Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous computer errors. Help needed. Libuv.dll.


  • Please log in to reply
11 replies to this topic

#1 Thelps

Thelps

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 06 July 2016 - 01:55 PM

I recently ran a malware scanner that detected suspected malware at libuv.dll and GDIPlus.dll (two separate instances of each of the files).

All four files (2x Libuv.dll and 2x GDIPlus.dll) files were deleted and the machine restarted.

Since then, all Microsoft Management Console -based applications have failed to load correctly ("MMC has detected an error in the snap-in and will unload it"). That includes Eventvwr which makes troubleshooting almost impossible.

System Restore and DISM do not function (DISM reports "The Remote Procedure Call Failed"). This is despite having all relevant DISM Services enabled (Remote Procedure Call Locator, Remote Procedure Call, RPC Endpoint Mapper etc.).

SFC /scannow finds component corruption but reports that it cannot repair some of it.

I have tried running all of the above tools in Safe Mode, Normal Mode and with all msconfig.exe Services set to 'disabled'.

Does anyone have any ideas what to do next? I'm trying to avoid a system refresh or complete reinstall if at all possible, so let's leave that out of the suggestions.

Where could I download clean copies of libuv.dll and gdiplus.dll that are current for a fully updated version of Windows 10? What directories should I put these files in? My search-engine research hasn't yielded answers to that question.

Any further ideas as to causes and solutions would be welcome!!


Edited by Thelps, 06 July 2016 - 01:57 PM.


BC AdBot (Login to Remove)

 


#2 Niweg

Niweg

  • Members
  • 802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:04:51 PM

Posted 06 July 2016 - 04:02 PM

 My laptop has the release version of Windows 10 Home.  I did a search for libuv.dll and it's not on my system.  It sounds like your computer has gotten corrupted beyond your software's ability to repair it.  If this happened to me, I'd restore from a recent backup I've made.  If you don't have a backup, you'll probably have to save any data you don't want to lose and restore to factory settings.

 

 Good luck.


Make regular full system backups or you'll be sorry sooner or later.


#3 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:02:51 PM

Posted 07 July 2016 - 09:45 AM

Hello Thelps

 

Can you attach this file in your next post? C:\Windows\logs\cbs\cbs.log

 

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:51 PM

Posted 07 July 2016 - 10:10 AM

There is a simpler way to do what CKing123 has suggested.

 

Press the Windows key windowskey_zps092d5c75.png and the X key together.  

 

In the menu that opens select Command Prompt (Admin).

 

When the Command Prompt opens copy and paste the command below, then press Enter.  This will place a folder on your desktop titled sfcdetails

 

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%\Desktop\sfcdetails.txt"

 

Tap/Click on the file, copy the log and post it in your topic.  You will probably need to either break the log into smaller parts to post it in your topic, or use one of the options suggested previously.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:02:51 PM

Posted 07 July 2016 - 10:39 AM

Unfortunately, while [SR] parsing makes the log much cleaner and easier to read, it removes important information needed to fix it

Hello Thelps

 

Can you attach this file in your next post? C:\Windows\logs\cbs\cbs.log

 

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#6 Thelps

Thelps
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 07 July 2016 - 12:59 PM

Attached is CBS.log.

 

I haven't run a DISM or SFC /Scannow that is represented within that log, to my knowledge.

 

Let me know if you require logs that specifically parse any windows utilities. I can re-upload CBS.log after running those utilities.

 

Appreciate your assistance.

Attached Files

  • Attached File  CBS.log   3.1MB   3 downloads

Edited by Thelps, 07 July 2016 - 01:22 PM.


#7 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:02:51 PM

Posted 07 July 2016 - 01:27 PM

Hi

 

We will run a fix followed by another SFC scan

 

SFCFix Fix

This fix is very specific for Thelps's computer. Trying this fix on your own computer might damage your computer. If you are after assistance, create a new thread, and you will be assisted shortly.

 

Download SFCFix (by niemiro) and move the executable on your Desktop.  If you have kept SFCFix from previous fixes, use that instead.

Download the attached SFCFix.zip and move the archive to your Desktop

Note: Make sure that the file is named SFCFix.zip, do not rename it.

Save any work you have open, and close every programs

Drag the SFCFix.zip file over the SFCFix.exe executable and release it

 

mMabJGT.gif

 

SFCFix will launch, let it complete

Once done, a file will appear on your Desktop, called SFCFix.txt

Open the file, then copy and paste its content in your next reply

 

Now, we will run SFC again:

 

SFC Scan

1. Click on startorb.gif and type cmd. When Command Prompt appears, right-click on it, and click Run as Administrator

2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter

sfc /scannow

3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.

copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

4. Once this has completed please go to your Desktop and you will find CBS.txt => Right-click on this file and choose Send To...Compressed (zipped folder). Please upload this zipped file CBS.zip to this thread

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

 

-CKing


Edited by CKing123, 07 July 2016 - 01:42 PM.

If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#8 Thelps

Thelps
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 07 July 2016 - 04:43 PM

Attached are both the SFCFIX file and the CBS.log file from after the sfc /scannow operation...

 

 

 

 

Attached Files



#9 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:02:51 PM

Posted 07 July 2016 - 05:10 PM

Hi, you did not run the fix properly

 

You were to move both SFCFix.exe and SFCFix.zip that I sent the link, and then drag SFCFix.zip over SFCFix.exe

 

 

Hi

 

We will run a fix followed by another SFC scan

 

SFCFix Fix

This fix is very specific for Thelps's computer. Trying this fix on your own computer might damage your computer. If you are after assistance, create a new thread, and you will be assisted shortly.

 

Download SFCFix (by niemiro) and move the executable on your Desktop.  If you have kept SFCFix from previous fixes, use that instead.

Download the attached SFCFix.zip and move the archive to your Desktop

Note: Make sure that the file is named SFCFix.zip, do not rename it.

Save any work you have open, and close every programs

Drag the SFCFix.zip file over the SFCFix.exe executable and release it

 

mMabJGT.gif

 

SFCFix will launch, let it complete

Once done, a file will appear on your Desktop, called SFCFix.txt

Open the file, then copy and paste its content in your next reply

 

Now, we will run SFC again:

 

SFC Scan

1. Click on startorb.gif and type cmd. When Command Prompt appears, right-click on it, and click Run as Administrator

2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter

sfc /scannow

3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.

copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

4. Once this has completed please go to your Desktop and you will find CBS.txt => Right-click on this file and choose Send To...Compressed (zipped folder). Please upload this zipped file CBS.zip to this thread

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#10 Thelps

Thelps
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 07 July 2016 - 05:45 PM

I'm not going to proceed until I can determine that SFCFix isn't malware itself.

 

Assuming it isn't, I very much appreciate your assistance, but it wouldn't be prudent to run files from a website that's now displaying a splash-screen indicative of a MITM event.

 

Assuming this is malware - I wish you luck with your next victim.

 

Assuming it isn't malware - I'm sorry I couldn't proceed with your advice but the level of crime I've been subjected to online precludes reasonable assistance, particularly when that features downloadable .exe files.



#11 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:02:51 PM

Posted 07 July 2016 - 06:04 PM

Hi
 
You may scan it in VirusTotal or other websites
 
Anyways SFCFix is not a malware
 
Rather, it does two things:
 
First up, if you run it without the fix, it analyzes the CBS.log and checks if the non-corrupted files are in System Restores. If they aren't then it fails
In that case, we create a fix file with the replacement files we source from iso or Windows Update
 

There were many people who were helped by this tool: https://www.sysnative.com/forums/windows-update/

Anyways, based on your logs, it is not libuv.dll that is causing the problem as @Niweg said, but rather, GDIPlus.dll that is missing:

 

 

2016-07-07 20:53:48, Info                  CSI    00004ef1 [SR] Cannot repair member file [l:18]"MicrosoftEdge.adml" of Microsoft-Windows-Internet-Browser-Configuration.Resources, version 10.0.10586.0, arch amd64, culture [l:5]"en-US", nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, file is missing
2016-07-07 20:53:48, Info                  CSI    00004ef2 [SR] Cannot repair member file [l:18]"MicrosoftEdge.admx" of Microsoft-Windows-Internet-Browser-Configuration, version 10.0.10586.0, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, file is missing
2016-07-07 20:53:48, Info                  CSI    00004ef3 [SR] Cannot verify component files for Microsoft-Windows-MicrosoftEdge, version 10.0.10586.420, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}, manifest is damaged (FALSE)
2016-07-07 20:53:48, Info                  CSI    00004ef4 [SR] Cannot repair member file [l:11]"GdiPlus.dll" of Microsoft.Windows.GdiPlus, version 1.1.10586.20, arch amd64, versionScope neutral, pkt {l:8 b:6595b64144ccf1df}, type [l:5]"win32" in the store, file is missing
2016-07-07 20:53:48, Error                 CSI    00004ef5 (F) Failed on regenerating file [l:11]"GdiPlus.dll"[gle=0x80004005]
2016-07-07 20:53:48, Info                  CSI    00004ef6 [SR] Unable to repair \SystemRoot\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.20_none_db007f1392e69ef4\\[l:11]"GdiPlus.dll"
2016-07-07 20:53:48, Info                  CSI    00004ef7 [SR] Repaired file \SystemRoot\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.20_none_db007f1392e69ef4\\[l:11]"GdiPlus.dll" by copying from backup
2016-07-07 20:53:48, Info                  CSI    00004ef8@2016/7/7:19:53:48.339 Primitive installers committed for repair
2016-07-07 20:53:48, Info                  CSI    00004ef9 [SR] Cannot repair member file [l:11]"GdiPlus.dll" of Microsoft.Windows.GdiPlus, version 1.1.10586.20, arch amd64, versionScope neutral, pkt {l:8 b:6595b64144ccf1df}, type [l:5]"win32" in the store, file is missing
2016-07-07 20:53:48, Info                  CSI    00004efa [SR] This component was referenced by [l:80]"Package_1313_for_KB3163018~31bf3856ad364e35~amd64~~10.0.1.2.3163018-2930_neutral"
2016-07-07 20:53:48, Info                  CSI    00004efb@2016/7/7:19:53:48.351 Primitive installers committed for repair
2016-07-07 20:53:48, Info                  CSI    00004efc Hashes for file member \??\C:\Windows\SysWOW64\GdiPlus.dll do not match actual file [l:11]"GdiPlus.dll" :
  Found: {l:32 d8VBsw+Gcw+PZ+vAGZ4HC2dvEXVKzJvJQvMRPJz5Z48=} Expected: {l:32 5LrhhVX4Gq0vEryzYgu+Xm3oT4nc7+TEs7Jr3uDlF3M=}
2016-07-07 20:53:48, Info                  CSI    00004efd [SR] Repairing corrupted file [l:23 ml:24]"\??\C:\Windows\SysWOW64"\[l:11]"GdiPlus.dll" from store
2016-07-07 20:53:48, Info                  CSI    00004efe@2016/7/7:19:53:48.425 Primitive installers committed for repair
2016-07-07 20:53:48, Info                  CSI    00004eff [SR] Repairing corrupted file [l:23 ml:24]"\??\C:\Windows\System32"\[l:11]"GdiPlus.dll" from store
2016-07-07 20:53:48, Info                  CSI    00004f00@2016/7/7:19:53:48.506 Primitive installers committed for repair
2016-07-07 20:53:48, Info                  CSI    00004f01@2016/7/7:19:53:48.508 Primitive installers committed for repair
2016-07-07 20:53:48, Info                  CSI    00004f02 [SR] Cannot repair member file [l:18]"MicrosoftEdge.admx" of Microsoft-Windows-Internet-Browser-Configuration, version 10.0.10586.0, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, file is missing
2016-07-07 20:53:48, Info                  CSI    00004f03 [SR] This component was referenced by [l:112]"Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~~10.0.10586.0.af2ddd5c5fe590ffa7c0687f1459b105"
2016-07-07 20:53:48, Info                  CSI    00004f04 [SR] Could not reproject corrupted file [l:32 ml:33]"\??\C:\Windows\PolicyDefinitions"\[l:18]"MicrosoftEdge.admx"; source file in store is also corrupted

 

There are some Microsoft Edge files that are also corrupt that the SFCFix.zip also contained replacement files for.

 

If you believe that you still have malware, then please create a new topic at Am I infected? What do I do? forums

 

Do you have any other concerns about the fix or SFCFix?

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#12 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:02:51 PM

Posted 07 July 2016 - 06:34 PM

Assuming it isn't, I very much appreciate your assistance, but it wouldn't be prudent to run files from a website that's now displaying a splash-screen indicative of a MITM event.

It's near impossible to have a Man in the Middle attack on a secure (https with certificate) website

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users