Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very strange icon (image) after a game crashed in Vista

Started by MynameisNancy , Jan 14 2009 03:12 AM

  • Please log in to reply

#1
MynameisNancy
Posted 14 January 2009 - 03:12 AM

MynameisNancy

    Member

  • Member
  • PipPip
  • 97 posts
Hello,
I hope that I open the topic at the right place. The problem start last night while my kid playing the pc game, Sid Meier's Railroad, as usual. But last night the game was crashed and had to shutdown the program (the error message is Sid Meier's Railroad has stopped working and windows is looking for a solution... something like that) The windows itself is ok, only the game that was closed, I don't need to restart the windows but the problem is after the game was crashed and closed, I notice that my screen saver become black. And when I try to go to change my screen saver, I see that the icon images are not normal. I have 3 pictures to show you. The icons on desktop are ok but all of the icons inside the folders aren't ok.
Posted Image
Posted Image
Posted Image

I have checked the HJT log and didn't see anything wrong. I used system restore to roll back my system as far as a week ago and it's not working. And I'm really taking care of how I use my pc. I used MBAM and SuperAntispyware scan my pc and found nothing. This is my personal PC, my kid can use it only for play pc game and not internet (he's too young to know how to anyway and beside he don't know the password to connect to my ISP so I'm really sure that he didn't do anything behind my back except playing his game.), I rarely use a flashdrive, and it have been over 3 months already that I ever used one so I know I can't be infected from it (I use Avast Antivirus and MBAM to scan my pc once per week).

Here is my System Information;
------------------
System Information
------------------
Time of this report: 1/14/2009, 09:34:21
Machine name: NANCY-PC
Operating System: Windows Vista™ Home Premium (6.0, Build 6001) Service Pack 1 (6001.vistasp1_gdr.080917-1612)
Language: English (Regional Setting: English)
System Manufacturer: HP-Pavilion
System Model: RZ572AA-B14 m8080.be
BIOS: Phoenix - AwardBIOS v6.00PG
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz (2 CPUs), ~2.4GHz
Memory: 2046MB RAM
Page File: 1162MB used, 3170MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 10
DX Setup Parameters: Not found
DxDiag Version: 6.00.6001.18000 32bit Unicode

--------------------------------------------------------------------------

So, please, if you can tell me what's wrong and how to solve this problem?
And here is another information from RSIT
Computer Name: Nancy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:	\Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys	
Record Number: 15952
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114090328.605632-000
Event Type: Audit Failure
User:

-------------------------------------------------------------------------

Thank you,
Nancy

Attached Files

  • Attached File  log.txt   26.55KB   293 downloads
  • Attached File  info.txt   21.74KB   427 downloads

  • 0

Advertisements

#2
MynameisNancy
Posted 14 January 2009 - 04:47 AM

MynameisNancy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
a reply from Microsoft Support about code integrity determined that the image hash of a file is not valid. "The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error File name \device\harddiskvolume1\windows\system32\drivers\tcpip.sys"

Based on my research, first please understand that signature verification is enforced on TCPIP.SYS by code integrity. These spurious entries in the event log stem from the assumption that TCPIP.SYS is loaded only into the kernel. When TCIP.SYS is verified in the kernel load path, the signature is successfully verified using a file hash as TCPIP.SYS is loaded and verified in entirety. However, when TCPIP.SYS is loaded in user mode, it is loaded in a page by page basis. As page hashes are not present in TCPIP.SYS signature, CI(Code integrity) logs an error - even though the file is "correctly" signed.

The mandatory kernel enforcement on x64 still enforces signature validation onTCPIP.SYS. On x86, if the signature is invalid in the kernel path, depending on how the file was tampered either TCPIP.SYS will not load, or certain TCPIP.SYS functionality is disabled. It appears that the issue is confined to misleading text in the event log.

Unfortunately there are no easy work-around to disable these log entries from being created. Actually this has been reported as a bug and will be resolved in the next OS version.

The reason tcpip.sys is getting loaded in user mode is so that someone can check the version information on the driver binary. In spite of the eventlog messages, we know the version information is valid because - if it had been modified by some malicious agent - tcpip.sys would fail its kernel-mode integrity check at boot time. So, there's no danger that ignoring the user-mode messages in the event log would make anyone vulnerable to a driver-modification attack.

So you can just ignore the event. If you want to filter the log, you can follow the steps below:

1. Go to event viewer and open the security event log 2. Right click on Security in the left window pane of the event viewer and click on "Filter Current Log" 3. Now in the enter "-5038" (with a minus in front) in the field that is marked with "" and press OK to exclude all 5038 Events 4. right click Security once more and choose "Save Filter to Custom Viewˇ­" 5. Name the Custom View and enter a short description. Click OK. This saves the filtered view under "Custom Views". You can choose or create a new location to save this view if you like. 6. Now you can see the newly created filtered view of the Security Log under "Custom Views".

mmmmmmmmmmmmm.......just cover it up and pretend its not there..


So that error code has nothing to do with my current problem.

I still can change the color of my desktop but just the image that is not showing. And I've check at my Device Manager and there is no error notice there.

Edited by MynameisNancy, 14 January 2009 - 04:48 AM.

  • 0

#3
starjax
Posted 14 January 2009 - 08:28 AM

starjax

    Global Moderator

  • Global Moderator
  • 6,678 posts
first question, have you restart your computer? Often times the game ajusts the resolution for gameplay and then resets it when you exit the game. In the event of a game crash, this doesn't happen.
  • 0

#4
MynameisNancy
Posted 14 January 2009 - 09:45 AM

MynameisNancy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Yes, I try to restart many times. Try to restart in Safe mode and then in normal mode again, but that didn't change anything. Try to use system restore and again nothing change. Try to use repair windows option but it said there is nothing wrong with my system.
  • 0

#5
starjax
Posted 14 January 2009 - 03:22 PM

starjax

    Global Moderator

  • Global Moderator
  • 6,678 posts
what is your screen / monitor resolution set to?
  • 0

#6
MynameisNancy
Posted 19 January 2009 - 07:57 PM

MynameisNancy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
So, after I had left my pc to my local computer shop (the one where I'd bought my pc from) since last Wednesday evening, today I received a phone call from them to tell me that they can't find a problem, they don't know why, and they already scan for malware and found nothing (which I already know). And now I've 2 options left;
1. Continue using my pc like that since there is no problem using it at all apart from the icon image won't show correctly, or,
2. Reformat

Because I know how to reformat computer so I told them I'll take my pc back and do it myself at home :) . And because I still want to try to do some fixing myself again before give up hope and reformat. Beside, reformat is gonna be my last answer anyway so I'm not afraid that I might make my pc worse than it's already is. And by chance, now I can solve the problem without reformating :)
1. I uninstall the game that crashed my pc and cause this problem but still having the same problem, so I try the system restore but no luck.
2. I reinstall the game. Play it a little bit and quit. Then try the system restore again but this time it told me that there is some damage in my drive C: and I need to repair it first before I can use the system restore.
3. So I use CHKDSK drive: /P /R and as I suspect I saw many corrupted or orphaned files from that game.
4. After completing CHKDSK, my problem still there so I try system restore again and this time it's work. My desktop background is back and all icons of my files are showing correctly again:cheers:

Thank you "starjax" for your kindness but now my problem is solved.
  • 0
Back to Windows Vista and Windows 7 · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows Vista and Windows 7

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP