Vista - Vista64 crashing - security issue?

Hope I have posted this in the correct section...

I have Vista Ultimate 64bit. I have all the updates including SP1 downloaded from Microsoft site. Up until yesterday everything has been working fine for the past month since I built a new system.

Now all of a sudden my computer is crashing on me. No BSOD. Just shuts down and reboots. Last night this occured 5 times in the space of 4 hours..

Looking in my events log all I can see occuring at the times of the crashes is this information:

Code integrity determined that the image hash of a file is not valid. The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System\drivers\tcpip.sys

I don't use windows firewall as I use the firewall built into Trend Micro Internet Security 2008. Checking though that programs logs shows nothing happening at the time of the crashes.

After googling this and looking on Microsoft's site I am stumped at what I can do to resolve this. I do have windows updates on automatic and I recall an update occuring 2 days ago.

Is there any workaround for this? Would appreciate any help that could be offered.

Cheers
Dave

It has just happened again less than an hour after turning on the computer. Random crash whilst I was on the internet. No BSOD. Just shutdown and rebooted.

Event viewer recorded these errors below:

System Log

Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-HttpEvent" Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />
<EventID Qualifiers="49152">15016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T17:00:53.010Z" />
<EventRecordID>20891</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
<Data Name="SecurityPackage">Kerberos</Data>
<Binary>000004000200300000000000A83A00C00000000000000000000000000000000000000000000000000E030980</Binary>
</EventData>
</Event>


EventLog

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:04.000Z" />
<EventRecordID>20791</EventRecordID>
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data>17:56:53</Data>
<Data>15/05/2008</Data>
<Data />
<Data />
<Data>3551</Data>
<Data />
<Data />
<Binary>D807050004000F001100380035000802D807050004000F001000380035000802600900003C000000010000006009000000000000B00400000100000000000000</Binary>
</EventData>
</Event>



- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:06.494Z" />
<EventRecordID>52</EventRecordID>
<Correlation />
<Execution ProcessID="972" ThreadID="456" />
<Channel>Security</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <UserData>
- <AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2...ndows/eventlog">
<Reason>34</Reason>
</AuditEventsDropped>
</UserData>
</Event>


Http Event

Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-HttpEvent" Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />
<EventID Qualifiers="49152">15016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T17:00:53.010Z" />
<EventRecordID>20891</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>System</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
<Data Name="SecurityPackage">Kerberos</Data>
<Binary>000004000200300000000000A83A00C00000000000000000000000000000000000000000000000000E030980</Binary>
</EventData>
</Event>


Security Event 5038

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys


- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5038</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-05-15T16:59:29.286Z" />
<EventRecordID>84</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>Security</Channel>
<Computer>Synchronicity</Computer>
<Security />
</System>
- <EventData>
<Data Name="param1">\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys</Data>
</EventData>
</Event>



Can anyone offer any advice?

You did check the power cable already I hope?

"Koishii" <guest@xxxxxx-email.com> schreef in bericht
news:c425acb391f6bb59a94a0f13e0de89f6@xxxxxx-gateway.com...

"Koishii" <guest@xxxxxx-email.com> wrote in message
news:c425acb391f6bb59a94a0f13e0de89f6@xxxxxx-gateway.com...It looks as if your system is somewhat unstable probably for a non-security
reason. You should cross-post in microsoft.public.windows.64bit.general.

--
Allan

Thanks. Power cable is secure but it now appears that it may actually be my graphics card that is causing the problem, so I am presently following that line of elimination...

Someone has told me that it could possibly be due to heat damage to the card, which will mean - RMA the card.

cheers

Well, good luck troubleshooting!

I had my share of (hardware) problems as well with Vista 64bit but it runs
smooth now

"Koishii" <guest@xxxxxx-email.com> schreef in bericht
news:12b16d67786c4bfe75223630b07c1e61@xxxxxx-gateway.com...

Believe it or not, we are having the same problems and it is not the video card as the video card is brand new!

The "Kerberos" event is a Non-issue and was accidentally caused by a previous update. Everyone who has that Update installed is getting these kerebros security pack entries in their logs and they mean nothing, so don't put time into that one.

The tcp/ip.sys image hash, do you have that hacked 64bit patch for tcp/ip concurrent half open connections installed? Those patches are unstable on 64bit and often causes BSOD's and are not needed for P2P (which is why most people install it).