Tina Norris Fields
tinanfields at torchlake.com
Sat Apr 30 08:11:50 CDT 2011
I thought I would give you an update on what I have done, what has worked and what has not - and where I am now. It will take more than one message, so as not to be too big. When I first started in on this computer, my purpose was to re-establish its wireless connection to the printer. That was what my grandkids were complaining about. At startup, these messages consistently appeared: 1) SetPoint.exe - unable to locate component, failed to start because kemudb.dll was not found. 2) Vipre - reports the service is not running. 3) Windows Live Messenger - service temporarily unavailable - error 8007005 The SetPoint issue is probably because we swapped out the Logitech wireless keyboard that had multiple keys no longer functioning properly, so we plugged in a standard wired keyboard. I simply unchecked the startup entry for that one. It didn't interfere at all with the functioning of the wireless mouse. After everything else is solved, I'll go back and find out what kemudb.dll really is. The WirelessZeroConfig service was not running, so I started it., thinking that would help with both the Windows Live Messenger and the issue with reaching the printer. It did not. I unchecked the Windows Live Messenger call from the startup list. I attempted to launch Vipre and got the same message as at startup, that Vipre reported it was not running. At about this point I discovered that right-clicking any icon produced the Windows Installer "Preparing to Install" message box flashing on and off about three times before displaying the context menu. I thought I would simply reinstall Vipre and do a good deep scan. Starting that process brought the message that Vipre was already installed and I would have to uninstall before reinstalling. Using either the "Add or Remove" feature from Windows Control Panel, or the "Uninstall Vipre" feature produced the message that the Windows Installer could not be accessed, and that might be caused by trying to use it in safe mode, or by its being incorrectly installed. Microsoft's KB instructed me to launch a command window and unregister the installer and reregister it: msiexec.exe /unregister msiexec.exe /regserver Then, it instructed me to edit the registry HKEY_CLASSES.ROOT - Edit > Permissions - if SYSTEM isn't in Group or User name to Add, and to check that the "From this location" box showed the local computer name. All of that was already correct. This did not solve the Windows Installer problem. I was thinking that possibly a Windows update was corrupted and maybe just updating would fix it. That's when I discovered that clicking the update link simply produced an hourglass, then, nothing. At this point, I thought that perhaps a system restore would help. I asked my grandkids when the symptoms had appeared. They weren't sure, so I went back at least two months - did not make a note of the date. I was then able to reach Windows update and did the updates that were waiting. I went off to get MalwareBytes, downloaded it, and was able to install it. I ran that at its deep level - found 54 infected items: 18 registry keys, 2 registry data items, 8 infected folders, and 26 infected files. The specific infections were: a) Adware.MySearchWeb, b) Adware.FunWeb, c) PUP.FunWebProducts, d) Trojan.Vundo, and e) PUM.Disabled.SecurityCenter. After a couple of complete scans and cleanups, MalwareBytes reported no more infections. However, in another forum (techspot.com), I ran across the likelihood that Vundo had not been completely defeated. I downloaded VundoFix.exe and ran it - the resultant report showed no Vundo files. At this point, I believe I am making progress. [Continued in next message] John Bartow wrote: > Ditto on that > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart McLachlan > Sent: Thursday, April 28, 2011 4:13 PM > To: Discussion of Hardware and Software issues > Subject: Re: [dba-Tech] Not Sure Quite What I'm Dealing With Here > > Better to grab a copy of ProcessExplorer and use that. I've seen systems > with TaskMgr > hijacked that I could still get into with ProcExp. > > It tells you al lot more about what is going on. > > It also lets you suspend a bunch of processes and then close then down one > at a time. It's the only way to beat those nasties that run several > instances under different names, all of which watch for each other and > restart any that are shut down. > > -- > Stuart > >