The following process seems to be running all the time:
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
Anyone know what it is?
Scanned with MalwareBytes and Kaspersky Internet Security 2011
Using Windows 7 Ultimate 64 bits.
It is a Microsoft Windows DistributedCOM server. It is safe as far as I can tell. I have seen it on other systems that were couple of weeks old and didn't get chance to get infected :).
This is an old question. But the correct answer can be found here: http://www.sevenforums.com/performance-maintenance/218109-rundll32-exe-running-all-time.html
That GUID maps to the "Shell Hardware Mixed Content Handler", which is a COM handler that needs to run as "Interactive User", meaning run in a logged-on user's session (that's you ). The reason it needs to run in the context of a logged-on user is that it's actually the Autorun handler (enabling Autorun on my own Win7 box causes the same process to be spawned).
If you don't want to see it, go into the control panel and disable Autorun. Otherwise, it needs to run for Autorun to work properly.
answered there by cluberti on 07 Mar 2012
