Should I block it?

No, this file is 100% safe to run.

Additional versions

6.3.9600.16384 (winblue_rtm.130821-1623)	4.76%
6.3.9600.16384 (winblue_rtm.130821-1623)	0.11%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.30%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.03%
6.2.9200.16384 (win8_rtm.120725-1247)	2.67%
6.2.9200.16384 (win8_rtm.120725-1247)	12.52%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.05%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.05%
6.2.8250.0 (winmain_win8beta.120217-1520)	0.03%
6.2.8102.0 (winmain_win8m3.110823-1455)	0.05%
6.1.7600.16385 (win7_rtm.090713-1255)	18.39%
6.1.7600.16385 (win7_rtm.090713-1255)	32.98%
6.1.7600.16385 (win7_rtm.090713-1255)	0.03%
6.1.7600.16384 (win7_rtm.090710-1945)	0.03%
6.0.6000.16386 (vista_rtm.061101-2205)	5.71%
6.0.6000.16386 (vista_rtm.061101-2205)	0.84%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)	0.03%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)	0.05%
5.1.2600.5512 (xpsp.080413-2108)	14.12%
5.1.2600.5512 (xpsp.080413-2108)	0.95%
5.1.2600.5512 (xpsp.080413-2108)	0.68%
5.1.2600.5512 (xpsp.080413-2108)	0.08%
5.1.2600.5512 (xpsp.080413-2108)	0.65%
5.1.2600.5512 (xpsp.080413-2108)	0.03%
5.1.2600.5512 (xpsp.080413-2108)	0.03%
View more
5.1.2600.5512 (xpsp.080413-2108)	0.46%
5.1.2600.5512 (xpsp.080413-2108)	0.08%
5.1.2600.5512 (xpsp.080413-2108)	0.03%
5.1.2600.5512 (xpsp.080413-2108)	0.16%
5.1.2600.5512 (xpsp.080413-2108)	0.30%
5.1.2600.5512 (xpsp.080413-2108)	0.33%
5.1.2600.5512 (xpsp.080413-2108)	0.03%
5.1.2600.5512 (xpsp.080413-2108)	0.08%
5.1.2600.5512 (xpsp.080413-2108)	0.03%
5.1.2600.5512 (xpsp.080413-2108)	0.03%
5.1.2600.5512 (xpsp.080413-2108)	0.03%
5.1.2600.5512 (xpsp.080413-2108)	0.03%
5.1.2600.3311 (xpsp.080212-0003)	0.08%
5.1.2600.3300 (xpsp.080125-2027)	0.03%
5.1.2600.3244 (xpsp.071030-1534)	0.03%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	2.86%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.08%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.03%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.03%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.03%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.03%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.03%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.03%

Relationships

wshost.exe (COM Surrogate by Microsoft Corporation)

dllhost.exe

COM Surrogate by Microsoft Corporation (Signed)

Remove dllhost.exe

Version:	5.1.2600.5512 (xpsp.080413-2108)
MD5:	0a9ba6af531afe7fa5e4fb973852d863
SHA1:	5d0b0222b0f37a85d64b9283611e940313e21348
SHA256:	8a8116429189d631fc00596278c92a363ec734f0cde76f52c7456fdc9c56e384

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is dllhost.exe?

The COM Surrogate is a fancy name for Sacrificial process for a COM object that is run outside of the process that requested it. Explorer uses the COM Surrogate when extracting thumbnails, for example. If you go to a folder with thumbnails enabled, Explorer will fire off a COM Surrogate and use it to compute the thumbnails for the documents in the folder. It does this because Explorer has learned not to trust thumbnail extractors; they have a poor track record for stability.

Overview

dllhost.exe runs as a service under the name Aplikacja systemowa modelu COM+ (COMSysApp) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.

Details

File name:	dllhost.exe
Publisher:	Microsoft Corporation
Product name:	COM Surrogate
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\dllhost.exe
File version:	5.1.2600.5512 (xpsp.080413-2108)
Product version:	5.1.2600.5512
Size:	5 KB (5,120 bytes)
Certificate
Issued to:	Microsoft Corporation
Authority (CA):	Microsoft Corporation
Expiration date:	Tuesday, July 9, 2013
Digital DNA
PE subsystem:	Windows GUI
Entropy:	4.980855
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Behaviors

Services

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'COMSysApp' (Aplikacja systemowa modelu COM+)
'PrlVssProvider'
Symantec SymSnap VSS Provider
'COMSysApp'

Network connections

[UDP] listens on port 1325

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00212966%	0.028634%
Kernel CPU:	0.00093213%	0.013761%
User CPU:	0.00119753%	0.014873%
Kernel CPU time:	667 ms/min	100,923,805ms/min
Context switches:	10/sec	284/sec
Memory
Private memory:	4.9 MB	21.59 MB
Private (maximum):	8.5 MB
Private (minimum):	5.85 MB
Non-paged memory:	4.9 MB	21.59 MB
Virtual memory:	43.53 MB	140.96 MB
Virtual memory (peak):	45.25 MB	169.69 MB
Working set:	6.11 MB	18.61 MB
Working set (peak):	9.23 MB	37.95 MB
Page faults:	5,980/min	2,039/min
I/O
I/O read transfer:	3.09 KB/sec	1.02 MB/min
I/O read operations:	5/sec	343/min
I/O write transfer:	6 Bytes/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	64 Bytes/sec	448.09 KB/min
I/O other operations:	2/sec	1,671/min
Resource allocations
Threads:	12	12
Handles:	206	600
GUI GDI count:	5	103
GUI USER count:	4	49

Process properties

Integrety level:	Undefined
Platform:	32-bit
Command lines:	C:\Windows\System32\dllhost.exe /processiC:{02d4b3f1-fd88-11d1-960d-00805fc79235} C:\windows.0\system32\dllhost.exe /processiC:{02d4b3f1-fd88-11d1-960d-00805fc79235} C:\Windows\System32\dllhost.exe /processiC:{bd821f2b-189a-4980-8c02-e95c59219e35} C:\Windows\System32\dllhost.exe /processiC:{3d14228d-fbe1-11d0-995d-00c04fd919c1} C:\Windows\System32\dllhost.exe /processiC:{9a666cc3-6fbb-47c0-8921-fe42d156123a} C:\winxp\system32\dllhost.exe /processiC:{4e14fba2-2e22-11d1-9964-00c04fbbb345} C:\Windows\System32\dllhost.exe /processiC:{f85987c8-6e82-4b45-917e-1ee0276a0dd3} (12 more)
Owner:	SYSTEM
Windows Service
Service name:	COMSysApp
Display name:	Aplikacja systemowa modelu COM+
Description:	“Administra la configuración y el seguimiento de los componentes del Modelo de objetos componentes (COM+). Si se detiene el servicio, la mayoría de los componentes COM+ no funcionarán correctamente. Si se deshabilita este servicio, no se podrá iniciar ningún servicio que dependa específicamente de él.”
Type:	Win32OwnProcess
Parent processes:	services.exe (Services and Controller app by Microsoft) svchost.exe (Generic Host Process for Win32 Services by Microsoft)

Threads

Averages

dllhost.exe (main module)
Total CPU:	0.00117082%	0.272967%
Kernel CPU:	0.00075866%	0.107585%
User CPU:	0.00041216%	0.165382%
Memory:	16 KB	1.16 MB
MSVCR80.dll
Total CPU:	0.00041912%
Kernel CPU:	0.00023950%
User CPU:	0.00017962%
Context switches:	6/sec
Memory:	620 KB
COMSVCS.DLL
Total CPU:	0.00037587%
Kernel CPU:	0.00015127%
User CPU:	0.00022460%
Memory:	1.23 MB
msvcrt.dll
Total CPU:	0.00023215%
Kernel CPU:	0.00004458%
User CPU:	0.00018757%
Memory:	352 KB
ole32.dll
Total CPU:	0.00014520%
Kernel CPU:	0.00013552%
User CPU:	0.00000968%
Memory:	1.24 MB
MSDTCPRX.dll
Total CPU:	0.00006202%
Kernel CPU:	0.00001934%
User CPU:	0.00004269%
Memory:	436 KB
ntdll.dll
Total CPU:	0.00004957%
Kernel CPU:	0.00000000%
User CPU:	0.00004957%
Memory:	712 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	34.00%
Windows 8.1	19.00%
Windows 8.1 Pro	10.00%
Windows 7 Ultimate	9.50%
Windows 8.1 Single Language	7.00%
Windows 7 Professional	5.00%
Windows 8 Single Language	3.50%
Windows 8	3.00%
Windows 8 Pro	3.00%
Windows 8.1 Pro with Media Center	2.00%
Windows Seven Black Edition	1.00%
Windows Vista Home Premium	1.00%
Windows 8.1 N	0.50%
Windows 8 Enterprise N	0.50%
Windows 7 Home Basic	0.50%
Windows 8.1 Enterprise Evaluation	0.50%

Distribution by country

United States installs about 50.51% of COM Surrogate.

Distribution by PC manufacturer

PC Manufacturer	distribution
Dell	23.17%
Hewlett-Packard	17.37%
ASUS	13.90%
Acer	11.20%
Toshiba	10.04%
Lenovo	10.04%
Sony	7.72%
Alienware	2.70%
Intel	1.54%
Samsung	1.16%
GIGABYTE	1.16%

Remove Adware and Spyware Programs, FREE Download!