dismhost.exe recreating itself every few minutes in C:\Windows\Temp, each time contained in a different folder GUID name (e.g. AE7D13F2-AA05-4FEC-B7F2-C633CB049B52), so that my Temp folder is massively filled up with these folders with different GUIDs - each of which contain the very same DismHost.exe and 23 other files. The task manager currently shows three instances of dismhost.exe, each running from its folder it was created in.

If I look at the date created / date modified times of those folders I see them being recreated every 5 minutes. I realize this might have to do with scheduled tasks. Looking at the Event viewer's TaskSchedulerOperational log, I see that each time the folder is created, a few corresponding tasks are completed involving:

 

(6:17:36 PM) User "NT AUTHORITY\System"  deleted Task Scheduler task "\Microsoft\Windows\RemovalTools\MRT_HB"
(6:17:36 PM) Task Scheduler terminated "{cec331bf-600b-4dc1-a04a-0cdac76eb224}"  instance of the "\Microsoft\Windows\RemovalTools\MRT_HB"  task.
(6:17:36 PM) User "WORKGROUP\USER$"  updated Task Scheduler task "\Microsoft\Windows\RemovalTools\MRT_HB".
(6:17:36 PM) User "WORKGROUP\USER$"  registered Task Scheduler task "\Microsoft\Windows\RemovalTools\MRT_HB"
(6:17:42 PM) Task Scheduler stopped instance "{a8f205a7-2a2b-4279-be9c-f2a05bd3c788}"  of task "\Microsoft\Windows\TaskScheduler\Idle Maintenance"  because computer is no longer idle.
(6:17:42 PM) Task Scheduler stopped instance "{6ef6a8d8-78e5-49ed-ba4a-0fffd01134d0}"  of task "\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic"  because computer is no longer idle.
(6:17:42 PM) Task Scheduler successfully finished "{ec0e75e5-9dc5-4d8e-a8ff-8514d97f13f5}" instance of the "\Microsoft\Windows\Windows Defender\Windows Defender Verification" task for user "NT AUTHORITY\SYSTEM".
(6:17:42 PM) Task Scheduler terminated "{ec0e75e5-9dc5-4d8e-a8ff-8514d97f13f5}"  instance of the "\Microsoft\Windows\Windows Defender\Windows Defender Verification"  task.
(6:17:42 PM) Task Scheduler stopped instance "{ec0e75e5-9dc5-4d8e-a8ff-8514d97f13f5}"  of task "\Microsoft\Windows\Windows Defender\Windows Defender Verification"  as request by user "NT AUTHORITY\SYSTEM" .
(6:17:42 PM) Task Scheduler successfully completed task "\Microsoft\Windows\Windows Defender\Windows Defender Verification" , instance "{ec0e75e5-9dc5-4d8e-a8ff-8514d97f13f5}" , action "%ProgramFiles%\Windows Defender\MpCmdRun.exe" with return code 2147942659.
(6:17:42 PM) Task Scheduler successfully finished "{d7087f2b-9d3e-4047-953b-b367258f6367}" instance of the "\Microsoft\Windows\Application Experience\ProgramDataUpdater" task for user "NT AUTHORITY\SYSTEM".
(6:17:42 PM) Task Scheduler terminated "{d7087f2b-9d3e-4047-953b-b367258f6367}"  instance of the "\Microsoft\Windows\Application Experience\ProgramDataUpdater"  task.
(6:17:42 PM) Task Scheduler stopped instance "{d7087f2b-9d3e-4047-953b-b367258f6367}"  of task "\Microsoft\Windows\Application Experience\ProgramDataUpdater"  as request by user "NT AUTHORITY\SYSTEM" .
(6:17:42 PM) Task Scheduler successfully completed task "\Microsoft\Windows\Application Experience\ProgramDataUpdater" , instance "{d7087f2b-9d3e-4047-953b-b367258f6367}" , action "%windir%\system32\rundll32.exe" with return code 2147942659.
(6:17:42 PM) Task Scheduler successfully finished "{2450f1e1-3106-459d-a074-84b0b7843c3a}" instance of the "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" task for user "NT AUTHORITY\SYSTEM".
(6:17:42 PM) Task Scheduler successfully completed task "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" , instance "{2450f1e1-3106-459d-a074-84b0b7843c3a}" , action "%ProgramFiles%\Windows Defender\MpCmdRun.exe" with return code 2147942659.
(6:17:42 PM) Task Scheduler stopped instance "{2450f1e1-3106-459d-a074-84b0b7843c3a}"  of task "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"  as request by user "NT AUTHORITY\SYSTEM" .
(6:17:42 PM) Task Scheduler terminated "{688997da-a1f5-4fbf-8cd6-f950de2162c2}"  instance of the "\Microsoft\Windows\DiskFootprint\Diagnostics"  task.
(6:17:42 PM) Task Scheduler stopped instance "{688997da-a1f5-4fbf-8cd6-f950de2162c2}"  of task "\Microsoft\Windows\DiskFootprint\Diagnostics"  as request by user "NT AUTHORITY\SYSTEM" .
(6:17:42 PM) Task Scheduler terminated "{2450f1e1-3106-459d-a074-84b0b7843c3a}"  instance of the "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"  task.
(6:17:42 PM) User "WORKGROUP\USER$"  updated Task Scheduler task "\Microsoft\Windows\TaskScheduler\Regular Maintenance"
(6:17:42 PM) Task Scheduler successfully finished "{a8f205a7-2a2b-4279-be9c-f2a05bd3c788}" instance of the "\Microsoft\Windows\TaskScheduler\Idle Maintenance" task for user "NT AUTHORITY\SYSTEM".
(6:17:42 PM) Task Scheduler successfully completed task "\Microsoft\Windows\TaskScheduler\Idle Maintenance" , instance "{a8f205a7-2a2b-4279-be9c-f2a05bd3c788}" , action "Maintenance Launcher Handler" with return code 2147947270.
(6:17:43 PM) Task Scheduler successfully finished "{cec331bf-600b-4dc1-a04a-0cdac76eb224}" instance of the "\Microsoft\Windows\RemovalTools\MRT_HB" task for user "NT AUTHORITY\SYSTEM".
(6:17:43 PM) Task Scheduler successfully completed task "\Microsoft\Windows\RemovalTools\MRT_HB" , instance "{cec331bf-600b-4dc1-a04a-0cdac76eb224}" , action "C:\WINDOWS\system32\MRT.exe" with return code 0.

From those events I conclude the recreation of dismhost.exe folders occurs during Windows maintenance tasks. Anyway to stop them from duplicating and taking up Gigs on my SSD?

Appreciate the help.

• Edited by wonderous Monday, March 30, 2015 1:40 AM

Hi,

How do you find this behavior? Do you have any security application which warning you about it?

It seems that there is a task or process cannot be finished so it is keep trying to redo the steps which causes multiple temp folders created.

Thus if it is found by a security app such as a third party antivirus app, stop it for a while to see if it blocked the process.

Meanwhile from the logs, it mentioned Malicious Software Removal Tool and Windows Defender. Malicious Software Removal Tool should be removed from the computer once it finished its job until next time it is downloaded from Automatic Update. If it keeps reoccur, perform a reboot, disable all third party application and Windows Defender for a while, see if it will work this time.

If issue cannot be fixed by this, please perform a Clean Boot and see if same behavior still exists in Clean Boot Mode. You can boot back to normal mode after testing:

How to perform Clean Boot: http://support.microsoft.com/en-us/kb/929135