psylock

Member
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About psylock

  • Rank
    Member
  1. On the Online Armor Firewall Status screen when I check the box to "Resolve Addressess" is it still supposed to show my computer's ip address? Also, I think there is another device logging on to my computer and the Firewall Status Screen is showing that other computer's information. I use the LAN and when I unplug from the network, the Online Armor Firewall Status Screen shows that there are still connections. I do not use wireless, so when I am unplugged there should not be any connections.
  2. It happened again this morning. When I tried to connect to the LAN after the network connections had been reset, the popup asking if I wanted to trust the network showed no network details.
  3. This morning I tried to connect to the LAN after the connection had been reset and I got the popup asking if I wanted to trust the network but there were no network details, please see attachment.
  4. My OS in Windows XP SP3 When I logged into my Admin account this morning and connected to the LAN I checked the Netwok connection in Online Armor and it shows that there are two of the exact same connection, (please see the attached image). Why is it showing a duplicate connection?
  5. Yes, the network connection is always named "Local Area Connection 2" in windows and Service Pack 3 is installed. I have not experienced this issue since my last post.
  6. When I first log into my Windows account and open the Online Armor console if I go to Firewall and click the "Computers" tab sometimes the network connection is labeled Local Area Connection and sometimes it says Local Area Connection 2 (I do not use wireless to connect to the network I use only LAN). If I open the Start menu and click "show all connections" The LAN is labeled "Local Area Connection 2". Shouldn't Online Armor be using information that it gets from my computer? And if so shouldn't it ALWAYS say Local Area Connection 2 for the network connection in the Online Armor console?
  7. No, the uphcleanhlp.sys driver does not exist on the computer period, if it does it is hidden very well. I am unable to find it in the C:\\WINDOWS\system32\Drivers folder. I tried doing a search of the entire C:\ drive, including hidden folders and the uphcleanhlp.sys driver does not exist on the computer when Uphclean service is running and when it is not running.
  8. I went into services and disabled Uphclean service and rebooted the computer and uphcleanhlp.sys did not appear in any of the lists in Online Armor. When I went back into services and restarted the Uphclean service I got an Online Armor popup saying that an autorun uphcleanhlp.sys had been detected, I allowed it to run and told Online Armor to remember my decision. Now the uphcleanhlp.sys driver appears in both the Programs list and the Autoruns list and is highlighted in gray in both lists. So the answer is no uphcleanhlp.sys does not appear in the list when uphclean.exe is not running.
  9. GT500 I tried what you suggested and it didn't work. I was able to get Online Armor to stop blocking the uphcleanhlp.sys driver by setting uphclean.exe in the Programs list as an installer. The uphcleanhlp.sys driver is no longer being blocked at shutdown, but it appears in the Programs list highlighted in gray. Is it supposed to be highlighted in gray (which according to the Legend means that it is absent)? Should I just leave it alone?
  10. Here is my system information: OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit Processor: Genuine Intel® CPU T2400 @ 1.83GHz, x86 Family 6 Model 14 Stepping 8 Processor Count: 2 RAM: 2551 Mb Graphics Card: Mobile Intel® 945 Express Chipset Family, 224 Mb Hard Drives: C: Total - 57231 MB, Free - 49143 MB; Motherboard: Hewlett-Packard, 30AD Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled Online Armor is blocking the autorun driver uphcleanshlp.sys from running. This driver does not appear in autorun list nor does it appear in the Programs(drivers) list. The only place that it appears is in the History log. Here is a copy of the log: Created: 12/7/2013 2:40:26 PM Summary: System shutdown Description: System shutdown at: 12/7/2013 2:40:26 PM Event type: Unknown(20) Event action: None(1) Created: 12/7/2013 2:40:25 PM Summary: Autorun detected: uphcleanhlp.sys Description: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Event type: Autorun(10) Event action: Blocked(3) Created: 12/7/2013 2:35:53 PM Summary: Program Guard: wmiadap.exe Description: C:\WINDOWS\system32\svchost.exe -> C:\WINDOWS\system32\wbem\wmiadap.exe Event type: Program Guard(9) Event action: Allowed(2) Created: 12/7/2013 2:35:53 PM Summary: Program Guard: wmiadap.exe Description: C:\WINDOWS\system32\wbem\wmiadap.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:35:50 PM Summary: Autorun: User decision Description: C:\Program Files\UPHClean\uphclean.exe Event type: Autorun(10) Event action: Allowed(2) Created: 12/7/2013 2:34:41 PM Summary: uphclean.exe: option changed Description: C:\Program Files\UPHClean\uphclean.exe was set to Trusted Event type: Unknown(24) Event action: Trusted(6) Created: 12/7/2013 2:34:23 PM Summary: Program Guard: oadump.exe Description: C:\Program Files\Online Armor\oaui.exe -> C:\Program Files\Online Armor\oadump.exe Event type: Program Guard(9) Event action: Allowed(2) Created: 12/7/2013 2:34:23 PM Summary: Online Armor has finished learning process. Description: "" Event type: Alert(5) Event action: None(1) Created: 12/7/2013 2:32:25 PM Summary: Program Guard: searchfilterhost.exe Description: C:\WINDOWS\system32\SearchIndexer.exe -> C:\WINDOWS\system32\searchfilterhost.exe Event type: Program Guard(9) Event action: Allowed(2) Created: 12/7/2013 2:32:25 PM Summary: Program Guard: searchfilterhost.exe Description: C:\WINDOWS\system32\searchfilterhost.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:24 PM Summary: Program Guard: kernel event Description: OADriver: PostMessage, Msg: 49490/c152 3488 -> 3448, Deny (protected) Event type: Kernel event(26) Event action: None(1) Processes: PID: 3448 Name: oaui.exe PID: 3488 Name: ctfmon.exe Created: 12/7/2013 2:32:24 PM Summary: Program Guard: searchprotocolhost.exe Description: C:\WINDOWS\system32\SearchIndexer.exe -> C:\WINDOWS\system32\searchprotocolhost.exe Event type: Program Guard(9) Event action: Allowed(2) Created: 12/7/2013 2:32:24 PM Summary: Program Guard: searchprotocolhost.exe Description: C:\WINDOWS\system32\searchprotocolhost.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:20 PM Summary: Program Guard: WindowsSearch.exe Description: C:\Program Files\Windows Desktop Search\WindowsSearch.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:19 PM Summary: Program Guard: MSCTF.dll Description: C:\WINDOWS\system32\MSCTF.dll was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:18 PM Summary: Program Guard: oahlp.exe Description: C:\Program Files\Online Armor\oaui.exe -> C:\Program Files\Online Armor\oahlp.exe Event type: Program Guard(9) Event action: Allowed(2) Created: 12/7/2013 2:32:14 PM Summary: Program Guard: AvastEmUpdate.exe Description: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe was trusted by digital signature. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:08 PM Summary: Program Guard: imapi.exe Description: C:\WINDOWS\system32\imapi.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:07 PM Summary: Program Guard: OAui.exe Description: C:\WINDOWS\explorer.exe -> C:\Program Files\Online Armor\OAui.exe Event type: Program Guard(9) Event action: Allowed(2) Created: 12/7/2013 2:32:06 PM Summary: Program Guard: igfxsrvc.exe Description: C:\WINDOWS\system32\igfxsrvc.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:06 PM Summary: Program Guard: SynTPEnh.exe Description: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:03 PM Summary: Program Guard: verclsid.exe Description: C:\WINDOWS\system32\verclsid.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:03 PM Summary: Program Guard: SHELL32.dll Description: C:\WINDOWS\system32\SHELL32.dll was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:02 PM Summary: Program Guard: wmiprvse.exe Description: C:\WINDOWS\system32\wbem\wmiprvse.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:32:02 PM Summary: Program Guard: WgaTray.exe Description: C:\WINDOWS\system32\WgaTray.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:31:58 PM Summary: Program Guard: alg.exe Description: C:\WINDOWS\system32\alg.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:31:56 PM Summary: Firewall: Automatic decision Description: C:\WINDOWS\system32\lsass.exe, Incoming UDP access allowed to: 0.0.0.0:4500 Event type: Firewall: Automatic decision(16) Event action: Allowed(2) Created: 12/7/2013 2:31:56 PM Summary: Firewall: Automatic decision Description: System, Incoming UDP access allowed to: 0.0.0.0:445 Event type: Firewall: Automatic decision(16) Event action: Allowed(2) Created: 12/7/2013 2:31:55 PM Summary: Program Guard: wuauclt.exe Description: C:\WINDOWS\system32\wuauclt.exe was trusted , Windows Update. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:31:55 PM Summary: Program Guard: wuauclt.exe -> svchost.exe Description: C:\WINDOWS\system32\wuauclt.exe(1628) wants to remotely control C:\WINDOWS\system32\svchost.exe(860) Event type: Program Guard(9) Event action: Allowed(2) Created: 12/7/2013 2:31:52 PM Summary: Program Guard: winlogon.exe Description: C:\WINDOWS\system32\winlogon.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:31:52 PM Summary: Program Guard: smss.exe Description: C:\WINDOWS\system32\smss.exe was trusted automatically. Event type: Program Guard(22) Event action: Trusted(6) Created: 12/7/2013 2:31:49 PM Summary: Service started Description: C:\Program Files\Online Armor\oasrv.exe Event type: Program Guard(9) Event action: None(1) Created: 12/7/2013 2:31:49 PM Summary: System boot Description: System boot at: 12/7/2013 2:31:18 PM Event type: System boot(19) Event action: None(1) If this driver is being blocked does that mean that the service uphclean.exe is being blocked from working? I have not gotten any error messages in relation to the uphclean service. I just noticed that the driver is being blocked when I was looking at the log file. I tried doing an uninstall/reinstall of Uphclean with Online Armor Firewall in learning mode and it is still blocked at shutdown. Then I did an uninstall/reinstall of Online Armor and it is still blocking the uphcleanhlp.sys driver at shutdown. Do you have any ideas what I can do to resolve this issue?