Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UAC Request


  • Please log in to reply
9 replies to this topic

#1 valcom

valcom

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 07 May 2018 - 09:55 AM

hi everybody,

 

Win10 version 1709.16299.371 running on a Dell Latitude E7440 laptop, under a Standard User Account.

 

This morning I received a UAC popup requesting permission to run the following: 

  • Local Hash DBUpdater by Sutherland Global Systems.

I denied the request.

 

I ran a Malwarebytes scan and a Winbdows defender scan which returned no malicious items.

 

It is a secondhand laptop but was a profesionnal use.

 

Thank you for any feedback.


Edited by hamluis, 07 May 2018 - 11:21 AM.
Moed from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:53 AM

Posted 07 May 2018 - 03:09 PM

Welcome to BC...

 

According to another topic here at BC this could be related to Dropbox. TFC was credited with solving the problem.

 

Download TFC to your desktop

  • close any open windows
  • double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • click the Start button to begin the process
  • allow TFC to run uninterrupted
  • the program should not take long to finish it's job
  • once its finished it should automatically reboot your machine
  • if it doesn't, manually reboot to ensure a complete clean.

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 valcom

valcom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 08 May 2018 - 02:58 AM

Thank you I will try today.

I don't use dropbox but anyway a TFC scan will do it.

 

From what I have seen it affects only Dell computers.

 

I will share the logfile.



#4 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:53 AM

Posted 08 May 2018 - 04:21 AM

Look for PC Doctor in your scheduled Tasks and in installed programs. You can use CCleaner to

do that and if you would like for me to offer suggestions follow the instructions below.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 valcom

valcom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 08 May 2018 - 03:02 PM

I have done the homework but can find a way to upload the logs.

Can you help me with that?



#6 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:53 AM

Posted 08 May 2018 - 03:07 PM

Once you have clicked on the button the lists will be saved in your documents folder....usually.

Copy and paste those three lists into the next post.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 valcom

valcom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 09 May 2018 - 04:58 AM

Startup

Yes    HKCU:Run    AdobeBridge        
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\valen\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes    HKLM:Run    AdobeAAMUpdater-1.0    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes    HKLM:Run    AdobeCS6ServiceManager    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Yes    HKLM:Run    Apoint    Alps Electric Co., Ltd.    "C:\Program Files\DellTPad\Apoint.exe"
Yes    HKLM:Run    RtHDVBg    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
Yes    HKLM:Run    SecurityHealth    Microsoft Corporation    %ProgramFiles%\Windows Defender\MSASCuiL.exe
Yes    HKLM:Run    SwitchBoard    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Schedule tasks

Yes    Task    Adobe Flash Player NPAPI Notifier    Adobe Systems Incorporated    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe -check plugin
Yes    Task    AdobeAAMUpdater-1.0-MicrosoftAccount-valentin_comte@hotmail.fr    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes    Task    AdwCleaner_onReboot    Malwarebytes    C:/Users/opera/Downloads/AdwCleaner.exe /r
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    Dell SupportAssistAgent AutoUpdate    Dell Inc.    C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate
Yes    Task    OneDrive Standalone Update Task-S-1-5-21-2297884816-3021709504-3496776757-1001    Microsoft Corporation    %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
No    Task    Optimize Push Notification Data File-S-1-5-21-2297884816-3021709504-3496776757-1001        
Yes    Task    PCDDataUploadTask        "uaclauncher.exe" -lloc dataupload --ignoresecondarysplash --runsilently --skipidlewait
Yes    Task    PCDEventLauncherTask    PC-Doctor, Inc.    "C:\Program Files\Dell\SupportAssist\sessionchecker.exe"
Yes    Task    PCDoctorBackgroundMonitorTask    PC-Doctor, Inc.    "C:\Program Files\Dell\SupportAssist\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently
Yes    Task    RtHDVBg_PushButton    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
Yes    Task    SystemToolsDailyTest        "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently

Install

Actualité    Microsoft Corporation    04/04/2018        4.23.10923.0
Adobe Acrobat Reader DC - Français    Adobe Systems Incorporated    04/04/2018    257 MB    18.011.20038
Adobe Flash Player 29 NPAPI    Adobe Systems Incorporated    08/04/2018    19,8 MB    29.0.0.113
Adobe InDesign CS6    Adobe Systems Incorporated    01/04/2018    2,11 GB    8.0
Adobe Photoshop CS6    Adobe Systems Incorporated    09/04/2018    2,41 GB    13.0
Alarmes et horloge    Microsoft Corporation    04/05/2018        10.1804.1101.0
Astuces    Microsoft Corporation    02/05/2018        6.10.10872.0
Calculatrice    Microsoft Corporation    02/05/2018        10.1804.911.0
Caméra    Microsoft Corporation    07/04/2018        2018.227.30.1000
Cartes    Microsoft Corporation    08/04/2018        5.1711.10477.1000
CCleaner    Piriform    08/05/2018        5.42
Contacts    Microsoft Corporation    08/04/2018        10.3.3472.1000
Courrier et calendrier    Microsoft Corporation    26/04/2018        17.9126.21785.0
CyberGhost 6    CyberGhost S.A.    18/04/2018    28,6 MB    
Dell ControlVault Host Components Installer 64 bit    Broadcom Corporation    31/03/2018    11,4 MB    3.4.8.14
Dell SupportAssist    Dell    31/03/2018    197 MB    2.0.6875.668
Dell SupportAssistAgent    Dell    31/03/2018    40,1 MB    2.1.4.14
Dell Touchpad    ALPS ELECTRIC CO., LTD.    31/03/2018        10.1207.101.103
Dolby Access    Dolby Laboratories    21/04/2018        2.2.173.0
Enregistreur vocal    Microsoft Corporation    07/04/2018        10.1803.613.1000
Films et TV    Microsoft Corporation    07/04/2018        10.17122.16211.1000
Groove Musique    Microsoft Corporation    07/04/2018        10.18011.13411.1000
Hub de commentaires    Microsoft Corporation    04/05/2018        1.1712.1141.0
Hôte de l'expérience du Windows Store    Microsoft Corporation    18/04/2018        11803.1001.8.0
Intel® Network Connections Drivers    Intel    31/03/2018    916 KB    22.3
JDownloader 2    AppWork GmbH    09/04/2018        2.0
Logiciel Intel® PROSet/Wireless    Intel Corporation    31/03/2018    301 MB    18.11.0
Malwarebytes version 3.4.5.2467    Malwarebytes    09/04/2018    181 MB    3.4.5.2467
Messages    Microsoft Corporation    31/03/2018        3.37.23004.0
Microsoft Office Professionnel Plus 2013    Microsoft Corporation    01/04/2018        15.0.4569.1506
Microsoft OneDrive    Microsoft Corporation    02/05/2018    100 MB    18.065.0329.0002
Microsoft Pay    Microsoft Corporation    06/04/2018        2.2.18065.0
Microsoft Solitaire Collection    Microsoft Studios    04/05/2018        4.1.4251.0
Microsoft Sticky Notes    Microsoft Corporation    06/04/2018        2.1.18.0
Microsoft Store    Microsoft Corporation    04/05/2018        11803.1001.11.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    01/04/2018    4,84 MB    8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    09/04/2018    6,83 MB    8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    01/04/2018    13,1 MB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    02/04/2018    13,2 MB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    01/04/2018    10,1 MB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    02/04/2018    10,1 MB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    01/04/2018    13,8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    01/04/2018    11,1 MB    10.0.40219
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020    Microsoft Corporation    04/04/2018    23,6 MB    14.13.26020.0
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020    Microsoft Corporation    04/04/2018    20,1 MB    14.13.26020.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    01/04/2018        10.0.50903
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA    Microsoft Corporation    01/04/2018        10.0.50903
Mon Office    Microsoft Corporation    31/03/2018        17.8830.7600.0
Mozilla Firefox 59.0.3 (x64 en-US)    Mozilla    04/05/2018    146 MB    59.0.3
Mozilla Maintenance Service    Mozilla    31/03/2018    278 KB    59.0.2
Météo    Microsoft Corporation    04/04/2018        4.23.10923.0
OBS Studio    OBS Project    04/04/2018        21.1.0
Obtenir de l'aide    Microsoft Corporation    26/04/2018        10.1706.10952.0
OneNote    Microsoft Corporation    18/04/2018        17.9226.20641.0
Package de pilotes Windows - Intel Corporation (iaStorA) HDC  (11/17/2015 14.8.1.1043)    Intel Corporation    31/03/2018        11/17/2015 14.8.1.1043
Package de pilotes Windows - Intel Corporation (iaStorA) SCSIAdapter  (11/17/2015 14.8.1.1043)    Intel Corporation    31/03/2018        11/17/2015 14.8.1.1043
Paint 3D    Microsoft Corporation    26/04/2018        4.1804.13047.0
Photos    Microsoft Corporation    02/05/2018        2018.18031.15820.0
Plans mobiles    Microsoft Corporation    31/03/2018        3.1710.3044.0
Print 3D    Microsoft Corporation    31/03/2018        2.0.10611.0
Programme d'installation d'application    Microsoft Corporation    07/05/2018        1.0.20921.0
Realtek Audio COM Components    Realtek Semiconductor Corp.    31/03/2018    599 KB    1.0.2
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    31/03/2018        6.0.1.6070
SketchBook    Autodesk Inc.    02/05/2018        1.8.0.0
Skype    Skype    26/04/2018        12.1813.286.0
Spotify    Spotify AB    21/04/2018        1.78.999.0
SupportAssist Driver Update    Dell Inc.    31/03/2018        1.5.0.0
TAP-Windows 9.21.2        18/04/2018        9.21.2
Visionneuse de réalité mixte    Microsoft Corporation    26/04/2018        4.1804.19012.0
VLC media player    VideoLAN    31/03/2018        3.0.1
WinRAR 5.50 (64-bit)    win.rar GmbH    31/03/2018        5.50.0
Xbox    Microsoft Corporation    31/03/2018        39.39.21002.0
Xbox Game bar    Microsoft Corporation    31/03/2018        1.24.5001.0
Xbox Game Speech Window    Microsoft Corporation    31/03/2018        1.21.13002.0
Xbox Identity Provider    Microsoft Corporation    07/04/2018        12.39.13003.1000
Xbox Live    Microsoft Corporation    31/03/2018        1.11.29001.0


 



#8 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:53 AM

Posted 09 May 2018 - 08:18 AM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    AdobeBridge        
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\valen\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes    HKLM:Run    AdobeAAMUpdater-1.0    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes    HKLM:Run    AdobeCS6ServiceManager    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

Yes    HKLM:Run    SwitchBoard    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    Adobe Flash Player NPAPI Notifier    Adobe Systems Incorporated    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe -check plugin
Yes    Task    AdobeAAMUpdater-1.0-MicrosoftAccount-valentin_comte@hotmail.fr    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes    Task    AdwCleaner_onReboot    Malwarebytes    C:/Users/opera/Downloads/AdwCleaner.exe /r
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    Dell SupportAssistAgent AutoUpdate    Dell Inc.    C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate
Yes    Task    OneDrive Standalone Update Task-S-1-5-21-2297884816-3021709504-3496776757-1001    Microsoft Corporation    %localappdata%\Microsoft\OneDrive

\OneDriveStandaloneUpdater.exe

Yes    Task    SystemToolsDailyTest        "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently

 

Delete these Tasks: Use CCleaner by clicking on each item and choosing Delete on the right.

Yes    Task    PCDDataUploadTask        "uaclauncher.exe" -lloc dataupload --ignoresecondarysplash --runsilently --skipidlewait
Yes    Task    PCDEventLauncherTask    PC-Doctor, Inc.    "C:\Program Files\Dell\SupportAssist\sessionchecker.exe"
Yes    Task    PCDoctorBackgroundMonitorTask    PC-Doctor, Inc.    "C:\Program Files\Dell\SupportAssist\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently

 

Did you intentionally install this VPN....TAP-Windows 9.21.2        18/04/2018        9.21.2

Or any other VPN? If not, I suggest you uninstall it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 valcom

valcom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 09 May 2018 - 08:29 AM

Thank you.

I installed CyberGhost 6    CyberGhost S.A.    18/04/2018    28,6 MB   as a VPN but not TAP-Windows.

 

Thanks for the tips will it it



#10 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:53 AM

Posted 09 May 2018 - 10:13 AM

CyberGhost is probably using Tap. Keep it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users