Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

MWB "Runtime Error (at 58:205) Could Not Call Proc."

In Progress 
1K views 1 reply 2 participants last post by  eddie5659 
#1 ·
I am having an incredibly hard time with a couple of computers running XP (32 & 64) at different locations and I suspect from the symptoms that there may be a really DEEP malware infestation that survives reinstalling the OS.

Using MWB as a first move is usually recommended, though there are supposedly countermeasures used against MWB. When I downloaded the installer today and used it on one of these machines with a clean OS installation, I got the error in the title, though the program appeared to install and load. I uninstalled and reinstalled with the same result

Any thoughts on this?

Thanks for any help!
 
#2 ·
Hiya

Are you still having this problem? If so, are both computers connected to the same router? Also, can you tell me what symptoms you're getting.

On both systems, can you run the following. Just call them computer 1 and 2, so we can work on each easily :)

Download OTL to your Desktop

(Vista or Win 7 => right click and Run As Administrator)

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • At the top, check the box entitled Scan All Users
  • Toward the bottom, check:
    LOP Check
    Purity Check
  • Under the Standard Registry box change it to All
    Do not change any settings unless otherwise told to do so.
  • It should look like this:


  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    DRIVES
    netsvcs
    activex
    msconfig
    drivers32
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.*
    %windir%\system32\tasks\*.* /64
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    pnrpnsp.dll
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    services.exe
    user32.dll
    atapi.sys
    csrss.exe
    PRINTISOLATIONHOST.EXE
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    %systemroot%\system32\drivers\*.sys /lockedfiles
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\* \s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Run Scan button. The scan wont take long.
    A black box will appear, this is part of the custom scan, so don't be alarmed ;)
    IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Thanks

eddie
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top