Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 11-08-2008
artfuldodga
 

Posts: n/a
Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor
Code integrity determined that the image hash of a file is not valid. The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/11/08 3:35p
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: XPS1530-PC
Description:
Code integrity determined that the image hash of a file is not valid. The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
<EventRecordID>27081</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>Security</Channel>
<Computer>XPS1530-PC</Computer>
<Security />
</System>
<EventData>
<Data
Name="param1">\Device\HarddiskVolume3\Windows\Syst em32\drivers\tcpip.sys</Data>
</EventData>
</Event>

OS Vista Ultimate SP1

I have no idea why this failure is showing up, is there a specific service
needed for the audit success? Other than seeing the error(s) occur via Event
Viewer, I have not had any issues with connectivity, and other security
audits complete fine without failure. Anyone have any ideas what might fix
this? I do not believe I modified the tcpip.sys in any way
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 11-09-2008
Engel
 

Posts: n/a
RE: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor

See if the information in this article, "How to Repair and Verify the
Integrity of Vista System Files with System File Checker"

<http://www.vistax64.com/tutorials/66978-system-files.html>

Good luck


Ǝиçεl
-=-


"artfuldodga" wrote:

> Code integrity determined that the image hash of a file is not valid. The
> file could be corrupt due to unauthorized modification or the invalid hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
>
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 8/11/08 3:35p
> Event ID: 5038
> Task Category: System Integrity
> Level: Information
> Keywords: Audit Failure
> User: N/A
> Computer: XPS1530-PC
> Description:
> Code integrity determined that the image hash of a file is not valid. The
> file could be corrupt due to unauthorized modification or the invalid hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider Name="Microsoft-Windows-Security-Auditing"
> Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
> <EventID>5038</EventID>
> <Version>0</Version>
> <Level>0</Level>
> <Task>12290</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8010000000000000</Keywords>
> <TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
> <EventRecordID>27081</EventRecordID>
> <Correlation />
> <Execution ProcessID="4" ThreadID="56" />
> <Channel>Security</Channel>
> <Computer>XPS1530-PC</Computer>
> <Security />
> </System>
> <EventData>
> <Data
> Name="param1">\Device\HarddiskVolume3\Windows\Syst em32\drivers\tcpip.sys</Data>
> </EventData>
> </Event>
>
> OS Vista Ultimate SP1
>
> I have no idea why this failure is showing up, is there a specific service
> needed for the audit success? Other than seeing the error(s) occur via Event
> Viewer, I have not had any issues with connectivity, and other security
> audits complete fine without failure. Anyone have any ideas what might fix
> this? I do not believe I modified the tcpip.sys in any way

Reply With Quote
  #3 (permalink)  
Old 11-10-2008
Paul Shapiro
 

Posts: n/a
Re: Security Audit Failure (Event Viewer) tcpip.sys hash not valid/cor
Interesting. My Vista 64 SP1 crashed two days ago for the first time in
months, and reported the same error with the same file. It just happened
once so I didn't investigate further. Seems to have been working fine since
then and no more error message in the event log. I wondered if was
antivirus-related? I have Trend Micro plus Windows Defender. Anything sound
familiar?

"Engel" <Engel@discussions.microsoft.com> wrote in message
news:8B730BEF-0E34-4965-B8E0-0B5742ACA61A@microsoft.com...
>
> See if the information in this article, "How to Repair and Verify the
> Integrity of Vista System Files with System File Checker"
>
> <http://www.vistax64.com/tutorials/66978-system-files.html>
>
> Good luck
>
>
> Ǝиçεl
> -=-
>
>
> "artfuldodga" wrote:
>
>> Code integrity determined that the image hash of a file is not valid.
>> The
>> file could be corrupt due to unauthorized modification or the invalid
>> hash
>> could indicate a potential disk device error.
>>
>> File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
>>
>> Log Name: Security
>> Source: Microsoft-Windows-Security-Auditing
>> Date: 8/11/08 3:35p
>> Event ID: 5038
>> Task Category: System Integrity
>> Level: Information
>> Keywords: Audit Failure
>> User: N/A
>> Computer: XPS1530-PC
>> Description:


>> OS Vista Ultimate SP1
>>
>> I have no idea why this failure is showing up, is there a specific
>> service
>> needed for the audit success? Other than seeing the error(s) occur via
>> Event
>> Viewer, I have not had any issues with connectivity, and other security
>> audits complete fine without failure. Anyone have any ideas what might
>> fix
>> this? I do not believe I modified the tcpip.sys in any way


Reply With Quote
  #4 (permalink)  
Old 11-12-2008
artfuldodga
 

Posts: n/a
RE: Security Audit Failure (Event Viewer) tcpip.sys hash not valid
yeah so the results of the manual check.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>sfc /verifyfile=C:\Windows\System32\drivers\tcpip.sys
Windows Resource Protection did not find any integrity violations.

error is still showing up in event viewer with no adverse effects, wondering
where i can go from here in order to sort it out? maybe i need to have a
specific service enabled in order for it to process correctly, any more ideas?

"Engel" wrote:

>
> See if the information in this article, "How to Repair and Verify the
> Integrity of Vista System Files with System File Checker"
>
> <http://www.vistax64.com/tutorials/66978-system-files.html>
>
> Good luck
>
>
> Ǝиçεl
> -=-
>
>
> "artfuldodga" wrote:
>
> > Code integrity determined that the image hash of a file is not valid. The
> > file could be corrupt due to unauthorized modification or the invalid hash
> > could indicate a potential disk device error.
> >
> > File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
> >
> > Log Name: Security
> > Source: Microsoft-Windows-Security-Auditing
> > Date: 8/11/08 3:35p
> > Event ID: 5038
> > Task Category: System Integrity
> > Level: Information
> > Keywords: Audit Failure
> > User: N/A
> > Computer: XPS1530-PC
> > Description:
> > Code integrity determined that the image hash of a file is not valid. The
> > file could be corrupt due to unauthorized modification or the invalid hash
> > could indicate a potential disk device error.
> >
> > File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
> > Event Xml:
> > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> > <System>
> > <Provider Name="Microsoft-Windows-Security-Auditing"
> > Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
> > <EventID>5038</EventID>
> > <Version>0</Version>
> > <Level>0</Level>
> > <Task>12290</Task>
> > <Opcode>0</Opcode>
> > <Keywords>0x8010000000000000</Keywords>
> > <TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
> > <EventRecordID>27081</EventRecordID>
> > <Correlation />
> > <Execution ProcessID="4" ThreadID="56" />
> > <Channel>Security</Channel>
> > <Computer>XPS1530-PC</Computer>
> > <Security />
> > </System>
> > <EventData>
> > <Data
> > Name="param1">\Device\HarddiskVolume3\Windows\Syst em32\drivers\tcpip.sys</Data>
> > </EventData>
> > </Event>
> >
> > OS Vista Ultimate SP1
> >
> > I have no idea why this failure is showing up, is there a specific service
> > needed for the audit success? Other than seeing the error(s) occur via Event
> > Viewer, I have not had any issues with connectivity, and other security
> > audits complete fine without failure. Anyone have any ideas what might fix
> > this? I do not believe I modified the tcpip.sys in any way

Reply With Quote
  #5 (permalink)  
Old 11-19-2008
Allan
 

Posts: n/a
Re: Security Audit Failure (Event Viewer) tcpip.sys hash not valid

"artfuldodga" <artfuldodga@discussions.microsoft.com> wrote in message
news:BCDD2D91-75C1-4695-9C7C-B1EA98AEAEFC@microsoft.com...
> yeah so the results of the manual check.
>
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. All rights reserved.
> C:\Windows\system32>sfc /verifyfile=C:\Windows\System32\drivers\tcpip.sys
> Windows Resource Protection did not find any integrity violations.
>
> error is still showing up in event viewer with no adverse effects,
> wondering
> where i can go from here in order to sort it out? maybe i need to have a
> specific service enabled in order for it to process correctly, any more
> ideas?
>
> "Engel" wrote:
>
>>
>> See if the information in this article, "How to Repair and Verify the
>> Integrity of Vista System Files with System File Checker"
>>
>> <http://www.vistax64.com/tutorials/66978-system-files.html>
>>
>> Good luck
>>
>>
>> Ǝиçεl
>> -=-
>>
>>
>> "artfuldodga" wrote:
>>
>> > Code integrity determined that the image hash of a file is not valid.
>> > The
>> > file could be corrupt due to unauthorized modification or the invalid
>> > hash
>> > could indicate a potential disk device error.
>> >
>> > File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
>> >
>> > Log Name: Security
>> > Source: Microsoft-Windows-Security-Auditing
>> > Date: 8/11/08 3:35p
>> > Event ID: 5038
>> > Task Category: System Integrity
>> > Level: Information
>> > Keywords: Audit Failure
>> > User: N/A
>> > Computer: XPS1530-PC
>> > Description:
>> > Code integrity determined that the image hash of a file is not valid.
>> > The
>> > file could be corrupt due to unauthorized modification or the invalid
>> > hash
>> > could indicate a potential disk device error.
>> >
>> > File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
>> > Event Xml:
>> > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>> > <System>
>> > <Provider Name="Microsoft-Windows-Security-Auditing"
>> > Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
>> > <EventID>5038</EventID>
>> > <Version>0</Version>
>> > <Level>0</Level>
>> > <Task>12290</Task>
>> > <Opcode>0</Opcode>
>> > <Keywords>0x8010000000000000</Keywords>
>> > <TimeCreated SystemTime="2008-11-08T19:05:00.227Z" />
>> > <EventRecordID>27081</EventRecordID>
>> > <Correlation />
>> > <Execution ProcessID="4" ThreadID="56" />
>> > <Channel>Security</Channel>
>> > <Computer>XPS1530-PC</Computer>
>> > <Security />
>> > </System>
>> > <EventData>
>> > <Data
>> > Name="param1">\Device\HarddiskVolume3\Windows\Syst em32\drivers\tcpip.sys</Data>
>> > </EventData>
>> > </Event>
>> >
>> > OS Vista Ultimate SP1
>> >
>> > I have no idea why this failure is showing up, is there a specific
>> > service
>> > needed for the audit success? Other than seeing the error(s) occur via
>> > Event
>> > Viewer, I have not had any issues with connectivity, and other security
>> > audits complete fine without failure. Anyone have any ideas what might
>> > fix
>> > this? I do not believe I modified the tcpip.sys in any way

Try replacing the module from the installation media with a good copy after
backing up this allegedly corrupted driver. You should not have to do a
complete repair reinstallation (I don't believe so).

--
Allan

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Security Event Log Audit Failure 5038 in Vista SP1 tcpip.sys greg microsoft.public.windows.vista.general 0 05-18-2008 00:48
Security Event Log Audit Failure 5038 in Vista SP1 tcpip.sys greg microsoft.public.windows.vista.general 0 05-17-2008 23:42
SP1 BUG: Code Integrity Error for tcpip.sys in Event Viewer BillD microsoft.public.windows.vista.security 0 04-24-2008 16:30
Audit failure on tcpip.sys Jeff microsoft.public.windows.vista.security 1 02-07-2008 16:58
Event Viewer failure =?Utf-8?B?S2VudCBXaWxzb24=?= microsoft.public.windows.vista.administration accounts passwords 1 02-28-2007 14:10




All times are GMT +1. The time now is 13:25.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120