Event 5038, Microsoft Windows security auditing. fveapi.dll

Posted: 07-30-2008, 05:03 PM
I get this security event a lot on Vista 32-bit SP1:

"Code integrity determined that the image hash of a file is not valid. The
file could be corrupt due to unauthorized modification or the invalid hash
could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dl l"

This file is located in two places on my system, and it seems the same in
both:

C:\Windows\System32\fveapi.dl
C:\Windows\SoftwareDistribution\Download\f7fd361ee 72a8e86a63bf6b0eb2d2503\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8 f21ef8d2\fveapi.dll

Version: 6.0.6001.18000
Size: 173056 bytes
SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d

Can someone else verify this to be the correct file after 32-bit SP1 is
installed?

If it IS correct, why do I get an incredible pause sometimes when loading a
program that uses this DLL, followed by this audit failure event in the log,
but then apparently everything continues on as it should...?

------------------------------------------------------------------------
Peter Klavins

Event 5038, Microsoft Windows security auditing. fveapi.dll


Responses to "Event 5038, Microsoft Windows security auditing. fveapi.dll"

BillD
Guest
Posts: n/a
 
RE: Event 5038, Microsoft Windows security auditing. fveapi.dll
Posted: 07-30-2008, 06:19 PM


"Peter K" wrote:
> This file is located in two places on my system, and it seems the same in
> both:
>
> C:\Windows\System32\fveapi.dll
fveapi.dll is not part of Vista. I haven't it.
Paul Montgomery
Guest
Posts: n/a
 
Re: Event 5038, Microsoft Windows security auditing. fveapi.dll
Posted: 07-30-2008, 06:59 PM
On Wed, 30 Jul 2008 11:19:00 -0700, BillD
<BillD@discussions.microsoft.com> wrote:
>
>
>"Peter K" wrote:
>
>> This file is located in two places on my system, and it seems the same in
>> both:
>>
>> C:\Windows\System32\fveapi.dll
>
>fveapi.dll is not part of Vista. I haven't it.
In your case, it's probably a bug.

I can't wait for your post about it.
meerkat
Guest
Posts: n/a
 
Re: Event 5038, Microsoft Windows security auditing. fveapi.dll
Posted: 07-30-2008, 07:02 PM

"Peter K" <p.klavins@online.nospam> wrote in message
news:C01FBA1D-1570-4B35-B6C3-6B7097F47A9D@microsoft.com...
>I get this security event a lot on Vista 32-bit SP1:
>
> "Code integrity determined that the image hash of a file is not valid.
> The
> file could be corrupt due to unauthorized modification or the invalid hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dl l"
>
> This file is located in two places on my system, and it seems the same in
> both:
>
> C:\Windows\System32\fveapi.dll
> C:\Windows\SoftwareDistribution\Download\f7fd361ee 72a8e86a63bf6b0eb2d2503\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8 f21ef8d2\fveapi.dll
>
> Version: 6.0.6001.18000
> Size: 173056 bytes
> SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d
>
> Can someone else verify this to be the correct file after 32-bit SP1 is
> installed?
>
> If it IS correct, why do I get an incredible pause sometimes when loading
> a
> program that uses this DLL, followed by this audit failure event in the
> log,
> but then apparently everything continues on as it should...?
> .
Hi Peter K
Go here and have a read.
http://www.greatis.com/vista/DLL/f/fveapi.dll.htm

bw..

Peter K
Guest
Posts: n/a
 
Re: Event 5038, Microsoft Windows security auditing. fveapi.dll
Posted: 07-30-2008, 09:08 PM
"meerkat" wrote:
> > Version: 6.0.6001.18000
> > Size: 173056 bytes
> > SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d
> >
> > Can someone else verify this to be the correct file after 32-bit SP1 is
> > installed?
> >
> > If it IS correct, why do I get an incredible pause sometimes when loading
> > a
> > program that uses this DLL, followed by this audit failure event in the
> > log,
> > but then apparently everything continues on as it should...?
> > .
> Hi Peter K
> Go here and have a read.
> http://www.greatis.com/vista/DLL/f/fveapi.dll.htm
>
> bw..
Thanks for your help, meerkat, yep I did a whole lot of surfing before I
posted on this forum, but nowhere did I find these DLL reference sites
referring to the SP1 versions of the DLL's, I believe them all to still be
referring to the original Vista. If you look at the directory
C:\Windows\System32 after installing SP1, you see a whole pile of files with
the identical version number 6.0.6001.18000, one of which is fveapi.dll, and
I simply would like to know whether I have a rotten copy of it, or whether
Vista security is mis-diagnosing it for some reason and slowing things down.
By the way, if it helps, my copy has this MD5 sum:

MD5: 1acb8d567b779dc3ff09e7f31ac3f111

------------------------------------------------------------------------
Peter Klavins
Pēteris Kļaviņš
Guest
Posts: n/a
 
Re: Event 5038, Microsoft Windows security auditing. fveapi.dll
Posted: 07-31-2008, 04:15 PM
Peter K wrote:
> I get this security event a lot on Vista 32-bit SP1:
>
> "Code integrity determined that the image hash of a file is not valid. The
> file could be corrupt due to unauthorized modification or the invalid hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dl l"
>
Well, by chance in my digging I came across another tab in the Event
Viewer that showed another event related to the same problem that must
cascade into the security auditing event above:

Event ID 3002, "Code integrity determined that the image hash of a file
is not valid. The file could be corrupt due to unauthorized
modification or the invalid hash could indicate a potential disk device
error.

File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dl l"

Putting this into Google reveals this quite informational Microsoft web
page "User-mode Protected Media Path File Validation":

http://technet2.microsoft.com/window....mspx?mfr=true

in which the fix for this problem is to do a Startup Repair. I'll try
that this evening!

------------------------------------------------------------------------
Peter Klavins klavins@netspace.net.au
Peter Foldes
Guest
Posts: n/a
 
Re: Event 5038, Microsoft Windows security auditing. fveapi.dll
Posted: 07-31-2008, 09:22 PM
See the following
http://www.greatis.com/vista/DLL/f/fveapi.dll.htm
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Peter K" <p.klavins@online.nospam> wrote in message news:C01FBA1D-1570-4B35-B6C3-6B7097F47A9D@microsoft.com...
>I get this security event a lot on Vista 32-bit SP1:
>
> "Code integrity determined that the image hash of a file is not valid. The
> file could be corrupt due to unauthorized modification or the invalid hash
> could indicate a potential disk device error.
>
> File Name: \Device\HarddiskVolume1\Windows\System32\fveapi.dl l"
>
> This file is located in two places on my system, and it seems the same in
> both:
>
> C:\Windows\System32\fveapi.dll
> C:\Windows\SoftwareDistribution\Download\f7fd361ee 72a8e86a63bf6b0eb2d2503\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8 f21ef8d2\fveapi.dll
>
> Version: 6.0.6001.18000
> Size: 173056 bytes
> SHA1: b89d67b3bc79a87aff89d0e05d9553b176d0aa4d
>
> Can someone else verify this to be the correct file after 32-bit SP1 is
> installed?
>
> If it IS correct, why do I get an incredible pause sometimes when loading a
> program that uses this DLL, followed by this audit failure event in the log,
> but then apparently everything continues on as it should...?
>
> ------------------------------------------------------------------------
> Peter Klavins
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
I have Windows XP and the Microsoft Security says everything is "on ... Guest Windows NT/2000/XP 0 06-29-2008 10:20 PM
Event ID: 5032 or 5038 officermartinez Windows Vista Security 14 11-20-2007 06:51 PM
Windows Vista security event ids Joe K Windows Vista Security 1 03-21-2007 08:08 PM
event viewer system error Microsoft windows update related Corbin Windows XP Printers / Scanners / Fax 0 08-06-2003 04:19 AM
Auditing Windows XP Registry Bruno Windows XP Security & Administration 1 07-04-2003 08:38 PM