AdWatch detects reg value change in dumprep.exe

[jb]

My XP Pro system (Norton AntiVirus, AdAware Pro) has been
crashing intermittently. On restart, an AdWatch message
pops up: "Attempt to change registry value detected." The
location is %systemroot%system32%dumprep%

Afraid that the reg change might be coming from some
virus or spyware that caused the crash in the first
place, I've usually been rejecting the change. But today
I had the time to look into this further.

Searching C: for "dumprep" I found two instances of the
file dumprep.exe - in C:\WINDOWS\system32 and
C:\WINDOWServicePakFiles\386. Both the same file, 9KB,
8/29/2002.

From Task Manager, this appears to be the fourth process
started. It seems to hang in process until I click OK on
Adwatch to let the reg value be changed. Then it goes
away.

I couldn't find any Knowlege Base articles searching
for "dumprep," but "dump" gives a ton of articles on the
subject of "memory dump" - more than I can digest on a
concept that's new to me.

My hunch now is that it's just Windows trying to repair
the crash or save info about it. Can someone
knowledgeable about this please explain just what's going
on with this process? Thanks.
JB

 

[Haggis]

My XP Pro system (Norton AntiVirus, AdAware Pro) has been
crashing intermittently. On restart, an AdWatch message
pops up: "Attempt to change registry value detected." The
location is %systemroot%system32%dumprep%

Afraid that the reg change might be coming from some
virus or spyware that caused the crash in the first
place, I've usually been rejecting the change. But today
I had the time to look into this further.

Searching C: for "dumprep" I found two instances of the
file dumprep.exe - in C:\WINDOWS\system32 and
C:\WINDOWServicePakFiles\386. Both the same file, 9KB,
8/29/2002.

From Task Manager, this appears to be the fourth process
started. It seems to hang in process until I click OK on
Adwatch to let the reg value be changed. Then it goes
away.

I couldn't find any Knowlege Base articles searching
for "dumprep," but "dump" gives a ton of articles on the
subject of "memory dump" - more than I can digest on a
concept that's new to me.

My hunch now is that it's just Windows trying to repair
the crash or save info about it. Can someone
knowledgeable about this please explain just what's going
on with this process? Thanks.
JB

well you are correct :> if you have it set..(on by default) ...when windows
crashes it generates a memory dump. it is for troubleshooting what happened
when it crashed. (debugging)

the setting can be found in controlpanel>system>startup&recovery>settings

it is not a "bad" thing :>