Thread: Vista64 crashing - security issue?
View Single Post
  #3 (permalink)  
Old 05-15-2008
Koishii
 

Posts: n/a
Re: Vista64 crashing - security issue?

It has just happened again less than an hour after turning on the
computer. Random crash whilst I was on the internet. No BSOD. Just
shutdown and rebooted.

Event viewer recorded these errors below:

System Log

Unable to initialize the security package Kerberos for server side
authentication. The data field contains the error number.

- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-HttpEvent"
Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />

<EventID Qualifiers="49152">15016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T17:00:53.010Z" />
<EventRecordID>20891</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
<Data Name="SecurityPackage">Kerberos</Data>
<Binary>000004000200300000000000A83A00C00000000000 000000000000000000000000000000000000000E030980</Binary>

</EventData>
</Event>


EventLog

- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:04.000Z" />
<EventRecordID>20791</EventRecordID>
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data>17:56:53</Data>
<Data>15/05/2008</Data>
<Data />
<Data />
<Data>3551</Data>
<Data />
<Data />
<Binary>D807050004000F001100380035000802D807050004 000F001000380035000802600900003C000000010000006009 000000000000B00400000100000000000000</Binary>

</EventData>
</Event>



- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Eventlog"
Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:06.494Z" />
<EventRecordID>52</EventRecordID>
<Correlation />
<Execution ProcessID="972" ThreadID="456" />
<Channel>Security</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <UserData>
- <AuditEventsDropped
xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events"
xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>34</Reason>
</AuditEventsDropped>
</UserData>
</Event>


Http Event

Unable to initialize the security package Kerberos for server side
authentication. The data field contains the error number.

- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-HttpEvent"
Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />

<EventID Qualifiers="49152">15016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T17:00:53.010Z" />
<EventRecordID>20891</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
<Data Name="SecurityPackage">Kerberos</Data>
<Binary>000004000200300000000000A83A00C00000000000 000000000000000000000000000000000000000E030980</Binary>

</EventData>
</Event>


Security Event 5038

Code integrity determined that the image hash of a file is not valid.
The file could be corrupt due to unauthorized modification or the
invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys


- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:29.286Z" />
<EventRecordID>84</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>Security</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data
Name="param1">\Device\HarddiskVolume1\Windows\Syst em32\drivers\tcpip.sys</Data>

</EventData>
</Event>



Can anyone offer any advice?


--
Koishii
Reply With Quote