLLHost.exe process tree.  This resolved the issue for about 5-10 minutes then it all started happening again.  I ran CCleaner to remove all temp files and clean my registry, re-ran Avast, CCleaner and MalwareBytes, uninstalled anything I could think of that I'd installed in the past week but to no avail.  I'm not really sure where to start but would really appreciate anyone that is willing to take some time and help me out.
 
Also, I don't have any available restore points on my computer and am on Windows 7 64bit. 
 
Thanks for reading!

A:DLLHost.exe - Multiple Processes eating up CPU

You could try giving the Poweliks remover a try: http://download.eset.com/special/ESETPoweliksCleaner.exe

Read other 7 answers
RELEVANCY SCORE 57.6

 I've seen this covered in your forums a fair amount, but alas, I cannot fix the issue on my own.  The thing is, we are unconcerned with repairing the installation, we just want to identify what malware is causing this to happen.  If anyone would be able to assist me in pinpointing the bot, malware or virus behind the issue, I would really appreciate it!
 
Here's the logs that were generated by FRST, please let me know how you want me to proceed.  Thank you so much!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by tpb (administrator) on CWO6555WN7 on 03-09-2014 17:23:06
Running from C:\Users\tpb\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvs... Read more

A:Possible Bot? 30+ dllhost.exe*32 COM SURROGATE Processes Spawning

Oh, this happens for just the one user.  If anyone else logs into the laptop it's fine...

Read other 7 answers
RELEVANCY SCORE 57.6

I seem to be having a common problem with numerous dllhost.exe processes running.  Norton, spybot, and malwarebytes cannot eliminate it, though malwarebytes is blocking a lot of outbound traffic to malicious websites.  I would greatly appreciate any help to get rid of the problem.  Here is the dds.txt info:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by Jeff at 9:06:16 on 2014-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.3147 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* /* ---- URLs ---- */
ipb.vars['base_url'] = 'http://www.bleepingcomputer.com/forums/index.php?s=262f3e1f55e6fd5182fa23ce583f20ff&';
ipb.vars['board_url'] = 'http://www.bleepingcomputer.com/forums';
ipb.vars['img_url'] = "http://www.bleepingcomputer.com/forums/public/style_images/master";
ipb.vars['loading_img'] = 'http://www.bleepingcomputer.com/forums/public/style_images/master/loading.gif';
ipb.vars['active_app'] = 'forums';
ipb.vars['upload_url'] = 'http://www.bleepingcomputer.com/forums/uploads';
/* ---- Member ---- */
ipb.vars['member_id'] = parseInt( 0 );
ipb.vars['is_supmod'] = parseInt( 0 );
ipb.vars['is_admin'] = parseInt( 0 );
ipb.vars['secure_hash'] = '880ea6a14ea49e853634fbdc5015a024';
ipb.vars['session_id'] = '262f3e1f55e6fd5182fa23ce583f20ff';
ipb.vars['twitter_id'] = 0;
ipb.vars['fb_uid'] = 0... Read more

A:Numerous dllhost.exe processes running

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555536 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 12 answers
RELEVANCY SCORE 57.6

I am having a problem with dllhost.exe *32 on a windows 7 machine.  I have run Farbar and added the provided logs.  Any help would be appreciated.  I have already ran Malwarebytes, it found nothing.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by BOB (administrator) on BOB-PC on 12-05-2014 23:32:22
Running from C:\Users\BOB\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe
( ) C:\Windows\System32\lxeacoms.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft S... Read more

A:dllhost.exe*32 COM SURROGATE processes are running

Hi mdblaze6 and Welcome to BleepingComputer!
I am currently looking though your logs and will advice you on what to do in my next reply.

Read other 4 answers
RELEVANCY SCORE 57.6

Just switched to high speed cable and four days in I've already got a problem.  It is triggered when I open a folder or start IE.  I can see conhost.exe flash in Task Manager followed by multiple processes of dllhost.exe-COM Surrogate, it will open several, eating up processor but more concerning I can see it eating bandwidth as well.  Also any open folder shows a green progress bar at the top like it is indexing or something.  I can END all the dllhost.exe-COM Surrogates in Task Manager but they return when I open a folder or start IE again, also IE keeps resetting the 'File Download' in security to 'Disable'.  I can change it and get files downloaded but the next time I open IE it's set back to disable. 
 
I have managed to download and run rkill, TDSSKiller and RogueKiller.  I was able to make several passes with Spybot and Malwarebyts (finding Trojan.Sirede.C and Backdoor.OAccess among other things) until they no longer find any more.  I thought I had it fixed but the COM Surrogate came right back.
 
Just now for the first time I got a message saying 'COM Surrogate has stopped working, end program?'
 
I could use some help rooting this the rest of the way out.
 
Thanks

A:Multiple processes of dllhost.exe-COM Surrogate

Hello, 
 
Based on the detections by Malwarebytes Anti-Malware, the following warnings must be issued. 
The issue involving dllhost.exe is most likely due to the presence of Poweliks; a rootkit which also opens a backdoor on the compromised machine. 
 

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best cours... Read more

Read other 1 answers
RELEVANCY SCORE 57.2

I have a dllhost.exe running under the unsername "system" and I have two more dllhost.exe running under IWAM_myusername where as myusername is the name of whom is logged into the computer. I seem to cannot find any information on IWAM pertaining to Windows XP. I see a lot of Windows Server results and adding 'Windows XP' to the query results in the same Windows Server results and one Windows 7 result. No Windows XP. Should I be worried? What is a IWAM?

A:Multiple dllhost.exe processes running under IWAM_myusername

FWIW:  http://serverfault.com/questions/50128/what-are-the-iusr-and-iwam-accounts-for-in-iis
 
Louis

Read other 1 answers
RELEVANCY SCORE 57.2

Thanks in advance for any help.
 
Many dllhost.exe ‘COM Surrogate’ processes are started and are eating up CPU and memory.  After awhile the system becomes unusable.
 
If I let it run, they will keep adding processes to at least 30 or maybe more.  I have always killed them before any more could be initiated.  When several are running, the system bogs down severely.
 
If I let the processes pile up for awhile, eventually a popup will appear saying that my settings do not allow my  download file to be downloaded.  didn't request a file.
 
After Googling, it seems that this is not an isolated problem but there doesn’t seem to be any one root cause. 
 
System Configuration:
Hardware:
   Dell Laptop ‘Studio XPS’ – XPS-1645
- 8 GB memory
- CPU: Intel Core i7 – Q 720 @ 1.60 GHz, 4 core, 8 logical processors
OS:
- MS Windows 7 Professional 64 bit, SP1
Network:
- Hardwired to LAN.
 
If the system is never connected to the network (boot without plugging in the Ethernet cable) and never plugging in the cable while the system is up, the ‘COM Surrogate’ processes never start. 
 
To run the DDS program, I let several of these processes start and then started DDS.  It ran to about 70% of the completion graph and wouldn't progress further.  A check of the task manager showed that it was getting time but very rarely.  I eventually killed the... Read more

A:Many dllhost 'COM Surrogate' processes eating mem & proc

Hi there,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 24 answers
RELEVANCY SCORE 57.2

Hi there!  I'd like to ask for your help with this dllhost.exe problem that just suddenly appeared out of nowhere!  I am writing this to you from my husband's laptop. I have shut down my pc for the time being.  I have NEVER needed help with a virus before and am quite humbled to have to ask for outside help, BUT this dllhost problem is causing my computer to run at 100% and the poor thing is just too revved up!!  Other issues include not being able to download programs (I have to fix it each time in IE properties), not being able to access windows update (someone said the problem might be related to a certain update) and some other weird stuff.  I tried to run a variety of scans and fixes already but nothing helped.  I've seen your responses to others with this problem, so I'll tell you what I've done already and send the results of my scan in the next message.Last night.  First AVG caught the virus, but by the time I got to the computer (it happened while my husband sat down to play spider solitaire - does that mean anything?) I couldn't quarantine it because it told me that it had already been dealt with in a different way.  At that time the computer was already humming at high CPU usage.  I then ran malwarebytes, tsskiller(whatever it's called) and another kill program - forget the name - might have had a 64 in the name - they found nothing.  I ran combofix and farbar but didn't know what the results meant so I did nothing ... Read more

A:dllhost - too many running processes & high cpu usage

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click the to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will r... Read more

Read other 38 answers
RELEVANCY SCORE 57.2

Hi
 
I have the same problem on my wife’s computer: something periodically starts a large number of dllhost.exe COM SURROGATE processes; also, something constantly is changing the security settings on my IE browser, so I need to restore defaults before downloading files. Also, the battery suddenly seem to run out very fast. A computer is dell, 2 year old.
 
I have downloaded Farbar Recovery Scan Tool, saved it to the Desktop, and ran it with the Addition.txt option checked. The contents of the two logs (FRST.txt and Addition.txt) are below:
 
 
FIRST.txt file is as follows:
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
 
Ran by Yuri-demo (administrator) on YURI-DEMO-PC on 28-08-2014 18:51:18
 
Running from C:\Users\Yuri-demo\Desktop
 
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
 
Internet Explorer Version 11
 
Boot Mode: Normal
 
 
The only official download link for FRST:
 
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 ... Read more

A:dllhost.exe COM SURROGATE processes, IE security settings

Forgot to mention. I have downloaded today the MalwareBites anti-malware and scanned the computer with it, removing 900 or so malware/trijans/etc.. But the dllhost.exe files still keep coming. I have run the MalwareBites again the couple of times and it didn't pick up any new malware, but I am getting constant notifications from it about websites etc.

Read other 8 answers
RELEVANCY SCORE 57.2

I am having the same problem as here http://www.bleepingcomputer.com/forums/t/541595/multiple-dllhostexecom-surrogate-processes-running/.
 
Runing on Windows 8.1 fresh install on SSD, no virtual machine or anything.
 
I did a FRST check please see my log.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Petko (administrator) on PETRE on 11-08-2014 02:15:16
Running from C:\Users\Petko\Downloads\New folder
Platform: Windows 8.1 Enterprise N (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corpor... Read more

A:Multiple dllhost.exe/Com Surrogate processes running

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544314 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

Hello,
 
I'm having the same problem as talked about in
http://www.bleepingcomputer.com/forums/t/525236/30-dllhostexe32-com-surrogate-processes-running-cant-kill/ (which itself was based on another thread) and sure could use some help.
 
As described, I am constantly having 2 to 3 dozen instances of Com Surrogate opening up for no reason whatsoever, ending up using enough resources as to make any other application not be responsive, due to lack of resources. All I can do is keep Task Manager open and close them, one at a time, every time it happens (every 4 or 5 minutes). Luckily, I was able to once get a DDS scan (6 times it locked up before finishing). The only problem is I couldn't get it to ever complete when the Com Surrogates were running, so they aren't in the logs.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561
Run by MikeandBert at 15:16:19 on 2014-07-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1790.813 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Ru... Read more

A:Multiple dllhost.exe/Com Surrogate processes running

Hi there,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 10 answers
RELEVANCY SCORE 57.2

Computer is running slow when I get online and I have several dll files runnings with above name.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16521
Run by Billie Readell at 17:01:22 on 2014-03-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.2715 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Wi... Read more

A:Several dllhost.exe *32 processes running in task manager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

Read other 21 answers
RELEVANCY SCORE 57.2

Hello,
 
I'm having the same problem as talked about in
http://www.bleepingcomputer.com/forums/t/525236/30-dllhostexe32-com-surrogate-processes-running-cant-kill/ (which itself was based on another thread) and sure could use some help.
 
As described, I am constantly having 2 to 3 dozen instances of dllhost.ext/Com Surrogate opening up for no reason whatsoever, ending up consuming enough resources as to make any other application unresponsive.  CPU and memory are unusually high..  I can keep the Task Manager opan and continually close them one at a  time but they keep reoccurring.  It seemed like it took forever to get a DSS scan.  Any help would sure be appreciated.  Thanks
 
I have ran multiple passes of Malewarebytes and System Defender.  Also removed the drive and ran pass of Norton 360 on another system.  Ran Chkdsk (which fixed several issues).
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16575
Run by Mark Tucker at 8:53:49 on 2014-10-04
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3061.1719 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Route... Read more

A:Multiple dllhost.exe/Com Surrogate processes running

Welcome to Bleeping Computer.Please do the following:Download attached fixlist.txt file and save it to the Desktop.
 FixList.txt   7.53KB
  4 downloadsNOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemRun FRST/FRST64 and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Read other 20 answers
RELEVANCY SCORE 57.2

My laptop is very slow. I have multiple dllhost.exe running in the processes with a COM surrogate description. I also get powershell and rundll errors popup. I also have avast and get infection detections about every 15 min or so but when I scan it says my laptop is clean.
 
I don't know what's going on, please help! Thanks!

A:Mulitple dllhost.exe in processes with a COM Surrogate description

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click the to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will r... Read more

Read other 29 answers
RELEVANCY SCORE 57.2

I have read other with the same problems so I ill post my two text files from FRST tool Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014 01Ran by Ed (administrator) on MININT-QOLVUQG on 07-03-2014 14:43:46Running from C:\Users\Ed\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Versant Corporation) C:\Program Files\Leica Geosystems\Cyclone\FastObjectsServer64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program F... Read more

A:dllhost.exe surrogate processes running in excess

Hello,this doesn't look too good. There is lots of malware running on your computer!Let's see what we can do:Please download Combofix (by sUBs) and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start Combofix.exe and follow its instructions.Do not use the computer while the scan is running. This may cause the program to stall.When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).Please copy and paste the contents of this file into your next post.Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.(You can find more detailed instructions in this guide on using Combofix.)

Read other 40 answers