[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Machine Restarting Event ID 1001

Posted on 2014-02-27
17
Medium Priority
?
2,222 Views
Last Modified: 2014-03-31
Hi;

A machine restarts about two times a day. This is the what is seen in Event viewer.  Any ideas would be appreciated. I will add a link to the dump file in dropbox when it completes uploading.

Log Name:      System
Source:        Microsoft-Windows-WER-SystemErrorReporting
Date:          02/20/2014 1:16:05 PM
Event ID:      1001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SFS106
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022014-18595-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-20T18:16:05.000000000Z" />
    <EventRecordID>359136</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SFS106</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">0x000000f7 (0x808087ff74821eaf, 0x0000f8800d71840d, 0xffff077ff28e7bf2, 0x0000000000000000)</Data>
    <Data Name="param2">C:\Windows\MEMORY.DMP</Data>
    <Data Name="param3">022014-18595-01</Data>
  </EventData>
</Event>
0
Comment
Question by:mavcom
  • 6
  • 4
  • 4
  • +2
17 Comments
 
LVL 13

Assisted Solution

by:Santosh Gupta
Santosh Gupta earned 600 total points
ID: 39891681
hi,

Open the .wer file from C:\ProgramData\Microsoft\Windows\WER location and see the AppPath to find the faulty file/application.
0
 
LVL 8

Expert Comment

by:Shahnawaz Ahmed
ID: 39891689
Cause - A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.

This is the classic "buffer overrun" hacking attack. The system has been brought down to prevent a malicious user from gaining complete control of it.

Lets upload the DUMP so experts can have a look.
0
 

Author Comment

by:mavcom
ID: 39891704
The dump is over 500MB so I am uploading it to dropbox. The system has Eset Smart Security Suite on it.

Regarding sgupta's comment. Is the .wer file on all machines?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 88

Expert Comment

by:rindi
ID: 39891722
Change your settings so that in future minidumps are saved, not full memory dumps. Then wait until at least 3 of them have been created, zip them into a file, and attach that zip file with your next comment. Full dumps just waste more space and don't really give any more info.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39891771
hi mavcom,

Latest one.
0
 

Author Comment

by:mavcom
ID: 39891795
Where do I change the dump settings?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39891806
click on My computer property and Win7
0
 
LVL 8

Expert Comment

by:Shahnawaz Ahmed
ID: 39891811
I don't think mini dump could give you relevant information , however it will let us know what is the culprit driver, which can be updated
0
 

Author Comment

by:mavcom
ID: 39892113
0
 
LVL 88

Accepted Solution

by:
rindi earned 1000 total points
ID: 39892235
The driver AE1200w764.sys seems to be the cause of the crash. This looks like software from your Router. Normally you don't need to install software of a router on a PC, so you could uninstall it, or then check for upgrades.
0
 

Author Comment

by:mavcom
ID: 39894994
I will look at that. They tested a AE1200 wireless adapter on it recently but it is not being used.
0
 

Author Comment

by:mavcom
ID: 39894998
Where can I learn how to interpret the dumps?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39895040
0
 
LVL 8

Assisted Solution

by:Shahnawaz Ahmed
Shahnawaz Ahmed earned 400 total points
ID: 39895046
Mavcom,

I must say that if you read SYSINTERNALS book or may be if you can download videos it will give you a very very good understanding about windows OS and Memory Dumps.
0
 
LVL 8

Expert Comment

by:Shahnawaz Ahmed
ID: 39895053
I have seen 3 books of Sysinternals written by Mark Russonovich . Sysinternals 4/5/6
0
 

Author Comment

by:mavcom
ID: 39895070
Thank you.  Will let you know success this afternoon.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39940626
You can get bluescreen viewer from www.nirsoft.com
That will tell you what was on the blue screen. Rule of a thumb - upgrade involved drivers...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
It is a real story and is one of my scariest tech experiences. Most users think that IT experts like us know how to fix all computer problems. However, if there is a time constraint and you MUST not fail the task or you will lose your job, a simple …
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question