HKLM dumprep 0 -k ???

Discussion in 'other software & services' started by iceni60, Nov 23, 2004.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i have this- dumprep 0 -k , in my HKLM auto start.-

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    it's the program which writes the error report for the memory dump. i dont know what the command means. can you tell me please?

    also in *startup and recovery* i have *write debugging information* set to (small memory dump (64kb)) should i set it to none?

    thanks :)



    ***EDIT*** should i be worried by how it got there in the first place? thank you. :)
     

    Attached Files:

  2. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I switched that one to off
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks gerardwil. i'll change it now; do you think it will change the auto start value? if not, i'll probably fix it with HJT. thanks :cool:

    anyone know what dumprep 0 -k means?

    i just changed it and i wasnt alerted to any start up changes
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    in the last week, since i updated prevx to the latest build, ive had to reinstall 3/4 times because it wouldnt enable protection. the error message was something like the local service wont start. ive now uninstall it completely. could it have something to do with it?
     
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    I'm looking into this Ice, but I don't think you have to worry about it...read a page at Castle Cops awhile back...just can't locate it at the moment. I know it's really just for reporting errors back to M$ and is a non-essential system process. Basically it's installed to log third party program errors, usually caused by a serious crash (non-M$).

    There's a bit more to it though.....either myself or perhaps one of our other buddies could further elaborate. :D :cool:
    I'll see what else I can dig up! ;)

    GF
     
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, GF for your help :cool: . it seems whatever happens i'll end up fixing it with HJT, so its not something you should spend too much time looking into, having said that, thanks for helping out :cool: :cool: [​IMG]
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    That Castle Cop mention stated you CAN let HJT fix it...I've needed that myself once so far, but utilized other means..... :D

    edit : KernelFaultCheck, may be the item to search.....

    GF
     
    Last edited: Nov 23, 2004
  8. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Hello Iceni-

    Did you at one time use Ad-Aware Professional? It had an optional tool that I believe created an HKLM dumprep 0-k. I have my dump reg set to none. If not you may end up with a very large collection of these. If you have windows washer, after you select none I am pretty sure you will get to see exactly how much was deleted. Its an eye opener.

    - HandsOff
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    When something crashes, dumprep writes what happened to a log so that you can see (for troubleshooting purposes and/or to send off to Microsoft) It's normal and nothing to be worried about, but it can safely be turned off if you don't want it.

    Spyware and such can, however, masquerade as that process (much like how some trojans will call themselves svchost.exe so you think it's a system process), so if you have the option for "writing debug information" set to "none" and it still shows up, or is shows up regularly when there are no crashes, you will probably want to do some scanning.
     
  10. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks for the link, GF. i hadnt been able to find anything about the -k cmd, so thanks :)

    HandsOff- i havent had Ad-Aware Professional, but what i might do before i set the value to "none" is enable error reporting, but thinking now, i think it might be to do with the trouble i was having with prevx. my system wasnt able to get it started at startup so i just uninstalled it eariler today. when i do set it to none i'll do some cleaning and see what i find. thanks for the help :)

    Notok- i'll disable it. then do afew scans and hope i dont find anything. im abit worried because i did download a screensaver earlier today, although every thing seems ok, and i trust the site i got it from, and scanned before i installed. thanks for letting me know :)

    EDIT the screensaver i mentioned isnt the one i linked to in ten forward, that one has no malware!
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i just fixed O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k with HJT. when i rebooted it looked like an error message flashed up on the screen. i just checked in Event Viewer and didnt see anything that could have been an error on shutdown. so i suppose i'll do some scans and see what happens.

    Notok, or anyone i want to do an online trojan scan is the www.windowsecurity.com trojan scan good?

    does anyone know where i can find the memory dump logs or what ever they are? thanks :)
     
  12. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Google this Ice for relative info on a dump file - "create memory dump log file xp" or "memory dump log location",
    page with M$ log info here.

    I've never done an online scan for a trojan, but have you forgot? :D Free Services. :D :D ;) :p :cool:
    Good Luck! :-* (sorry I can't vouch for windowsecurity personally, but I would imagine... :doubt: ).

    @Notok (ventures from his PG lair... :D ), see, I knew I've read more about file impersonation. Thanks for the addition. ;)
    @HandsOff, thanks also for your input... :cool:


    GF
     
    Last edited: Nov 23, 2004
  13. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I'm not sure about that scanner, haven't used it and haven't heard anything.. I doubt it would hurt to run it, though.

    %systemroot%\system32\dumprep IS the correct path, however, so what you are probably seeing is Windows not removing it COMPLETELY. I, too, disabled the reporting as in the screenshot you posted, and HJT still shows the same entry.. I'm not 100% sure but I have a feeling that this is just there for the system to use when it needs to.

    %systemroot% is your windows folder.. you'll notice on the screenshot you posted it's in there in a folder called "minidump".. so probably c:\Windows\Minidump\

    Globalforce: :D
     
    Last edited: Nov 23, 2004
  14. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Gimme a break! :D This is still ALL pretty new to me.....j/k
    Just ran the location for minidump and.......absolutly correct Notok. Learned something new. :cool:
    Thankyou kindly, much appreciated! :ninja:

    GF
     
  15. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks again for your help. i had a look in the minidump and its empty. i dont know what to think.

    HandsOff said -I have my dump reg set to none. If not you may end up with a very large collection of these. If you have windows washer, after you select none I am pretty sure you will get to see exactly how much was deleted. Its an eye opener.
    thats what i was looking for, maybe i'll run a couple of cleaners and see if anything turns up. if nothing appears i'll just run some scanners. i was thinking of using some online scanners because my on demand scanners never find anything :D . oh well, i feel like im starting to chace my tail abit. thanks for the help :cool:
     
Thread Status:
Not open for further replies.