3

Ok, so I have my father set up on his Windows 10 PC as a non-admin user with UAC settings set on max. This was intentional. He's about as technologically inclined as a toaster.

Today, his computer started getting a UAC prompt for regsvr. It is trying to run:

regsvr.exe /s "C:\Users\[user]\AppData\LocalLow\{9ABBBE90-D314-493B-A298-B3D91AF855D3}\browser.dll"

This UAC prompt appears about every 2 minutes. I've checked background processes and servers for something that seems amiss, but I haven't found anything that jumps out at me.

I'm afraid it's something malicious. I'm downloading an antivirus suite from work right now, but is there any way I can interpret that GUID to see what exactly is trying to be registered? Or where this call for regsvr is being called from? I've tried typing the path of the dll in explorer and it doesn't take me anywhere.

Improve this question

1 Answer 1

Reset to default
2

If I were you, I would set up Process Monitor to track what's running that command. Set the filter to anything containing that GUID, then let it run for a few minutes until the prompt comes up. That should reveal the source, or at least give you some clues.

Improve this answer
1
  • I apologize for the late reply. My father seriously injured his back yesterday morning, so I spent all day in the ER. I had downloaded / run the antivirus suite and rebooted. When it came back up, I performed a full scan and found nothing (except tracking cookies). I did notice after the reboot he had a graphics driver update, which I proceeded. UAC has not been prompting for anything since the last reboot, so either it gave up or did what it was intended to do (for good or ill). If nothing changes over the next couple days, I'll mark yours as the answer
    – Joshua Parnell
    Commented Dec 8, 2015 at 20:50

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .