%systemroot%\system32\dumprep 0 -k

Discussion in 'malware problems & news' started by Anniel, May 2, 2005.

Thread Status:
Not open for further replies.
  1. Anniel

    Anniel Registered Member

    Joined:
    Dec 1, 2004
    Posts:
    31
    Location:
    London, UK
    I was using Adaware SE to scan my PC and playing some music with Winamp, when I ahd what the error screen described as as "an online crash."

    I allowed a report to be sent to Microsoft, but it has given me a bit of a scare.

    Microsoft said it was to do with my device drivers.

    The message here also appeared.

    %systemroot%\system32\dumprep 0 -k

    I am sorry if I am not specific enough..I was not thinking straight.

    I have XP home, Kapersky AV personal 5
    Kapersky Anti Hacker firewall....both are up to date.

    I use Adaware Personal and Spybot S&D with Teatimer

    I do use other spyware stuff too: SpywareBlaster, CW Shredder and A2 malware detector.

    Can someone advise me what may have gone wrong.

    I hope this message is in the right place.
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    No problem with this Anniel, its a routine thing when you have a crash. Microsoft creates a memory dump in the hope you will send it to them for diagnostic purposes.

    Have a look here:- http://castlecops.com/pstp425499-.html#425499

    This will have caused a new autostart to appear in your start line-up, you don't have to keep it, as I explained in the above post.

    As to what caused the crash, it was probably a conflict of some sort. If it doesn't happen again, I would just not worry about it.

    Edit - If I'm doing an AdAware scan, particularly if it is a full system scan which digs deeper, I just let it get on with it; if you are multi-tasking while you scan this could have caused the conflict.
     
    Last edited: May 2, 2005
  3. Anniel

    Anniel Registered Member

    Joined:
    Dec 1, 2004
    Posts:
    31
    Location:
    London, UK
    Topper,

    Thanks fthat link. I followed the instructions, so I just hope it works out ok. :D
     
  4. Guzuta

    Guzuta Guest

    TopperID, you seem to know about this so could you please explain: I had the same problem, and as you said, it added a new autostart on my startups list. How do I get rid of it? I already turned off "Write debugging info" but the entry is still on my startup list.
     
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Hi Guzuta,

    When you turn off "Write debugging info", you prevent this auto-start being created and added to your startup list the next time you have a crash. But of course that does not get rid of the auto-start that has already been placed in your Registry.

    To remove that there are several ways of proceeding, one way is to get msconfig to suppress it at each startup as explained here:-

    http://www.netsquirrel.com/msconfig/

    Another way is to remove it from your Registry altogether; you would need to click Start/Run and type in 'regedit' (without the qotes) to bring up the Registry Editor. Then you navigate to:-

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Once you click on the 'Run' Key file icon in the left hand pane, you will notice in the right hand pane a list of autostarts including [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k

    Right click 'kernelfaultcheck' and select delete from the pop-up menu.

    Naturally you have to be very carefull working in the Registry, so you may care to back up the 'Run' Key before you edit it. You do that by selecting it in the LH pane and then:-

    1. From the Registry menu, choose File/Export;
    2. In the Save In list, select the folder where you want to save the backup;
    3. In the File Name box, type a suitable name for your backup file;
    4. In the Export Range box, be sure that "Selected branch" is selected;
    5. Click Save.

    The file is then saved with a .reg extension; and if you make a mistake you can always reverse the process by by clicking File/Import and selecting the backup which you can then merge back into the Registry.

    Let us know if that helps.
     
Thread Status:
Not open for further replies.