[dba-Tech] Not Sure Quite What I'm Dealing With Here - Update 1

Tina Norris Fields tinanfields at torchlake.com
Sat Apr 30 08:11:50 CDT 2011


I thought I would give you an update on what I have done, what has 
worked and what has not - and where I am now.  It will take more than 
one message, so as not to be too big.

When I first started in on this computer, my purpose was to re-establish 
its wireless connection to the printer.  That was what my grandkids were 
complaining about.
At startup, these messages consistently appeared:
1) SetPoint.exe - unable to locate component, failed to start because 
kemudb.dll was not found.
2) Vipre - reports the service is not running.
3) Windows Live Messenger - service temporarily unavailable - error 8007005

The SetPoint issue is probably because we swapped out the Logitech 
wireless keyboard that had multiple keys no longer functioning properly, 
so we plugged in a standard wired keyboard.  I simply unchecked the 
startup entry for that one.  It didn't interfere at all with the 
functioning of the wireless mouse.  After everything else is solved, 
I'll go back and find out what kemudb.dll really is.

The WirelessZeroConfig service was not running, so I started it., 
thinking that would help with both the Windows Live Messenger and the 
issue with reaching the printer. It did not.  I unchecked the Windows 
Live Messenger call from the startup list.

I attempted to launch Vipre and got the same message as at startup, that 
Vipre reported it was not running. 

At about this point I discovered that right-clicking any icon produced 
the Windows Installer "Preparing to Install" message box flashing on and 
off about three times before displaying the context menu.

I thought I would simply reinstall Vipre and do a good deep scan.  
Starting that process brought the message that Vipre was already 
installed and I would have to uninstall before reinstalling.  Using 
either the "Add or Remove" feature from Windows Control Panel, or the 
"Uninstall Vipre" feature produced the message that the Windows 
Installer could not be accessed, and that might be caused by trying to 
use it in safe mode, or by its being incorrectly installed. 

Microsoft's KB instructed me to launch a command window and unregister 
the installer and reregister it:
msiexec.exe /unregister
msiexec.exe /regserver
Then, it instructed me to edit the registry HKEY_CLASSES.ROOT - Edit > 
Permissions - if SYSTEM isn't in Group or User name to Add, and to check 
that the "From this location" box showed the local computer name.  All 
of that was already correct.

This did not solve the Windows Installer problem.  I was thinking that 
possibly a Windows update was corrupted and maybe just updating would 
fix it.  That's when I discovered that clicking the update link simply 
produced an hourglass, then, nothing.

At this point, I thought that perhaps a system restore would help.  I 
asked my grandkids when the symptoms had appeared.  They weren't sure, 
so I went back at least two months - did not make a note of the date.  I 
was then able to reach Windows update and did the updates that were waiting.

I went off to get MalwareBytes, downloaded it, and was able to install 
it.  I ran that at its deep level - found 54 infected items: 18 registry 
keys, 2 registry data items, 8 infected folders, and 26 infected files.  
The specific infections were: a) Adware.MySearchWeb, b) Adware.FunWeb, 
c) PUP.FunWebProducts, d) Trojan.Vundo, and e) 
PUM.Disabled.SecurityCenter.  After a couple of complete scans and 
cleanups, MalwareBytes reported no more infections.  However, in another 
forum (techspot.com), I ran across the likelihood that Vundo had not 
been completely defeated.  I downloaded VundoFix.exe and ran it - the 
resultant report showed no Vundo files.  At this point, I believe I am 
making progress.  [Continued in next message]


John Bartow wrote:
> Ditto on that
>
> -----Original Message-----
> From: dba-tech-bounces at databaseadvisors.com
> [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart McLachlan
> Sent: Thursday, April 28, 2011 4:13 PM
> To: Discussion of Hardware and Software issues
> Subject: Re: [dba-Tech] Not Sure Quite What I'm Dealing With Here
>
> Better to grab a copy of ProcessExplorer and use that.  I've seen systems
> with TaskMgr 
> hijacked that I could still get into with ProcExp.   
>
> It tells you al lot more about what is going on.
>
> It also lets you suspend a bunch of processes and then close then down one
> at a time.  It's the only way to beat those nasties that run several
> instances under different names, all of which watch for each other and
> restart  any that are shut down.
>
> --
> Stuart
>   
>



More information about the dba-Tech mailing list