dumprep 0 -k

[agnostida]

Perusing under misconfig - startup, I have noticed a new item, or at least I think it is a new item; dumprep 0 -k.  What is this?  I can find a little info on dumprep 0 -u but not the k.  Is it safe to disable this from the startup?  Is it a virus?

I have Windows XP sp3 and I am running AVG, MalwareBytes, & SuperAntiSpyware.

I am a concerned about new items in my startup since I recently found the RedGirl trojan lurking there that my anti-virus and anti-spyware programs failed to catch.  Thankfully Chris was able to guide me through its removal and my computer was declared healthy.  So now the question is - have I picked up something else nasty?

Thank you for the help.

[evilfantasy]

dumprep.exe is associated with your memory dumps. Has the computer crashed recently? http://www.bleepingcomputer.com/startups/dumprep.exe-6014.html

It is OK to disable it with MSCONFIG but not preferred. MSCONFIG is intended to be a troubleshooting tool and not a startup manager. Removing dumprep entries is actually best done with a registry edit or a safer method of using HJT. We can do both if you wouldn't mind posting a log.

Download TrendMicro HijackThis.exe (HJT) to the Desktop.

• Double-click on HJTInstall.
• Click on the Install button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.
• Click on the Do a system scan and save a log file button
  
• HijackThis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
  
• Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

[agnostida]

Wow, thanks for the info and help.

I have attached  the HijackThis log and await further instructions.

Again, thank you!

[attachment deleted by admin]

[agnostida]

Oh yeah, I forgot to add to my earlier post - yes indeed, the computer recently crashed.

[evilfantasy]

There are a few Install Shield Update Services that are completely useless we can fix also.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
- O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
- O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
- O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"ISUSPM Startup"=-
"ISUSScheduler"=-
"ISUSPM"=-
"KernelFaultCheck"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

Run CCleaner and restart the computer.


Is everything else running OK?

[agnostida]

Okay, mission accomplished and I did receive a success message. On a side note: I only copied and pasted the information that was posted in the grey box from REGEDIT4    to   "KernelFaultCheck - I did not include the word "Code:" that was outside the box.  So if this omission was a mistake...oops.

I noticed quite a few curious items in HijackThis, like most of the 08 entries and a couple of 09 and 016.  What's the Easy Webprint stuff?  Do I need it?  I have a Canon camera but I never upload or download anything from my camera to the web.  Ditto with Kodak gallery (016).

Plus, I have about a dozen items that I had previously disabled in my startup.  I am embarrassed to confess that I was using MSCONFIG as a startup manager.  Should I list those for you to see if I should take care of them another way?

As of late my computer has slowed somewhat and I have noticed a few quirky things -  like my icons occasionally disappear for a few seconds, my wallpaper vanished suddenly today, never to return, and my computer crashed a few days ago when I was photo editing in Adobe Elements.  Nothing terribly impossible, just perplexing.

Nothing shows up with my anti-virus or spyware.  I had work done to rid myself of a trojan (see Help Removing RedGirl Trojan thread) and after that it looked like I was all clear.

Thank you for your time and help!

[evilfantasy]

Okay, mission accomplished and I did receive a success message. On a side note: I only copied and pasted the information that was posted in the grey box from REGEDIT4    to   "KernelFaultCheck - I did not include the word "Code:" that was outside the box.  So if this omission was a mistake...oops.

That was right

I noticed quite a few curious items in HijackThis, like most of the 08 entries and a couple of 09 and 016.  What's the Easy Webprint stuff?  Do I need it?  I have a Canon camera but I never upload or download anything from my camera to the web.  Ditto with Kodak gallery (016).

Yes that is likely printer and extra context menu items. I usually don't pay much mind to those entries. I do look at them but it is very rare that anything malicious will get in there. See this guide to better understand HJT entries. http://www.bleepingcomputer.com/tutorials/tutorial42.html

Plus, I have about a dozen items that I had previously disabled in my startup.  I am embarrassed to confess that I was using MSCONFIG as a startup manager.  Should I list those for you to see if I should take care of them another way?

Enable Normal stsrtup in MSCONFIG, restart the computer and post a new HJT log. We'll get everything that you don't want running at startup taken care of that way. If you list them that will help so I don't have to decide for you

As of late my computer has slowed somewhat and I have noticed a few quirky things -  like my icons occasionally disappear for a few seconds, my wallpaper vanished suddenly today, never to return, and my computer crashed a few days ago when I was photo editing in Adobe Elements.  Nothing terribly impossible, just perplexing.

Nothing shows up with my anti-virus or spyware.  I had work done to rid myself of a trojan (see Help Removing RedGirl Trojan thread) and after that it looked like I was all clear.

Thank you for your time and help!

After we get the startups under control we will have a look at another scan to see if anything is found.

[agnostida]

Happy Holidays!  Hope the last week has been a good one for you.

So, I have enabled normal start-up in msconfig and have run a hijack-this scan - the log is attached.

Previously I had unchecked from start-up the following:
BJMyPart
Communications_H
Quickcam10
LVCOMSX
Opware SE4
SSBKgupdate
StxMenuMgr
GoogletoolbarNotifier
WMPNSCFG
Adobe Reader
Bluetooth Manager
Cisco Systems VPN

I don't even know what some of these do, but a friend had advised me they were unnecessary at start-up.  I'm not getting rid of any vital part of a program, correct?  I can still access these programs when I need them through the shortcuts, yes? 

I only use the QuickCam sometimes, ditto the Cisco Systems (which I use RARELY).  Bluetooth Manager would be great since I received a bluetooth mouse for Christmas, but I can't get the device and the program to successfully communicate with each other even after intervention with Microsoft Support help.  Arggghh.  So, I don't think I need it at start-up.

Any thoughts?

Thank you for all your patience and help!

[agnostida]

Umm, Ooops.   This time the log is REALLY attached!

[attachment deleted by admin]

[evilfantasy]

Yes you will still be able to use them. Just start them from the Start menu.

---

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
• O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
• O4 - HKLM\..\Run: [StxTrayMenu] \"C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe\"
• O4 - HKLM\..\Run: [SSBkgdUpdate] \"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe\" -Embedding -boot
• O4 - HKLM\..\Run: [OpwareSE4] \"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe\"
• O4 - HKLM\..\Run: [LVCOMSX] \"C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe\"
• O4 - HKLM\..\Run: [LogitechQuickCamRibbon] \"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe\" /hide
• O4 - HKLM\..\Run: [LogitechCommunicationsManager] \"C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe\"
• O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
• O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
• O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

.
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SunJavaUpdateSched"=-
"Alcmtr"=-
"StxTrayMenu"=-
"SSBkgdUpdate"=-
"OpwareSE4"=-
"LVCOMSX"=-
"LogitechQuickCamRibbon"=-
"LogitechCommunicationsManager"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Download CCleaner Slim and save it to your Desktop.
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.
Complete the installation then:

• Double-click the CCleaner shortcut on the desktop to start the program.
  
• Click on the Options block on the left, then choose Cookies.
  
  • Under Cookies to Delete, highlight any cookies you would like to retain permanently
    
  • Click the right arrow > to move them to the Cookies to Keep window.
• Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
  
• Click Cleaner on the left then Run Cleaner on the right to run the program.
  
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner
  
• Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry.
  
• Exit CCleaner after it has completed its process.

.
----------


How is everything now?

[agnostida]

Done!

Everything seems to be running smoothly except for the occasional disppearing icon, but since they only blink-out for a few seconds at a time this isn't too distracting.

Haven't had a system crash in a while!

What is the best way for a novice to manage the start-up services?  Should I just come to this forum occasionally and have someone look at it - or is there a program that would help me do this?

Thanks for all the work.  I really, really, appreciate it!

[evilfantasy]

I prefer using StartUp 1.3. http://majorgeeks.com/StartUp_d4436.html

Just run it and right click on anything you don't want running at startup and choose Remove.

----------

Try Dial-a-fix.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

.
Is the icon problem fixed?

[agnostida]

Okay, so under services I see that several items are running even though we removed them from start-up and even though I have not opened the corresponding programs - including: Cisco Systems VPN, Windows Media Player & Seagate Syn Service.  It also seems that my computer is often running overtime - sort of in overdrive even when I do not have anything open.

Figured this might need addressing before we tackle the icon situation which incidently has improved even though I haven't done anything yet.  Now they just take awhile to load or blink out for a few seconds only when I open a new window.

What first Maestro?

Please accept my heartfelt thanks...

[evilfantasy]

For services you want to only run when needed. Only do this with the ones you are sure of. Disabling a critical service can have bad results.

Go to Start > Run and type in Services.msc then click OK
Scroll down until you find the service.

Click once on the service to highlight it.
Click Stop

Right-Click on the service.
Click on 'Properties'
Select the 'General' tab
Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
From the drop-down menu, click on 'Manual'
Click the 'Apply' tab, then click 'OK'
The service is now stopped and will only run when needed.

----------

Your going to have to refresh my memory on exactly what we are wanting to do next please