Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. [SDP 3][06bb55c8-3207-406e-a3fc-f538867a399b] Machine Memory Dump Collector - Windows

[SDP 3][06bb55c8-3207-406e-a3fc-f538867a399b] Machine Memory Dump Collector - Windows

View products that this article applies to.

Summary

The Machine Memory Dump Collector - Windows diagnostic package was designed to collect machine memory dump files from a computer and check for known solutions. This diagnostic tool collects the last five machine mini-dump files from the past 30 days. The tool also collects related system configuration information. This package will also remedy common memory dump configuration issues.

↑ Back to the top

More Information

The following tables describe the information that may be collected from a computer when you run the Machine Memory Dump Collector - Windows diagnostic package. 

Information collected

Event logs
DescriptionFile Name
Event log – Application – .txt, .csv, and .evtx formats{Computername}_evt_Application.*
Event log – System – .txt, .csv, and .evtx formats{Computername}_evt_System.*

Machine memory dump files
DescriptionFile Name
Mini memory dump files from {Windows}\Minidump folder from past 30 days{Computername}_dmp_*.zip
Information about machine memory dump files, user memory dump files, and memory dump configuration{Computername}_DumpReport.*

Hotfixes and updates
DescriptionFile Name
Installed updates and hotfixes{Computername}_Hotfixes.*

Basic networking information
DescriptionFile Name
Basic IP networking configuration information, such as TCP/IP registry key, ipconfig, netstat, nbtstat, and netsh output{Computername}_TcpIp-Info.txt
Basic SMB configuration information, based on the output of the Net.exe utility{Computername}_SMB-Info.txt

File version information
DescriptionFile Name
File version information from %windir%\cluster\*.*{Computername}_sym_Cluster.*
File version information from %windir%\system32\*.dll{Computername}_sym_System32_dll.*
File version information from %windir%\system32\*.exe{Computername}_sym_System32_exe.*
File version information from %windir%\system32\*.sys{Computername}_sym_System32_sys.*
File version information from %windir%\system32\drivers folder{Computername}_sym_Drivers.*
File version information from %windir%\system32\drivers\*.*{Computername}_sym_SysWOW64_sys.*
File version information from {Program Files (x86}}\*.sys{Computername}_sym_ProgramFilesx86_sys.*
File version information from {Program Files}\*.sys{Computername}_sym_ProgramFiles_sys.*
File version information from {Program Files}\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*{Computername}_sym_MS_Iscsi.*
File version information from all drivers that are currently running on the computer{Computername}_sym_RunningDrivers.*
File version information from all processes that are currently running on the computer{Computername}_sym_Process.*
File version information from print spooler folder %windir%\system32\Spool\*.*{Computername}_sym_PrintSpooler.*

Registry keys
DescriptionFile Name
HKLM\Software\Microsoft\Windows NT\CurrentVersion

HKLM\Software\Microsoft\Windows\CurrentVersion		{Computername}_reg_CurrentVersion.TXT
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{Computername}_reg_Uninstall.TXT
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions{Computername}_reg_ProductOptions.TXT
HKLM\System\MountedDevices{Computername}_reg_MountedDevices.*
HKLM\System\CurrentControlSet\Control\CrashControl

HKLM\System\CurrentControlSet\Control\Session Manager

HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management

HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKLM\Software\Microsoft\Windows\Windows Error Reporting

HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting		{Computername}_reg_Recovery.TXT
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce

HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\ Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit		{Computername}_reg_Startup.TXT
HKLM\SYSTEM\CurrentControlSet\Control\Print{Computername}_reg_Print.HIV
HKCU\Software\Policies

HKLM\Software\Policies

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies		{Computername}_reg_Policies.txt
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones		{Computername}_reg_TimeZone.txt
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access

HKLM\SYSTEM\CurrentControlSet\Services\TermService

HKLM\SYSTEM\CurrentControlSet\Services\TermDD		{Computername}_reg_TermServices.txt
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation

HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb

HKLM\SYSTEM\CurrentControlSet\Services\SMB

HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb10

HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb20		{Computername}_reg_SMB.txt
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters{Computername}_reg_TCPIPParameters
HKLM\SYSTEM\CurrentControlSet\Services\VSS{Computername}_reg_VSS.TXT
HKLM\SYSTEM\CurrentControlSet\Services\iScsiPrt

HKLM\SOFTWARE\Microsoft\iSCSI Target

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI		{Computername}_reg_iSCSI.TXT
HKLM\System\CurrentControlSet\Control\MPDev

HKLM\System\CurrentControlSet\Control\iSCSIPrt

HKLM\System\CurrentControlSet\Services\MSiSCSI

HKLM\System\CurrentControlSet\Services\MSDsm

HKLM\System\CurrentControlSet\Services\MPIO

HKLM\System\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}

HKLM\System\CurrentControlSet\Services\Tcpip		{Computername}_reg_Storage.TXT
HKLM\SYSTEM\CurrentControlSet\Enum{Computername}_reg_Enum.TXT

Virtualization
DescriptionFile Name
Basic information about machine virtual environments{Computername}_Virtualization.*

System Information
DescriptionFile Name
Resultant Set of Policy (RSoP) that is generated by the Gpresult.exe utility{Computername}_GPResult.*
System information - MSInfo32 tool output – .txt and .nfo formats{Computername}_msinfo32.*

When choosing to apply configuration changes in this package, the following values are set:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\CrashDumpEnabled = 2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\AutoReboot = 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\LogEvent = 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\Overwrite = 1


Additionally, if the operating system is Windows Vista or Windows Server 2008 or higher, the following values are set:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\IgnorePagefileSize = 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\AlwaysKeepMemoryDump = 1



Additional information

In addition to the files that are collected and that are listed in this article, this troubleshooter can detect one or more of the following situations:
  • Whether the computer is running in a virtual environment
  • The presence of computer memory dump files within the past 30 days
  • The presence of user mode memory dump files within the past 30 days
  • Problems related to the computer memory dump configuration
  • Unexpected shutdown event logs in the System log within the past 30 days (instances of event 41 from Microsoft-Windows-Kernel-Power)
  • Computer memory dump-related event logs on the System log from the past 30 days (instances of event 1001 from the Save dump file)
  • Prerelease versions of Windows 7 or of Windows Server 2008 R2
  • Evaluation versions of Windows 7 or of Windows Server 2008 R2

↑ Back to the top

References

For more information about the diagnostic tool, click the following article number to go to the article in the Microsoft Knowledge Base:
973559 Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) when it is used with Windows 7 or Windows Server 2008 R2

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2027760
Revision : 1
Created on : 1/7/2017
Published on : 10/24/2014
Exists online : False
Views : 1221