# Windows XP Crash Logs



## Lungah13 (Jan 28, 2010)

Hello all, Anyone have any idea on where windows XP keeps a crash log of reboots? I have looked in event viewer applications, but that only seems to have everything before the reboot. Any information would help.

Thank you in advance.


----------



## How'dIdoThat (Nov 2, 2004)

I hope this helps you.... http://support.microsoft.com/kb/320299


----------



## Mumbodog (Oct 3, 2007)

Blue Screen memory dumps are stored here

C:\Windows\Minidump

http://support.microsoft.com/kb/315263

.


----------



## Lungah13 (Jan 28, 2010)

Ok I figured out how to open the mini dump files, but cant make heads or tails out of the text. I did however run my comp in verifier mode and would blue screen about 30 secs after windows load everytime. So now I have alot of mini dump files, but I cant really understand what I am looking at. So if any of you would care to look and tell me what you see I would greatly appreciate it thank you very much. Oh also before I forget how do I forget how do I post the minidump files say on notepad or something. Only reason I ask, doesn't seem to let me copy and paste from cmd. thanx again


----------



## valis (Sep 24, 2004)

can you zip them and attach them to your next post? A few of us here have windows debugger and have a vague inkling of how to use it; only Rog knows the truth behind those, however.


----------



## Mumbodog (Oct 3, 2007)

.

go to C:\Windows\Minidump
Copy the .dmp files in there and zip them up, attach the zip file in your next post using the "Go Advanced" button, then click the paper clip icon to browse and attach the zip, then hit the upload button.

.


----------



## Lungah13 (Jan 28, 2010)

Hope I did it correctly. Not use to sending information out


----------



## Mumbodog (Oct 3, 2007)

All 6 dumps show:

Probably caused by : mfehidk.sys ( McAfee software)

Uninstall McAfee and use Microsoft Security Essentials, Free and very good.

http://www.microsoft.com/security_essentials/

You Must uninstall McAfee before installing any other Security Software.

.


----------



## Lungah13 (Jan 28, 2010)

Ok I have unistalled McaFee using Revo Uninstaller, but the only thing was after stage 3 of revo. Using the programs own unistall before it fully cleans out the registry and whatnot my comp reset after I told it not to. So my question is any way I can make revo unistaller look for the rest of mcafee left over files to get rid of them.

Also I run symantec endpoint protection. So do I need to download another anti virus program and if yes should I also delete that one.

Last part is why I started all this my comp would just randomly restart from time to time with 923 and 927 non fatal errors. This is why I wanted to see the minidump files, but it didnt seem to save those restarts for some odd reason. Could the McAfee of been the cause all along?

Thank you again for all the help


----------



## Mumbodog (Oct 3, 2007)

Use the McAfee MCPR.exe tool to clean up

http://service.mcafee.com/FAQDocument.aspx?id=TS100507

Looks like you had 2 AV softwares installed, you can't have that without serious issues, since you removed McAfee, it should stop the BSODs.

The Symantec Endpoint Protection is AV and Firewall software, be sure your licence is current and the program is doing its automatic updates. If the license has expired, uninstall it and use Microsoft Security Essentials.

I personally don't like any Symantec products.

.


----------



## Lungah13 (Jan 28, 2010)

Ok ran the program you linked from McAfee. Thank you for that. and symantec is still running and 100% up to date, So just gonna stick with it for now and if it seems like it doesnt work well or gives me trouble ill just dump it for the one you posted.

Only thing im curious about is will this fix the 923 and 927 non fatal errors I was having. I hope so I guess only time will tell.

Thank you again for all your help and patience.


----------



## Mumbodog (Oct 3, 2007)

You are welcome


.


----------



## valis (Sep 24, 2004)

nice catch, mumbo...........:up:


----------



## Lungah13 (Jan 28, 2010)

Ok my comp still had the original reset problem Ive been having on and off 

Once again no minidump file was made. The thing that is strange about this is it doesnt blue screen it just resets immediately, so I press a button during boot up and this is the info I get about the crash.

927- Non Fatal error on Front side Bus 0
F7Err: Detected MCERR from processor

923-Non Fatal uncorrectable PCI error on PCI-E Slot 2
I06: completion timed out

Any ideas on this 

Once again thank you in advance.


----------



## valis (Sep 24, 2004)

you have an nvidia card? May want to check those drivers as well........that's from the first minidump........


----------



## Mumbodog (Oct 3, 2007)

> 927- Non Fatal error on Front side Bus 0
> F7Err: Detected MCERR from processor


Is this an HP PC?

Only thing I could find using google

http://forums11.itrc.hp.com/service...47626+1271295884138+28353475&threadId=1146880

Try updating your drivers and look for a bios update for your make and model.

.


----------



## Lungah13 (Jan 28, 2010)

I have an Nvidia quadro fx 4800 and I have a HP xw 8400 Workstation 

Nvidia Driver version is 197.28
memory 768 MB
Vidieo BIOS version 60.80.0E.00.01
IRQ 16
Bus PCI Express x16

BIOS version/date
Hewlett-packard 786D5 v02.37 7/9/2009
SMBIOS Version 2.5


Thank you again


----------



## valis (Sep 24, 2004)

well, that's the latest driver released. Have you tried what mumbo suggested?


----------



## Lungah13 (Jan 28, 2010)

Yes as far as I can tell both of them are up to date with the latest graphics and bios drivers.

If it was a faulty PCI slot or graphics card it wouldnt even work at all correct?

Im lost Ive spent alot of time with this problem alot and it feels like I am no where closer to the solution. So any more ideas on it I would be forever greatful FOREVER 

Thank you again.


----------



## How'dIdoThat (Nov 2, 2004)

Are you low on ram ? http://windows.microsoft.com/en-us/windows-vista/Find-out-how-much-RAM-your-computer-has Read this carefully and post a HiJackThis log for review DO NOT FIX ANYTHING WITH HiJackThis unless instructed to do so as you could turn your pc into a paperweight. http://forums.techguy.org/malware-removal-hijackthis-logs/622404-please-read-here-first-before.html


----------



## Lungah13 (Jan 28, 2010)

Ok says I have 3.25 GB of RAM

Ok posting Hijack Log soon

Thank You


----------



## Lungah13 (Jan 28, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:20 PM, on 4/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Daemon Tools\DAEMON Tools Lite\DTLite.exe
D:\steam\steam.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
D:\Speed Fan\SpeedFan\speedfan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Ventrillo\Ventrilo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...000&si=&a=AgGRKktDK5bGyTS8ONNzlQ&n=2010040700
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236954420578
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - Unknown owner - C:\Program Files\PDF Complete\pdfsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
--
End of file - 9003 bytes


----------



## Lungah13 (Jan 28, 2010)

Did I give you guys the info you needed?

Also if you need any additional info just let me know what. 

Thank you.


----------



## Lungah13 (Jan 28, 2010)

Any word yet on the Hijack This report? Just really want to figure out this problem and fix it.


----------



## Lungah13 (Jan 28, 2010)

You guys forget about me? Im sad .

Anyway as I waited Ive been searching the web for info on my prob and I cant find anything about the issue I am having. So I need the help of you champs. 

P.S Love ya


----------



## Phantom010 (Mar 9, 2009)

You do have MyWebSearch on your computer but I doubt it would be responsible for your original problem. However, you might have more malware causing it.

I would click on *Report* and kindly ask to be moved to the *Malware Removal & HijackThis Logs* forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!


----------

