Ad Muncher

"Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Program Files\Ad Muncher\AM30185.dll"


This find this error message consistently showing up in my "Security" Event Log lately.
I am running Vista Ultimate x32 SP-1 official. Admuncher 30185 beta.

Can anyone fill me in on what this error means and how to correct it?
It is concerning me.

Was this happening before you installed SP1? Just wondering..

I've had SP1 installed for a few weeks now, I am not sure. I think the answer is "yes" but I cannot be 100% certain. My hunch is this is Not related to SP1. Interestingly, I am also noticing the same error on TCPIP.sys. Very discomforting! I wonder if something is patching my tcpip.sys file? Could this also be caused by Admuncher?

"Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system."

Thanks very much for the report LuckMan212 - can you copy/paste the entire log entry for us? This may help us to see which process the DLL is loaded into for this error to appear. I've not had any luck getting it to happen here.

Ad Muncher won't affect tcpip.sys, so that error message I believe is unrelated.

I cleared my logs yesterday (see my related post over on Channel9 forums) so I will post the full XML of the event next time it occurs. The frequency of the errors seems to have slowed. It's very strange. I am considering an in-place upgrade of Vista since I now have a slipstreamed SP1 install DVD. Will update this thread after that. Thanks!

I had the same thing whenever I opened Bearshare. BS couldn't connect and I couldn't use a browser for about 3 minutes after I closed the program. Turns out I had AdMuncher filtering Bearshare. When I stopped the filtering, everything went back to normal. It seems that something is blocked from passing Vista's security check when AM is blocking the application. Sounds worse than it really is. I hope that makes some sense.

Any news on this topic? I know this may not be an AdMuncher-specific issue but I am wondering if anyone else has discovered the source of this problem? It is one of the few remaining issues that still plagues me with Vista. I am tracking another post going over on the Microsoft/MSDN forums:

http://forums.microsoft.com/TechNet/Sho ... &SiteID=17

I am surprised at how few people are reporting these errors, it must either be a very rare issue or people are just not looking at their event logs in Vista (probably the latter!)

Justlooking: indeed filtering some programs on all ports will cause problems, this is why be default AM will only filter known-good programs. Bearshare should also be filtered by default, but only on port 80 so all the P2P connections won't be bounced through AM.

Regarding the Vista signature error, I'm still waiting for someone to send me a copy of the full error, LuckMan212 if you have one handy it would be very helpful. Thanks

Yes I do now have it handy. However the phpBB doesn't seem to allow me to upload either TXT or XML files. I am pasting below:

Code: Select all

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<Events><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-CodeIntegrity' Guid='{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}'/><EventID>3002</EventID><Version>0</Version><Level>2</Level><Task>1</Task><Opcode>102</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2008-04-24T13:00:53.867Z'/><EventRecordID>2550</EventRecordID><Correlation/><Execution ProcessID='4724' ThreadID='5308'/><Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel><Computer>BOX</Computer><Security UserID='S-1-5-21-132896364-1198190959-2148710841-1000'/></System><EventData><Data Name='FileNameLength'>58</Data><Data Name='FileNameBuffer'>\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys</Data></EventData><RenderingInfo Culture='en-US'><Message>Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.</Message><Level>Error</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-CodeIntegrity</Provider><Keywords></Keywords></RenderingInfo></Event></Events>

I don't think the tcpip.sys error is related to Ad Muncher, do you have any copies of the error that references the Ad Muncher DLL?

No, the AdMuncher DLL is never specifically referenced. I just thought that the way AM worked, it might somehow be patching tcpip.sys. I do not know what else on my system could cause such an error. I have done a "repair install" of Vista and verified that the MD5 signatures of my TCPIP.SYS file match "known-good" ones. My TCP seems to be working fine, so I am stumped. These errors just keep piling up.

If you run without Ad Muncher for a few days (or however long the error normally takes to appear) does it still appear?

Well I can confirm this has nothing to do with Admuncher. I installed a completely fresh Vista x64 system and didn't even install admuncher on it (waiting for native 64-bit filtering). The errors still persist. So must be some other annoying microsoft bug. Go figure.

Sorry to hear the error is still being a pain, but glad at least to hear AM isn't causing it.

If you find a solution please post it here so anyone googling might stumble across it, and I'd love to hear what's going on too - quite perplexing.