UserFaultCheck Problem? yes/no?

Hi,

I've gone through the steps in "DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal". I'm running XP Home with McAfee, Spysweeper, and SP2.

Randomly when I startup a message appears in Spysweeper identifying UserFaultCheck in Startup. If I remove it, it comes back at sometime, maybe when I next login or maybe not for 3 or 4 logins. I THINK? my computer is running slower, especially when online. So, I'm not sure if I have a problem or not. My fear is that sometihng was sucked into System Restore, which is turned off. Any suggestions?

 

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT.
All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Hi,

Here is my log file.

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.skillsoft.com

Again, make sure All Browser Windows are Closed when you Click FIX.


NEXT:
Run CCleaner


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot, Scan with HijackThis and attach the new log and tell me how things are running now.

 

Hi,

Here is the new log file. Everything seems to be working. Lines R1, R3, 015, and 015 are gone in the log file. Since UserFaultCheck randomly appeared I am going to see what happens over 5 or 6 days.

Thanks for all the extremely helpful advise.

 

Log looks clean to me!

Are you having any further problems?

 

Hi,

I logged on this morning and no problems and the speed was excellent. I logged on just now and SpySweeper has the UserFaultCheck note in Startup again. I hate to be a pain the in ___ but. Any other suggestons?

 

Can you attach me some type of log from SpySweeper showing me exactly whats starting up?

 

Hi,

Sorry for the delay but it took awhile before UserFaultCheck came back. I'm not sure if the following is helpful or not. The only detail SpySweeper gave was:

Location: %systemroot%\system32\dumprep 0 -u
Registry or Startup Folder: HKLM run

I'm sure there is more after the -u but it didn't give it.

 

Click Start > Run > Type in msconfig

Make sure ALL are checked, when prompted DO NOT REBOOT!

After you do this attach another HJT log so I can see your startup entries.

Also,
Please download "StartDreck", from here: http://www.niksoft.at/_data/startdreck.zip

Unzip to its own folder and start the program,
Press 'Config'
Press 'Unmark All'
Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'
Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Please attach the log in this thread.

 

Hi,

Here are the 2 log files.

 

Logs look clean to me!

Let SpySweeper accept it and see how things go from there.

 

Hi,

One last time. This time I allowed SpySweeper to accept UserFaultCheck and have repeated HJT and StartDreck. The log files are attached.

Thanks for all your help !!!!

 

Right Click My Computer, select Properties and click the Advanced Tab.

Click on the Settings button in Startup and Recovery.

In the bottom pane - under Write debugging information

Click on the down arrow and then select None

Note: Tell me what it was set at before you change it.

 

Hi,

The setting was set at none. I did not change it.

 

Set it to the below:

• Small memory dump (64KB)

Does it still load on startup?

 

Morning,

I have set to Small Memory Dump. I've only logged on a couple of times and UserFaultCheck hasn't shown up yet. I will try a couple of times tonight.

 

Okay! Let me know.

 

Hi,

I've logged in and out 10 times and UFC has not appeared and the computer speed seems to be fine. Can you think of anything else as I see another similar posting?

 

If you have it set to "Small memory dump (64KB)" that is where its supposed to be by default. So you shouldnt have anymore problems with it.

If you do let us know!

 

Hi,

Thank you for all of your help.

 

Are you having any further problems?

If not, I recommend you see this article on How to Protect yourself from malware!

 

Hi,

I do not have any other problems and will take your advice on the Malware. Thanks again.

 

Good Deal!

Browse Safely!