Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 4.76%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.11%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.30%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.03%
6.2.9200.16384 (win8_rtm.120725-1247) 2.67%
6.2.9200.16384 (win8_rtm.120725-1247) 12.52%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.05%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.05%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.03%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 18.39%
6.1.7600.16385 (win7_rtm.090713-1255) 32.98%
6.1.7600.16385 (win7_rtm.090713-1255) 0.03%
6.1.7600.16384 (win7_rtm.090710-1945) 0.03%
6.0.6000.16386 (vista_rtm.061101-2205) 5.71%
6.0.6000.16386 (vista_rtm.061101-2205) 0.84%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.03%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.05%
5.1.2600.5512 (xpsp.080413-2108) 14.12%
5.1.2600.5512 (xpsp.080413-2108) 0.95%
5.1.2600.5512 (xpsp.080413-2108) 0.68%
5.1.2600.5512 (xpsp.080413-2108) 0.08%
5.1.2600.5512 (xpsp.080413-2108) 0.65%
5.1.2600.5512 (xpsp.080413-2108) 0.03%
5.1.2600.5512 (xpsp.080413-2108) 0.03%
View more

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
api-ms-win-core-com-l1-1-0.dll
IIDFromString, CoInitializeEx, CoUninitialize
api-ms-win-core-com-l1-1-1.dll
IIDFromString, CoInitializeEx, CoUninitialize
api-ms-win-core-com-private-l1-1-0.dll
CoRegisterSurrogateEx
api-ms-win-core-errorhandling-l1-1-1.dll
UnhandledExceptionFilter, SetUnhandledExceptionFilter
api-ms-win-core-heap-l1-2-0.dll
HeapSetInformation
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-libraryloader-l1-1-1.dll
GetModuleHandleA
api-ms-win-core-processthreads-l1-1-1.dll
GetStartupInfoW, TerminateProcess, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess
api-ms-win-core-processthreads-l1-1-2.dll
TerminateProcess, GetCurrentProcess, GetStartupInfoW, GetCurrentProcessId, GetCurrentThreadId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-synch-l1-2-0.dll
Sleep
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount, GetSystemTimeAsFileTime
kernel32.dll
TerminateProcess, GetCurrentProcess, HeapSetInformation, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange, UnhandledExceptionFilter, lstrlenA, GetVersionExW, SetEnvironmentVariableW, MultiByteToWideChar, GetStartupInfoA, lstrcmpiA
msvcrt.dll
DllMain
ntdll.dll
NtSetInformationProcess
ole32.dll
CoInitializeEx, CoRegisterSurrogateEx, CoUninitialize, CLSIDFromString

dllhost.exe

COM Surrogate by Microsoft Corporation (Signed)

Remove dllhost.exe
Version:   6.3.9600.16384 (winblue_rtm.130821-1623)
MD5:   0934499394eb3d8027b8ab78c07d56cb
SHA1:   42ee69ea7a75800da5b2104f2b30907d9ff0b50f
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is dllhost.exe?

The COM Surrogate is a fancy name for Sacrificial process for a COM object that is run outside of the process that requested it. Explorer uses the COM Surrogate when extracting thumbnails, for example. If you go to a folder with thumbnails enabled, Explorer will fire off a COM Surrogate and use it to compute the thumbnails for the documents in the folder. It does this because Explorer has learned not to trust thumbnail extractors; they have a poor track record for stability.

Overview

dllhost.exe runs as a service under the name Aplikacja systemowa modelu COM+ (COMSysApp) within the local user context within the context of the Service Host (SvcHost). The file is digitally signed by Microsoft Corporation. and is compiled as a 64 bit program.

DetailsDetails

File name:dllhost.exe
Publisher:Microsoft Corporation
Product name:COM Surrogate
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\dllhost.exe
File version:6.3.9600.16384 (winblue_rtm.130821-1623)
Product version:6.3.9600.16384
Size:18.84 KB (19,296 bytes)
Build date:8/22/2013 5:54 AM
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Tuesday, July 9, 2013
Digital DNA
PE subsystem:Windows GUI
Entropy:4.980855
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'COMSysApp' (Aplikacja systemowa modelu COM+)
  • 'PrlVssProvider'
  • Symantec SymSnap VSS Provider
  • 'COMSysApp'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00040093%
0.028634%
Kernel CPU:0.00025996%
0.013761%
User CPU:0.00014097%
0.014873%
Kernel CPU time:982,779 ms/min
100,923,805ms/min
CPU cycles:40,998/sec
17,470,203/sec
Context switches:8/sec
284/sec
Memory
Private memory:2.75 MB
21.59 MB
Private (maximum):10.15 MB
Private (minimum):5.37 MB
Non-paged memory:2.75 MB
21.59 MB
Virtual memory:77.71 MB
140.96 MB
Virtual memory (peak):87.16 MB
169.69 MB
Working set:6.42 MB
18.61 MB
Working set (peak):11.31 MB
37.95 MB
Page faults:24,765/min
2,039/min
I/O
I/O read transfer:2.82 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:26.5 KB/sec
274.99 KB/min
I/O write operations:2/sec
227/min
I/O other transfer:167 Bytes/sec
448.09 KB/min
I/O other operations:7/sec
1,671/min
Resource allocations
Threads:4
12
Handles:142
600
GUI GDI count:9
103
GUI GDI peak:10
142
GUI USER count:4
49
GUI USER peak:6
71

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command lines:
  • C:\Windows\System32\dllhost.exe /processiC:{30d49246-d217-465f-b00b-ac9ddd652eb7}
  • C:\Windows\System32\dllhost.exe /processiC:{478b41e6-3257-4519-bda8-e971f9843849}
  • C:\Windows\System32\dllhost.exe /processiC:{3eb3c877-1f16-487c-9050-104dbcd66683}
  • C:\Windows\System32\dllhost.exe /processiC:{f9717507-6651-4edb-bff7-ae615179bccf}
  • C:\Windows\System32\dllhost.exe /processiC:{02d4b3f1-fd88-11d1-960d-00805fc79235}
  • C:\Windows\System32\dllhost.exe /processiC:{3ad05575-8857-4850-9277-11b85bdb8e09}
  • C:\Windows\System32\dllhost.exe /processiC:{48da6741-1bf0-4a44-8325-293086c79077}
  • (13 more)
Owner:User
Windows Service
Service name:COMSysApp
Display name:Aplikacja systemowa modelu COM+
Description:“Administra la configuración y el seguimiento de los componentes del Modelo de objetos componentes (COM+). Si se detiene el servicio, la mayoría de los componentes COM+ no funcionarán correctamente. Si se deshabilita este servicio, no se podrá iniciar ningún servicio que dependa específicamente de él.”
Type:Win32OwnProcess
Parent process:svchost.exe (Host Process for Windows Services by Microsoft Corporation)

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.01540638%
0.272967%
Kernel CPU:0.01540638%
0.107585%
User CPU:0.00000000%
0.165382%
CPU cycles:8,496/sec
5,741,424/sec
Memory:1.66 MB
1.16 MB
combase.dll
Total CPU:0.00048826%
Kernel CPU:0.00034302%
User CPU:0.00014524%
CPU cycles:13,760/sec
Memory:1.84 MB
DllHost.exe (main module)
Total CPU:0.00018961%
Kernel CPU:0.00010480%
User CPU:0.00008481%
CPU cycles:3,802/sec
Memory:28 KB
ESENT.dll
Total CPU:0.00012017%
Kernel CPU:0.00010483%
User CPU:0.00001534%
CPU cycles:2,697/sec
Memory:2.69 MB
MSDTCPRX.DLL
Total CPU:0.00006659%
Kernel CPU:0.00003329%
User CPU:0.00003329%
CPU cycles:19,082/sec
Context switches:1/sec
Memory:800 KB
wlanapi.dll
Total CPU:0.00005814%
Kernel CPU:0.00000881%
User CPU:0.00004934%
CPU cycles:2,304/sec
Memory:304 KB
msvcrt.dll
Total CPU:0.00004475%
Kernel CPU:0.00003323%
User CPU:0.00001152%
CPU cycles:2,042/sec
Memory:668 KB
wlidprov.dll
Total CPU:0.00001466%
Kernel CPU:0.00000057%
User CPU:0.00001409%
CPU cycles:226/sec
Memory:420 KB
shell32.dll (Windows Shell Common Dll by Microsoft)
Total CPU:0.00001029%
Kernel CPU:0.00000000%
User CPU:0.00001029%
CPU cycles:2,483/sec
Memory:20.09 MB
twinui.appcore.dll
Total CPU:0.00001029%
Kernel CPU:0.00001029%
User CPU:0.00000000%
CPU cycles:570/sec
Memory:1.02 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 34.00%
Windows 8.1 19.00%
Windows 8.1 Pro 10.00%
Windows 7 Ultimate 9.50%
Windows 8.1 Single Language 7.00%
Windows 7 Professional 5.00%
Windows 8 Single Language 3.50%
Windows 8 3.00%
Windows 8 Pro 3.00%
Windows 8.1 Pro with Media Center 2.00%
Windows Seven Black Edition 1.00%
Windows Vista Home Premium 1.00%
Windows 8.1 N 0.50%
Windows 8 Enterprise N 0.50%
Windows 7 Home Basic 0.50%
Windows 8.1 Enterprise Evaluation 0.50%

Distribution by countryDistribution by country

United States installs about 50.51% of COM Surrogate.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 23.17%
Hewlett-Packard 17.37%
ASUS 13.90%
Acer 11.20%
Toshiba 10.04%
Lenovo 10.04%
Sony 7.72%
Alienware 2.70%
Intel 1.54%
Samsung 1.16%
GIGABYTE 1.16%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE