>Is the DLLHost the "real" DLLHost. I remeber that one worm created a "fake" SVCHOST and a "fake" DLLHost. The fake ones were hi-jackers.
I don't know. The client switched to low isolation and this file is no longer in effect. Instead, it is INETINFO which is used. Using low isolation has improved the server stability.