Vista64 crashing - security issue?

Hope I have posted this in the correct section...

I have Vista Ultimate 64bit. I have all the updates including SP1
downloaded from Microsoft site. Up until yesterday everything has been
working fine for the past month since I built a new system.

Now all of a sudden my computer is crashing on me. No BSOD. Just shuts
down and reboots. Last night this occured 5 times in the space of 4
hours..

Looking in my events log all I can see occuring at the times of the
crashes is this information:

Code integrity determined that the image hash of a file is not valid.
The
file could be corrupt due to unauthorized modification or the invalid
hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System\drivers\tcp ip.sys

I don't use windows firewall as I use the firewall built into Trend
Micro Internet Security 2008. Checking though that programs logs shows
nothing happening at the time of the crashes.

After googling this and looking on Microsoft's site I am stumped at
what I can do to resolve this. I do have windows updates on automatic
and I recall an update occuring 2 days ago.

Is there any workaround for this? Would appreciate any help that could
be offered.

Cheers
Dave


--
Koishii

> Now all of a sudden my computer is crashing on me. No BSOD. Just shuts
> down and reboots. Last night this occured 5 times in the space of 4
> hours..

1. Did you make any change to the hardware lately?
2. Do a RAM test.

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Xubuntu 7.10) Linux 2.6.25.3
^ ^ 16:59:01 up 2 days 47 min 2 users load average: 1.09 1.09 1.04
? ? (CSSA):
http://www.swd.gov.hk/tc/index/site_...ub_addressesa/

It has just happened again less than an hour after turning on the
computer. Random crash whilst I was on the internet. No BSOD. Just
shutdown and rebooted.

Event viewer recorded these errors below:

System Log

Unable to initialize the security package Kerberos for server side
authentication. The data field contains the error number.

- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-HttpEvent"
Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />

<EventID Qualifiers="49152">15016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T17:00:53.010Z" />
<EventRecordID>20891</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
<Data Name="SecurityPackage">Kerberos</Data>
<Binary>000004000200300000000000A83A00C00000000000 000000000000000000000000000000000000000E030980</Binary>

</EventData>
</Event>


EventLog

- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:04.000Z" />
<EventRecordID>20791</EventRecordID>
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data>17:56:53</Data>
<Data>15/05/2008</Data>
<Data />
<Data />
<Data>3551</Data>
<Data />
<Data />
<Binary>D807050004000F001100380035000802D807050004 000F001000380035000802600900003C000000010000006009 000000000000B00400000100000000000000</Binary>

</EventData>
</Event>



- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Eventlog"
Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:06.494Z" />
<EventRecordID>52</EventRecordID>
<Correlation />
<Execution ProcessID="972" ThreadID="456" />
<Channel>Security</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <UserData>
- <AuditEventsDropped
xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events"
xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>34</Reason>
</AuditEventsDropped>
</UserData>
</Event>


Http Event

Unable to initialize the security package Kerberos for server side
authentication. The data field contains the error number.

- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-HttpEvent"
Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />

<EventID Qualifiers="49152">15016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T17:00:53.010Z" />
<EventRecordID>20891</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
<Data Name="SecurityPackage">Kerberos</Data>
<Binary>000004000200300000000000A83A00C00000000000 000000000000000000000000000000000000000E030980</Binary>

</EventData>
</Event>


Security Event 5038

Code integrity determined that the image hash of a file is not valid.
The file could be corrupt due to unauthorized modification or the
invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys


- <Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:29.286Z" />
<EventRecordID>84</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>Security</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data
Name="param1">\Device\HarddiskVolume1\Windows\Syst em32\drivers\tcpip.sys</Data>

</EventData>
</Event>



Can anyone offer any advice?


--
Koishii

You did check the power cable already I hope?

"Koishii" <guest@unknown-email.com> schreef in bericht
news:c425acb391f6bb59a94a0f13e0de89f6@nntp-gateway.com...
>
> Hope I have posted this in the correct section...
>
> I have Vista Ultimate 64bit. I have all the updates including SP1
> downloaded from Microsoft site. Up until yesterday everything has been
> working fine for the past month since I built a new system.
>
> Now all of a sudden my computer is crashing on me. No BSOD. Just shuts
> down and reboots. Last night this occured 5 times in the space of 4
> hours..
>
> Looking in my events log all I can see occuring at the times of the
> crashes is this information:
>
> Code integrity determined that the image hash of a file is not valid.
> The
> file could be corrupt due to unauthorized modification or the invalid
> hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Windows\System\drivers\tcp ip.sys
>
> I don't use windows firewall as I use the firewall built into Trend
> Micro Internet Security 2008. Checking though that programs logs shows
> nothing happening at the time of the crashes.
>
> After googling this and looking on Microsoft's site I am stumped at
> what I can do to resolve this. I do have windows updates on automatic
> and I recall an update occuring 2 days ago.
>
> Is there any workaround for this? Would appreciate any help that could
> be offered.
>
> Cheers
> Dave
>
>
> --
> Koishii

"Koishii" <guest@unknown-email.com> wrote in message
news:c425acb391f6bb59a94a0f13e0de89f6@nntp-gateway.com...
>
> Hope I have posted this in the correct section...
>
> I have Vista Ultimate 64bit. I have all the updates including SP1
> downloaded from Microsoft site. Up until yesterday everything has been
> working fine for the past month since I built a new system.
>
> Now all of a sudden my computer is crashing on me. No BSOD. Just shuts
> down and reboots. Last night this occured 5 times in the space of 4
> hours..
>
> Looking in my events log all I can see occuring at the times of the
> crashes is this information:
>
> Code integrity determined that the image hash of a file is not valid.
> The
> file could be corrupt due to unauthorized modification or the invalid
> hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Windows\System\drivers\tcp ip.sys
>
> I don't use windows firewall as I use the firewall built into Trend
> Micro Internet Security 2008. Checking though that programs logs shows
> nothing happening at the time of the crashes.
>
> After googling this and looking on Microsoft's site I am stumped at
> what I can do to resolve this. I do have windows updates on automatic
> and I recall an update occuring 2 days ago.
>
> Is there any workaround for this? Would appreciate any help that could
> be offered.
It looks as if your system is somewhat unstable probably for a non-security
reason. You should cross-post in microsoft.public.windows.64bit.general.

--
Allan

Thanks. Power cable is secure but it now appears that it may actually be
my graphics card that is causing the problem, so I am presently
following that line of elimination...

Someone has told me that it could possibly be due to heat damage to the
card, which will mean - RMA the card.

cheers


--
Koishii

Well, good luck troubleshooting!

I had my share of (hardware) problems as well with Vista 64bit but it runs
smooth now

"Koishii" <guest@unknown-email.com> schreef in bericht
news:12b16d67786c4bfe75223630b07c1e61@nntp-gateway.com...
>
> Thanks. Power cable is secure but it now appears that it may actually be
> my graphics card that is causing the problem, so I am presently
> following that line of elimination...
>
> Someone has told me that it could possibly be due to heat damage to the
> card, which will mean - RMA the card.
>
> cheers
>
>
> --
> Koishii

Koishii;712863 Wrote:
> It has just happened again less than an hour after turning on the
> computer. Random crash whilst I was on the internet. No BSOD. Just
> shutdown and rebooted.
>
> Event viewer recorded these errors below:
>
> System Log
>
> Unable to initialize the security package Kerberos for server side
> authentication. The data field contains the error number.
>
> - <Event
> xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> - <System>
> <Provider Name="Microsoft-Windows-HttpEvent"
> Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />
>
> <EventID Qualifiers="49152">15016</EventID>
> <Version>0</Version>
> <Level>2</Level>
> <Task>0</Task>
> <Opcode>0</Opcode>
> <Keywords>0x80000000000000</Keywords>
> <TimeCreated SystemTime="2008-05-15T17:00:53.010Z" />
> <EventRecordID>20891</EventRecordID>
> <Correlation />
> <Execution ProcessID="4" ThreadID="64" />
> <Channel>System</Channel>
> <Computer>Synchronicity</Computer>
> <Security />
> </System>
> - <EventData>
> <Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
> <Data Name="SecurityPackage">Kerberos</Data>
> <Binary>000004000200300000000000A83A00C00000000000 000000000000000000000000000000000000000E030980</Binary>
>
> </EventData>
> </Event>
>
>
> EventLog
>
> - <Event
> xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> - <System>
> <Provider Name="EventLog" />
> <EventID Qualifiers="32768">6008</EventID>
> <Level>2</Level>
> <Task>0</Task>
> <Keywords>0x80000000000000</Keywords>
> <TimeCreated SystemTime="2008-05-15T16:59:04.000Z" />
> <EventRecordID>20791</EventRecordID>
> <Channel>System</Channel>
> <Computer>Synchronicity</Computer>
> <Security />
> </System>
> - <EventData>
> <Data>17:56:53</Data>
> <Data>15/05/2008</Data>
> <Data />
> <Data />
> <Data>3551</Data>
> <Data />
> <Data />
> <Binary>D807050004000F001100380035000802D807050004 000F001000380035000802600900003C000000010000006009 000000000000B00400000100000000000000</Binary>
>
> </EventData>
> </Event>
>
>
>
> - <Event
> xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> - <System>
> <Provider Name="Microsoft-Windows-Eventlog"
> Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
> <EventID>1101</EventID>
> <Version>0</Version>
> <Level>2</Level>
> <Task>101</Task>
> <Opcode>0</Opcode>
> <Keywords>0x4020000000000000</Keywords>
> <TimeCreated SystemTime="2008-05-15T16:59:06.494Z" />
> <EventRecordID>52</EventRecordID>
> <Correlation />
> <Execution ProcessID="972" ThreadID="456" />
> <Channel>Security</Channel>
> <Computer>Synchronicity</Computer>
> <Security />
> </System>
> - <UserData>
> - <AuditEventsDropped
> xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events"
> xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
> <Reason>34</Reason>
> </AuditEventsDropped>
> </UserData>
> </Event>
>
>
> Http Event
>
> Unable to initialize the security package Kerberos for server side
> authentication. The data field contains the error number.
>
> - <Event
> xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> - <System>
> <Provider Name="Microsoft-Windows-HttpEvent"
> Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />
>
> <EventID Qualifiers="49152">15016</EventID>
> <Version>0</Version>
> <Level>2</Level>
> <Task>0</Task>
> <Opcode>0</Opcode>
> <Keywords>0x80000000000000</Keywords>
> <TimeCreated SystemTime="2008-05-15T17:00:53.010Z" />
> <EventRecordID>20891</EventRecordID>
> <Correlation />
> <Execution ProcessID="4" ThreadID="64" />
> <Channel>System</Channel>
> <Computer>Synchronicity</Computer>
> <Security />
> </System>
> - <EventData>
> <Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
> <Data Name="SecurityPackage">Kerberos</Data>
> <Binary>000004000200300000000000A83A00C00000000000 000000000000000000000000000000000000000E030980</Binary>
>
> </EventData>
> </Event>
>
>
> Security Event 5038
>
> Code integrity determined that the image hash of a file is not valid.
> The file could be corrupt due to unauthorized modification or the
> invalid hash could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys
>
>
> - <Event
> xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> - <System>
> <Provider Name="Microsoft-Windows-Security-Auditing"
> Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
> <EventID>5038</EventID>
> <Version>0</Version>
> <Level>0</Level>
> <Task>12290</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8010000000000000</Keywords>
> <TimeCreated SystemTime="2008-05-15T16:59:29.286Z" />
> <EventRecordID>84</EventRecordID>
> <Correlation />
> <Execution ProcessID="4" ThreadID="56" />
> <Channel>Security</Channel>
> <Computer>Synchronicity</Computer>
> <Security />
> </System>
> - <EventData>
> <Data
> Name="param1">\Device\HarddiskVolume1\Windows\Syst em32\drivers\tcpip.sys</Data>
>
> </EventData>
> </Event>
>
>
>
> Can anyone offer any advice?

Believe it or not, we are having the same problems and it is not the
video card as the video card is brand new!


--
lambroger

The "Kerberos" event is a Non-issue and was accidentally caused by a
previous update. Everyone who has that Update installed is getting these
kerebros security pack entries in their logs and they mean nothing, so
don't put time into that one.


--
Chappy

::*_DAVE_* ::- vista ultimate 64bit - nzxt lexa classic case - asus
commando mobo (p965/ich8r) - intel e6750 core 2 - zalman 9700 cpu cooler
- 4g's crucial ballistix tracer ddr2 pc26400 ram - bfg 8800gts oc2 320mb
- 2 x 22\" w2207 lcd monitors - 2 x 250g, 2 x 500g sata ii hdd's, 2 dvd
burners c/w lightscribe (sony, tsst) - enermax noisetaker ii 600w psu
with custom chrome cable sleeving - hauppauge hdtv tv tuner card - 5.1
logitech z5500 speakers - 15 in 1 multi-card reader

::*We will _NEVER_ Forget!*::