What error message are you referring to. vinicoringa posted an RKill log.
All files listed in an RKill log are not necessarily malware related. Determining whether a file is malware or a legitimate process usually depends on the location
(path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.
Dllhost.exe (COM Surrogate
aka DCOM DLL host process) is a legitimate Windows component that resides in the system 32 folder. It's presence and termination in RKill's output log is not uncommon.
RKill - What it does and What it Doesn't - A brief introduction to the program
RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. Then it kills Explorer.exe so it will restart and enable some of the Registry changes. When done, RKill will then create a log listing all processes that were terminated while the program was running. Please note that this will include processes that were terminated manually by the user as well as RKill (itself). Other than what is listed above, it does nothing else.
Rkill also terminates executable files running from a user profile by design as programs should not be running from a userprofile since they are meant to hold data, preferences, settings, and configuration files. If you are you able to run Malwarebytes Anti-Malware and other security tools without them terminating, there is no need to run Rkill. Using Rkill is only necessary to fix the most common malware processes that stop us from using security tools and completing scans so its not required in all situtations.
If you're having problems running RKill, you can download renamed copies, and try them instead.iExplore.exeeXplorer.exeuSeRiNiT.exeWiNlOgOn.exe
If one of them does not work, then try downloading and running another copy. -- You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.
Edited by quietman7, 15 September 2010 - 01:32 PM.