Code Integrity determined that the page hashes of an image file are not valid.

C

cherrio

Extraordinary Member
#1
#1
This morning out of the blue I have many errors on my trusty Win 7 Pro 64bit machine. I have fixed all errors but I still get an audit failure in the event viewer under Windows Logs, Security.

This particular partition is the C: vol 3 which is identified as FAT32 EFI System Partition.

Is there a way to fix this? I have no idea whey this error stated this morning among all the other faults. Perhaps malware or virus but I have cleaned all the up with only finding a few pups that I have known about for a year and have left alone as it was a Wondershare converter program I had been using (until the latest version stopped it from converting anything over 500Mb and I uninstalled - but not cleanly enough and traces still existed).
 


Attachments

nmsuk

nmsuk

Windows Forum Admin
Staff member
Premium Supporter
#2
#2
You can try and fix the corrupted file by opening an admin command prompt and running sfc/scannow, it should fix it but if not could you send us the cbs.log it created with any errors it encountered.
 


Neemobeer

Neemobeer

Windows Forum Team
Staff member
#3
#3
Volume3 would be your C drive. The volumes assigned in diskpart don't correspond to the Windows object symbolic links. If you look in WinObj and look for the link for C: in the GLOBAL?? namespace it will likely have the symbolic link \Device\HarddiskVolume3
 


C

cherrio

Extraordinary Member
#4
#4
nmsuk said:
You can try and fix the corrupted file by opening an admin command prompt and running sfc/scannow, it should fix it but if not could you send us the cbs.log it created with any errors it encountered.
Click to expand...
I will run sfc/scannow a couple of more times after I finish posting this, but here is the cbs.log from yesterday. It did not fix anything
 


C

cherrio

Extraordinary Member
#5
#5
Neemobeer said:
Volume3 would be your C drive. The volumes assigned in diskpart don't correspond to the Windows object symbolic links. If you look in WinObj and look for the link for C: in the GLOBAL?? namespace it will likely have the symbolic link \Device\HarddiskVolume3
Click to expand...
Vol 3 is the FAT partition on the C: drive and is about 100Mb according to the screen shot I originally posted.
 


Neemobeer

Neemobeer

Windows Forum Team
Staff member
#6
#6
As I stated before the IDs in diskpart don't correspond to the object IDs. Vol 3 is your C drive. The EFI partition will have a different volume object ID

You can see this if you download WinObj. Mine is different because I have an extra partition.
1533223189707.png


You can see they don't match up

1533223262875.png
 


You must log in or register to reply here.
This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top