It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

HDHelper.exe - Bad Image

page: 1
0

log in

join
share:

posted on Jun, 10 2020 @ 01:38 PM
link   
Ever since a windows security update, I've been getting repeated error messages about StateRepository.Core.dll in WidowsSystem32. It happens every time I restart windows 10 also every time I open Photoshop. It's impossible to delete the file using explorer as it's locked by multiple processes. I don't have a restore point from before when it started to be reported as a Bad Image.

I've tried a bunch of things to fix it, I'm MCTS Certified so it's not like I'm beyond capable of any type of repair. At one point I went to a friend's place and copied his 'StateRepository.Core.dll' file making sure it matched the version I have 10.0.18362.836 and using a windows PE bootup disk I renamed the bad dll and then copied my friends dll in its place. But I'm still getting multiple error warnings about the file during my daily use of windows. The error is not stopping anything from working as far as I can tell but it just keeps popping up, usually in batches of three. I'm starting to think maybe there are more bad dlls than just this one and that's what's making it hard to fix.

Any bright ideas would be most appreciated.





I uploaded it to VirusTotal
Acronis : Undetected
Ad-Aware : Undetected
AegisLab : Undetected
AhnLab-V3 : Undetected
Alibaba : Undetected
ALYac : Undetected
Antiy-AVL : Undetected
SecureAge APEX : Undetected
Arcabit : Undetected
Avast : Undetected
Avast-Mobile : Undetected
AVG : Undetected
Avira (no cloud) : Undetected
Baidu : Undetected
BitDefender : Undetected
BitDefenderTheta : Undetected
Bkav : Undetected
CAT-QuickHeal : Undetected
ClamAV : Undetected
CMC : Undetected
Comodo : Undetected
CrowdStrike Falcon : Undetected
Cylance : Undetected
Cyren : Undetected
DrWeb : Undetected
eGambit : Undetected
Emsisoft : Undetected
Endgame : Undetected
eScan : Undetected
ESET-NOD32 : Undetected
F-Prot : Undetected
F-Secure : Undetected
FireEye : Undetected
Fortinet : Undetected
GData : Undetected
Ikarus : Undetected
Jiangmin : Undetected
K7AntiVirus : Undetected
K7GW : Undetected
Kaspersky : Undetected
Kingsoft : Undetected
Malwarebytes : Undetected
MAX : Undetected
MaxSecure : Undetected
McAfee : Undetected
McAfee-GW-Edition : Undetected
Microsoft : Undetected
NANO-Antivirus : Undetected
Palo Alto Networks : Undetected
Panda : Undetected
Qihoo-360 : Undetected
Rising : Undetected
Sangfor Engine Zero : Undetected
SentinelOne (Static ML) : Undetected
Sophos AV : Undetected
Sophos ML : Undetected
SUPERAntiSpyware : Undetected
Symantec : Undetected
TACHYON : Undetected
Tencent : Undetected
TotalDefense : Undetected
Trapmine : Undetected
TrendMicro : Undetected
TrendMicro-HouseCall : Undetected
VBA32 : Undetected
VIPRE : Undetected
ViRobot : Undetected
Webroot : Undetected
Yandex : Undetected
Zillya : Undetected
ZoneAlarm by Check Point : Undetected
Zoner : Undetected
Cybereason : Unable to process file type
Symantec Mobile Insight : Unable to process file type
Trustlook : Unable to process file type

0/ 72

No engines detected this file

d49d77d4948954e0a97486d526ec25f5268dabc65229add350723f0959efb46b
StateRepository.Core.dll
699.52 KB
Size
2020-06-08 03:13:19 UTC
2 days ago
64bits assembly overlay pedll signed
DETECTION
DETAILS
COMMUNITY
Basic Properties
MD5 3317a446bf482cd4ea019e391229644c
SHA-1 c0f01d6154f0845592279ebf63c4e40a80619479
SHA-256 d49d77d4948954e0a97486d526ec25f5268dabc65229add350723f0959efb46b
Vhash 175066655d1555155~zfb
Authentihash e6b70a1871d2eb73723ad276a997a960b885b08fc7ffa3c378666752af201f44
Imphash 4c3fa874e14bce243ec9e5ba9e661936
SSDEEP 12288:q4SF7KtYuEmBR3v3OhAw5+xUQHyw18PC3NZwOqyG3GZpVmeSLkGcl:vg7K2uJBt3OhhQ11XLzq5SpVmSxl
File type Win32 DLL
Magic PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly
File size 699.52 KB (716312 bytes)
History
Creation Time 1990-08-18 05:55:35
Signature Date 2020-05-06 04:45:00
First Submission 2020-05-12 18:42:24
Last Submission 2020-06-08 03:13:19
Last Analysis 2020-06-08 03:13:19
Names
StateRepository.Core.dll
StateRepository Core
Signature Info
Signature Verification
Signed file, valid signature
File Version Information
Copyright © Microsoft Corporation. All rights reserved.
Product Microsoft® Windows® Operating System
Description StateRepository Core
Original Name StateRepository.Core.dll
Internal Name StateRepository Core
File Version 10.0.18362.836 (WinBuild.160101.0800)
Date signed 4:45 AM 5/6/2020
Signers
Microsoft Windows
Microsoft Windows Production PCA 2011
Microsoft Root Certificate Authority 2010
Counter Signers
Microsoft Time-Stamp Service
Microsoft Time-Stamp PCA 2010
Microsoft Root Certificate Authority 2010
X509 Signers
Microsoft Time-Stamp Service
Microsoft Time-Stamp PCA 2010
Portable Executable Info
Header
Target Machine x64
Compilation Timestamp 1990-08-18 05:55:35
Entry Point 281952
Contained Sections 6
Sections
Name Virtual Address Virtual Size Raw Size Entropy MD5 Chi2
.text 4096 556834 557056 6.52 066717e90313fbcece9b6dcca2a2c00a 3116460.5
.rdata 561152 100156 100352 5.79 0e5ebc01b4fc6827cfe4572a1ccdc9a4 2106066.75
.data 663552 12905 10240 1.99 6197cd8b8f409210e1eabf29d54da78c 1469302.13
.pdata 679936 28212 28672 5.87 bfa1624c1461119c49e8d67c8336ff79 656869.69
.rsrc 708608 1064 1536 2.53 848c961e3dcf9661d840c3086327ca05 193599.69
Imports
api-ms-win-core-debug-l1-1-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-file-l1-1-0.dll
api-ms-win-core-file-l1-2-0.dll
api-ms-win-core-file-l1-2-2.dll
api-ms-win-core-handle-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-heap-l2-1-0.dll
api-ms-win-core-interlocked-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
Exports
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
Contained Resources By Type
RT_VERSION 1
Contained Resources By Language
ENGLISH US 1
Contained Resources
SHA-256 File Type Type Language Entropy Chi2
f378ed66c817058541f4636b7ceff7adf39b9fb13dea9bac006595dea2545f54 Data RT_VERSION ENGLISH US 3.48 74449.43
edit on 10-6-2020 by PhoenixOD because: (no reason given)

edit on 10-6-2020 by PhoenixOD because: (no reason given)




posted on Jun, 10 2020 @ 02:00 PM
link   
a reply to: PhoenixOD

Did you try sfc /scannow from the command prompt in admin mode?



posted on Jun, 10 2020 @ 02:04 PM
link   
Did you try Google?

Despite being university certified, that's what I usually do

a reply to: PhoenixOD



posted on Jun, 10 2020 @ 02:58 PM
link   
a reply to: MRinder



Did you try sfc /scannow from the command prompt in admin mode?


Yeah, that's the first thing I tried, SFC fails to repair every time, even if I use a windows installation disk to boot off and then use the repair option and also if I use a Win PE disk.

DISM is not fixing it either.


edit on 10-6-2020 by PhoenixOD because: (no reason given)



posted on Jun, 10 2020 @ 02:59 PM
link   
a reply to: hombero




Did you try Google?

Despite being university certified, that's what I usually do


Are you even being serious with that suggestion?

edit on 10-6-2020 by PhoenixOD because: (no reason given)



posted on Jun, 10 2020 @ 03:05 PM
link   

originally posted by: PhoenixOD
a reply to: MRinder



Did you try sfc /scannow from the command prompt in admin mode?


Yeah, that's the first thing I tried, SFC fails to repair every time, even if I use a windows installation disk to boot off and then use the repair option and also if I use a Win PE disk.

DISM is not fixing it either.




Hmmm interesting problem. I am sure you tried to register the dll. What is the error code?



posted on Jun, 10 2020 @ 03:25 PM
link   

originally posted by: PhoenixOD
Ever since a windows security update, I've been getting repeated error messages about StateRepository.Core.dll in WidowsSystem32. It happens every time I restart windows 10 also every time I open Photoshop. It's impossible to delete the file using explorer as it's locked by multiple processes. I don't have a restore point from before when it started to be reported as a Bad Image.

If I'm not mistaken HDHelper has to do with Adobe's Creative Cloud UWP app package...

Maybe try uninstalling that and see if it goes away, then reinstall?

Personally I loathe Windows 10 'native apps', and always install traditional if available, with a few exceptions - like for Dells Command Update. The UWP package seems to work better for keeping drivers up to date on our Dell workstations.



posted on Jun, 10 2020 @ 04:21 PM
link   
a reply to: MRinder

This is the MessageBox error :




posted on Jun, 10 2020 @ 05:32 PM
link   
a reply to: PhoenixOD

Try this
answers.microsoft.com...

or this... but use your bad files nameinstead of the file name they use in the video




posted on Jun, 10 2020 @ 09:45 PM
link   
a reply to: MRinder

Thanks MRinder, I've already tried this.



posted on Jun, 10 2020 @ 09:58 PM
link   
a reply to: PhoenixOD

You are welcome. Sorry I wasnt much help. Good luck.



posted on Jun, 10 2020 @ 10:56 PM
link   
a reply to: MRinder

Im about to call quits on this. I've tried everything I can think of and everything I have seen as a suggestion. Life's too short I'm now in the processes of rounding up all my personal files and then I'm going to do a full reinstall of windows




posted on Jun, 11 2020 @ 10:10 AM
link   
Generally by the time windows throws an error up theres about a dozen other things gone wrong down the line and trying to track down a rogue registry entry thats not documented that should be x06 and is x07 just isn't worth the time and effort.

I've spent hours before tracking down funny faults and generally its just not worth the effort other than the feeling of satisfaction to have won but normally its just back everything up and nuke it.



posted on Jun, 11 2020 @ 03:27 PM
link   
I’m probably gonna mention some things you’ve already tried but
exe compatibility mode and a registry restore?



new topics

top topics



 
0

log in

join