Jump to content

Run-time Error '372' vbalsgrid6.ocx


Recommended Posts

Download VB6 SSubTmr Binary.zip (11K) to our Desktop.

Unzip SSubTmr6.dll to C:\WINDOWS\System32

Download VB6 ImageList Control Binary.zip (32K) to our Desktop.

Unzip vbalIml6.ocx to C:\WINDOWS\System32

Download VB6 SGrid 2 Binary.zip (173K) to our Desktop.

Unzip vbalSGrid6.ocx to C:\WINDOWS\System32

Do the following:

Start -> Run

type: cmd.exe

click 'OK'

The command console will open.

Enter the following commands at the command prompt pressing the enter key after every command:

regsvr32 SSubTmr6.dll

regsvr32 vbalIml6.ocx

regsvr32 vbalSGrid6.ocx

exit

The Command Console will close.

Download Dial-a-Fix to our Desktop.

Unzip Dial-a-fix-v0.60.0.24.zip to your Desktop

Open the Dial-a-fix-v0.60.0.24 folder

Double-click Dial-a-fix.exe

Click-on the Tools button, looks like a hammer.

Scroll down and select 'Reset WMI/WBEM'

Click 'GO'

Exit Dial-a-fix

Run ISeeYouXP

If you are still getting errors run Dial-a-fix again.Click-on the Tools button, looks like a hammer.

Scroll down and select 'Reinstall WMI/WBEM'

Click 'GO'

NOTE: You may be prompted for your installation media.

Exit Dial-a-fix

Run ISeeYouXP

Link to post
Share on other sites

Thank you for the reply.

Download VB6 SSubTmr Binary.zip (11K) to our Desktop.

Unzip SSubTmr6.dll to C:\WINDOWS\System32

Download VB6 ImageList Control Binary.zip (32K) to our Desktop.

Unzip vbalIml6.ocx to C:\WINDOWS\System32

Download VB6 SGrid 2 Binary.zip (173K) to our Desktop.

Unzip vbalSGrid6.ocx to C:\WINDOWS\System32

Do the following:

Start -> Run

type: cmd.exe

click 'OK'

The command console will open.

Enter the following commands at the command prompt pressing the enter key after every command:

regsvr32 SSubTmr6.dll

regsvr32 vbalIml6.ocx

regsvr32 vbalSGrid6.ocx

All three registered successfully.

exit

The Command Console will close.

Download Dial-a-Fix to our Desktop.

Unzip Dial-a-fix-v0.60.0.24.zip to your Desktop

Open the Dial-a-fix-v0.60.0.24 folder

Double-click Dial-a-fix.exe

Click-on the Tools button, looks like a hammer.

Scroll down and select 'Reset WMI/WBEM'

Click 'GO'

Exit Dial-a-fix

Run ISeeYouXP

Same error.

If you are still getting errors run Dial-a-fix again.Click-on the Tools button, looks like a hammer.

Scroll down and select 'Reinstall WMI/WBEM'

Click 'GO'

NOTE: You may be prompted for your installation media.

Exit Dial-a-fix

Run ISeeYouXP

You know the OS better that MS. I think that made some progress.

C:\ISEEYO~1\ieinfo.vbs(2, 1) Microsoft VBScript runtime error: The remote server

machine does not exist or is unavailable: 'GetObject'

I'd like to give you a little feed back just in case it will help.

Even though the user I am currently using has administrator rights I wanted to sign on as administrator to see if vbs would run.

I logged off my current user. I received the welcome screen listing all users. When I pressed <ctrl> <alt> <del> twice the sign on screen wouldn't come up.

Then I tried signing on to my regular user. I put in the correct password. It gave me an error asking if I forgot my password. It wouldn't let me in.

Soon after I got this malware I discovered in safemode that my user was changed from administrator to the Debug group. My user didn't show up on the welcome screen. I changed it back to administrator and it returned to the welcome screen.

I am normally logged in automatically with TweakUI to my regular user. I re-booted the PC and held down the shift key until the welcome screen came up. I was able to press <ctrl> <alt> <del> twice to get the sign on screen. I signed on with Administrator.

The reason I'm telling you all of this is because I received a suspicious error. The error is:

"Startup Launcher Run-Time Error '91' Object variable or with block variable not set"

I don't have (and never had) anything called Startup Launcher. I do have Startup Delayer. I sent an email to the developers of Startup Delayer to see if the error came from them. I found on Google a program called Startup Launcher that controls every program that is run on a PC.

I ran autoruns.exe to see if I could find something called Startup Launcher. The attached file is the output from the Administrator group.

I couldn't find anything that would lead me to Startup Launcher.

I hope that may help.

I also have something called DU Meter that shows me internet activity. It's showing something is communicating every three (approx) seconds. I wish I knew what that was.

Thank you,

Docfxit

AutoRuns.txt

AutoRuns.txt

Link to post
Share on other sites

Looks like Malware is most likely the culprit here. Most of the tools we normally use rely of VB script and WMI to do some of the needed tasks.

Going to have you use a different tool to take a look at the system.

Download Deckard's System Scanner (DSS) and save it to your Desktop.

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Link to post
Share on other sites

Download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.

  • Double-click on dss.exe and follow the prompts.

  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Thank you for working on this for me.

The attached file includes the two output files from DSS.exe

Thank you,

Docfxit

Docfxit_System_Scanner.zip

Docfxit_System_Scanner.zip

Link to post
Share on other sites

Copy the contents of the below code box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

REGEDIT4
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"ShowDeskFix"=-"IE7-10"=-
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]"ShowDeskFix"=-"IE7-10"=-

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Delete:

C:\Documents and Settings\All Users\Application Data\{DB67A7C2-632D-4A8E-8BB3-5B4814B91B48}

Reboot

Move DSS to your Desktop, that is where it is supposed to be.

Attach fresh logs for:

DSS

ISeeYouXP

Link to post
Share on other sites

Copy the contents of the below code box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).
REGEDIT4

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"ShowDeskFix"=-

"IE7-10"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]

"ShowDeskFix"=-

"IE7-10"=-

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Done

Delete:

C:\Documents and Settings\All Users\Application Data\{DB67A7C2-632D-4A8E-8BB3-5B4814B91B48}

This folder belongs to an application called EFILive. I didn't delete it.

Reboot

Move DSS to your Desktop, that is where it is supposed to be.

Done

Attach fresh logs for:

DSS

It only produced one file this time. It's attached.

ISeeYouXP

This is the same error:

C:\ISEEYO~1\ieinfo.vbs(6, 1) (null): 0x80041003

Thank you,

Docfx

Docfxit_main.zip

Docfxit_main.zip

Link to post
Share on other sites

Took me a little while to figure out what the error "(null): 0x80041003" means.

That error code is "WMI: access denied". This indicates that your user account does not have the Remote Enable WMI security permission. Since all members of the local administrators group have this automatically, your account is somehow not being recognized as a member of the local administrators group.

1. From the main Windows Desktop, click on START >> SETTINGS >> CONTROL PANEL

2. Choose ADMINISTRATIVE TOOLS .

3. From the Administrative Tools dialogue, select COMPUTER MANAGEMENT

4. Click on the

Link to post
Share on other sites

Took me a little while to figure out what the error "(null): 0x80041003" means.

That error code is "WMI: access denied". This indicates that your user account does not have the Remote Enable WMI security permission. Since all members of the local administrators group have this automatically, your account is somehow not being recognized as a member of the local administrators group.

1. From the main Windows Desktop, click on START >> SETTINGS >> CONTROL PANEL

2. Choose ADMINISTRATIVE TOOLS .

3. From the Administrative Tools dialogue, select COMPUTER MANAGEMENT

4. Click on the

Link to post
Share on other sites

It appears that the Visual Basic Scripting Engine is broken on this system. You were able to successfully run ComboFix, twice, which relies on vbs for several of it's functions.

You haven't been able to run anything that calls VB since.

I've had you register the VB runtimes, rebuild and then reinstall WMI/WBEM to no effect.

I believe it is time for a repair install of the operating system.

Link to post
Share on other sites

It appears that the Visual Basic Scripting Engine is broken on this system. You were able to successfully run ComboFix, twice, which relies on vbs for several of it's functions.

You haven't been able to run anything that calls VB since.

I've had you register the VB runtimes, rebuild and then reinstall WMI/WBEM to no effect.

I believe it is time for a repair install of the operating system.

I have done an in place install over writing the OS that is there. I have too many programs installed that would have to be re-installed to do a repair install.

If I would do anything along those lines I would opt to do an application migration to a fresh newly installed XP Pro. I realize all applications will not migrate correctly and some may need to be re-installed but at least this way all won't have to be re-installed.

Do you know of a good program to migrate the applications.

Thank you,

Docfxit

Link to post
Share on other sites

  • Root Admin

Hello Docfxit,

I've spoken with ShadowPuterDude and he agreed that it would be okay for me to post this.

This is sort of a last ditch effort to attempt to fix your system to a point where he can start to work on the Malware removal again.

Please start NOTEPAD and copy the contents of the CODE box below to a new file. Do a File Save-As and in the drop down box for Save as type: make sure you select All Files and save it as REGDLL.BAT

Then double-click on it to run it. This will go through and re-register all the DLL files in your system folder for those that can be registered.

When it's done please restart your computer and try running the ISeeYouXP.exe again and let us know if you still get the error.

for /f "Tokens=*" %%i in ('dir /B C:\WINDOWS\SYSTEM32\*.DLL') do REGSVR32 /s C:\WINDOWS\SYSTEM32\%%i
ECHO.
ECHO.
ECHO All done updating files. Please restart your computer now.
ECHO.
PAUSE

If you get an error while trying to run this batch file please let me know what the error says.

Basically it should keep running through and showing you that its silently registering all the DLL files.

.

Link to post
Share on other sites

Hello Docfxit,

I've spoken with ShadowPuterDude and he agreed that it would be okay for me to post this.

This is sort of a last ditch effort to attempt to fix your system to a point where he can start to work on the Malware removal again.

Please start NOTEPAD and copy the contents of the CODE box below to a new file. Do a File Save-As and in the drop down box for Save as type: make sure you select All Files and save it as REGDLL.BAT

Then double-click on it to run it. This will go through and re-register all the DLL files in your system folder for those that can be registered.

When it's done please restart your computer and try running the ISeeYouXP.exe again and let us know if you still get the error.

for /f "Tokens=*" %%i in ('dir /B C:\WINDOWS\SYSTEM32\*.DLL') do REGSVR32 /s C:\WINDOWS\SYSTEM32\%%i

ECHO.

ECHO.

ECHO All done updating files. Please restart your computer now.

ECHO.

PAUSE

If you get an error while trying to run this batch file please let me know what the error says.

Basically it should keep running through and showing you that its silently registering all the DLL files.

.

Thank you for trying to help with this.

I ran it and did get some errors. The errors are attached.

After I ran it I re-booted the PC. ISeeYouXP is producing the same errors.

Thank you,

Docfxit

post-2570-1215545337_thumb.jpg

post-2570-1215545347_thumb.jpg

post-2570-1215545370_thumb.jpg

post-2570-1215545378_thumb.jpg

post-2570-1215545388_thumb.jpg

post-2570-1215545337_thumb.jpg

post-2570-1215545347_thumb.jpg

post-2570-1215545370_thumb.jpg

post-2570-1215545378_thumb.jpg

post-2570-1215545388_thumb.jpg

Link to post
Share on other sites

  • Root Admin

Hi Docfxit

Thank you for the information on the failure. Sorry for the late reply. As I said this was a last ditch effort to give it a try. At this time as per ShadowPuterDude and your own thinking, it appears that the system is too damaged to recover.

I don't have any other suggestions on how to fix the current system. You might be able to use this guide to help move over to another system.

Step-by-Step Guide to Migrating Files and Settings

.

Link to post
Share on other sites

  • Root Admin

Well Docfxit it appears that we have no other solutions to assist you.

Sorry that we couldn't be of more help with getting the system back online but some times things are just too messed up to fix.

I will close this topic so that other do not post into it. If you have any questions please open a new topic or send a PM to one of the Moderators.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.