Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question related to vbAccelerator Grid Control


  • This topic is locked This topic is locked
6 replies to this topic

#1 srinivasiyer2308

srinivasiyer2308

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 11 February 2013 - 11:06 PM

Hello

I came across this site when I was looking for a solution to the following problem:

I have some VBA scripts that use the following control vbalGrid6.ocx from the following website:

http://www.vbaccelerator.com

Once in a while, when I try to open the forms that contain this control, I will get a runtime error 0 popup. And all controls on the form will disappear.

My form has several text boxes, list boxes that are available by default in the toolbox in addition to the vbalgrid control.

If I close Excel, re-register the DLLs associated with the vbalgrid6.ocx, and then re-open Excel, open my Excel file that contains the scripts, it will then work.

But will get the same error after a while. I ran combo-fix and am posting the results of the log here, but I am not sure if this is the right forum for this question.

All the questions that I saw on the net were related to people not being able to run the mbam.exe, but I do not have that problem. My problem is that the controls related to the vbalgrid6 do not load on the form.

 

Combofix log.txt

========================================================================================================================

 

ComboFix 13-02-07.02 - sriyer 02/12/2013   8:57.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3977.2467 [GMT 5.5:30]
Running from: c:\users\sriyer\Desktop\ComboFix.exe
AV: System Center 2012 Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: System Center 2012 Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Callnote\Callnote Premium.exe
c:\users\sriyer\AppData\Local\Temp\nsdBCB0.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-12 to 2013-02-12  )))))))))))))))))))))))))))))))
.
.
2013-02-12 03:32 . 2013-02-12 03:32    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-12 03:32 . 2013-02-12 03:32    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-02-12 02:40 . 2013-01-08 05:32    9161176    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF386E8D-5C9E-421D-9B88-A3ED42049D51}\mpengine.dll
2013-02-11 05:05 . 2013-02-11 05:05    --------    d-----w-    c:\users\sriyer\AppData\Roaming\Malwarebytes
2013-02-11 05:05 . 2013-02-11 05:05    --------    d-----w-    c:\programdata\Malwarebytes
2013-02-08 12:53 . 2013-02-08 12:58    --------    d-----w-    c:\program files (x86)\MusicConverter
2013-02-08 11:55 . 2013-02-08 11:55    --------    d-----w-    c:\users\sriyer\AppData\Local\Proxure
2013-02-08 11:50 . 2013-02-08 11:50    --------    d-----w-    c:\programdata\ClubSanDisk
2013-02-07 14:13 . 2013-02-08 13:37    --------    d-----w-    C:\to copy
2013-02-04 19:14 . 2013-02-04 19:14    --------    d-----w-    C:\FILES
2013-01-31 08:26 . 2013-01-31 08:26    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-01-31 08:26 . 2013-01-31 08:26    --------    d-----r-    c:\program files (x86)\Skype
2013-01-25 15:07 . 2013-01-25 15:07    --------    d-----w-    c:\users\sriyer\AppData\Roaming\Titanium
2013-01-25 15:06 . 2013-02-12 03:32    --------    d-----w-    c:\program files (x86)\Callnote
2013-01-25 15:06 . 2013-01-25 15:06    --------    d-----w-    c:\users\sriyer\AppData\Local\Programs
2013-01-15 02:47 . 2013-01-08 05:32    9161176    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-15 02:47 . 2013-01-15 02:47    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7230106C-67D8-411C-8D82-4B59493F1518}\gapaengine.dll
2013-01-15 02:44 . 2013-01-15 02:44    --------    d-----w-    c:\program files\Windows Firewall Configuration Provider
2013-01-15 02:44 . 2013-01-15 02:44    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-01-15 02:43 . 2013-01-15 02:44    --------    d-----w-    c:\program files\Microsoft Security Client
2013-01-13 05:00 . 2013-02-05 18:19    --------    d-----w-    c:\windows\SysWow64\Shared Memory
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-31 00:00 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"PTOneClick"="c:\program files (x86)\WebEx\Productivity Tools\ptoneclk.exe" [2012-10-29 370256]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"WLSMgr"="c:\windows\SysWOW64\wlsmgr.exe" [2012-01-11 101376]
"AgentUiRunKey"="c:\program files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" [2011-09-21 287744]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft Security Client"="c:\program files\Microsoft Security Client\msseces.exe" [2011-10-29 1437064]
.
c:\users\sriyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Pandion.lnk - c:\users\sriyer\AppData\Local\Pandion\Application\pandion.exe [2010-2-24 513024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-69611579-554055564-2719340640-257450\Scripts\Logon\0\0]
"Script"=ComputerUsernameMatch.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gpibprtk;gpibprtk;c:\windows\system32\DRIVERS\gpibprtk.sys [2007-03-08 244512]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker64.sys [2011-09-21 54824]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2011-04-08 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2011-04-08 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2011-04-08 26704]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-06-29 12992]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-06-29 12992]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [2011-08-10 74984]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-01 1255736]
R4 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [2012-02-19 605040]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2011-04-08 82568]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2011-04-08 54424]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-08-10 89600]
S2 AgentService;AgentService;c:\program files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [2011-09-21 7632288]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 233664]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-06-14 11928]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2011-08-17 12968]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 478712]
S2 WLSMgr;Wireless Suppression;c:\windows\SysWOW64\wlsmgr.exe [2012-01-11 101376]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-08-10 27760]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2011-08-10 321576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-08-10 45672]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-10 317440]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-10-05 40832]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2007-03-08 17696]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-10-05 84864]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-09-02 288256]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2011-08-17 12968]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [2011-08-10 72808]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-08-10 83560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 11:33]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69611579-554055564-2719340640-257450Core.job
- c:\users\sriyer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-27 10:14]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69611579-554055564-2719340640-257450UA.job
- c:\users\sriyer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-27 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-08-10 608112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-10 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-10 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-10 525312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-10-29 1437064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://insight.lsi.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: agere.com
Trusted Zone: livemeeting.com
Trusted Zone: lsi.com
Trusted Zone: lsil.com
Trusted Zone: successfactors.com
Trusted Zone: virtualedge.com
Trusted Zone: agere.com
Trusted Zone: livemeeting.com
Trusted Zone: lsi.com
Trusted Zone: lsil.com
Trusted Zone: successfactors.com
Trusted Zone: virtualedge.com
TCP: DhcpNameServer = 192.19.189.30 192.19.189.20
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Callnote - c:\program files (x86)\Callnote\Callnote Premium.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-12  09:04:45
ComboFix-quarantined-files.txt  2013-02-12 03:34
.
Pre-Run: 424,706,818,048 bytes free
Post-Run: 424,868,102,144 bytes free
.
- - End Of File - - 723003BD49E3C982B7048E29C434ED12
=============================================================================================================================

Edited by hamluis, 15 February 2013 - 03:35 PM.
Moved from All Other Apps to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 16 February 2013 - 10:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Nothing suspicious was found on your log.
===
Lets find out what version of the file you downloaded.
 
 
Please download SystemLook from one of the links below and save it to your Desktop.
 
If your operating system is 64 bit download this tool:

  •  


  • Double-click SystemLook.exe to run it.


  • Copy and paste the content of the following bold text into the main textfield:

 
 
:filefind
vbalGrid6.ocx
 
 

  • Click the Look button to start the scan.


  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 
===
 
Lets check further for malware.
 
Third party programs if not up to date can be the cause infiltration of an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.

  •  


  • Close all open programs and internet browsers.


  • Double click on AdwCleaner.exe to run the tool.


  • Click on Delete tab follow the prompts.


  • A log file will automatically open after the scan has finished.


  • Please post the content of that log file with your next answer.


  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

 
 
Please post the logs for my review.


#3 srinivasiyer2308

srinivasiyer2308
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 17 February 2013 - 12:32 AM

Hello nasdaq,

Thanks you very much for the reply. Here are the logs. I have also attached the individual files.

Regards

Srinivas

 

SystemLook contents:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:28 on 17/02/2013 by sriyer
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "vbalGrid6.ocx"
C:\Validation report automation\DLLs\vbalGrid6.ocx    --a---- 294912 bytes    [01:36 23/09/2012]    [03:16 21/09/2012] 97C4FD1F2BFCA1A1F190C05F92DC41EC
 
-= EOF =-
 
Checkup.txt:
 Results of screen317's Security Check version 0.99.57  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
System Center 2012 Endpoint Protection   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 30  
 Java 7 Update 6  
 Java version out of Date!
 Adobe Reader 10.1.3 Adobe Reader out of Date!
 Google Chrome 24.0.1312.56  
 Google Chrome 24.0.1312.57  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials msseces.exe 
 Windows Defender MSMpEng.exe 
 Microsoft Security Client Antimalware MsMpEng.exe  
 Microsoft Security Client Antimalware NisSrv.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 
AdwCleaner[S1].txt
# AdwCleaner v2.112 - Logfile created 02/17/2013 at 10:50:40
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : sriyer - IIGSRIYER
# Boot Mode : Normal
# Running from : C:\Users\sriyer\Downloads\adwcleaner0.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[OK] Registry is clean.
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\sriyer\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [872 octets] - [17/02/2013 10:50:40]
 
########## EOF - C:\AdwCleaner[S1].txt - [931 octets] ##########
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 17 February 2013 - 10:28 AM

The file is good.
 
Copy the vbalSGrid6.ocx file in the System32 folder.
 
C:\WINDOWS\system32\vbalSGrid6.ocx
 
Register the file.
 
If that fails then copy the file into the working folder of you application.
 
Keep me posted.
====
Secure your system by updating 3rd party programs.
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
 
Be careful not to install malware posing as Java update!
Important read this blog.
 
Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
 
How to disable Java in your browsers
 
You can manually check your present version and update as recommended.
 
If present remove the old version(s) of Java using the Add/Remove Programs applet.
 
 
Old versions....
 
 
Java 7 update 10 introduced important new security controls
You can read about it here.
 
Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===
Get the latest version of the  Adobe Reader.
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
 
When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===


#5 srinivasiyer2308

srinivasiyer2308
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 17 February 2013 - 11:20 PM

Hello,

Thanks for your reply. I should have mentioned a couple of things before, and I realized that when you asked me to register the files from the System32 folder. I am hoping it is not a entire rework of analyzing the problem for  you, if so I apologize for not getting this information to you earlier.

 

1. My system is Windows 7 Professional SP1-64 bit. I tried copying the DLL to the System32 folder and registering it and it did not work. I then copied it to the C:\Windows\SysWOW64 folder and I was able to register.

 

2. The second thing I should have mentioned is that, on the http://www.vbaccelerator.com/home/VB/Code/Controls/S_Grid_2/S_Grid_2/VB5_SGrid_2_0_Binary.asp site, they have given the two dependency files for the vbalgrid6.ocx. However, this is a fairly old DLL and they have since upgraded to a vbalGrid6.ocx. The SSubTmr.dll did not work for me, however, they have a SSubTmr6.dll for a later version of the vbal grid which worked for me. The SSubTmr6.dll will also register from the SysWOW64 folder and not the System32 folder. The OLEPRO32.dll was already present in my case, and I did not change anything for that file.

  •      OLEPRO32.DLL
  •      SSubTmr.dll

I am attaching the logs for the SystemLook for  the different files here, and will also be carrying out the additional steps you have mentioned in our last post for upgrading some of the things. Also, one more thing is that both these files (vbalGrid6.ocx and the SSubTmr6.dll) will register from anywhere except the System32 folder.

 

Regards

Srinivas

 

 

 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 18 February 2013 - 08:33 AM

 
Thank you for the information.
If your problem persist I suggest you start a new topic in this forum.
 
All Other Applications
 
This is not realy my domain.
 
===
 
When all is well:
 
Time for some housekeeping
 
The following will implement some cleanup procedures as well as reset  System Restore points:
 
Click Start > Run  and copy/paste the following bold text into the Run box and click OK:
 
ComboFix /Uninstall
 
===
 
To remove AdwCleaner.
 
Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.
 
If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.
 
Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
 
Surf Safely, and Think Prevention!
===


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 24 February 2013 - 09:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users