Re: Code integrity error on tcpip.sys -- IS suspicious

"Luke Kaven" <Luke Kaven@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:7325F3C4-A2E9-4573-8D25-CA742962C93E@xxxxxxxxxxxxxxxx
Since installing Vista SP1 three weeks ago, I have had BSOD crashes that
immediately follow a CodeIntegrity violation error (event ID 3002) in the log
that cites TCPIP.SYS according to the OPs message. Over a hundred crashes.

Day after day, I've been over this problem with 1st and 2nd level Vista
support. I am now strongly suspicious that this driver is corrupt and is
causing these crashes. The version installed by SP1 currently on my system
reads as v6.0.6001.18000 and is dated 18-Jan-2008.

My driver was not patched so far as I know. The only third party software
installed after SP1 is Adobe CS4. Bone stock Dell Dimension E521. Lots of
systematic searches for driver updates, disabling unneeded devices, all to no
avail. The only constant is TCPIP.SYS and the error report that immediately
precedes each crash.

I do not know if I am a candidate for hotfix based on KB article #952709,
which carries TWO updates of this one file. [v6.0.6001.18063 and
v6.0.6001.22167 (both dated 26-Apr-2008). ]

Are you really sure this is okay?

What can I do? Install the hotfix listed above? Try SP2 BETA? Reverting
to pre SP1 isn't an option, because my Adobe CS4 won't run without SP1 or

Luke Kaven

""Darrell Gorter[MSFT]"" wrote:

Hello Mark,
Yes the file is OK.
This error happens when tcpip.sys is loaded in user mode, to check the
version information of the driver binary.
It loaded fine at boot time in kernel mode and was successfully verified or
you would have seen errors at boot time or tcpip.sys would not have loaded.

Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
| >From: "Mark Naughton" <MarkNaughton@xxxxxxxxxxx>
| >Subject: Code integrity error on tcpip.sys
| >Date: Wed, 10 Dec 2008 15:40:03 -0500
| >Lines: 38
| >Message-ID: <B11D7537-E874-4D0A-8DD9-5A1657251BBE@xxxxxxxxxxxxx>
| >MIME-Version: 1.0
| >Content-Type: text/plain;
| > format=flowed;
| > charset="utf-8";
| > reply-type=original
| >Content-Transfer-Encoding: 8bit
| >X-Priority: 3
| >X-MSMail-Priority: Normal
| >X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| >X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
| >X-MS-CommunityGroup-MessageCategory:
| >X-MS-CommunityGroup-PostID: {B11D7537-E874-4D0A-8DD9-5A1657251BBE}
| >Newsgroups:
| >Path: TK2MSFTNGHUB02.phx.gbl
| >Xref: TK2MSFTNGHUB02.phx.gbl
| >NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl
| >X-Tomcat-NG:
| >
| >
| >
| >Sigcheck reports file as ok, sfc /scannow completes ok. Is this file ok?
| >Thanks Mark
| >
| >
| >Code integrity determined that the image hash of a file is not valid.
| >file could be corrupt due to unauthorized modification or the invalid
| >could indicate a potential disk device error.
| >
| >File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
| >
| >
| >
| >
| >C:\Windows\System32\drivers>sigcheck -a -h -r tcpip.sys
| >
| >sigcheck v1.54 - sigcheck
| >Copyright (C) 2004-2008 Mark Russinovich
| >Sysinternals -
| >
| >C:\Windows\System32\drivers\tcpip.sys:
| > Verified: Signed
| > Signing date: 7:33 PM 5/28/2008
| > Publisher: Microsoft Corporation
| > Description: TCP/IP Driver
| > Product: Microsoft« Windows« Operating System
| > Version: 6.0.6001.18063
| > File version: 6.0.6001.18063 (vistasp1_gdr.080425-1930)
| > Original Name: tcpip.sys
| > Internal Name: tcpip.sys
| > Copyright: ⌐ Microsoft Corporation. All rights reserved.
| > Comments: n/a
| > MD5: 82e266bee5f0167e41c6ecfdd2a79c02
| > SHA1: f633629656e43452aa08611f0f72d24a46e7441c
| > SHA256:
| >1f462e882a662b2a133df035c435001b2ef6364f49a9ed6a6d98bd643093b666
| >
| >

Check Dell's support site for a new device driver for the network interface hardware.