dumprep?

[Marek Kalisz]

Often system is stuck with open unresponding/frozen programs. Ending
programs with Task Manager requires several clicks - and not always helps.
Even Task Manager, when I'm trying to minimize or close it doesn't respond
sometime. CPU use goes up to 100%, free memory is drained from my usual
1400+ - 1500+ to 1000 and rapidly much below. At same time when I open
Processes tag I see a few "dumprep" processes pending. Only when I start to
stop those processes one by one programs windows are gone (supposedly
programs closed too, I hope), free memory goes up and CPU use goes, after
time, down.
I would like to understand better what might be going on and if my procedure
is in reality safe enough or should I do some other checking/fixing to
eliminate this problem?
Any help...
Marek Kalisz

 

[Guest]

have you tried this:

http://support.microsoft.com/kb/899870/en-us

 

[Marek Kalisz]

Thanks for tip or rather (since most of all KB was moved to Europe - Dutch
or Benelux site, and many that I tried i the past are in Dutch), so - muchas
gracias.
However - I tried both prescribed bt MS methods without success. The
reason: neither msconfig\Start nor Registry lists dumprep. I did search of
all my registry with zero result.
Then I decided to do do regular Windows Search for files on my system. I
founded three:
1. Windows\Prefetch\DUMPREP.EXE-1B46F901.pf (Properties\Opens with:
Unknown Application)
2. Windows\system32\dumprep.exe
3. Windows\system32\dllcache\dumprep.exe (listing in blue)
The properties of 2 & 3 shows normal (I guess) references to MS.
Now, they're on disk but not in registry, however - somehow they are active.
Ususally, when I could remove something using some prescribed methods I was
looking for a file (or directory), trying to delete it manually, then used
some registry fix tool (now Registry Mechanic) to heal registry wounds.
But - ít bothers me that dumpreg is not in registry at all...
Any more tips?
Thanks,
Marek Kalisz

 

[Guest]

maybe you can try going into

control panel > system > advanced > error reporting > disable

then click into startup and recovery and see if "write debugging info" is
set to complete and to overright the log....

 

[Guest]

incidently, dumprep creates an error log. You need to find it and open it to
see what dll is causing the computer to protect itself from.....

Look for a .txt file, probably named as indicated in the startup and
recovery window.....

Also, there is a pretty good freeware program called AutoRuns from
sysinternals.com It shows / gives lots of details of running processes.
When you find one that shouldn't be there, you can uncheck the box, then
double click the middle of the highlighted line and it will automatically
disable the registry entry. But keep in mind that dumprep is not the problem
for you, instead it is the good program that is reporting a serious
problem.....

My opinion, i think you have some kind of spyware or one of those rootkit
evilware.....

 

[Marek Kalisz]

Thanks for all tips and attention. I followed your previous idea and
unchecked error reporting (in XP are 2 oprions) EXCEPT (what this option
says) some serious problems that they will be still reported to MS.
Yes, its possible that I have still some malware or so, even I have a few
anti gadgets and use them daily - sometime a few times a day.
With rootkits - not long ago I installed two: IceSword and GMER. During
first scan GMER indicated some rootkit then switch me to Kaspersky online.
I hope that the the culprit was killed. (Anyway - if you want you can look
at my todays treath in microsoft.public.security.virus)
Thanks for help. I'll look how my system behaves now, after this small
change.
Marek Kalisz

 

[Guest]

yeh, it is possible that "your" dumprep could be a virus and disguised as an
official microsoft program. The best was to see if it is an illegal malware
is to use a couple of process viewers and look at the details for the process
in particular the author. If it's blank then this is the culprit that
infected your system otherwise a functional version wil indicate as microsoft
to be the author.....

 

[Marek Kalisz]

Properties show Microsoft. I decided to look on Internet for "prefetch."
Founded a few interesting information + small gadget to cleane up Prefetch
folder':
http://www.majorgeeks.com/download2495.html
Then I realized that I can do it also manually.
Interesting: Windows Search show files on disk, Space Hund 4 couldn't. Now
I'll try reset system to use reporting again then, when I see dumprep
process will check it with Process Explorer and I'll see what happens.
Anyway, thanks very mach for your time and accompanying me with my Sunday's
home work.
I always learning something new - when I pushed.
Like my father who was university professor of physics used to say: until
you still can (and wish to) learn - you are not dead yet...
Thanks.
Marek Kalisz

 

[Guest]

yeh, no problem! Trying to help out whenever i can, usually during my free
time. I actually leaning toward that those files may be bad ones. Did you
hunt down the logs generated by the dumprep's?

There is a freeware called Autoruns from sysinternals.com It is highly
detailed and if you double click on the line items and check or uncheck them,
it will also take you to their registry settings..... There is a strong
possibility that they are not Microsoft versions...

 

[Guest]

did you happen to adjust the size of the memory dump as well.

you are set to do a complete dump or no dump and maybe a mini dump would
help, or vice versa.....

 

[Marek Kalisz]

Tried Autoruns, Everything tab. Browsing list I didn't see anything related
(to ma knowledge) to "dumprep." However, when I again did Windows Search it
showe me again 2 files dumprep.exe in 2 directories - like described in one
of the previous message. I'll try to investigate and watch it further.
Meanwhile, using oher gadget, I removed from my system another bunch of
spywares that my other didn't see.
Marek Kalisz