Machine Restarting Event ID 1001


A machine restarts about two times a day. This is the what is seen in Event viewer.  Any ideas would be appreciated. I will add a link to the dump file in dropbox when it completes uploading.

Log Name:      System
Source:        Microsoft-Windows-WER-SystemErrorReporting
Date:          02/20/2014 1:16:05 PM
Event ID:      1001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SFS106
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022014-18595-01.
Event Xml:
<Event xmlns="">
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <TimeCreated SystemTime="2014-02-20T18:16:05.000000000Z" />
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Security />
    <Data Name="param1">0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000)</Data>
    <Data Name="param2">C:\Windows\MEMORY.DMP</Data>
    <Data Name="param3">022014-18595-01</Data>
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Santosh GuptaCommented:

Open the .wer file from C:\ProgramData\Microsoft\Windows\WER location and see the AppPath to find the faulty file/application.
Shahnawaz AhmedCloud Migration EngineerCommented:
Cause - A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.

This is the classic "buffer overrun" hacking attack. The system has been brought down to prevent a malicious user from gaining complete control of it.

Lets upload the DUMP so experts can have a look.
mavcomAuthor Commented:
The dump is over 500MB so I am uploading it to dropbox. The system has Eset Smart Security Suite on it.

Regarding sgupta's comment. Is the .wer file on all machines?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Change your settings so that in future minidumps are saved, not full memory dumps. Then wait until at least 3 of them have been created, zip them into a file, and attach that zip file with your next comment. Full dumps just waste more space and don't really give any more info.
Santosh GuptaCommented:
hi mavcom,

Latest one.
mavcomAuthor Commented:
Where do I change the dump settings?
Santosh GuptaCommented:
click on My computer property and Win7
Shahnawaz AhmedCloud Migration EngineerCommented:
I don't think mini dump could give you relevant information , however it will let us know what is the culprit driver, which can be updated
mavcomAuthor Commented:
The driver AE1200w764.sys seems to be the cause of the crash. This looks like software from your Router. Normally you don't need to install software of a router on a PC, so you could uninstall it, or then check for upgrades.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mavcomAuthor Commented:
I will look at that. They tested a AE1200 wireless adapter on it recently but it is not being used.
mavcomAuthor Commented:
Where can I learn how to interpret the dumps?
Shahnawaz AhmedCloud Migration EngineerCommented:

I must say that if you read SYSINTERNALS book or may be if you can download videos it will give you a very very good understanding about windows OS and Memory Dumps.
Shahnawaz AhmedCloud Migration EngineerCommented:
I have seen 3 books of Sysinternals written by Mark Russonovich . Sysinternals 4/5/6
mavcomAuthor Commented:
Thank you.  Will let you know success this afternoon.
You can get bluescreen viewer from
That will tell you what was on the blue screen. Rule of a thumb - upgrade involved drivers...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.