Event ID: 5032 or 5038

Discussion in 'Windows Vista Security' started by officermartinez, Apr 24, 2007.

  1. I am using Windows Vista Ultimate x64 and the setup is pretty stable.
    However, randomly, my computer will reboot for no appearent reason. Upon
    Vista starting back up, I usually go to my Event Viewer. EVERY SINGLE
    INSTANCE, after the random reboot, there will be an error posted. It is
    Event ID: 5032 or Event ID: 5038 (or both). I have googled my heart out
    trying to figure this one out. I have been on numerous boards and it seems
    no one can pinpoint the problem. Here is a list of my setup:

    Computer: Custom Built
    Processor: Intel QX6700 Quadcore
    Memory: Corsair Dominator PC2 8500C5D Ram @ 1066mhz
    Motherboard: XFX MB-N680-iLT9 (680i LT)
    Power Supply: Enermax Galaxy 1000 watt Gamers Edition
    Video Card: (2) nVidia 8800GTS cards running in SLi

    The computer is connected via a LAN Cable (not wireless).
    My internet service provider is Charter Cable. It is a 10Mbps connection.
    My cable modem is a Ambit SpeedStream U10C018.
    My router is a Linksys WRT54G v4 (wireless capability)

    I have NO antivirus installed at the moment.
    No software firewall is installed.
    I believe the Linksys has a built in firewall.

    All of my Vista updates are current. I have not installed my 3rd party
    programs but I have installed a few:
    Winrar, TeamSpeak RC2, Everest Ultimate, CPU-Z 1.39, F.E.A.R. Combat,
    3dmark06, Limewire Pro 4.12.11.. ALL of these programs are listed as
    compatible with Vista x64.


    Under Event ID: 5032, this is what the message says:

    Windows Firewall was unable to notify the user that it blocked an
    application from accepting incoming connections on the network.

    Error Code: 2

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Microsoft-Windows-Security-Auditing"
    Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5032</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12292</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2007-04-24T15:21:14.942Z" />
    <EventRecordID>3414</EventRecordID>
    <Correlation />
    <Execution ProcessID="620" ThreadID="976" />
    <Channel>Security</Channel>
    <Computer>WindowsUser</Computer>
    <Security />
    </System>
    - <EventData>
    <Data Name="ErrorCode">2</Data>
    </EventData>
    </Event>


    Under Event ID: 5038, this is what it says:

    Code integrity determined that the image hash of a file is not valid. The
    file could be corrupt due to unauthorized modification or the invalid hash
    could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\Windows\System32\nvd3dumx.dll

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Microsoft-Windows-Security-Auditing"
    Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5038</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2007-04-24T03:26:33.113Z" />
    <EventRecordID>3384</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="72" />
    <Channel>Security</Channel>
    <Computer>WindowsUser</Computer>
    <Security />
    </System>
    - <EventData>
    <Data
    Name="param1">\Device\HarddiskVolume1\Windows\System32\nvd3dumx.dll</Data>
    </EventData>
    </Event>
     
    officermartinez, Apr 24, 2007
    #1
    1. Advertisements

  2. officermartinez

    Jesper Guest

    This sounds like an nVidia driver issue. Are you using a built-in driver or
    one you downloaded from the nVidia web site? I would try uninstalling the
    driver and letting Windows detect it again and see if you can get a better
    match.
     
    Jesper, Apr 24, 2007
    #2
    1. Advertisements

  3. I am leaning more towards a network controller issue. I have the nvidia
    nforce networking controller installed. Do you think that could be the
    issue? I seriously doubt that my video drivers are the cause of my issues.
     
    officermartinez, Apr 25, 2007
    #3
  4. officermartinez

    Jesper Guest

    I'm leaning toward video because nvd3dumx.dll is the GeForce video driver.
    Why do you think it is a network controller issue?
     
    Jesper, Apr 25, 2007
    #4
  5. I am only saying this because the Event View always says:
    Windows Firewall was unable to notify the user that it blocked an
    application from accepting incoming connections on the network. Error Code:
    2

    That leads me to believe that the network is trying to communicate with my
    computer, but the Vista firewall won't allow it to. To me, that indicates a
    network issue, not a display issue. My display works fine. It seems that
    when the Vista firewall catches my computer communicating with the network,
    it doesn't like it and will just shut it down in order to prevent the
    communication.
     
    officermartinez, Apr 25, 2007
    #5
  6. officermartinez

    Jesper Guest

    It's perfectly logical that nVidia's video drivers listen on the network
    though. ;-)

    Seriously, it could happen, and it can't notify the user that it happens
    because the user context associated with drivers is SYSTEM. SYSTEM does not
    have any way to get notified of that issue.

    I'm not sure whether the network communication is the culprit, but even if
    it is, the fault still lies with that video driver. If it needs to listen on
    a network interface it needs to open the port for that at install time. Why
    it would need to do so is a whole different matter that I can't answer. I
    still say try upgrading the video driver.
     
    Jesper, Apr 25, 2007
    #6
  7. OK.. That sounds pretty logical to me also. But I have tried the default
    100.65 drivers.. 101.70 drivers.. and the 158.18 drivers.. The 158's are the
    latest release from nVidia.. But this issue occurred with ALL driver
    versions. Is there a way I can open the port to let that driver communicate,
    so I won't get the random boot?
     
    officermartinez, Apr 25, 2007
    #7
  8. officermartinez

    Jesper Guest

    Of course you can open the port. You just need to find out what port it
    needs. Since it is a driver, you can't open the firewall to the app. Did the
    event log tell you which port it was trying to open?

    FWIW, I have an nVidia card too in one of my machines, and I have not seen
    this behavior. I can't recall which driver version I have though, and I don't
    have the SLI cards.
     
    Jesper, Apr 25, 2007
    #8
  9. The event log doesn't show the port information. Hmmmmm.. I had another
    random boot today. I was on www.msn.com when it randomly rebooted. Like
    every instance before, I went to the Event Viewer, and saw that I had an
    Audit Error again.. 5032 and 5038. Grrrrrrrrrrrr. This is very annoying!
     
    officermartinez, Apr 25, 2007
    #9
  10. officermartinez

    Jesper Guest

    Can you look at the firewall log? Go into the Windows Firewall with Advanced
    Security admin tool. Click the Windows Firewall Properties and configure the
    firewall log. After the problem happens again you can look at the log in the
    Monitoring area.
     
    Jesper, Apr 26, 2007
    #10
  11. Still getting the reboots.. Does anyone have a suggestion or solution?
     
    officermartinez, Apr 29, 2007
    #11
  12. I think I am a little closer to the answer now.. I am in into OVERCLOCKING
    my computer. Those who don't know what that is, it refers to the ability to
    push your computer above and beyond the stock settings, thus making it
    FASTER. The theory behind overclocking is a result of individuals who either
    want a faster performing computer or the ability to tweak their computer to
    prolong its life, thus reducing the need to upgrade quite as much when a
    newer / faster processor comes out. I have an Intel QX6700 quadcore
    processor. The default speed on this processor is 2.66ghz. Well, I was
    getting this error when I had my system overclocked at 3.6ghz. So, I bumped
    it down to 3.4ghz.. Still the same issue. I increased my VCORE (CPU VOLTAGE)
    and viola, no more errors. However, the processor ran VERY hot on my high
    end water cooling setup. So, long story short, I decreased my overclock to
    2.8ghz. At that speed, I was running on the default VCORE. I did, however,
    bump up my front side bus (FSB) to 400. To combat the extremely high
    temperatures of this quadcore processor, I purchased a Vapochill Lightspeed
    Phase Change Unit. The unit needs a few modifications, but I should be able
    to run my processor at -30'ish degrees. Yes, NEGATIVE 30's. At that
    temperature, many overclockers are able to achieve atleast 4ghz on their
    quadcore processors. It's been almost a week since I changed my settings and
    I have yet to get that error and any random reboots. If anyone else is into
    overclocking, I suggest that you check out www.hardforum.com ..Its a great
    place to read and learn about computers and all of the related hardware.

    My system consists of:

    Intel QX6700 quadcore
    XFX 680i LT motherboard
    Corsair Dominator RAM PC2-8500C5D (4 gigs)
    Enermax Galaxy 1000 watt power supply unit
    PNY 8800GTS (soon to have another one for SLi)
    Lian Li PC-7A computer case (on its way)
    Vapochill Lightspeed (on its way)
    $500+ dollar water cooling setup
    Chemei 22" LCD Monitor @ 1680 x 1050 resolution
     
    officermartinez, May 7, 2007
    #12
  13. Both of the error are harmless ...
    This just means that someone pinged or port scanned you etc etc and
    the firewall blocked it... beleive me you do NOT want to be notified
    everytime this happens ;)
    This just means that the Nvidia nvd3dumx.dll driver is not properly
    signed... it is probably NOT corrupt... many companies to not properly
    sign a driver to Microsoft's standard... if you update your video
    driver this MIGHT go away... if the new driver is properly signed that
    is...

    I would look elseware for your problems....
    --

    Please REMOVE the X in my email address to reply.

    Giovanni Lentini
     
    Giovanni Lentini, Aug 28, 2007
    #13
  14. officermartinez

    preiner Guest

    I have been running Vista x64 for over a year very reliably, but I
    notice in the security event log that logitech set point drivers and
    ultramon both have DLLs that are failing the hash check. I have
    repeatedly download updates and checked the integrity of the downloads
    and everything seems fine. Has anyone else run into this issue? Is it a
    bug in Vista or are these just sloppy applications?
     
    preiner, Nov 14, 2007
    #14
  15. Please put the event message here also!
     
    James Matthews, Nov 20, 2007
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.