Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLLHost.exe - Multiple Processes eating up CPU


  • Please log in to reply
7 replies to this topic

#1 dankeykang

dankeykang

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 08 November 2014 - 10:02 PM

Hello all,
I've been browsing the forum for a few days now and trying multiple different fixes to cure my issue but nothing seems to be working.  A few days ago my computer started slowing down and becoming almost impossible to even use.   I found that the DLLHost.exe was using up copious ammounts of CPU.  I immediately ran Avast, Spybot and MalwareBytes and found a few things to delete/quarantine but the issue was still not resolved.
 
Next, I downloaded the Process Explorer program and ended the DLLHost.exe process tree.  This resolved the issue for about 5-10 minutes then it all started happening again.  I ran CCleaner to remove all temp files and clean my registry, re-ran Avast, CCleaner and MalwareBytes, uninstalled anything I could think of that I'd installed in the past week but to no avail.  I'm not really sure where to start but would really appreciate anyone that is willing to take some time and help me out.
 
Also, I don't have any available restore points on my computer and am on Windows 7 64bit.  :(
 
Thanks for reading!


Edited by dankeykang, 09 November 2014 - 12:15 AM.


BC AdBot (Login to Remove)

 


#2 wishmakingfairy

wishmakingfairy

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:39 AM

Posted 09 November 2014 - 01:57 AM

You could try giving the Poweliks remover a try: http://download.eset.com/special/ESETPoweliksCleaner.exe


Using ubuntu and sharing how to as well as collecting how to scripts for common programs. Feel free to ask or share ^-^


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:39 PM

Posted 09 November 2014 - 09:04 AM

You may be infected with Poweliks.

Please download ESETPoweliksCleaner and save it to your Desktop logo.png
  • Double-click on ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
    .
    1.png
    .
    .
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
  • Press any key to exit the tool and reboot your computer.
    .
    2.png
    .
  • The tool will produce a log in the same directory the tool was run from.
  • Copy and paste the contents of that log in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 dankeykang

dankeykang
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 09 November 2014 - 12:38 PM

Poweliks was detected and removed.  I'm running Spybot, MalwareBytes and CCleaner (For registry as well) once more right now.  The CPU usage looks stable again and the DLLHost is not showing up in Process Explorer after a reboot.  Thank you so much for all of your help, things are looking good now.
 
Any advice on a better Malware/Virus protection software to go with?  This has wore me out!

 

The log is too long to post (565KB total), what's the best method to supply you with that?



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:39 PM

Posted 09 November 2014 - 12:45 PM

As long as it has entries for found and cleaning status as in this example....don't worry about posting a long log.

[2014.11.05 21:55:18.663] - INFO: Win32/Poweliks found
[2014.11.05 21:56:08.748] - INFO: process: dllhost.exe, pid 216, parent 2768
[2014.11.05 21:56:08.748] - INFO: Terminated process pid = 216
[2014.11.05 21:56:08.826] - INFO: Cleaning status: 0
[2014.11.05 21:57:04.589] - End


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 dankeykang

dankeykang
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 09 November 2014 - 12:55 PM

Here is a section talking about DLLHOST:

 

[2014.11.09 11:19:37.879] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.09 11:19:37.882] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.09 11:19:37.889] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.09 11:19:37.889] - INFO: Win32/Poweliks found
[2014.11.09 11:19:43.058] - INFO: process: dllhost.exe, pid 2156, parent 3412
[2014.11.09 11:19:43.060] - INFO: Terminated process pid = 2156
[2014.11.09 11:19:43.061] - INFO: process: dllhost.exe, pid 1104, parent 2156
[2014.11.09 11:19:43.061] - INFO: Terminated process pid = 1104
[2014.11.09 11:19:43.061] - INFO: process: dllhost.exe, pid 8720, parent 1104
[2014.11.09 11:19:43.063] - INFO: Terminated process pid = 8720
[2014.11.09 11:19:43.065] - INFO: process: dllhost.exe, pid 4176, parent 1104
[2014.11.09 11:19:43.066] - INFO: Terminated process pid = 4176
[2014.11.09 11:19:43.067] - INFO: process: dllhost.exe, pid 4496, parent 1104
[2014.11.09 11:19:43.067] - INFO: Terminated process pid = 4496
[2014.11.09 11:19:43.067] - INFO: process: dllhost.exe, pid 7276, parent 1104
[2014.11.09 11:19:43.068] - INFO: Terminated process pid = 7276
[2014.11.09 11:19:43.068] - INFO: process: dllhost.exe, pid 5824, parent 1104
[2014.11.09 11:19:43.069] - INFO: Terminated process pid = 5824
[2014.11.09 11:19:43.070] - INFO: process: dllhost.exe, pid 9112, parent 1104
[2014.11.09 11:19:43.070] - INFO: Terminated process pid = 9112
[2014.11.09 11:19:43.071] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.09 11:19:43.072] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.09 11:19:43.072] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.09 11:19:43.073] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.09 11:19:43.073] - INFO: Processing classes...
[2014.11.09 11:19:43.076] - INFO: Processing clsid [\Registry\User\S-1-5-21-4156216873-3283022041-2049445354-1000\SOFTWARE\Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}]

 

This is the very end of the log:

 

 

[2014.11.09 11:19:43.149] - INFO: Processing clsid [\Registry\User\S-1-5-21-4156216873-3283022041-2049445354-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.09 11:19:43.149] - INFO: Deleted classid [\Registry\User\S-1-5-21-4156216873-3283022041-2049445354-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.09 11:19:43.150] - INFO: Processing clsid [\Registry\User\S-1-5-21-4156216873-3283022041-2049445354-1000\SOFTWARE\Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]
[2014.11.09 11:19:43.150] - INFO: Processing clsid [\Registry\User\S-1-5-21-4156216873-3283022041-2049445354-1000\SOFTWARE\Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
[2014.11.09 11:19:43.150] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 11:19:43.150] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 11:19:43.150] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 11:19:43.150] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 11:19:43.151] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 11:19:43.151] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 11:19:43.151] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 11:19:43.151] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 11:19:43.151] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 11:19:43.151] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.09 11:19:43.151] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.09 11:19:43.151] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.09 11:19:43.151] - INFO: Cleaning status: 0
[2014.11.09 11:19:47.693] - End


Edited by dankeykang, 09 November 2014 - 12:57 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:39 PM

Posted 09 November 2014 - 04:56 PM

Ok....How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 wishmakingfairy

wishmakingfairy

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:39 AM

Posted 09 November 2014 - 06:44 PM

If all is good and you're still curious about protection, a free anti virus like AVG or Avast is just fine. I've had family members pay $60 for Norton and get infected just as fast as anyone else. Malwarebyes premium, I can't really say too much for since I don't own it, but it does have an active malware monitor that I would assume would catch the potentially unwanted programs that anti viruses generally ignore.

 

I myself use:

AVG Free ( Or Avast, depending on what i feel like running )

Malwarebytes Free

Tools found on bleepingcomputer (including the helpful pros that know the gritty bits of removal )

 

I try to tell others that complain about purchasing software only to still become infected "You have protection, not immunity"


Using ubuntu and sharing how to as well as collecting how to scripts for common programs. Feel free to ask or share ^-^





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users