Event id 1003 system error

By lauriej
Jul 3, 2008
Topic Status:
Not open for further replies.
  1. hello

    my daugher was using my laptop when blue screen came up we restarted the laptop and all is fine now but wonder what might have caused it. the error said cat 102 event id 1003 then error code 1000008e parameter 1 c000005 and more gibberish. she was on ie 7 at time of crash. i use xp service pack 2

    i have included a zipped file of the contents of minidump.


    thank you i found this place by doing a search for the event id
  2. CCT

    CCT Newcomer, in training Posts: 3,556

  3. lauriej

    lauriej Newcomer, in training Topic Starter

    ok i was reading other posts and it could also be memory. which is why i included the dump as i have no idea how to read the dump. i am using 2 1 gig sticks of centon memory and was hoping that that isn't the problem.

    my daughter had been on internet all morning and we have a wireless router we use. so not sure if that could be it (would be nice if it isn't the memory)
  4. woody1191

    woody1191 Newcomer, in training Posts: 638

    MiniDump 020308-01:
    BugCheck 24, {1902fe, ee258480, ee25817c, f7246259}
    Unable to load image SYMEVENT.SYS, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for SYMEVENT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
    Probably caused by : Ntfs.sys ( Ntfs!NtfsCreateLcb+5b )

    MiniDump 031208-01:
    BugCheck 1000008E, {c0000005, 805b06cd, eba9ab64, 0}
    Probably pool corruption caused by Tag: Even

    MiniDump 070308-01:
    BugCheck 1000008E, {c0000005, 805448f3, badaf67c, 0}
    Unable to load image SAVRT.SYS, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for SAVRT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS
    Probably caused by : SAVRT.SYS ( SAVRT+45bf3 )

    The main causes of the 0x24 errors are heavy hard disk defragmentation or some Antivirus software since two of those MiniDumps mention Symantec Drivers i would remove it but firstly try this.

    1. Run Disk Check.
    2. Run Memtest for a minimum of 7 passes.
    3. Update your Symantec Software.
    4. Run a Virus Scan.

    If you still get BSOD's after this then i would try removing the Symantec software to see if that clears the problem up.
  5. lauriej

    lauriej Newcomer, in training Topic Starter

    ok i did run the antivirus and it found nothing. will check the disk. how do i check memory the laptop has a cd/dvd drive and memory slots.


    the norton is 2005 but i have subscription so it should be up to date. i didn't even know about the other bsod since my older daughter was using the laptop from dec to april. and she never told me about it.
  6. woody1191

    woody1191 Newcomer, in training Posts: 638

    You can either download this Windows Memory Tool
    http://oca.microsoft.com/en/windiag.asp
    Or you can download Memtest
    http://www.memtest.org/
    And then burn them to separate disks put them in the cd/dvd drive if your laptop is already set to boot from a disk first it will start running and you just let the program do its tests. Would be even better if you used both programs.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I don't handle memory dump files but I do work on Event Viewer Errors. There are three necessary pieces of information in an Error, which can be easily copied and pasted here. You have left out the Source, but it most likely 'System Event' and the System Error, Eventid 1003, could occur for numerous reasons, as
    commented on at eventid.net:
    http://eventid.net/display.asp?eventid=1003&eventno=1274&source=System&phase=1

    The Report will resemble this:
    Event Type: Error
    Event Source: System Error
    Event Category: (102)
    Event ID: 1003
    Date:
    Time:
    User:
    Computer:
    Description:
    Error code 1000008e, parameter1 c0000005, followed by parameter 2,3, and 4, which is not gibberish.
    The Error code will usually be followed by something like "KERNEL_MODE_EXCEPTION_NOT_HANDLED_M" or other.

    By doing a right click on the Error> Properties and clicking on the Copy icon below the down arrow, the Event can then be pasted here- without all the lines of code that follow the Description.

    Handling error messages is dependent on the information given and it needs to be correct and complete.
  8. lauriej

    lauriej Newcomer, in training Topic Starter

    no there was nothing after the parameter info. the next line was for the help info which i went to and had a list of different things such as a virus. which is why i ran norton. the help info had this

    id 1003
    source system error
    version 5.2
    symbolic name er_krnlcrash_log

    i will check and see if i still have the error log
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The er_krnlcrash_log indicates a device driver crash. Where did you see this?

    The Stop 0x0000008E error message occurs when you change the hardware acceleration setting

    Please copy the Errors as asked:
    Control Panel> Administrative Tools> Event Viewer> Click on System & Apps, one at a time on the left> look for Errors on the right> right click error> Properties> note description of error, Event# and Source.

    There is a "copy" button below the up/down arrows. Click that, then paste (use CTRL-V) the event details here. It makes for easy reporting of the event-you do not need to include the lines of code that follow the Description-but paste all else.

    You will be looking for Error that occurs at the time of the problem. Please ignore Warnings.
  10. lauriej

    lauriej Newcomer, in training Topic Starter

    the only error message is the event id 1003 message at that time. and nothing was changed. i wonder if my daughter overheated the laptop though she has a habit of keeping on her legs when using it.
  11. lauriej

    lauriej Newcomer, in training Topic Starter

    well it seems that there is something wrong with the hard drive. did a defrag then went to do scan disk and when i get to step 4 i started getting the message the disk does not have enough space to replace bad clusters and then it has been going for about 15 minutes. i had similar problem on my daughters latptop back in april had to replace the hard drive (which was under warranty.) i dont think this one is.
     
  12. CCT

    CCT Newcomer, in training Posts: 3,556

    One of the possibilities Bobbye mentioned was a severely defragmented drive, which would reduce available drive space.

    Have you defragged?
  13. lauriej

    lauriej Newcomer, in training Topic Starter

    i did a defrag it is a 80gig drive with 73% unused. did the scan disk got this message when it got to step 4 the disk does not have enough space to replace bad clusters detected in file (then it listed a lot of files) however there was no log in the event viewer to tell me what is wrong i checked applications but nothing for winlogon. i did a harddrive check in the bios setup and it said it passed but that was the short test. toshiba doesn't make a diagnostic tool so i can't check the drive. my daughters compaq just had to have the drive replaced for the 2nd time since we got it (the last time i got the same message when doing the chkdsk) luckily that drive was warrantied as we got it sept 07. according to toshiba this drive went out of warranty last month.

    it took about 2 hours to do the chkdsk is there a way to do test again and get a log file?
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Try doing this in order:
    Disc Cleanup to include deleting temporary internet files, temp file, History, Cookies.
    Error Check from Tools in hard drive properties> check both boxes- fix and scan.
    Follow with defrag.

    See if that works better.

    According to your original post, the 'problem' was actually fixed, but you're curious as to the cause. I wouldn't lose too much sleep on investigating 'after the fact'!
  15. lauriej

    lauriej Newcomer, in training Topic Starter

    the problem is the chkdsk is saying i have a problem. i did a disk cleanup then a defrag then i checked both boxes in chkdsk restarted pc while running the chkdsk when it gets to test 4 it gets about 18% then a get a scrolling screen saying the disk does not have enough space to replace bad clusters detected in file ####### in name this goes on for about 39-45 minutes then is says error has occurred it runs test 5 then again says an error has occurred. after booitng i go into event viewer but there is no winlogon file to tell me what is wrong.
  16. woody1191

    woody1191 Newcomer, in training Posts: 638

    I have a Toshiba HDD you could try testing it with SpeedFan.
    http://www.almico.com/sfdownload.php

    Download and install it and when you get to the program menu go to the tab "S.M.A.R.T" and then click on the button "Perform In Depth Analysis" this will be done online so have your Internet Browser up it will open a tab there and show you different stats about the Health Of Your HDD etc.
  17. lauriej

    lauriej Newcomer, in training Topic Starter

    ok did a scan with hdtune and here are results

    HD Tune: TOSHIBA MK8025GAS Information

    Firmware version : KA024A
    Serial number : 45KT8836T
    Capacity : 74.5 GB (~80.0 GB)
    Buffer size : n/a
    Standard : ATA/ATAPI-6
    Supported mode : UDMA Mode 5 (Ultra ATA/100)
    Current mode : UDMA Mode 5 (Ultra ATA/100)

    S.M.A.R.T : yes
    48-bit Address : no
    Read Look-Ahead : yes
    Write Cache : yes
    Host Protected Area : yes
    Device Configuration Overlay : yes
    Automatic Acoustic Management: no
    Power Management : yes
    Advanced Power Management : yes
    Power-up in Standby : no
    Security Mode : yes
    Firmware Upgradable : no

    Partition : 1
    Drive letter : C:\
    Label : main
    Capacity : 76308 MB
    Usage : 33.42%
    Type : NTFS
    Bootable : Yes


    HD Tune: TOSHIBA MK8025GAS Health

    ID Current Worst ThresholdData Status
    (01) Raw Read Error Rate 100 100 50 0 Ok
    (02) Throughput Performance 100 100 50 0 Ok
    (03) Spin Up Time 100 100 1 1453 Ok
    (04) Start/Stop Count 100 100 0 467 Ok
    (05) Reallocated Sector Count 100 100 50 0 Ok
    (07) Seek Error Rate 100 100 50 0 Ok
    (08) Seek Time Performance 100 100 50 0 Ok
    (09) Power On Hours Count 98 98 0 914 Ok
    (0A) Spin Retry Count 109 100 30 0 Ok
    (0C) Power Cycle Count 100 100 0 459 Ok
    (C0) Power Off Retract Count 100 100 0 15 Ok
    (C1) Load Cycle Count 99 99 0 17438 Ok
    (C2) Temperature 100 100 0 1179699 Ok
    (C4) Reallocated Event Count 100 100 0 0 Ok
    (C5) Current Pending Sector 100 100 0 0 Ok
    (C6) Offline Uncorrectable 100 100 0 0 Ok
    (C7) Ultra DMA CRC Error Count 200 200 0 0 Ok
    (DC) Disk Shift 100 100 0 8341 Ok
    (DE) Loaded Hours 99 99 0 519 Ok
    (DF) Load/Unload Retry Count 100 100 0 0 Ok
    (E0) Load Friction 100 100 0 0 Ok
    (E2) Load-in time 100 100 0 228 Ok
    (F0) Head Flying Hours 100 100 1 0 Ok

    Power On Time : 914
    Health Status : Ok

    HD Tune: TOSHIBA MK8025GAS Error Scan

    Scanned data : 76288 MB
    Damaged Blocks : 0.0 %
    Elapsed Time : 65:19

    speedfan info

    Your hard disk is a TOSHIBA MK8025GAS with firmware KA024A.
    The average temperature for this hard disk is 41C (MIN=31C MAX=53C) and yours is 48C.
    Your hard disk's S.M.A.R.T. attributes are now being analyzed and a full report about the reliability, health and status of your hard disk is generated:
    Your hard disk is not below any attribute threshold. This is good.
    Your hard disk was never below any attribute threshold. This is good.
    Your hard disk is now being compared to real data used to define normal values for your specific hard disk model. This way, the analysis can automatically use proper operating ranges. The images give you an idea of how each attribute is within such range. Current and raw values are shown for easier reference for experienced users. There are 2048 hard disk models in the current archive.

    Attribute Current Raw Overall
    Raw Read Error Rate 100 0 Very good
    Throughput Performance 100 0 Very good
    Spin Up Time 100 1453 Very good
    Start/Stop Count 100 467 Very good
    Reallocated Sector Count 100 0 Very good
    Seek Error Rate 100 0 Very good
    Seek Time Performance 100 0 Very good
    Power On Hours Count 98 915 Very good
    Spin Retry Count 109 0 Normal
    Power Cycle Count 100 459 Very good
    Power Off Retract Count 100 15 Very good
    Load Cycle Count 99 17438 Very good
    Reallocated Event Count 100 0 Very good
    Current Pending Sector 100 0 Very good
    Offline Uncorrectable Sector Count 100 0 Very good
    Ultra DMA CRC Error Rate 200 0 Very good
    Disk Shift 100 8341 Very good
    Loaded Hours 99 519 Very good
    Load Retry Count 100 0 Very good
    Load Friction 100 0 Very good
    Load In Time 100 228 Very good
    Write Head 100 0 Very good


    All of the attributes of your hard disk have normal values. This is good.


    The overall fitness for this drive is 92%.
    The overall performance for this drive is 100%.
  18. woody1191

    woody1191 Newcomer, in training Posts: 638

    Two reports are pretty conclusive the HDD looks in Good shape according to both reports.
    Then just run one of the Memory Tests which are linked above to check the RAM. And then if the laptop isn't under warranty unscrewing the bottom and using a can of compressed air to clean out the system of any dust and dirt.

    Bobbye pointed out that you said the laptop was fine now. Those Mini Dumps are quite far apart February - July so it might just be coincidence.

    I've had a couple of blue screens never found the cause no matter how many checks/tests on Hardware and looking at the Mini Dumps i did. Don't know to this day what the causes for my blue screens were never effected me since.
    So I would suggest that if you have done everything everyone has suggested then it will be alright with the laptop.
    If you do get another Blue Screen then you know where to post back :)
  19. lauriej

    lauriej Newcomer, in training Topic Starter

    i didn't know why the bsod that appeared but when i did a google on the event id message i found this site. and only found the error on harddrive when running the chkdsk. i even ran a chkdsk /r and still got the message about bad clusters. but no log generated in event viewer so i have no idea what is going on with drive. but it seems all is well now will keep an eye on it. i have a cooler pad i will have my daugher start using in case it is overheating.

    thank you for your help
  20. lauriej

    lauriej Newcomer, in training Topic Starter

    ok i finally was able to get a log file from chkdsk and it show this and i found this log via the defrag file not sure what it means but it was found here c:\windows\system32\lwbem\logs\wbemess.txt

    (Sun Jul 06 11:53:21 2008.242593) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Sun Jul 06 11:53:21 2008.243359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 11:53:21 2008.243359) : Failed to log an event: 6B5
    (Sun Jul 06 11:53:21 2008.243359) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 11:53:21 2008.243359) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (
    (Sun Jul 06 13:19:18 2008.5134015) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 13:19:53 2008.5168843) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 13:19:59 2008.5174906) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 13:20:03 2008.5179406) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 13:20:37 2008.5212593) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:20 2008.12456062) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:26 2008.12462375) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:26 2008.12462390) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:26 2008.12462390) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:26 2008.12462390) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:26 2008.12462390) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:26 2008.12462406) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:26 2008.12462406) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:26 2008.12462406) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:26 2008.12462406) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:26 2008.12462421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:26 2008.12462421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:26 2008.12462421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:26 2008.12462421) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Sun Jul 06 15:21:26 2008.12462468) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:26 2008.12462468) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:26 2008.12462468) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:26 2008.12462484) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:26 2008.12462484) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:26 2008.12462484) : Failed to log an event: 6B5
    ((Sun Jul 06 15:21:27 2008.12462562) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462578) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462578) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462578) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462578) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462609) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Sun Jul 06 15:21:27 2008.12462609) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:27 2008.12462609) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:27 2008.12462625) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:27 2008.12462625) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:27 2008.12462625) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:27 2008.12462640) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:30 2008.12465859) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:30 2008.12465859) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Sun Jul 06 15:21:30 2008.12465921) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:30 2008.12465921) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:30 2008.12465921) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:30 2008.12465921) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:30 2008.12465937) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:30 2008.12465937) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:30 2008.12465937) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Sun Jul 06 15:21:31 2008.12467031) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Sun Jul 06 15:21:31 2008.12467031) : Failed to log an event: 6B5
    (Sun Jul 06 15:21:31 2008.12467031) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Sun Jul 06 15:21:31 2008.12467031) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Tue Jul 08 12:19:46 2008.35687) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:19:46 2008.35765) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:19:46 2008.35765) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:19:48 2008.38390) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:20:23 2008.73359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:20:28 2008.77968) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:20:32 2008.82406) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:20:42 2008.91625) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:20:45 2008.94703) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:20:46 2008.95562) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:21:05 2008.115015) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:21:09 2008.119125) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:21:13 2008.123390) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:21:38 2008.148296) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:21:47 2008.157406) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:24:14 2008.303890) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:24:16 2008.306312) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Tue Jul 08 12:24:44 2008.333796) : NT Event Log Consumer: could not retrieve sid, 0x80041002

    chkdsk log is as follows

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\laurie>cd c:\

    C:\>chkdsk
    The type of the file system is NTFS.
    Volume label is main.

    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.

    CHKDSK is verifying files (stage 1 of 3)...
    File verification completed.
    CHKDSK is verifying indexes (stage 2 of 3)...
    Deleting index entry tmp.edb in index $I30 of file 9949.
    Index verification completed.

    Errors found. CHKDSK cannot continue in read-only mode.
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please check the following information. All deal with what you are reporting:

    The NT Event Log is a basic part of XP and failure by it (for whatever reason) results in no Event Viewer data. It's also a subset of Windows Management Instrumentation.

    Logging to NT Event Log Based on an Event:
    http://msdn.microsoft.com/en-us/library/aa392282.aspx

    Windows Management Instrumentation:
    http://searchwincomputing.techtarget.com/sDefinition/0,,sid68_gci1065292,00.html

    The Wbemess.log file contains all warning and error messages related to the WMI event subsystem. Those errors that require administrator attention are also logged in the Windows NT Event log. Only administrators have read access to the WMI log folder found at %windir%\system32\wbem\logs.

    Under the WMI Control Properties/Logging Tab, uncheck Verbose.

    Sources: Bleeping Computer, Google Groups, MSDN Forums.
  22. lauriej

    lauriej Newcomer, in training Topic Starter

    i checked and the only thing checked is errors only my choices are disable errors only and verbose.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.