What is this process?
Solution 1
It is a Microsoft Windows DistributedCOM server. It is safe as far as I can tell. I have seen it on other systems that were couple of weeks old and didn't get chance to get infected :).
Solution 2
This is an old question. But the correct answer can be found here: http://www.sevenforums.com/performance-maintenance/218109-rundll32-exe-running-all-time.html
That GUID maps to the "Shell Hardware Mixed Content Handler", which is a COM handler that needs to run as "Interactive User", meaning run in a logged-on user's session (that's you ). The reason it needs to run in the context of a logged-on user is that it's actually the Autorun handler (enabling Autorun on my own Win7 box causes the same process to be spawned).
If you don't want to see it, go into the control panel and disable Autorun. Otherwise, it needs to run for Autorun to work properly.
answered there by cluberti on 07 Mar 2012
Related videos on Youtube
Pylsa
SO has abandoned its ideals some time ago https://meta.stackexchange.com/questions/333965/firing-mods-and-forced-relicensing-is-stack-exchange-still-interested-in-cooper https://meta.stackexchange.com/questions/342039/firing-community-managers-stack-exchange-is-not-interested-in-cooperating-with https://meta.stackexchange.com/questions/336526/stack-overflow-is-doing-me-ongoing-harm-its-time-to-fix-it https://meta.stackexchange.com/questions/336731/to-reach-out-on-monica-the-lavender-community-and-the-future-of-the-stack-exc/336760#336760 https://meta.stackexchange.com/questions/336639/what-if-anything-can-se-do-to-resolve-the-ongoing-conflict-in-a-timely-way/336642#336642 https://meta.stackexchange.com/questions/336177/feedback-post-moderator-review-and-reinstatement-processes/336280#336280
Updated on September 17, 2022Comments
-
Pylsa over 1 year
The following process seems to be running all the time:
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
Anyone know what it is?
Scanned with MalwareBytes and Kaspersky Internet Security 2011
Using Windows 7 Ultimate 64 bits.
-
Nathan G. over 13 yearsrundll32.exe is a standard Windows/MS program to initialize a DLL. shell32.dll is a standard Windows/MS extension. The interesting part is the SHCreateLocalServerRunDll. Google doesn't shed any light on that. Does Registry Editor find anything in your registry for the hex argument at the end?
-
Pylsa over 13 years@Nathan did not find anything of interest when looking for "995C996E-D918-4a8c-A302-45719A6F4EA7"
-
Moab over 13 yearsWhy are you suspicious of this legit Windows system file?
-
Pylsa over 13 years@Moab because I can't seem to find the source of why this is running... I've never had this process before and I haven't installed anything in the meantime.
-
Moab over 13 yearsTry Process Explorer, a powerful tool if you know how to use it..technet.microsoft.com/en-us/sysinternals/bb896653
-
Moab over 13 yearsYou can also use PE to enable boot logging, maybe this will show what is loading it...msigeek.com/6231/โฆ
-
Pylsa over 13 years@Moab Process Explorer didn't help, it was the first thing I looked for. The process seems to be owned by svchost.exe
-
Pylsa over 13 years@Moab I most certainly will... It real bad practice of leaving a question unsolved if you've solved it yourself...
-
Moab over 13 yearsAfter googling, I cannot find anything negative about "shell32.dll,SHCreateLocalServerRunDll" Have you scanned for nasties?
-
Pylsa over 4 yearsReading back my own comments and questions, I can only cringe. I am so sorry everyone ๐ญ
-
-
Pylsa over 13 years@digitxp - According to Wiki it's a long deprecated technology, why would this still be on my Win7 64 bits computer?
-
Admin over 13 yearsI guess backwards compatibility with .net frameworks
-
Moab over 13 yearsMicrosoft always uses long deprecated technology! You must be a Linux/Unix user.
-
Pylsa over 13 years@Moab Well mainly yes xD Is it that obvious huh?
-
Moab over 13 years@BloodPhilia, yes you seem to be Bright, logical, polite and a bit pragmatic, none of which works well when solving problems in Windows.. ;-)
-
Pylsa over 13 years@Moab Haha, well I'll consider that a compliment sir... And what brilliant deduction abilities! Chapeau!
-
Moab over 13 years@BloodPhilia, how did you know I am a Sir, now you are scaring me with your 6th sense!
-
Pylsa over 13 years@Moab And I think the Linux Badge might've given me away as well ;) Ah well, a Sir you behave good Sir!
-
Moab over 13 yearsBadge?, I don't look at that stuff, actually was a logical conclusion after reading many of your posts.
-
Pylsa over 13 years@Moab Read many of my post have you? I'll consider you my first fan! ;D
-
Moab over 13 years@Bloodphilia, its hard not to, you are all over this place!
-
Pylsa over 13 years@Moab hope that isn't a bad thing! :D
-
Moab over 13 yearsIts all good...
-
Pylsa over 13 years@Moab Good good! :D As a matter of fact, I do come across your name more often and often! Keep up the good work!
-
Moab over 13 years@Bloophilia, interesting one here....superuser.com/questions/224112/โฆ