please help

Posted on 2013-09-18
Medium Priority
Last Modified: 2013-11-22
pc very slow to unusable , ran several virus protections and found nothing
ran 2 registry programs and also found no problems

problem is in task manager I notice dllhost.exe com surrogate is running at least 20 times
some 300k or more , if I delete them then one by one they just start appearing again

happens after rebooting even in safe mode , whether running IE or trying to play a game
tried updating several programs as suggested and deleted DIVX as also suggested

windows vista / quad core cpu
Question by:red102062
  • 4
  • 2
  • 2
  • +2
LVL 31

Expert Comment

by:Thomas Zucker-Scharff
ID: 39504741
What did you run? Can you post the logs?

Author Comment

ID: 39504903
dearest kyder , yes I forgive you and thanks for the auto tips , just checked oil as you suggested ( oil level fine ) but that didn't help my pc :-)

windows vista
pc started running very slow and will lock up completely during any process
internet explorer , email , facebook , games etc.
tried rebooting , removed some startup programs
deleted DIVX that was suggested by another site
updated GOM player that was suggested by another site
checked to make sure dllhost was located in fat32 file only , again suggested by another
tried running in safe-mode , ran Avast , Spybot and IO bits malware
also ran tweakreg and cc cleaner for registry check , have learned dllhost is related to viewing thumbnails etc , so unchecked thumbnail view, later turned on again

process tree will show about 20 dllhost.exe com surrogates running
up to400k and decreasing on down

thanks for any ones help , just standing here holding my dipstick
LVL 30

Accepted Solution

ded9 earned 2000 total points
ID: 39504905
Download process explorer to find out  the faulty app thats slowing down your system


Run combofix


Create a new user account in control panel ..reboot ..login under the new user account and check.

Can be a corrupt user account.

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

LVL 93

Expert Comment

ID: 39505001
did you disable startup programs yet?
 if not, it's a good first step, so : run msconfig
in the startup tab, click disable all
in the services tab, click "HideMS services" then click disable all
now reboot, and check if it helped; if it did, re-enable the programs/services in groups or 1 by 1 to find the cause
LVL 37

Expert Comment

ID: 39505347
Assuming all of the above have been tried (those assume it is a normal application or bug), we can safely assume it's a virus.Please note that the more advanced viruses cannot be detected while you're in Windows (virus hooks in first, makes itself invisible to all bigger names antivirus programs).
Therefore, the only way to really scan your computer is using a boot cd/usb. Eset NOD32 is a good one, but if you don't have a subscription, there are also free versions like the AVG boot cd (http://www.avg.com/eu-en/download.prd-arl). Boot from CD, scan, delete viruses, reboot.
LVL 31

Expert Comment

by:Thomas Zucker-Scharff
ID: 39505982
If it is a root kit you may not detect when using boot device. Using an alternate boot device is not recommended since that also disables windows builtin protections.

Try running malwarebytes full scan after running roguekiller without rebooting in between.

I don't have access to the links maybe someone else can post for me.


http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
LVL 31

Expert Comment

by:Thomas Zucker-Scharff
ID: 39507473
Thanks for adding the links. Also check out my article on rootkits:

LVL 37

Expert Comment

ID: 39507653
@tzucker great way to confuse a user there. After I recommended using a boot CD, you come up with  the ingenious idea to scan it inside Windows, because otherwise you might "disable built-in protection systems" (whatever that means). And after that you post your own link with a tutorial recommending a boot CD?
LVL 31

Expert Comment

by:Thomas Zucker-Scharff
ID: 39507743
The antirootkit s/w don't generally require an alternate boot device and you should probably read younghv's articles on best practices if you are unfamiliar with windows protections.

Please keep any other suggestions aimed at the OPs question. Just my opinion.

Author Closing Comment

ID: 39510863
Ran combo-fix and my pc runs  better than ever
all problems are gone , combo-fix repaired what 3 other virus/malware detectors could not
Thanks very much ded9 you are a genius :-)

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
If you are like me and like multiple layers of protection, read on!
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question