PDA

View Full Version : audit failure : event id 6281 : SDHook64.dll



jasong222
2017-11-10, 04:02
Hey,

So I took a look at my security logs, and I noticed there were several failures. (The same failure, many times):

Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

Any idea what it could be? I ran a disk diagnostic and it came back fine. Only other similar post I found like this was several years ago, and the result was never posted.

This file shows up in another log, posted after this one.

File Name: \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll

System

- Provider

[ Name] Microsoft-Windows-Security-Auditing
[ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D}

EventID 6281

Version 0

Level 0

Task 12290

Opcode 0

Keywords 0x8010000000000000

- TimeCreated

[ SystemTime] 2017-10-31T03:45:41.543923300Z

EventRecordID 12170

Correlation

- Execution

[ ProcessID] 4
[ ThreadID] 14436

Channel Security

Computer xyz/pc

Security


- EventData

param1 \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll


__________________________
After this I checked the application log and saw many of these:

Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2. The manifest file root element must be assembly.


What's up?

Zenobia
2017-11-10, 06:05
I have a slight theory on what the first error is from, though be aware it might not pan out. When you open up Spybot Start Center, it should list the Spybot version in brackets at the top. What program version is listed there, Spybot version 2.4, 2.5 or version 2.6?