[[Template core/front/global/favico is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]] Jump to content

Emergency Help - can't work until safe. Virus/Malware issues


Recommended Posts

Yes, when I was referencing "same error" I thought we were still talking about it. None the less, here it is.. will paste it every single time.

Run-time error 372...

Failed to load control vbalgrid6.ocx. Your version of vbalgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

I can open Avast, however it will not let me do a scan. "RPC server not available"

Worth noting. When trying to use MS Paint to get you a screenshot, I got same RPC error when trying to paste: "RPC server not available"

All 3 files registered successfully.

Link to post
Share on other sites
  • Replies 219
  • Created
  • Last Reply

Let me clarify, that my primary goal is & has been to a) address malware- in the sense to hunt it & remove it if found, and b) to get antivurs working, & c) to get MBAM working.

If it becomes obvious that this is a never-ending saga, then I will have to tell you to erase / wipe the system, and start over with a installation from scratch of Windows.

I am not going to involve myself with MS Paint. But once more focus on at least the antivirus.

Do the following next, & after that, try starting Avast 1 more time.

If you started some programs, or have open work documents, Save any open work-files and close the programs.

This next procedure will involve a reboot/restart.

Windows services

This will be a batch-run .

  • Press the Windows-key +R key on keyboard to get RUN menu.
  • In the RUN box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo on
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= auto
    sc config bits start= manual
    sc config msiserver= manual
    sc config sens start= auto
    sc config eventlog start= auto
    sc start sens
    sc start eventlog
    sc start bits
    sc config wuauserv start= auto
    sc config vss start= manual
    shutdown -r -t 1
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the Filename box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Double click Fix.bat on your desktop to start the batch run in a Command prompt window.

This procedure will do its tasks and then it will Restart Windows.

Link to post
Share on other sites

I do understand what your goals are. I've done everything you said and these new things (taskbar, RPC server, run-time error, paint) are occurring as we're attempting to fix the main issues. In no way am I blaming you what so ever, we just didn't have these errors a few days ago. I'm only telling you what's going on, as I thought you'd like to know. I'm not really asking you to fix paint, I couldn't care less about it, but I thought it was necessary and relevant info to tell you, because it's the same error as am I getting when trying to scan with Avast. I can't help but feel like you're getting aggravated with me for things beyond my control...

Did the batch run successfully. PC rebooted.

Avast will open, but won't scan. "RPC server not available"

Link to post
Share on other sites

It's not that I am upset with you, but the general situation itself. I was just being frank. This just is really becoming an un-ending quest.

Double-click SystemLook.exe to run it.

  • Copy the content of the following codebox into the main textfield (2 lines):
    :filefind
    vbalsgrid6.ocx
    *vbalsgrid*
    :folderfind
    *avast*
    *malwarebytes*


  • Click the Look button to start the scan.
  • Have infinite patience while it is scanning.
  • When finished, a NOTEPAD window will open with the results of the scan. Please Copy & Paste this log in your next reply.
  • Press EXIT button when all done.

Note: The log can also be found on your Desktop entitled SystemLook.txt

a) Make sure if you opened any apps of yours, that you Exit them.

b) Be sure you are logged in with Admistrator rights account.

c) From Start button, select RUN (or Win-key +R) and in the run-text-box type in

msconfig

and press OK or Enter.

d) You should see the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

e) Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

f) Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

g) the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

h) Then using the scroll-bar scroll down the list

Look for Remote Procedure Call (RPC) . Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

When finished, Exit out of the services console.

Then report back here with details.

NEXT:

You use Start button > Select RUN and type into the run box Code:

services.msc

amd press OK.

They need to show a startup type of Manual or Automatic.

Here are the services & their Startup types:

Background Intelligent Transfer Service(BITS) . . . Automatic

Cryptographic Services . . . . . . . . . . . . . . .Automatic

Remote Procedure Call (RPC). . . . . . . . . . . . .Automatic

Windows Update . . . . . . . . . . . . . . . . . . .Automatic

The Staus column should show Started for each of these services.

Tell me how yours are showing.

Link to post
Share on other sites

I'm going to hold off on the last instructions for a moment... let me preface this by saying I never use the Admin user account and the other user is me with admit rights....

I looked up what RPC was since it's preventing me from running a scan. I looked at Services, and found it set as Manual. When I attempted to start the service, it said I did not have access to do so. So I rebooted in Safe Mode, AS ADMINISTRATOR, and opened up Avast and it's currently running a scan. We must have somehow set permissions or restrictions or something, I don't know. Something is off...

Anyway, we're scanning and it's going slow, even on Quick scan, When it's done, IF clean, do you want me to proceed with your instructions? If so, would you like me in Safe Mode or regular? Of course if it finds something, I'll post back here first.

ETA - I just read your full instructions and we're on the same lines of thinking :)

Link to post
Share on other sites

There's a lot that is "off".

as a test, see if you can also start MBAM while in Safe mode.

After you finish the Avast scan, I would much prefer you login with the Administrator account. and do that for the entire duration of our efforts. Then do the rest of what I outlined.

Is it possible "your login" is not assigned to the Administrators group ?

Link to post
Share on other sites

I will do that, but honestly, in normal mode, I'm not sure how to choose which I login as. In normal mode, it always just logs me in automatically. I have no idea how to log in as admin in nornal mode.

My login maybe somehow got changed in this process, but I'd always have had admin rights in the past.

Link to post
Share on other sites

If you could get to Start, then see about getting to Switch User & then login with Administrator.

Has Avast scan finished?

I need the result from the SystemLoook run {from just above}.

Link to post
Share on other sites

Avast finished and found nothing..

MBAM still wouldn't start (Safe Mode)

found the command for user accounts via Windows+R - User Accounts window opened up but it was totally blank.

SystemLook 30.07.11 by jpshortstuff

Log created at 17:17 on 07/04/2013 by Administrator

Administrator - Elevation successful

========== filefind ==========

Searching for "vbalsgrid6.ocx"

C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx --a---- 496976 bytes [00:42 07/04/2013] [13:16 01/06/2011] BAA4DE42156350754976DD563D02CDE4

Searching for "*vbalsgrid*"

C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx --a---- 496976 bytes [00:42 07/04/2013] [13:16 01/06/2011] BAA4DE42156350754976DD563D02CDE4

========== folderfind ==========

Searching for "*avast*"

C:\Documents and Settings\Administrator\Local Settings\Temp\_avast_ d------ [20:42 07/04/2013]

C:\Documents and Settings\All Users\Application Data\AVAST Software d------ [10:40 28/03/2013]

C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast d------ [10:41 28/03/2013]

C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus d------ [10:41 28/03/2013]

C:\Documents and Settings\Mom\Local Settings\temp\_avast_ d------ [23:58 03/04/2013]

C:\Program Files\AVAST Software d------ [10:41 28/03/2013]

C:\Program Files\AVAST Software\Avast d------ [10:41 28/03/2013]

C:\WINDOWS\temp\_avast_ d------ [23:57 03/04/2013]

Searching for "*malwarebytes*"

C:\Documents and Settings\Administrator\Application Data\Malwarebytes d------ [22:07 27/03/2013]

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware d------ [22:07 27/03/2013]

C:\Documents and Settings\All Users\Application Data\Malwarebytes d------ [00:42 07/04/2013]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware d------ [00:42 07/04/2013]

C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware d------ [00:42 07/04/2013]

C:\Documents and Settings\Mom\Application Data\Malwarebytes d------ [00:42 07/04/2013]

C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware d------ [00:42 07/04/2013]

C:\Program Files\Malwarebytes' Anti-Malware d------ [00:42 07/04/2013]

-= EOF =-

Link to post
Share on other sites

Yes, follow the directions there and do that.

Please do the following to see if it fixes the error with starting MBAM:

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):

    regsvr32 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    regsvr32 C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
    regsvr32 C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file MBAM Fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it on XP. ALLOW the overwrite of the old file you have lying around, and asnwer Yes to overwrite.
  • Click OK to each of the 3 dialog boxes that should show a success message for each file registered.

Let me know the result of this

Link to post
Share on other sites

Nothing happened when I tried to run the file for that User Accounts fix.. I'll keep it handy in case it works down the road...

On the MBAM Fix.bat - got error message right away from RegSvr32: LoadLibrary("C:\Program") failed - The specified module could not be found. Same for all 3 lines of that.

Link to post
Share on other sites

Create a new folder with a new name, like Momfix

Then move the fix.bat file (from just earlier) into it and make sure you verify it is there.

Then reboot the system one more time, into Safe mode and login with Administrator.

Then double click the Fix.bat file to run it in a command prompt.

Observe as it runs. We want to know if it fully does all ok.

Then still in Safe mode, start MBAM & do a Quick scan. Save the scan log into a unique file in Momstuff so that you can upload that log. {ie either Attach or Copy >Paste into a reply).

BTW, was the result of that Avast scan all ok??

Link to post
Share on other sites

Good morning.

How is it going?

Please do this also:

Press Windows-key+R to get to RUN option.

Then type in

cmd.exe

+ Enter to get to Command prompt.

Then type in

PATH

+ Enter

Then write down & report back here the result from the screen on the Path

Link to post
Share on other sites

Bravo, the gif file way is a very good way to convey screen captures. Kudos.

The PATH setting is fine. and a good sign.

Let's keep this computer in Safe mode and logged in with Administrator.

Let's do a quick look.

Double-click SystemLook.exe to run it.

  • Copy the content of the following codebox into the main textfield (2 lines):
    :filefind
    *subinacl*
    *secedit*


  • Click the Look button to start the scan.
  • Have infinite patience while it is scanning.
  • When finished, a NOTEPAD window will open with the results of the scan. Please Copy & Paste this log in your next reply.
  • Press EXIT button when all done.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Yes, I'm glad we're starting to have some success in these tasks. I'm regaining hope!

SystemLook 30.07.11 by jpshortstuff

Log created at 13:19 on 09/04/2013 by Administrator

Administrator - Elevation successful

========== filefind ==========

Searching for "*subinacl*"

C:\Documents and Settings\Mom\Desktop\subinacl.msi --a---- 379392 bytes [18:12 04/04/2013] [13:55 04/04/2013] B23D3E0E4BE5BA7DA3F0F12E327751CD

C:\WINDOWS\system32\subinacl.exe --a---- 290304 bytes [19:33 11/06/2004] [19:33 11/06/2004] 53CDBB093B0AEE9FD6CF1CBD25A95077

C:\WINDOWS\system32\subinacl.htm --a---- 89886 bytes [19:33 11/06/2004] [19:33 11/06/2004] 36925DF51E6B6570B92B49C7563A403A

Searching for "*secedit*"

C:\WINDOWS\security\Database\secedit.sdb --a---- 2105344 bytes [16:57 10/08/2004] [19:06 13/04/2007] B33B0F30FE30D7176BA038D52E2FF00B

-= EOF =-

Link to post
Share on other sites

Keep your fingers crossed. :)

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Kstmommy only. If you are a casual viewer, do NOT try this on your system!

If you are not Kstmommy and have a similar problem, do NOT post here; start your own topic

This next task will likely take a very long time. Do this when you will not be using this system {which you should not be, anyhow}.

We want to be in Safe mode. We want to be logged in with the Administrator account.

It will run in a Command prompt.

When it is all done, It will close the command window. However, DO look at it from time to time, since regsvr32 may show a message that needs your OK.

Start Notepad

Copy and then paste the following text into Notepad.

@Echo on
pushd\windows\system32
subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=administrators
subinacl /subkeyreg HKEY_CURRENT_USER /setowner=administrators
subinacl /subkeyreg HKEY_CLASSES_ROOT /setowner=administrators
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories c:\*.* /grant=administrators=f /grant=system=f
regsvr32 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
regsvr32 C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
regsvr32 C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
popd
exit

Save this Notepad file as Reset.cmd

Double-click the Reset.cmd file to run the script.

When after this is all done, see IF you can start MBAM & do a Quick scan.

Link to post
Share on other sites

I ran Reset.cmd and the command prompt window briefly flashes and closes. It's so fast I can't see what it says. I'm not sure it did anything?

Rebooted to Safe Mode and still can't open MBAM - same Run-time error 372

Link to post
Share on other sites

humhh.

We want to be in Safe mode. We want to be logged in with the Administrator account.

It will run in a Command prompt.

DO look at it from time to time, since regsvr32 may show a message that needs your OK.

Start Notepad

Copy and then paste the following text into Notepad.

@Echo on
subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=administrators
subinacl /subkeyreg HKEY_CURRENT_USER /setowner=administrators
subinacl /subkeyreg HKEY_CLASSES_ROOT /setowner=administrators
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories c:\*.* /grant=administrators=f /grant=system=f
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"

Save this Notepad file as KSTM5.cmd

Double-click the KSTM5.cmd file to run the script.

When after this is all done, the command window will still be open.

Tell me what it might say at the bottom {or perhaps take a GIF screenshot of that window.

Link to post
Share on other sites

Ok, tried again, two more times. I'm in Safe Mode as Admin.

When I double click the file, a command window immediately flashes open and immediately closes. I can't see what's even in the window.

Link to post
Share on other sites

ok....but, an admonition: going forward, it is not a good idea to keep repeating the same things. Just do once and let me know when their is a problem, with detail.

When you said the window flashed by quickly and closed, was that in like 1 or 2 seconds?

Start a command prompt window by yourself. Windows-key+R to get RUN option.

Type in cmd.exe + Enter

to start Command prompt.

in the command prompt, type in each of these command lines verbatim & tap Enter at each one of the lines ! line 2 to include the quote marks !!!

Be sure to account for the 1 space on the first line.

Also the spaces in line 2

cd \windows\system32

regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.