"prevhost.exe" Process on Windows 7

Q

What is the "prevhost.exe" process on windows 7? Is the "prevhost.exe" process a virus? Can I terminate the "prevhost.exe" process?

✍: FYIcenter.com

A

"prevhost.exe" process represents "Preview Handler Surrogate Host" program.

"prevhost.exe" process is normally running under the parent process "svchost" as shown in the process tree below:

Boot
   wininit
      services
         svchost
            prevhost

On the Processes tab of "Task Manager", "prevhost.exe" process may be listed as:

Image Name                 Memory   Description
--------------------   ----------   -----------
prevhost.exe             14,744 K   Preview Handler Surrogate Host

Additional information about "prevhost.exe" process:

Command line:
   C:\windows\system32\prevhost.exe {914FEED8-267A-4BAA-B8AA-21E233792679} -Embedding

Programe file information:
   Name: prevhost.exe
   Location: C:\Windows\SysWOW64\prevhost.exe
   Description: Preview Handler Surrogate Host
   Version: 6.1.7601.17562 (win7sp1_gdr.110217-1504)
   Size: 31232 bytes
   Last modified: 2/18/2011 12:39:44 AM
   Company Name: Microsoft Corporation
   
Some data files used:
C:\Windows\System32
C:\Windows\System32\en-US\mlang.dll.mui
C:\Windows\System32\en-US\inetres.dll.mui
C:\Windows\Fonts\StaticCache.dat
C:\Users\fyicenter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKCU\Software\Microsoft\Notepad
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKLM\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation
HKCU\Software\Microsoft\Notepad
HKLM\SOFTWARE\Policies

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\SYSTEM32\wow64.dll
C:\windows\SYSTEM32\wow64win.dll
C:\windows\SYSTEM32\wow64cpu.dll
C:\Windows\SysWOW64\prevhost.exe
C:\windows\SysWOW64\ntdll.dll
C:\windows\syswow64\kernel32.dll
C:\windows\syswow64\KERNELBASE.dll
C:\windows\syswow64\USER32.dll
C:\windows\syswow64\GDI32.dll

"prevhost.exe" process is not a virus. You should not terminate "prevhost.exe" process.

 

System Service Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2017-04-15, 517👍, 0💬