Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista... Maybe Vundo... problem with GMER


  • This topic is locked This topic is locked
44 replies to this topic

#31 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 15 March 2010 - 06:36 PM

QUOTE(ShannonKennan @ Mar 15 2010, 08:06 PM) View Post
3) BUT... there is already/still a sbapifs.sys driver in there and it looks identical (time/date stamp) to the one stored in the OTM folder.


The reason that I couldn't go ahead with the OTM restore is because that useful command seems to have not been carried out. If this is the case then that is strange. It could be that the driver has been restored by the system on the last reboot, which is more likely. To be sure that this file is legitimate please run it through an online file scanner as below.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:/Windows/System 32/Drivers/sbapifs.sys

Please post back the results of the scan in your next post.


As to the Outlook problem, I will request a mod take a look at this and see if they can help.
If Jotti is busy, try the same at VirusTotal
Posted Image
m0le is a proud member of UNITE

BC AdBot (Login to Remove)

 


#32 ShannonKennan

ShannonKennan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 15 March 2010 - 08:53 PM

Ok. I ran Jotti and it did not find any problems. And I reset the permissions so I can now view all of the hidden files.

I hope your mods can help with Outlook! It's the only thing left I need to fix and then I will get out of your hair.
smile.gif

#33 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 15 March 2010 - 09:14 PM

I hope so too.

A mod should be along shortly to look at this problem. smile.gif
Posted Image
m0le is a proud member of UNITE

#34 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:23 PM

Posted 15 March 2010 - 09:53 PM

If I repeat anything you already tried, forgive me. I read the post in kind of a hurry

Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) sbapifs.sys
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.

===============================================

Also try the Windows Installer Cleanup Utility:
http://support.microsoft.com/kb/290301
Look for anything saying Sunbelt and check the box

=========================

Sometimes you have to reinstall the program in order to uninstall
Instead of using Add/Remove Programs, locate the program's folder and look for an uninstaller file

=========================

I have had luck with Revo Uninstaller
Just take your time and read ALL instructions to thoroughly



How To Use Revo Uninstaller:
  1. Please download Revo Uninstaller.
  2. Extract the ZIP file to a folder and run revouninstaller.exe from there! (You can copy that folder to an USB Mass storage drive and use it without any installation required!)
  3. There are two ways to uninstall programs with Revo Uninstaller:
    Important: Please, try to close the application you want to uninstall first!
    • Select the application in the list of installed applications and press the Uninstall button in the toolbar.
    • Right-click the application and click the Uninstall command in the displayed menu. Follow the instructions.


I will be watching this thread
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#35 ShannonKennan

ShannonKennan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 15 March 2010 - 10:38 PM

Thanks, Mark.

Just to be sure we're on the same page... Right now it is just Outlook that is crashing. Here is the progression of issues:

1) I was getting a BSOD crash that indicated sbapifs.sys was the problem.
2) m0le and I ran OTM and moved sbapifs.sys... or so we thought... I can now see sbapifs.sys in BOTH the OTM file and in C:/Windows/System 32/Drivers.
3) The problem is that Outlook was running just fine until we moved the file, now it won't start at all, even in Outlook's safe mode.

So... I am just trying to get Outlook to run again. When I try to launch it, I get as far as the splash screen before it goes into a series of attempts -- first safe mode, then Detect and Repair, I have put a screen capture of the progression of errors on my Flickr account if you want to see it. http://www.flickr.com/photos/10648948@N05/...415046/sizes/l/

One other thing. I just remembered that I have a full C: drive backup from 2-21-2010. If we can restore the Outlook program files from that, I think I should be good to go.

killcomp.gif


#36 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:23 PM

Posted 17 March 2010 - 04:29 PM

I have not forgot about you
I'm rather ill at the moment
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#37 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 18 March 2010 - 05:24 PM

Hi ShannonKennan,

I am afraid that Mark passed away yesterday. This has come as a bit of a shock to me and the rest of the community at BC.

I think running Autoruns and posting the log will let us know if SunBelt is still present in some form. I have requested help again so please be patient.

m0le
Posted Image
m0le is a proud member of UNITE

#38 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 18 March 2010 - 06:30 PM

Hi again Shannon,

Hold off with Autoruns.

I have an advisor, Budapest, helping me here.

Please backup your Outlook data using this method.
Posted Image
m0le is a proud member of UNITE

#39 ShannonKennan

ShannonKennan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 18 March 2010 - 06:37 PM

Oh my God... I am so so sorry. Please take your time. No hurry and no worries on my end. You have FAR bigger things to think about.

#40 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 18 March 2010 - 08:48 PM

Please look two posts above for Budapest's instructions for backing up Outlook.
Posted Image
m0le is a proud member of UNITE

#41 ShannonKennan

ShannonKennan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 21 March 2010 - 12:59 PM

Hi m0le,

Ok, I think I found the pst files and have saved them in a folder on my desk top.

One question - my Outlook info got "lost" once before when I went from running just Outlook to connecting it to Oracle. I think I see those old pre-Oracle files in this same location - does that mean I might be able to retrieve & restore all the email files from then too?

Oh, please say yes because I will do the biggest happy dance ever.
Shannon

Edited by ShannonKennan, 21 March 2010 - 01:18 PM.


#42 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 22 March 2010 - 07:05 PM

Hi Shannon,

From Budapest:

Yes it is likely that these emails can be retrieved. Make sure you have also backed-up these old data files. In Outlook you can go File > Import and Export > Outlook > Import from another program or file.

But since Outlook is not functioning the first thing to do, now that the data files have been backed up, is to try uninstalling and then reinstalling Outlook. Once Outlook is functioning again it should be a simple matter to import all the old data.


Posted Image
m0le is a proud member of UNITE

#43 ShannonKennan

ShannonKennan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 27 March 2010 - 10:16 AM

mOle,

You have been awesome.

I think I am good to go until I re-build my computer software & hardware.
I will give a shout-out to you guys on my social media platforms.

smile.gif Shannon

Edited by ShannonKennan, 27 March 2010 - 10:18 AM.


#44 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 27 March 2010 - 05:41 PM

Thanks Shannon. thumbup2.gif

I shall pass on the thanks to Budapest
Posted Image
m0le is a proud member of UNITE

#45 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 31 March 2010 - 07:11 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users