Article ID: 2027760 - Last Review: June 7, 2010 - Revision: 5.0

[SDP 3][06bb55c8-3207-406e-a3fc-f538867a399b] Machine Memory Dump Collector - Windows 7 and Windows Server 2008 R2

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
Expand all | Collapse all

SUMMARY

The Machine Memory Dump Collector - Windows 7 and Windows Server 2008 R2 diagnostic package was designed to collect machine memory dump files from a computer. This diagnostic tool collects both full or kernel memory dump files (Memory.dmp) and the last five machine mini-dump files from the past 30 days. The tool also collects related information. Machine memory dump files are limited to a size of 8 gigabytes (GB).

MORE INFORMATION

The following tables describe the information that may be collected from a computer when you run the Machine Memory Dump Collector - Windows 7 and Windows Server 2008 R2 diagnostic package. 

Information that is collected

Event logs
Collapse this tableExpand this table
DescriptionFile Name
Event log – Application  – .txt, .csv, and .evtx formats{Computername}_evt_Application.*
Event log – System – .txt, .csv, and .evtx formats{Computername}_evt_System.*


Machine memory dump files
Collapse this tableExpand this table
DescriptionFile Name
Machine Full or Kernel memory dump files (Memory.dmp){Computername}_dmp_memory.zip
Mini memory dump files from {Windows}\Minidump folder from past 30 days{Computername}_dmp_*.zip
Information about machine memory dump files, user memory dump files, and memory dump configuration{Computername}_DumpReport.*


Hotfixes and updates
Collapse this tableExpand this table
DescriptionFile Name
Installed updates and hotfixes{Computername}_Hotfixes.*


Basic networking information
Collapse this tableExpand this table
DescriptionFile Name
Basic IP networking configuration information, such as TCP/IP registry key, ipconfig, netstat, nbtstat, and netsh output{Computername}_TcpIp-Info.txt
Basic SMB configuration information, based on the output of the Net.exe utility{Computername}_SMB-Info.txt


File version information
Collapse this tableExpand this table
DescriptionFile Name
File version information from %windir%\cluster\*.*{Computername}_sym_Cluster.*
File version information from %windir%\system32\*.dll{Computername}_sym_System32_dll.*
File version information from %windir%\system32\*.exe{Computername}_sym_System32_exe.*
File version information from %windir%\system32\*.sys{Computername}_sym_System32_sys.*
File version information from %windir%\system32\drivers folder{Computername}_sym_Drivers.*
File version information from %windir%\system32\drivers\*.*{Computername}_sym_SysWOW64_sys.*
File version information from {Program Files (x86}}\*.sys{Computername}_sym_ProgramFilesx86_sys.*
File version information from {Program Files}\*.sys{Computername}_sym_ProgramFiles_sys.*
File version information from {Program Files}\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*{Computername}_sym_MS_Iscsi.*
File version information from all drivers that are currently running on the computer{Computername}_sym_RunningDrivers.*
File version information from all processes that are currently running on the computer{Computername}_sym_Process.*
File version information from print spooler folder %windir%\system32\Spool\*.*{Computername}_sym_PrintSpooler.*




Registry keys
Collapse this tableExpand this table
DescriptionFile Name
HKLM\Software\Microsoft\Windows NT\CurrentVersion

HKLM\Software\Microsoft\Windows\CurrentVersion		{Computername}_reg_CurrentVersion.TXT
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{Computername}_reg_Uninstall.TXT
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions{Computername}_reg_ProductOptions.TXT
HKLM\System\MountedDevices{Computername}_reg_MountedDevices.*
HKLM\System\CurrentControlSet\Control\CrashControl

HKLM\System\CurrentControlSet\Control\Session Manager

HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management

HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKLM\Software\Microsoft\Windows\Windows Error Reporting

HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting		{Computername}_reg_Recovery.TXT
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce

HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\ Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit		{Computername}_reg_Startup.TXT
HKLM\SYSTEM\CurrentControlSet\Control\Print{Computername}_reg_Print.HIV
HKCU\Software\Policies

HKLM\Software\Policies

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies		{Computername}_reg_Policies.txt
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones		{Computername}_reg_TimeZone.txt
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access

HKLM\SYSTEM\CurrentControlSet\Services\TermService

HKLM\SYSTEM\CurrentControlSet\Services\TermDD		{Computername}_reg_TermServices.txt
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation

HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb

HKLM\SYSTEM\CurrentControlSet\Services\SMB

HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb10

HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb20		{Computername}_reg_SMB.txt
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters{Computername}_reg_TCPIPParameters
HKLM\SYSTEM\CurrentControlSet\Services\VSS{Computername}_reg_VSS.TXT
HKLM\SYSTEM\CurrentControlSet\Services\iScsiPrt

HKLM\SOFTWARE\Microsoft\iSCSI Target

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI		{Computername}_reg_iSCSI.TXT
HKLM\System\CurrentControlSet\Control\MPDev

HKLM\System\CurrentControlSet\Control\iSCSIPrt

HKLM\System\CurrentControlSet\Services\MSiSCSI

HKLM\System\CurrentControlSet\Services\MSDsm

HKLM\System\CurrentControlSet\Services\MPIO

HKLM\System\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}

HKLM\System\CurrentControlSet\Services\Tcpip		{Computername}_reg_Storage.TXT
HKLM\SYSTEM\CurrentControlSet\Enum{Computername}_reg_Enum.TXT


Virtualization
Collapse this tableExpand this table
DescriptionFile Name
Basic information about machine virtual environments{Computername}_Virtualization.*


Other
Collapse this tableExpand this table
DescriptionFile Name
Resultant Set of Policy (RSoP) that is generated by the Gpresult.exe utility{Computername}_GPResult.*
System information - MSInfo32 tool output – .txt and .nfo formats{Computername}_msinfo32.*


Additional information

In addition to the files that are collected and that are listed in the previous tables, this troubleshooter can detect one or more of the following situations:

·          Whether the computer is running in a virtual environment

·          Presence of machine memory dump files in the past 30 days

·          Presence of user mode memory dump files in the past 30 days

·          Problems related to machine memory dump configuration

·          Unexpected Shutdown event logs on the System log from the past 30 days (instances of event 41 from Microsoft-Windows-Kernel-Power)

·          Machine Memory Dump-related event logs on the System log from the past 30 days (instances of event 1001 from the Save dump file)

·          Prerelease versions of Windows 7 or of Windows Server 2008 R2

·          Evaluation versions of Windows 7 or of Windows Server 2008 R2



References                                                                                                                           

For frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7, visit the following Microsoft website:

http://support.microsoft.com/kb/973559 (http://support.microsoft.com/kb/973559)
APPLIES TO
  • Windows 7 Enterprise
  • Windows 7 Home Premium
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
Back to the top
Keywords: 
KB2027760