Recurring attempt by uninstalled WinPatrol to be in start-up program detected by TeaT

[cromwell1230]

Ive uninstalled WinPatrol after satisfying my curiousity about it's features BUT I've noticed TeaTimer is giving me repeated alert/warning about "WinPatrol Global Start-Up entry...value deleted." After clicking yes/allow 3x(3 separate occassions everytime I log-on) I finally decided to click "Remember my decision" hoping that I will not be anymore alerted about WinPatrol's attempt but I've noticed that the following message keeps on popping-up everytime I log-on: "Resident allowed the change of WinPatrol(category system start-up global entry) based on your whitelist." Does this means that WinPatrol left behind some file/malware(?) that enables it to repeatedly attempt to infiltrate my start-up programs? I used the WinPatrol's uninstaller...not the Add/Remove in Control Panel. Any suggestions on how to go about this? Thanks!

[md usa spybot fan]

If the attempted registry change is occurring at system startup the cause of the problem could be because TeaTimer's snapshot files are out of sync with the registry. TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup. Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshots were taken.

The solution to the problem is to refresh TeaTimer's snapshot files after making changes to the registry such as changing your home page. There are two ways to do this:

1. Refresh TeaTimer's snapshot files:
   
   • Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
     • TeaTimer closes.
     • TeaTimer's snapshot files are refreshed at this time.
   • Restart TeaTimer:
     • Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
     • Double click TeaTimer.exe to start it.
2. Manually exit TeaTimer immediately prior to system shutdown or restart.

[cromwell1230]

Wow!!! You hit the nail on it's head. I followed ur instruction(1st way of renewing snapshot)...and now my problem is gone!!! Thanks! Now Im beginning to understand the workings of Spybot S&D. By the way I had this incident(after surfing the net...not on nasty site Im sure) wherein I was alerted by Spybot that items are added to my start-up. This was also the time immediately after I've installed(out of curiousity) Winpatrol. I remember clicking yes/allow(my fault) out of ignorance & panic. When I checked on my start-ups using MSConfig I've noticed two items:


# DUMPREP

DUMPREP 0 -K
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS%\SYSTEM32\DUMPREP 0 -K



# KernelFaultCheck

dumprep 0 -k
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: %systemroot%\system32\dumprep 0 -k

Does it mean I was infected by a malware at that time? How did it happen? This event prodded me to uninstall WinPatrol. I then uncheck the 2 added items in MSConfig Start-up and so its gone now. I just want to be enlightened as to how those 2 items got into my start-up. Again, thank you
md usa spybot fan!

[md usa spybot fan]

Dumprep is used in connection with memory dumps. If a serious error occurs in the system or an application, Dumprep.exe writes the error details to a text file. The Dumprep tool then prompts you to send the error information to Microsoft.

When Dumprep executes it attempts to add a startup entry to the system registry. The startup entry is optional because the program will load when required if not loaded at system startup (if not loaded at system startup it will not use any system resources until or required).

In other words: not malware - just a memory dump taken at some point in time and a startup entry added.

[cromwell1230]

Yeah, you're right...I remember my pc crash that time then goes into restart then followed by the previously mentioned alert from Spybot. Again, it was also immediately after I've installed another antispyware to my pc. Could it be that the crash was due to having too many antispyware installed...and yet I added another one? Im happy with the way my pc is running now but my curiousity(or is it paranoia) is tempting me to try & add some more to my defense. When is "enough is enough" when it comes to antispyware? Thanks for your replies(and patience)...I really appreciate your help!!!