Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2416
  • Last Modified:

Machine Restarting Event ID 1001

Hi;

A machine restarts about two times a day. This is the what is seen in Event viewer.  Any ideas would be appreciated. I will add a link to the dump file in dropbox when it completes uploading.

Log Name:      System
Source:        Microsoft-Windows-WER-SystemErrorReporting
Date:          02/20/2014 1:16:05 PM
Event ID:      1001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SFS106
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022014-18595-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-20T18:16:05.000000000Z" />
    <EventRecordID>359136</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SFS106</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000)</Data>
    <Data Name="param2">C:\Windows\MEMORY.DMP</Data>
    <Data Name="param3">022014-18595-01</Data>
  </EventData>
</Event>
0
mavcom
Asked:
mavcom
  • 6
  • 4
  • 4
  • +2
3 Solutions
 
Santosh GuptaCommented:
hi,

Open the .wer file from C:\ProgramData\Microsoft\Windows\WER location and see the AppPath to find the faulty file/application.
0
 
Shahnawaz AhmedTechnical Services SpecialistCommented:
Cause - A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.

This is the classic "buffer overrun" hacking attack. The system has been brought down to prevent a malicious user from gaining complete control of it.

Lets upload the DUMP so experts can have a look.
0
 
mavcomAuthor Commented:
The dump is over 500MB so I am uploading it to dropbox. The system has Eset Smart Security Suite on it.

Regarding sgupta's comment. Is the .wer file on all machines?
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
rindiCommented:
Change your settings so that in future minidumps are saved, not full memory dumps. Then wait until at least 3 of them have been created, zip them into a file, and attach that zip file with your next comment. Full dumps just waste more space and don't really give any more info.
0
 
Santosh GuptaCommented:
hi mavcom,

Latest one.
0
 
mavcomAuthor Commented:
Where do I change the dump settings?
0
 
Santosh GuptaCommented:
click on My computer property and Win7
0
 
Shahnawaz AhmedTechnical Services SpecialistCommented:
I don't think mini dump could give you relevant information , however it will let us know what is the culprit driver, which can be updated
0
 
mavcomAuthor Commented:
0
 
rindiCommented:
The driver AE1200w764.sys seems to be the cause of the crash. This looks like software from your Router. Normally you don't need to install software of a router on a PC, so you could uninstall it, or then check for upgrades.
0
 
mavcomAuthor Commented:
I will look at that. They tested a AE1200 wireless adapter on it recently but it is not being used.
0
 
mavcomAuthor Commented:
Where can I learn how to interpret the dumps?
0
 
Shahnawaz AhmedTechnical Services SpecialistCommented:
Mavcom,

I must say that if you read SYSINTERNALS book or may be if you can download videos it will give you a very very good understanding about windows OS and Memory Dumps.
0
 
Shahnawaz AhmedTechnical Services SpecialistCommented:
I have seen 3 books of Sysinternals written by Mark Russonovich . Sysinternals 4/5/6
0
 
mavcomAuthor Commented:
Thank you.  Will let you know success this afternoon.
0
 
gheistCommented:
You can get bluescreen viewer from www.nirsoft.com
That will tell you what was on the blue screen. Rule of a thumb - upgrade involved drivers...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now