Cannot delete dllhost.com

IT101

Reputable
Apr 1, 2014
3
0
4,510
My HP laptop was infected with Smart Guard Protection which I have removed. But each time I start up my windows, I get errors like 'c:\windows/system32/s7665/ZH5917.exe’ and ‘dllhost.com specified in the registry. Make sure the file exist on your computer or remove the reference to it in the registry.’ I'm using vista home premium. I've run AVG virus scan but that doesn't work either.
Also, I cannot uninstall Mozilla Firefox, it says it’s already been removed, but it appears in control panel.
Please help. Thank you.
 
Press your Windows key and R together then into the Open box, type msconfig and press Enter. Click the StartUp tab and find the entry that relates to that fle. Untick it and it will no longer start automatically when Windows loads up. Click Apply and OK your way out. Restart the computer and when it comes back up, click on OK when you see the "don't show this message again" message.
 
Hit Windows and R again and this time, type in regedit then hit Enter. From the File menu, choose Export then note the name and location of the backup you're making, in case anything goes wrong in the crucial Windows Registry.

That done, select Find from the Edit menu and search for each of those entries in turn. Post back the full title of the key you find each in before doing anything else and I or someone else here will advise if they're safe to remove.
 

IT101

Reputable
Apr 1, 2014
3
0
4,510
I don't know if I've done it right, but here goes. When I hit 'Find' dllhost, it gave me loads of entries almost in all folders. Here's one: HKEY_LOCAL_MACHINES\SOFTWARE\Classes\DllHostInitializer\CLSID (7B2801E6-0BC6-4c92-B742-6BE9B01AE874). While I was backing up some files this morning, I performed a virus scan & found Trojan, Worm & Brontok. Thanks.
 
I'm not sure whether you think that's fixed the problem.

I believe the entry dllhost.com would stand out from the others because it doesn't exist at all in my Windows 7 Registry. It might be worth another quick search.

Also, look in H_KEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version then both in Run and RunOnce to see if the entry appears in either. Delete it if it does then find the same sub-section in H_KEY_CURRENT_USER\etc. and repeat the process.