Solved

Machine Restarting Event ID 1001

Posted on 2014-02-27
17
1,783 Views
Last Modified: 2014-03-31
Hi;

A machine restarts about two times a day. This is the what is seen in Event viewer.  Any ideas would be appreciated. I will add a link to the dump file in dropbox when it completes uploading.

Log Name:      System
Source:        Microsoft-Windows-WER-SystemErrorReporting
Date:          02/20/2014 1:16:05 PM
Event ID:      1001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SFS106
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022014-18595-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-20T18:16:05.000000000Z" />
    <EventRecordID>359136</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SFS106</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000)</Data>
    <Data Name="param2">C:\Windows\MEMORY.DMP</Data>
    <Data Name="param3">022014-18595-01</Data>
  </EventData>
</Event>
0
Comment
Question by:mavcom
  • 6
  • 4
  • 4
  • +2
17 Comments
 
LVL 13

Assisted Solution

by:Santosh Gupta
Santosh Gupta earned 150 total points
ID: 39891681
hi,

Open the .wer file from C:\ProgramData\Microsoft\Windows\WER location and see the AppPath to find the faulty file/application.
0
 
LVL 7

Expert Comment

by:Shahnawaz Ahmed
ID: 39891689
Cause - A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.

This is the classic "buffer overrun" hacking attack. The system has been brought down to prevent a malicious user from gaining complete control of it.

Lets upload the DUMP so experts can have a look.
0
 

Author Comment

by:mavcom
ID: 39891704
The dump is over 500MB so I am uploading it to dropbox. The system has Eset Smart Security Suite on it.

Regarding sgupta's comment. Is the .wer file on all machines?
0
 
LVL 88

Expert Comment

by:rindi
ID: 39891722
Change your settings so that in future minidumps are saved, not full memory dumps. Then wait until at least 3 of them have been created, zip them into a file, and attach that zip file with your next comment. Full dumps just waste more space and don't really give any more info.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39891771
hi mavcom,

Latest one.
0
 

Author Comment

by:mavcom
ID: 39891795
Where do I change the dump settings?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39891806
click on My computer property and Win7
0
 
LVL 7

Expert Comment

by:Shahnawaz Ahmed
ID: 39891811
I don't think mini dump could give you relevant information , however it will let us know what is the culprit driver, which can be updated
0
Why won’t your email signature format correctly?

Struggling to get your corporate email signatures to format correctly? Does the logo keep resizing? Is the text appearing too big? What can you do to prevent this? Find out how you can save your signatures today.

 

Author Comment

by:mavcom
ID: 39892113
0
 
LVL 88

Accepted Solution

by:
rindi earned 250 total points
ID: 39892235
The driver AE1200w764.sys seems to be the cause of the crash. This looks like software from your Router. Normally you don't need to install software of a router on a PC, so you could uninstall it, or then check for upgrades.
0
 

Author Comment

by:mavcom
ID: 39894994
I will look at that. They tested a AE1200 wireless adapter on it recently but it is not being used.
0
 

Author Comment

by:mavcom
ID: 39894998
Where can I learn how to interpret the dumps?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39895040
0
 
LVL 7

Assisted Solution

by:Shahnawaz Ahmed
Shahnawaz Ahmed earned 100 total points
ID: 39895046
Mavcom,

I must say that if you read SYSINTERNALS book or may be if you can download videos it will give you a very very good understanding about windows OS and Memory Dumps.
0
 
LVL 7

Expert Comment

by:Shahnawaz Ahmed
ID: 39895053
I have seen 3 books of Sysinternals written by Mark Russonovich . Sysinternals 4/5/6
0
 

Author Comment

by:mavcom
ID: 39895070
Thank you.  Will let you know success this afternoon.
0
 
LVL 61

Expert Comment

by:gheist
ID: 39940626
You can get bluescreen viewer from www.nirsoft.com
That will tell you what was on the blue screen. Rule of a thumb - upgrade involved drivers...
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now