Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll error tapi.nfo


  • Please log in to reply
5 replies to this topic

#1 ryanpainton

ryanpainton

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 11 August 2009 - 09:02 PM

hello i own a brand new asus net book ....
started downloading torrents and now my computer is jacked ...
i really need professional help .
Ok for starters sometimes my computer will not fully boot up
When it does boot all the way up i get a error message

Rundll
error loading tapi.nfo
the specified module could not be found

After i exit that my computer runs slow ...
spybot search and destroy will not run
when i google something and click on it i takes me to a random site

I attached the rootrepeal

thank you for your time

Attached Files



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:25 AM

Posted 11 August 2009 - 11:32 PM

Hello and welcome.. First I need you to copy/paste your Rootrepeal log as it is too difficult to read like this.


Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.
Credit to quietman7
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 steve801

steve801

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 12 August 2009 - 07:53 AM

how do i run AUTORUNS if i can't even get past the errors?

#4 klo

klo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 13 August 2009 - 08:14 PM

I tried to use Autoruns but a few seconds into scanning the window disapeared. Tried again with the same result.

#5 Jennifermari

Jennifermari

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 29 August 2009 - 02:57 PM

I have the same problem when my computer starts up I have a error saying it need tapi.nfo file. I have run the rootrepeal and I have attached the files found. I don't know how to fix this? Please help?

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 13:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF1F74000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A0A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7B9E000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE9BC000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7768000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF2038000 Size: 61440 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\eventlog.dll
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_528.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\hp_administrator\local settings\temp\~dfed51.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\hp_administrator\local settings\temp\~dfed63.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\hp_administrator\local settings\temp\~df7a9d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\hp_administrator\local settings\temp\~df7aaa.tmp
Status: Size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\flaEE.tmp
Status: Invisible to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7213514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7202282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7202474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7213d00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7213fb8

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf72123fa

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7214422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf72137d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7201f32

==EOF==

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:25 AM

Posted 29 August 2009 - 02:58 PM

Hello Jennifermari and :thumbsup: to BleepingComputer.

Please start your own topic; this will help to avoid confusion.

~Blade

Edited by Blade Zephon, 29 August 2009 - 02:58 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users