regservr32 using 38% of CPU

[Lenster]

Found out is was C:\Windows\System32\Tasks\D3E0B680-6C27-84C8-80D6-194FAA347F7F\\
This was in my task scheduler with the name : D3E0B680-6C27-84C8-80D6-194FAA347F7F and multiple triggers
1. At user login
2 repeat at 03:00:00 for 1 day

It executes: C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/5fdf2954816d9acc /q" "C:\PROGRA~3\2B1EB0~1\{F6771~1." C:\PROGRA~3\2B1EB0~1\

Never saw the High CPU until today.
I disabled the task with no noticable problems yet.
Does anyone know what this is?

Len

 

[Regedit32]

Hmm interesting question.

The trigger C:\Progra~1 ought to open in File Explorer to C:\ProgramData

At that location you must have a sub-directory listed named 2B1EB0~1 or something to that affect.

If you opened File Explorer, and in its addressbar pasted C:\Progra~3\2B1EB0~1 then pressed enter key you ought to navigate to the directory and be able to determine what program is being called on with your Scheduled Task.

My guess is you have installed a third party application that has set up a scheduled task. The regsrv32 belongs to Windows and is normally used to registry dynamic library links belonging to a particular application. Once registered there should be no need to re-register them, hence my opening comment: ' Interesting question '

 

[Lenster]

Thanks for your input. I did as you suggested but there was no subdirectory 2B1EB0~1 or anything close. I restored a backup from last week and I will monitor the task scheduler to see if anything strange pops up.

 

[Regedit32]

Fair enough.

I wonder whether its a ' hidden directory '.

Intriguing nevertheless.

 

[Lenster]

Yeah but I already had show hidden and system files turned on in explorer.
As you said "Intriguing"

 

[Regedit32]

Just wondering, if you use the first layer trigger only: i.e. c:\progra~3 what directories do you see listed?

This is what I see on mine:

 

[Lenster]

Here is mine
Tachyon is a vestige and only contains log files,Caphyon is for NORDVPN, and Ioffsvc contains only a txt file

 

[Regedit32]

Well you've clearly installed a few more things than me.

I guess at some time you've removed something that left behind an old task. Whatever that was, anyone's guess.

 

[Lenster]

Well you've clearly installed a few more things than me.

I guess at some time you've removed something that left behind an old task. Whatever that was, anyone's guess.

Thanks for your interest and help