Event id 1003 system error

Status
Not open for further replies.
L

lauriej

Posts: 12   +0
hello

my daugher was using my laptop when blue screen came up we restarted the laptop and all is fine now but wonder what might have caused it. the error said cat 102 event id 1003 then error code 1000008e parameter 1 c000005 and more gibberish. she was on ie 7 at time of crash. i use xp service pack 2

i have included a zipped file of the contents of minidump.


thank you i found this place by doing a search for the event id
 
ok i was reading other posts and it could also be memory. which is why i included the dump as i have no idea how to read the dump. i am using 2 1 gig sticks of centon memory and was hoping that that isn't the problem.

my daughter had been on internet all morning and we have a wireless router we use. so not sure if that could be it (would be nice if it isn't the memory)
 
MiniDump 020308-01:
BugCheck 24, {1902fe, ee258480, ee25817c, f7246259}
Unable to load image SYMEVENT.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : Ntfs.sys ( Ntfs!NtfsCreateLcb+5b )

MiniDump 031208-01:
BugCheck 1000008E, {c0000005, 805b06cd, eba9ab64, 0}
Probably pool corruption caused by Tag: Even

MiniDump 070308-01:
BugCheck 1000008E, {c0000005, 805448f3, badaf67c, 0}
Unable to load image SAVRT.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SAVRT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS
Probably caused by : SAVRT.SYS ( SAVRT+45bf3 )

The main causes of the 0x24 errors are heavy hard disk defragmentation or some Antivirus software since two of those MiniDumps mention Symantec Drivers i would remove it but firstly try this.

1. Run Disk Check.
2. Run Memtest for a minimum of 7 passes.
3. Update your Symantec Software.
4. Run a Virus Scan.

If you still get BSOD's after this then i would try removing the Symantec software to see if that clears the problem up.
 
ok i did run the antivirus and it found nothing. will check the disk. how do i check memory the laptop has a cd/dvd drive and memory slots.


the norton is 2005 but i have subscription so it should be up to date. i didn't even know about the other bsod since my older daughter was using the laptop from dec to april. and she never told me about it.
 
I don't handle memory dump files but I do work on Event Viewer Errors. There are three necessary pieces of information in an Error, which can be easily copied and pasted here. You have left out the Source, but it most likely 'System Event' and the System Error, Eventid 1003, could occur for numerous reasons, as
commented on at eventid.net:
http://eventid.net/display.asp?eventid=1003&eventno=1274&source=System&phase=1

The Report will resemble this:
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date:
Time:
User:
Computer:
Description:
Error code 1000008e, parameter1 c0000005, followed by parameter 2,3, and 4, which is not gibberish.
The Error code will usually be followed by something like "KERNEL_MODE_EXCEPTION_NOT_HANDLED_M" or other.

By doing a right click on the Error> Properties and clicking on the Copy icon below the down arrow, the Event can then be pasted here- without all the lines of code that follow the Description.

Handling error messages is dependent on the information given and it needs to be correct and complete.
 
no there was nothing after the parameter info. the next line was for the help info which i went to and had a list of different things such as a virus. which is why i ran norton. the help info had this

id 1003
source system error
version 5.2
symbolic name er_krnlcrash_log

i will check and see if i still have the error log
 
The er_krnlcrash_log indicates a device driver crash. Where did you see this?

The Stop 0x0000008E error message occurs when you change the hardware acceleration setting

Please copy the Errors as asked:
Control Panel> Administrative Tools> Event Viewer> Click on System & Apps, one at a time on the left> look for Errors on the right> right click error> Properties> note description of error, Event# and Source.

There is a "copy" button below the up/down arrows. Click that, then paste (use CTRL-V) the event details here. It makes for easy reporting of the event-you do not need to include the lines of code that follow the Description-but paste all else.

You will be looking for Error that occurs at the time of the problem. Please ignore Warnings.
 
the only error message is the event id 1003 message at that time. and nothing was changed. i wonder if my daughter overheated the laptop though she has a habit of keeping on her legs when using it.
 
well it seems that there is something wrong with the hard drive. did a defrag then went to do scan disk and when i get to step 4 i started getting the message the disk does not have enough space to replace bad clusters and then it has been going for about 15 minutes. i had similar problem on my daughters latptop back in april had to replace the hard drive (which was under warranty.) i dont think this one is.
 
One of the possibilities Bobbye mentioned was a severely defragmented drive, which would reduce available drive space.

Have you defragged?
 
i did a defrag it is a 80gig drive with 73% unused. did the scan disk got this message when it got to step 4 the disk does not have enough space to replace bad clusters detected in file (then it listed a lot of files) however there was no log in the event viewer to tell me what is wrong i checked applications but nothing for winlogon. i did a harddrive check in the bios setup and it said it passed but that was the short test. toshiba doesn't make a diagnostic tool so i can't check the drive. my daughters compaq just had to have the drive replaced for the 2nd time since we got it (the last time i got the same message when doing the chkdsk) luckily that drive was warrantied as we got it sept 07. according to toshiba this drive went out of warranty last month.

it took about 2 hours to do the chkdsk is there a way to do test again and get a log file?
 
Try doing this in order:
Disc Cleanup to include deleting temporary internet files, temp file, History, Cookies.
Error Check from Tools in hard drive properties> check both boxes- fix and scan.
Follow with defrag.

See if that works better.

According to your original post, the 'problem' was actually fixed, but you're curious as to the cause. I wouldn't lose too much sleep on investigating 'after the fact'!
 
the problem is the chkdsk is saying i have a problem. i did a disk cleanup then a defrag then i checked both boxes in chkdsk restarted pc while running the chkdsk when it gets to test 4 it gets about 18% then a get a scrolling screen saying the disk does not have enough space to replace bad clusters detected in file ####### in name this goes on for about 39-45 minutes then is says error has occurred it runs test 5 then again says an error has occurred. after booitng i go into event viewer but there is no winlogon file to tell me what is wrong.
 
I have a Toshiba HDD you could try testing it with SpeedFan.
http://www.almico.com/sfdownload.php

Download and install it and when you get to the program menu go to the tab "S.M.A.R.T" and then click on the button "Perform In Depth Analysis" this will be done online so have your Internet Browser up it will open a tab there and show you different stats about the Health Of Your HDD etc.
 
ok did a scan with hdtune and here are results

HD Tune: TOSHIBA MK8025GAS Information

Firmware version : KA024A
Serial number : 45KT8836T
Capacity : 74.5 GB (~80.0 GB)
Buffer size : n/a
Standard : ATA/ATAPI-6
Supported mode : UDMA Mode 5 (Ultra ATA/100)
Current mode : UDMA Mode 5 (Ultra ATA/100)

S.M.A.R.T : yes
48-bit Address : no
Read Look-Ahead : yes
Write Cache : yes
Host Protected Area : yes
Device Configuration Overlay : yes
Automatic Acoustic Management: no
Power Management : yes
Advanced Power Management : yes
Power-up in Standby : no
Security Mode : yes
Firmware Upgradable : no

Partition : 1
Drive letter : C:\
Label : main
Capacity : 76308 MB
Usage : 33.42%
Type : NTFS
Bootable : Yes


HD Tune: TOSHIBA MK8025GAS Health

ID Current Worst ThresholdData Status
(01) Raw Read Error Rate 100 100 50 0 Ok
(02) Throughput Performance 100 100 50 0 Ok
(03) Spin Up Time 100 100 1 1453 Ok
(04) Start/Stop Count 100 100 0 467 Ok
(05) Reallocated Sector Count 100 100 50 0 Ok
(07) Seek Error Rate 100 100 50 0 Ok
(08) Seek Time Performance 100 100 50 0 Ok
(09) Power On Hours Count 98 98 0 914 Ok
(0A) Spin Retry Count 109 100 30 0 Ok
(0C) Power Cycle Count 100 100 0 459 Ok
(C0) Power Off Retract Count 100 100 0 15 Ok
(C1) Load Cycle Count 99 99 0 17438 Ok
(C2) Temperature 100 100 0 1179699 Ok
(C4) Reallocated Event Count 100 100 0 0 Ok
(C5) Current Pending Sector 100 100 0 0 Ok
(C6) Offline Uncorrectable 100 100 0 0 Ok
(C7) Ultra DMA CRC Error Count 200 200 0 0 Ok
(DC) Disk Shift 100 100 0 8341 Ok
(DE) Loaded Hours 99 99 0 519 Ok
(DF) Load/Unload Retry Count 100 100 0 0 Ok
(E0) Load Friction 100 100 0 0 Ok
(E2) Load-in time 100 100 0 228 Ok
(F0) Head Flying Hours 100 100 1 0 Ok

Power On Time : 914
Health Status : Ok

HD Tune: TOSHIBA MK8025GAS Error Scan

Scanned data : 76288 MB
Damaged Blocks : 0.0 %
Elapsed Time : 65:19

speedfan info

Your hard disk is a TOSHIBA MK8025GAS with firmware KA024A.
The average temperature for this hard disk is 41C (MIN=31C MAX=53C) and yours is 48C.
Your hard disk's S.M.A.R.T. attributes are now being analyzed and a full report about the reliability, health and status of your hard disk is generated:
Your hard disk is not below any attribute threshold. This is good.
Your hard disk was never below any attribute threshold. This is good.
Your hard disk is now being compared to real data used to define normal values for your specific hard disk model. This way, the analysis can automatically use proper operating ranges. The images give you an idea of how each attribute is within such range. Current and raw values are shown for easier reference for experienced users. There are 2048 hard disk models in the current archive.

Attribute Current Raw Overall
Raw Read Error Rate 100 0 Very good
Throughput Performance 100 0 Very good
Spin Up Time 100 1453 Very good
Start/Stop Count 100 467 Very good
Reallocated Sector Count 100 0 Very good
Seek Error Rate 100 0 Very good
Seek Time Performance 100 0 Very good
Power On Hours Count 98 915 Very good
Spin Retry Count 109 0 Normal
Power Cycle Count 100 459 Very good
Power Off Retract Count 100 15 Very good
Load Cycle Count 99 17438 Very good
Reallocated Event Count 100 0 Very good
Current Pending Sector 100 0 Very good
Offline Uncorrectable Sector Count 100 0 Very good
Ultra DMA CRC Error Rate 200 0 Very good
Disk Shift 100 8341 Very good
Loaded Hours 99 519 Very good
Load Retry Count 100 0 Very good
Load Friction 100 0 Very good
Load In Time 100 228 Very good
Write Head 100 0 Very good


All of the attributes of your hard disk have normal values. This is good.


The overall fitness for this drive is 92%.
The overall performance for this drive is 100%.
 
Two reports are pretty conclusive the HDD looks in Good shape according to both reports.
Then just run one of the Memory Tests which are linked above to check the RAM. And then if the laptop isn't under warranty unscrewing the bottom and using a can of compressed air to clean out the system of any dust and dirt.

Bobbye pointed out that you said the laptop was fine now. Those Mini Dumps are quite far apart February - July so it might just be coincidence.

I've had a couple of blue screens never found the cause no matter how many checks/tests on Hardware and looking at the Mini Dumps i did. Don't know to this day what the causes for my blue screens were never effected me since.
So I would suggest that if you have done everything everyone has suggested then it will be alright with the laptop.
If you do get another Blue Screen then you know where to post back :)
 
i didn't know why the bsod that appeared but when i did a google on the event id message i found this site. and only found the error on harddrive when running the chkdsk. i even ran a chkdsk /r and still got the message about bad clusters. but no log generated in event viewer so i have no idea what is going on with drive. but it seems all is well now will keep an eye on it. i have a cooler pad i will have my daugher start using in case it is overheating.

thank you for your help
 
ok i finally was able to get a log file from chkdsk and it show this and i found this log via the defrag file not sure what it means but it was found here c:\windows\system32\lwbem\logs\wbemess.txt

(Sun Jul 06 11:53:21 2008.242593) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
(Sun Jul 06 11:53:21 2008.243359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 11:53:21 2008.243359) : Failed to log an event: 6B5
(Sun Jul 06 11:53:21 2008.243359) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 11:53:21 2008.243359) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
(
(Sun Jul 06 13:19:18 2008.5134015) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 13:19:53 2008.5168843) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 13:19:59 2008.5174906) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 13:20:03 2008.5179406) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 13:20:37 2008.5212593) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:20 2008.12456062) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:26 2008.12462375) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:26 2008.12462390) : Failed to log an event: 6B5
(Sun Jul 06 15:21:26 2008.12462390) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:26 2008.12462390) : Failed to log an event: 6B5
(Sun Jul 06 15:21:26 2008.12462390) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:26 2008.12462406) : Failed to log an event: 6B5
(Sun Jul 06 15:21:26 2008.12462406) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:26 2008.12462406) : Failed to log an event: 6B5
(Sun Jul 06 15:21:26 2008.12462406) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:26 2008.12462421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:26 2008.12462421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:26 2008.12462421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:26 2008.12462421) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
(Sun Jul 06 15:21:26 2008.12462468) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:26 2008.12462468) : Failed to log an event: 6B5
(Sun Jul 06 15:21:26 2008.12462468) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:26 2008.12462484) : Failed to log an event: 6B5
(Sun Jul 06 15:21:26 2008.12462484) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:26 2008.12462484) : Failed to log an event: 6B5
((Sun Jul 06 15:21:27 2008.12462562) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462578) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462578) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462578) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462578) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462593) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462609) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
(Sun Jul 06 15:21:27 2008.12462609) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:27 2008.12462609) : Failed to log an event: 6B5
(Sun Jul 06 15:21:27 2008.12462625) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:27 2008.12462625) : Failed to log an event: 6B5
(Sun Jul 06 15:21:27 2008.12462625) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:27 2008.12462640) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:30 2008.12465859) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:30 2008.12465859) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
(Sun Jul 06 15:21:30 2008.12465921) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:30 2008.12465921) : Failed to log an event: 6B5
(Sun Jul 06 15:21:30 2008.12465921) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:30 2008.12465921) : Failed to log an event: 6B5
(Sun Jul 06 15:21:30 2008.12465937) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:30 2008.12465937) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:30 2008.12465937) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
(Sun Jul 06 15:21:31 2008.12467031) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Sun Jul 06 15:21:31 2008.12467031) : Failed to log an event: 6B5
(Sun Jul 06 15:21:31 2008.12467031) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Sun Jul 06 15:21:31 2008.12467031) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
(Tue Jul 08 12:19:46 2008.35687) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:19:46 2008.35765) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:19:46 2008.35765) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:19:48 2008.38390) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:20:23 2008.73359) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:20:28 2008.77968) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:20:32 2008.82406) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:20:42 2008.91625) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:20:45 2008.94703) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:20:46 2008.95562) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:21:05 2008.115015) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:21:09 2008.119125) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:21:13 2008.123390) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:21:38 2008.148296) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:21:47 2008.157406) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:24:14 2008.303890) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:24:16 2008.306312) : NT Event Log Consumer: could not retrieve sid, 0x80041002
(Tue Jul 08 12:24:44 2008.333796) : NT Event Log Consumer: could not retrieve sid, 0x80041002

chkdsk log is as follows

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\laurie>cd c:\

C:\>chkdsk
The type of the file system is NTFS.
Volume label is main.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry tmp.edb in index $I30 of file 9949.
Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.
 
Please check the following information. All deal with what you are reporting:

The NT Event Log is a basic part of XP and failure by it (for whatever reason) results in no Event Viewer data. It's also a subset of Windows Management Instrumentation.

Logging to NT Event Log Based on an Event:
http://msdn.microsoft.com/en-us/library/aa392282.aspx

Windows Management Instrumentation:
http://searchwincomputing.techtarget.com/sDefinition/0,,sid68_gci1065292,00.html

The Wbemess.log file contains all warning and error messages related to the WMI event subsystem. Those errors that require administrator attention are also logged in the Windows NT Event log. Only administrators have read access to the WMI log folder found at %windir%\system32\wbem\logs.

Under the WMI Control Properties/Logging Tab, uncheck Verbose.

Sources: Bleeping Computer, Google Groups, MSDN Forums.
 
i checked and the only thing checked is errors only my choices are disable errors only and verbose.
 
Status
Not open for further replies.

Similar threads

J
Need help with BSOD Event ID 41
Replies
1
Views
1K
Kshipper
Kshipper
P
  • Locked
Inactive Laptop shutting down before scan complete (logs inside)
Replies
2
Views
2K
Broni
Broni
G
Event ID 1003, System Error
Replies
1
Views
3K
Cycloid Torus
Cycloid Torus

Latest posts

Back