Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by Caveman

  1. While I'm not fully aware of the exact methods UPHClean uses, I do know it is a completely safe program. After all, it's a part of Windows Vista by default.

    Is "Sanity Check" the name of the program reporting this?

    Yes, that's the name "Sanity Check" I use it to check for hidden rootkits, but I should clarify, the program states that as a general rule programmers should not use that mehtod of hooking unless they are very very good, so as you say it's part of vista so probably no issue there. It was merely pointing out the methods which it used should only and can only be done by extremely good programmers, otherwise it is probably some sort of Rootkit activity of a general nature which could cause more problems as it could very easily make windows unstable.

  2. Up for discussion: What do you guys think, is this a potential problem in UPH Cleanup.

    This is the result of a scan using " Sanity Check" , the results of the scan are posted here:The application says UPH is intercepting system services. I know its purpose but is theier arisk using the program causing a even bigger issue.

    System routines are being intercepted

    One or more system services are being intercepted on your system. This could be initiated by a rootkit or malware but there is also the possibility a security product is responsible for this. With the indications given you should find out if this is the work of a product that you have installed deliberately or not. Note that these SSDT hooks are very notorious because they rely on undocumented techniques and are incredibly difficult to implement right for a programmer. Even if they are installed by a legitimate product, these hooks very often are the cause of sudden unexpected reboots, blue screens, hangups and other misery. If you have more than one product installed which makes use of these techniques then your system is almost sure to be messed up.

    The module uphcleanhlp.sys is hooking the kernel to intercept base system services.

    Information about the responsible module uphcleanhlp.sys:

    file path: c:\windows\system32\drivers\uphcleanhlp.sys

  3. I am using the 15 day trial version, and it is using least processing speed then even MBAM,and is only 14.29MB and has quite a few features and the scanner is lightning quick. I had to remove SuperAntispyware it either updates only once a day or twice then there's a gap of no updates for 1 1/2 to 2 days. So I may use this and MBAM.

    Hi, its the Caveman here: A little info on Spy Counter: I believe it started as Cybermedia Cleaner, then Microsoft bought the good app, turned it into crap with Microsoft anti-spyware, then some other company bought the engines, revamped it and called it Spy Counter. OK now for testing results, I read all the media hype and so-called editors picks and top scoring of this product. I tested it ver. 2.5, updated for free to vers. 3. standard and Vipre is all hype, used it on many computers. It found the odd trojan and malware issues but really super-antispyware and malwarebytes found all the same entries and removed them, the scanner was actually slow for me. My suggestion: Don't buy, I stopped using it in my arsenal. I need apps that work fast and remove clean. No time to mess around wiating for long scans to finish and find 2 entries while standard cleaners find hundreds of legit issues.

  4. update# 4: more info on Osam Autorun Manager, I like this app more and more, it's like Unhackme and and Regassasin and Unlocker in one easy scan format and a whole lot more and Its free.


    Only experienced Techs should test or use this product ok.

    OSAM" (Online Solutions Autorun Manager) is a powerful and reliable tool for controlling the 'cleanliness' of components and applications that are automatically loaded or started under certain conditions without user's consent.

    "OSAM" provides an easy one-click way of obtaining detailed information about the components that are run automatically at the system start and can potentially affect its operation.

    Basically, all types of malicious software that have been around for the last 7-10 years use various mechanisms of sticking to an infected system. With this product, you will be able to monitor and control these activities and, which is more important, eradicate the threat on your own.

    Image Image Image

    Rootkits are one of the biggest threats for end user systems. This malicious software integrates into the system on a very low level and completely hides its presence. The user is often totally unaware that the computer is being controlled by hackers. But that's not a problem: whether it's a hidden start of a rootkit driver or other hidden keys, "OSAM" will detect any of these autorun variants.

    Modern malicious software, such as adware, spyware and spambots cannot be completely removed by existing anti-virus solutions. However, such treatment attempts often leave the user without working network connections or damage other system components. The user becomes helpless and alone with the problem. The "OSAM" manager will easily solve this problem!

    Image Image Image

    The virus blocks access to a registry key or file? You can't remove them using any possible means? The "OSAM" manager will tackle this problem, too*.

    If the user is experiencing problems, he can use several program functions to seek experts' assistance (for instance, on our forum) - save a detailed system report (all autoruns) or save a full snapshot of the startup data (in the same form as on the user's system).

    Downloads >>

    Functional capabilities:

    * support of virtually all known methods of automatic loading using the system registry or special folders;

    * automatic detection of the peculiarities of settings on specific user systems;

    * validation of digital file signatures;

    * color marking of file statuses for better comprehension;

    * filtering by statuses of detected objects;

    * search by masks using any parameter in any display mode;

    * output of additional information for any object type;

    * output of detailed file information, validation of file existence and accessibility;

    * temporary disablement of registry objects or files without creating additional keys or subfolders;

    * generation of two types of report files (text and HTML*) with all autoload information.

    Unique capabilities:

    * protection against rootkits by detecting hidden registry keys and records using the method of direct registry data analysis (without using OS functions);

    * comprehensive support of LSP (Layered Service Providers) filters deletion and recovery with rearrangement of the providers chain;

    * support of namespace providers (NSP) with rearrangement of the providers chain*.


    * a completely free application!

    * grouping by file objects enables you to quickly find all links to a specific automatically loaded file;

    * regular updates of the methodological database after the analysis of in-the-wild malicious software;

    * full Unicode support (any national characters, filenames and registry data);

    * support of visual themes (skins) for users who do care how their favorite software looks.

    Downloads >>

    * - available only for registered users (conditions may be changed in the near future)


    * Microsoft Windows 2000

    * Microsoft Windows XP

    * Microsoft Windows 2003

    * Microsoft Windows Vista

    The company is currently working on providing full support of these operating systems:

    * Microsoft Windows XP x64

    * Microsoft Windows 2003 x64

    * Microsoft Windows Vista x64

  5. Update#2: I emailed the Company in Russia re; the Keybaord access request concern i have , and checked out the other things in the program, Interesting is there full instructions on using the program to get rid of all the Trojan Vundo problems. Very nice:

    Link is here for the Visdeo and Instructions within OSAM Automanager:



    How to remove the Vundo Trojan (also known as Virtumonde, Virtumondo, Virtumundo, Monder, Monderb, MS Juan) using the OSAM Autorun Manager (Portable Version, 3.63mb or Installation Package, 8.84mb).

    Please note! These steps are only for the Windows XP / 2003 / 2000 users.

    1. First you should click on the "Settings" button in the top menu:

    OSAM Menu - Settings

    And then change the value for "Disable objects using the driver" option to "Always", as it is shown below:

    OSAM Settings - Driver Mode: Always

    2. Now look through the list of the objects and find the randomly-named .DLL files under the following registry keys:

    Internet Explorer section:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

    Winlogon section:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

    Explorer section:


    Randomly-named .DLL files means something like that: nnnkLcCU.dll, opNdccDV.dll, hgGxyXQH.dll, yfcfqtfd.dll, cbxvttsR.dll, pmnkLCSk.dll. And these files should be located in the WINDOWS\system32 directory.

    Use the OSAM Online Malware Scanner function, if you have problems with finding the right ones:

    OSAM: Scan using Online Malware Scanner

    3. Disable the trojan entries by removing the checkmarks in the checkboxes next to these randomly-named .DLL files.

    4. Once you have finished with the disabling the items, press the "Apply" button:

    OSAM: Apply Button

    You will see the list of the disabling items (press the "Close" button) and then the following message will be displayed:

    OSAM: Reboot now

    Press the "Reboot now" button.

    Once your computer will be rebooted, the Vundo Trojan will be disinfected.

    1. Start the OSAM again - you will see the report about deleted entries.

    2. Press the "Settings" button to change the value for "Disable objects using the driver" option back to "For undeletable objects only".

    3. Also you can use the "Jump to file" function to delete the inactive trojan files:

    OSAM: Jump to file

    4. And then use the "Delete from storage" function to delete the disabled items from the list of the objects:

    OSAM: Delete from storage

    If you still need help or have any questions - you are welcome to our forum. To register on forum please follow this instruction.

    Comments and discussion are here.

    Step-by-step Vundo removal video instruction:

    Comments and discussion are here

  6. Update on Autorun Manager: after install and running the program, it removed the few things I choose to remove, and then I scanned my entire system with SAS, Malwarebytes, 5 rootkit scanners, Hi-jack This, Kasperskey A/V tool, Avira Anti-virus, Pest Patrol by CA, AVAST A/V tool, unhackme 4.8, SBS& D, and DAF to see if any policies restriction had taken place. Well everything was except 5 cookies found. So, it looks ok so far, But I'm still concerned about the program wanting direct access to my keyboard.

  7. OK, I checked out one of our Visitors requests at our for an an evaluation of his product. Said he had a new security software company in RU. Flags went off right away, but I checked out the site and downloaded OSAM Auto Manager. Interesting product, upon Installing it things were going well, then Comodo firewall flagged a request for direct access to my Keyboard, ohhh, I din't like that and said " deny access" this is a great example of why Comodo Firewall Pro is an excellent product. the product Install continued , no bad effect from saying "NO access" , then it asked for Direct access to the hard-drive, well many programs need that like disk management and defraggers, but again being cautious I said " Deny Access always in Comodo. it continued on and seemed to install fine.

    I opened the product up. Normal popups from Comodo 3 more time based on my actions, I expected those to pop up and I said " allow access to the internet to check its database for questionable files it found on my Hard drive. OK then it allowed me to view items in fairly unique way, I have not seen this combination of associating the registry entries to the program in such an easy to read format before. The scans themselves were very fast. I saw some entries which i thought were gone, the crap by Paretologic that I tested previously. So my question is to others, could this Keyboard access thing denied by Comodo be a keylogger? Well my first step was to submit the installer 8.7 mb to Virus Total online scanners. I wouldn't go to all this trouble but this app has very good possibilities and I don't want to dismiss it out of hand. The results are posted here, it back all clean. if anyone wishes to test and provide feedback i would appreciate the assistance. I will scan my entire system now looking for infections of any type, my previous full scans came up 0 before so any change should be related to the app. Wish me luck.

    I'll let you know how it went.

    Virus Total:

    Results: File osam_autorun_manager.msi received on 10.11.2008 21:52:38 (CET)

    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

    Result: 0/35 (0%)

    Loading server information...

    Your file is queued in position: 1.

    Estimated start time is between 37 and 53 seconds.

    Do not close the window until scan is complete.

    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

    If you are waiting for more than five minutes you have to resend your file.

    Your file is being scanned by VirusTotal in this moment,

    results will be shown as they're generated.

    Compact Print results

    Your file has expired or does not exists.

    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.


    Antivirus Version Last Update Result

    AhnLab-V3 2008.10.10.1 2008.10.10 -

    AntiVir 2008.10.11 -

    Authentium 2008.10.11 -

    Avast 4.8.1248.0 2008.10.11 -

    AVG 2008.10.11 -

    BitDefender 7.2 2008.10.11 -

    CAT-QuickHeal 9.50 2008.10.11 -

    ClamAV 0.93.1 2008.10.11 -

    DrWeb 2008.10.11 -

    eSafe 2008.10.08 -

    eTrust-Vet 31.6.6141 2008.10.10 -

    Ewido 4.0 2008.10.11 -

    F-Prot 2008.10.11 -

    Fortinet 2008.10.11 -

    GData 19 2008.10.11 -

    Ikarus T3. 2008.10.11 -

    K7AntiVirus 7.10.491 2008.10.11 -

    Kaspersky 2008.10.11 -

    McAfee 5403 2008.10.11 -

    Microsoft 1.4005 2008.10.11 -

    NOD32 3515 2008.10.11 -

    Norman 5.80.02 2008.10.10 -

    Panda 2008.10.11 -

    PCTools 2008.10.11 -

    Prevx1 V2 2008.10.11 -

    Rising 2008.10.10 -

    SecureWeb-Gateway 6.7.6 2008.10.11 -

    Sophos 4.34.0 2008.10.11 -

    Sunbelt 3.1.1715.1 2008.10.11 -

    Symantec 10 2008.10.11 -

    TheHacker 2008.10.11 -

    TrendMicro 8.700.0.1004 2008.10.10 -

    VBA32 2008.10.10 -

    ViRobot 2008.10.10.1416 2008.10.10 -

    VirusBuster 2008.10.11 -

    Additional information

    File size: 9299968 bytes

    MD5...: f3d6426eaa31be98618c21210bbc1054

    SHA1..: c246aea1f15bbe65061709c053a31c9db4cb5e9c

    SHA256: e67ead2b31bbda8153c9765e60d26d9d9e4e7513f97d1279c4e084c7afebad05

    SHA512: 9da42d7aa1e4b8e1e77eec32de7b491a1eb06e926390f1d56083204b276ec270


    PEiD..: -

    TrID..: File type identification

    Microsoft Windows Installer (92.7%)

    Windows SDK Setup Transform Script (6.3%)

    Generic OLE2 / Multistream Compound File (0.8%)

  8. My computer updated Firefox and Zone Alarm in the same day. Was previously having to shut down ZA to get on internet. Now everything is screwed up. Tried dial-a-fix which says Error -2147023824 encountered while trying to register Windows\system32\wuaueng.dll - Also my computer will not shut down now. Absolutely NO internet. Word messes up and lots of applications seem to get hung. I am trying to research problems one by one. I am retired and taking classes to learn more about fixing my computer-still in learning stage and trying to put all info received in my poor muddled brain together. Any advice is welcome!

    Try to do a system restore first, Press F8 on start, selct safe mode, select " no and go back a week. Then after its done, unistall ZA ,its crap like Tarun said. Run your scans, then install Comodo and watch what it asks you. ok. Hope this helps.



  9. Spyware Doctor


    Description: Spyware Doctor provides three-way spyware protection for your PC through real-time threat blocking, advanced system scanning and immunization against known browser infections. This is one of the many reasons why the award-winning Spyware Doctor has been chosen by millions of users to protect their PCs against spyware, adware, trojans, keyloggers, spybots and other tracking threats.

    Verdict for Spyware Doctor: Blacklisted - Returns numerous false positives, wants you to purchase the product to remove any infected items found.

    I agree PC Tools Spyware Doctor slows down your system, is bloatware and ineffective crap. Love this Site. Tell it like it is, if millions are using it , or should we say conned or duped into buying it, as the ads for this crap are everywhere. They must pay big kick-backs to websites that push Spyware Doctor crap.

  10. Quite a few AVs are supposed to find rootkits; but in tests I've seen, none of them do as well as the better dedicated antirootkit scanners. The ones that are consistently ranked highest are GMER and Rootkit Unhooker.

    Note: Update on Rootkit Unhooker from Caveman: Microsoft now owns Rootkit Unhooker and SEye….”As you can guess all our source code and concept were sold to MS. The new secret project of Micosoft is SEye ...

  11. Recently I've been considering adding SUPERAntiSpyware to the PC Maintenance guide and into the distributed packages in LunarDownloader. Should this be included, Windows Defender most likely will be removed and replaced by SAS.

    I would like to hear thoughts and opinions on this choice. :jump:

    Nothing against Windows Defender, but its a pain in the rear when I try to connect remotely to a Vista computer, it will often block my attempt, yeah I know maybe its supposed to do that, but even after the client tells it to allow or ignore and I'm coming in on port 80 Geez, and it's freezing me out. I'm all for Super-Antispyware free version, I use it 10 times a day on computers. It's rated in my top 5 tools for cleaning up malware and trojans, great engines, always improving the product, d*** nice program. Windows defender is a real time application but to me its just a real pain in the rear.

  12. nCleaner is pretty good.

    For data recovery, try Avira UnErase.

    Quote form Avira,

    Just to let you know the status, nice product too bad they discontinued it.

    NOTE: The Avira recovery products "Avira UnErase Personal" and "Avira NTFS4DOS" have been discontinued and are no longer supported by Avira. You may download them for personal use only and Avira accepts no liability.

  13. Hi all, The scoop on Bo-clean: I used it for 3 years before it was bought by Komodo, Bo-clean was originally used by many universities to stop trojans spread on the networks, then it became open to everyone, at some point a major over-haul was needed as the scaning engines were not picking of the new types of threats, the company updated the program, but you would have to use the Programs " conflict utility" to stop freezes and conflicts with other software upon boot up, this wasn't big deal. Then Komodo bought it and released it for free, I was surprised it was free, I downloaded it and used it for 2 months, I really never saw it stop many threats on my clients computers, so either the scanners were not effective or everybody unplugged their comps, and you know that did not happen, the scanners were outwitted by the new type of Trojans. I removed it from my arsenal of apps. Hope this helps.

  14. I am using the 15 day trial version, and it is using least processing speed then even MBAM,and is only 14.29MB and has quite a few features and the scanner is lightning quick. I had to remove SuperAntispyware it either updates only once a day or twice then there's a gap of no updates for 1 1/2 to 2 days. So I may use this and MBAM.

    Hi, its the Caveman here: A little info on Spy Counter: I believe it started as Cybermedia Cleaner, then Microsoft bought the good app, turned it into crap with Microsoft anti-spyware, then some other company bought the engines, revamped it and called it Spy Counter. OK now for testing results, I read all the media hype and so-called editors picks and top scoring of this product. I tested it ver. 2.5, updated for free to vers. 3. standard and Vipre is all hype, used it on many computers. It found the odd trojan and malware issues but really super-antispyware and malwarebytes found all the same entries and removed them, the scanner was actually slow for me. My suggestion: Don't buy, I stopped using it in my arsenal. I need apps that work fast and remove clean. No time to mess around wiating for long scans to finish and find 2 entries while standard cleaners find hundreds of legit issues.

  15. :jump: Hello everybody!

    I am a total noob when it comes to forums, let alone tech forums so please understand if I sound like I don't know what I am talking about because chances are I don't!

    I built three machines for my domicile, two mostly for gaming and one machine for all else. Please feel free to give opinions on the choices I made concerning hardware or software, or ask questions because I am here to learn.

    Machine #1 (the newest machine)

    BFG tech Nforce 590 sli ATX mobo(PCI e x2)

    AMD athlon X2 6400 black edition 3.2ghz CPU (dual core, socket AM2)

    4gig OCZ platinum DDR2 800mhz RAM (4x1024)

    evga 8800GTX 768mb RAM graphics card

    ASUS/ageia phys-X P1 card 128mb RAM

    OS; windows vista ultimate 64 bit (I know, I know, I've heard)

    Machine #2 (the oldest machine)

    BFG tech Nforce 4 ultra ATX mobo(PCI e)

    AMD athlon 64 4000+ 2.4ghz CPU (single core, socket 939)

    4gig OCZ platinum DDR 400mhz RAM (4x1024)

    evga 7950gt/oc 512mb RAM graphics card

    ASUS/ageia phys-X P1 card 128mb RAM

    OS; windows XP professional x64 (I've heard about this one too...)

    Machine #3 (the problem child, I don't know why...)

    ASUS A8V-VM SE VIA K8M890 chipset micro ATX mobo (PCI e)

    AMD athlon 64 3200+ 2.0ghz CPU (single core, socket 939)

    1gig PATRIOT DDR 400mhz RAM (2x512)

    XFX Fatality 8500gt 512mb RAM graphics card

    Hauppauge WinTV-PVR 150 mce tuner card

    The BFG mobos are both in customized cooler master centurion 5 cases that have been clearanced for better cooling and extra 120mm fans in each, all the cooling duties are handled by zalmann fans and CPU coolers.

    The micro ATX board is in a cooler master centurion 541 micro ATX case and it does pretty well with a stock cpu cooler an a couple of fans especially considering the graphics card is a fanless heat sink design and the mobo is mounted upside-down in the case.

    Any-hoo the problem child machine has just been rebuilt about two months ago and the media center part of the windows program ceased to work and so in the process of trying to figure the whole thing out I may have wrecked it good. The last thing I tried was a repair installation of windows and after doing that I have lost not only the media center but windows media player 11, internet explorer 7, microsoft update has stopped working and I am not able to upgrade the internet explorer program to version 7 again. I also can not get the windows media player to update to version 11, it would seem the core problem there is the windows validation tool is not working.

    Well I have been told to try dial a fix and after looking at the site associated with the program I figured I need a little more info. Hopefully I will find what I need and more, thank you for letting me be here.

    Hi its the Wisard here: Most common cause would be if by mistake, you used an OEM XP Pro CD, and not not a Media Centre Edition 2005,2006 ect . type CD, that was originally installed on the Problem child Machine, thats my best guess, that would explain you losing Media centre amd becuase of the repair over top, media player 11 would default back to 9 or 10 version, , just download it again from updates. If you did a proper repair of a off a good Media Centre CD everything should have been fie, check the CD you used and determine that please and post back for further instructions. Dial- A Fix can fix your update problems but not the Media Centre issue.

  16. Hi all, Caveman here, easiest way to solve this fellas issue is to direct him into the bios and reset bios to defualt settings which should put voltage settings back to normal setting for his board and processor, it that doesn't work, then its probably failing. Also blow out the Fan and Heatsink to correct over-heating. It may be too late though. Worth a shot.

  17. I admit I'm not a power user, but I thought I could fix my laptop. It wasn't installing Windows updates. So I went to the MS web site and read about Dial a fix. I didn't check available disk space before I ran it, but about a month ago I ran a disk defrag and had plenty of disk space (18 GB disk).

    After I ran DAF, I got a warning about running out of disk space. Sure enough, there's only 400 MB left on my disk. Can someone tell me what to do now?



    DAF would not cause that problem it simply reverts XP settings back to normal. If over a short period of time you lose a lot of space , then look for a utility that came pre-loaded on your system that makes image backups in a hidden directory, I know some toshiba's do that and also leveno's. there is a special key to hit to access the area and stop the backup imaging and recover your lost space. Google: Leveno or Toshiba if that is your laptop brand with the words, hidden backups.

    Regards Caveman

  18. A-squared has had horrible detection and false positives. One website I've seen mentioned how horrible A-squared is, which I agree with. However they say Spybot is useless.

    Perhaps the most disappointing test was A-Squared, which if you ignore the 10 tracking cookies, only detected a paltry 3 threats from the original infection, and none of these were malware as such, but simply mechanisms by which malware may operate. These remained even after cleaning with the previous three products.

    More disappointingly, A-Squared gives no real indication of scan times, having just a progress bar which shows 100% complete long before the scan was actually finished.

    Both Spybot S&D and Spyware Terminator were ineffective against the infections on my test system, detecting approximately 5 – 8% of the original infections. After cleaning, there was nothing left for these to claim any glory at all, and I find it hard to recommend either.

    I agree with Tarun, 'A-squared" is like :"Trojan Remover" all talk, no action and has been around for quite some time, used it many years ago and it was not effective then and the latest re-incarnation is not useful at all to me personally.

  19. Hi everyone, I've been reading everything here and its pretty accurate stuff, I'll make some suggestions soon to help improve this great site information. I troubleshoot and fix computer problems every day 12 hours a day, sometimes more if my wife doesn't catch me at my computer. I support client all over the world remotely. I have a love / hate relationship with Malware and Viruses and other Nasty's out there inthe wild, as I make a good living off other peoples problems fixing the issues. But I'll retire soon to my private little Island if the Phillippines soon, so I'll share my experience and knowledge here so others can help and maybe make some bucks too, hehe!!! If there are any single guys out there who like beautiful women, let me know: <y wife has 20 cousins waiting, haha. Anyway my first recommendation for essential malware/ rootkit removal tool is "Unhackme" 4.8 version. Careful don't rush out there and start using it until you understand that it shows good stuff and bad entries so read the info itis telling you before you kill it. Its a lifesafer.

  • Create New...