Machine Restarting Event ID 1001

mavcom
mavcom used Ask the Experts™
on
Hi;

A machine restarts about two times a day. This is the what is seen in Event viewer.  Any ideas would be appreciated. I will add a link to the dump file in dropbox when it completes uploading.

Log Name:      System
Source:        Microsoft-Windows-WER-SystemErrorReporting
Date:          02/20/2014 1:16:05 PM
Event ID:      1001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SFS106
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022014-18595-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-20T18:16:05.000000000Z" />
    <EventRecordID>359136</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SFS106</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000)</Data>
    <Data Name="param2">C:\Windows\MEMORY.DMP</Data>
    <Data Name="param3">022014-18595-01</Data>
  </EventData>
</Event>
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014
Commented:
hi,

Open the .wer file from C:\ProgramData\Microsoft\Windows\WER location and see the AppPath to find the faulty file/application.
Shahnawaz AhmedCloud Migration Engineer

Commented:
Cause - A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.

This is the classic "buffer overrun" hacking attack. The system has been brought down to prevent a malicious user from gaining complete control of it.

Lets upload the DUMP so experts can have a look.

Author

Commented:
The dump is over 500MB so I am uploading it to dropbox. The system has Eset Smart Security Suite on it.

Regarding sgupta's comment. Is the .wer file on all machines?
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Most Valuable Expert 2015

Commented:
Change your settings so that in future minidumps are saved, not full memory dumps. Then wait until at least 3 of them have been created, zip them into a file, and attach that zip file with your next comment. Full dumps just waste more space and don't really give any more info.
Top Expert 2014

Commented:
hi mavcom,

Latest one.

Author

Commented:
Where do I change the dump settings?
Top Expert 2014

Commented:
click on My computer property and Win7
Shahnawaz AhmedCloud Migration Engineer

Commented:
I don't think mini dump could give you relevant information , however it will let us know what is the culprit driver, which can be updated

Author

Commented:
Most Valuable Expert 2015
Commented:
The driver AE1200w764.sys seems to be the cause of the crash. This looks like software from your Router. Normally you don't need to install software of a router on a PC, so you could uninstall it, or then check for upgrades.

Author

Commented:
I will look at that. They tested a AE1200 wireless adapter on it recently but it is not being used.

Author

Commented:
Where can I learn how to interpret the dumps?
Top Expert 2014

Commented:
Shahnawaz AhmedCloud Migration Engineer
Commented:
Mavcom,

I must say that if you read SYSINTERNALS book or may be if you can download videos it will give you a very very good understanding about windows OS and Memory Dumps.
Shahnawaz AhmedCloud Migration Engineer

Commented:
I have seen 3 books of Sysinternals written by Mark Russonovich . Sysinternals 4/5/6

Author

Commented:
Thank you.  Will let you know success this afternoon.
Top Expert 2015

Commented:
You can get bluescreen viewer from www.nirsoft.com
That will tell you what was on the blue screen. Rule of a thumb - upgrade involved drivers...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial