Here is what a google search came up with It's rather technical, but seems to say this program can slow systems down. Rick DLLHOST.EXE - Good Or Bad images/vai Vectors & Interfaces The networking specialist About Vectors & Interfaces Network support services Useful resources PC News Contact The support specialist Support Guide DLLHOST.EXE - Good Or Bad Even if you do not download any kind of free programs from the Internet, be suspicious if you see a file like GatorHDPlugin.log in your Windows directory. Chances are that you have gotten the software through automated download and installation. This will happen if your Internet option is set enabled for Install On Demand (IE and Others) and enable third party browser extensions. Having dealt with so many different type of spyware in the course of work, whenever I press CTRL-ALT-DEL to get to the Task Manager and look at the processes list and see DLLHOST.EXE as one of the processes, it would get me suspicious. A search on the net yields results that says - "Description: dllhost.exe is a part of the Microsoft Windows Operating System. The dllhost.exe file manages DLL based applications. This program is important for the stable and secure running of your computer and should not be terminated." "The COM+ hosting process controls processes in the Internet Information Services (IIS) and is used by many programs." So is it good or bad ? First, my clean installed system with IIS does not consist of dllhost.exe process in the processes list. Secondly, whenever I encounter DLLHOST.EXE processes in the processes list, my system would slow down drastically. Thus it would seem that anyone who runs IIS without any .NET extension should not have this process running at all.There are of course other usage of this process by some programs like antivirus, some mail server and even Winfax. Thus it would requires checking if there are too many instances of it running. To check the list of DLLs that are or have been loaded in your system before click on Start, Run and then type CMD in the prompt (command for WIN95/98/ME). At the DOS prompt, type cd c:\windows or cd c:\winnt (if the previous command doesn't work) and then press enter key. Once you are Windows system directory, type cd downlo~1 to get into the downloaded program files folder. Type dir to see a list of files that are in that folder. Following are some of the files that were installed on my system by a drive-by download; HDPlugin1015.dll HDPlugin1018.dll HDPlugin1019.dll winadtoolsx.dll ISTactivex.dll WUInst.dll To uninstall these modules from memory, type regsvr32 /u %systemroot%\downlo~1\ followed by the DLL file name, e.g. regsvr32 /u "%systemroot%\downlo~1\HDPlugin1015.dll". Remember to add the quote marks. Delete the files after uninstall by typing del followed by the file name e.g. del hdplugin1015.dll or rename it to another extension e.g. ren bridgex.dll bridgex.bak. Doing so will enable you to know how often the spyware came back. You may also wish to run regedit (Start, Run, type regedit at prompt) to remove any traces of the above or some other suspicious entries in the following keys. Please be sure you know what you are doing because a wrong deletion may cause your system to become unstable. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Current Version\Run Also do a scan using Spybot Search & Destroy or any other spyware removal tools and fix any problem that it detects. Be cautious of some commercial spyware removal tools that claims to be free but keeps prompting you to purchase in order to remove the spywares it detected on your system. Chances are that they are spyware themselves (probably written by the same people who's software you are trying to remove) that is installed to take control of your machine and hard sell you their wares. Pest Patrol, commercial anti-spyware/anti-trojan software and some free ones like Spybot S&D are the real tools for your anti-spyware and anti-trojan problem. Some sites like 3721.net and programs like eAcceleration installed as a popup stopper with all their bundled stuffs are "worse than the disease itself" or "bringing in the cat to get rid of the mouse but now the cat don't want to leave!!" 4e66ax0pvtEGKOKNNIEOJKOFOH There may be some new tricks from these hijackers and thus it would be advisable to constantly scan your system and remove any doubtful DLL files using the same method above. Spyware don't provide you with very much useful function but causes much more problems than it is worth. So far issues that we have encountered caused in part by spyware includes login only to be brought back to the logoff screen, constantly losing Internet connection, losing stored profiles, etc. Other spyware dlls & exes found on some client's machines ; (Dec 2004) (In Windows\Downloaded Program Files) bridgex.dll, ieawsdc.dll, minesweeper.dll, pinstall.dll, popcaploader.dll, purzh-sg.dll, v2.dll, retro64_loader.dll, solitaireshowdown.dll, toolbar_nieuw14.dll. (In Windows\sytem32) msegcompid.dll WildTangent has their own folder within Windows known as WT. Also remove all traces of alg.exe from registry by running regedit or regedt32, edit, find and delete key. F3 to find next and then repeat. Registry editing has been disabled by your administrator Some spyware not only take control of your PC but also does not want you or anyone else to have any ability to make changes with administrative tools like regedit. If you agreed to install the adwares, naturally it means that it is OK that they disallow you to remove them. TVM.exe (TV Media) stays resident in memory on startup and can only be removed in safe mode but part of its entries may be stored in a user-level profile and cannot be cleaned unless you login with that user name. But when you login with the hijacked user name, you have no access to regedit program. To restore registry editing right to your own machine, copy the following text, save as a file name with .reg extension and then open it up. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000 Got the following from somewhere but could not locate the source anymore. To restore control of your Internet Option & Control Panel, copy the following text, save as a file with .reg extension and open it. REGEDIT4 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel] "GeneralTab"=dword:00000000 "ProgramsTab"=dword:00000000 "SecurityTab"=dword:00000000 "ContentTab"=dword:00000000 "PrivacyTab"=dword:00000000 "AdvancedTab"=dword:00000000 "ConnectionsTab"=dword:00000000 "HomePage"=dword:00000000 "Accessibility"=dword:00000000 "CertifPers"=dword:00000000 "CertifSite"=dword:00000000 "SecChangeSettings"=dword:00000000 "SecAddSites"=dword:00000000 "FormSuggest"=dword:00000000 "FormSuggest Passwords"=dword:00000000 "Connwiz Admin Lock"=dword:00000000 "Settings"=dword:00000000 "ResetWebSettings"=dword:00000000 "Connection Wizard"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel] "GeneralTab"=dword:00000000 "ProgramsTab"=dword:00000000 "SecurityTab"=dword:00000000 "ContentTab"=dword:00000000 "PrivacyTab"=dword:00000000 "AdvancedTab"=dword:00000000 "ConnectionsTab"=dword:00000000 "HomePage"=dword:00000000 "Accessibility"=dword:00000000 "CertifPers"=dword:00000000 "CertifSite"=dword:00000000 "SecChangeSettings"=dword:00000000 "SecAddSites"=dword:00000000 "FormSuggest"=dword:00000000 "FormSuggest Passwords"=dword:00000000 "Connwiz Admin Lock"=dword:00000000 "Settings"=dword:00000000 "ResetWebSettings"=dword:00000000 "Connection Wizard"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"=dword:00000000 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] "NoBrowserOptions"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoSaveSettings"=dword:00000000 Removal of spyware using commercial and non-commercial software Remember to keep your system updated with the latest service pack as we encounter explorer.exe error and mshta.exe error for a Windows 2000 machine running SP2 after removing some spywares like Gator, CoolWebSearch and have to restore all registry entries that Spybot remove, install SP4 & IE patches and then remove them again in order to get the system working. Some spyware companies are advertising as spyware remover software & may cause more problems than solving them. Typical indication of spyware loaded removers are that it is scan your PC free and it comes with a very long user agreement which you don't read. List of so-called anti-spyware softwares that are spywares themselves; Spy Wiper, AdWare Remover Gold, BPS Spyware Remover, Online PC-Fix SpyFerret, SpyBan, SpyBlast, SpyGone, SpyHunter, SpyKiller, SpyKiller Pro, SpywareNuker, TZ Spyware-Adware Remover, xp-AntiSpy, SpyAssault, InternetAntiSpy, Virtual Bouncer, AdProtector. If you're interested in getting a commercial anti-spyware program, you can buy Pest Patrol which is known to be a genuine anti-spyware plus anti-trojan product. You can buy it through us using the following link; 4e66ax0pvtEGKOKNNIEOJKOFOH Otherwise, there are also various non-commercial anti-spyware tools like Spybot Search and Destroy and ad-aware which is free for non-commercial use. Don't go for unknown products and if you must, then do a search for review from popular spyware forums like spywarewarrior.com before deciding. Don't pay the anti-spyware programs to 'remove' what they install into your system. RPCSS+ Terminating a malware process About Us We are network support specialist serving corporate clients in Singapore. Our range of services includes :- System support and maintenance Network setup and maintenance Disaster recovery Internetworking View our full computer product price list Great Deals @ Geeks.com! ----- Original Message ----- From: "Missy Hoppe" <melissah@xxxxxxxx> To: <jfw@xxxxxxxxxxxxx> Sent: Tuesday, June 26, 2007 10:39 PM Subject: anyone know what dllhost.exe is? Hello, all. I'm still trying to pinpoint the reason why my new system becomes sluggish after running for a few hours. I've sent my task list to someone local, and the only thing he's never heard of is called dllhost.exe. Does anyone know what this program is? Is it essential to the functioning of Windows? If not, does anyone have any ideas how I might get rid of it? Thanks in advance for any advice any of you might be able to provide in this matter. Missy -- JFW related links: JFW homepage: http://www.freedomscientific.com/ Scripting mailing list: http://lists.the-jdh.com/listinfo.cgi/scriptography-the-jdh.com JFW List instructions: To post a message to the list, send it to jfw@xxxxxxxxxxxxx To unsubscribe from this mailing list, send a message to jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line. Archives located at: //www.freelists.org/archives/jfw If you have any concerns about the list, post received from the list, or the way the list is being run, do not post them to the list. Rather contact the list owner at jfw-admins@xxxxxxxxxxxxxx -- JFW related links: JFW homepage: http://www.freedomscientific.com/ Scripting mailing list: http://lists.the-jdh.com/listinfo.cgi/scriptography-the-jdh.com JFW List instructions: To post a message to the list, send it to jfw@xxxxxxxxxxxxx To unsubscribe from this mailing list, send a message to jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line. Archives located at: //www.freelists.org/archives/jfw If you have any concerns about the list, post received from the list, or the way the list is being run, do not post them to the list. Rather contact the list owner at jfw-admins@xxxxxxxxxxxxxx