DavidR
2
Yes, this has in the last two restarts on my XP Pro system started to get pinged by the anti-rootkit scan 8 minutes after boot. But it is the uphcleanerhlp.sys file that is being pinged for me. So this appears to be something in a recent VPS update.
This is I believe part of the User Hive Profile Cleaner which I installed to close any open user hives which would otherwise slow the XP Closure. The strange thing is I can’t see anything in the anti-rootkit log on this suspect alert. See http://www.windowsitpro.com/article/registry2/what-s-user-profile-hive-cleanup-service-uphclean- for info on UHPclean.
Normally all you would be aware of is the uphclean.exe file in the task manager (as System user).
I have chosen to Ignore it (the recommended option in the alert), but don’t check the Do not tell me about these files in the future (see image example, is that the same/similar as/to yours ?), as I don’t know if there is a way of reversing that decision. So you wouldn’t know what is going on, e.g. if this is eventually corrected and reversed.