Office installer starts with Spywareblaster

Discussion in 'SpywareBlaster & Other Forum' started by Cuddles, Sep 12, 2003.

Thread Status:
Not open for further replies.
  1. Cuddles

    Cuddles Guest

    Hello everyone :eek:)

    Does anyone know why the Office or Word installer would start up when Spywareblaster is launched and how to stop it?

    Many thanks!
    Cuddles
     
  2. adriancollins

    adriancollins Registered Member

    Joined:
    Sep 12, 2003
    Posts:
    1
    I have installed both SpywareBlaster and Spywareguard on a few PC's without a problem. But have the same problem as yourself on a friends PC which is a P233, bit lower spec. Its weird that it asks for the MS Office CDROM ?
    This PC is running win XP prof, with all the latest patches etc so I can't see whats missing?
    Adrian
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Last edited by a moderator: May 15, 2004
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi adriancollins,

    Welcome at Wilders. :)
    Our posts crossed. The same would apply to you as well, I should think.

    Regards,

    Pieter
     
  5. Cuddles

    Cuddles Guest

    Pieter - many thanks for your quick response!

    I will pass this on to my friend as it's not my computer that's affected and let you know.

    ;)
     
  6. On my PC, Spywareblaster originally ran okay but recently, everytime I tried starting the program, the Dell installer kept coming up. I tried uninstalling and reinstalling and tried both the prior version and version 2.6.1. Finally, I called Dell to try to get some help for the problem. All they could think of was to "repair" WinXP (I'm running Pro version). I did that and then reinstalled Spywareblaster but the problem still occurred. I'm at wits end. I loved the program while it was working and wish someone could help me solve this problem.
     
  7. I don't know if this is why the Dell installer kept opening when trying to run Spywareblaster and other programs but:

    1. I found that my home page had been changed to www.portalsearching.com.

    2. I found that an active X program called BHO.clsDockWindows and four files (BHO.INF, BHO.DLL, MSINET.OCX and VBSHELL.TLB) had been added along with related registry changes.

    3. I found that a program MDM.EXE and registry entries for "Machine Debug Manager for Visual Studios Debuggers) had been added.

    After removing #'s 2 & 3 and changing #1 back to my original home page, my programs began to work again. Unfortunately, I still have some problems including having the home page option grayed out in IE (I changed the page in the registry) and the Windows Media Player seems to be inoperable (it just doesn't start up).

    Note that when all this occurred, I was running WinXPPro with all security updates, ZoneAlarm (the newest version), McAfee v6.02.3000,
    SpyBot Search & Destroy, and Spywareblaster 2.6.1. I'm not sure what else I could do to protect myself except disable active X components in IE but that would cause problems on certain pages.
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi frastioeifarl,

    Could you post your HijackThis log
    Download, Unzip and run HijackThis. Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
    Don´t fix anything yet. Most of what it finds is harmless.

    Regards,

    Pieter
     
  9. I forgot to mention that I also did the WinXP repair reinstall. Also, once I reinstalled SpywareBlaster (which now works fine), I was able to remove the graying from the home page option of Internet Explorer.

    Regarding HijackThis, I'll download it and upload the log shortly.
     
  10. frastioeifarl

    frastioeifarl Registered Member

    Joined:
    Sep 30, 2003
    Posts:
    2
    Here's my HiJackThis Log:

    Logfile of HijackThis v1.97.2
    Scan saved at 3:56:30 PM, on 9/30/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\WINDOWS\System32\Fast.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\fast.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\tbctray.exe
    C:\Program Files\SETI@home\SETI@home.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\PROGRA~1\WALLPA~1\WALLPA~1.EXE
    C:\Program Files\Netropa\OSD.exe
    C:\PROGRA~1\POP-UP~1\POPUPS~1.EXE
    C:\Program Files\MightyFax NT\MFNTCTL.EXE
    D:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\redchair software\Notmad Explorer\notmgr.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Archives\Internet\SpyBot\HijackThis1.97.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.comcast.net
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: (no name) - {D6862A22-1DD6-11D3-BB7C-444553540000} - (no file)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NOMAD Detector] C:\Program Files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Visioneer OneTouch\OneTouchMon.exe"
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
    O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE"
    O4 - HKCU\..\Run: [WallPaper] C:\PROGRA~1\WALLPA~1\WALLPA~1.EXE /h
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\POP-UP~1\POPUPS~1.EXE"
    O4 - Startup: Greetings Workshop Reminders.lnk = D:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Notmad Manager.lnk = C:\Program Files\redchair software\Notmad Explorer\notmgr.exe
    O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Copernic Agent (HKLM)
    O9 - Extra button: TweakIE 3.0 (HKLM)
    O9 - Extra 'Tools' menuitem: TweakIE 3.0 (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Gin -
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37894.4456712963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi frastioeifarl,

    You did a nice clean-up. Just a few orphaned registry entries left.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: (no name) - {D6862A22-1DD6-11D3-BB7C-444553540000} - (no file)

    Then reboot.

    You do have a lot of programs starting up.
    You can check them against this list to see if you really need them: http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

    Regards,

    Pieter
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Ow, I forgot.

    The Spybot S&D download Protection will not work because of this:
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    You may have to re-install the program to repair that.

    And welcome at Wilders. :)

    Regards,

    Pieter
     
  13. frastioeifarl

    frastioeifarl Registered Member

    Joined:
    Sep 30, 2003
    Posts:
    2
    Pieter,

    Thanks for your assistance. I now have Windows Media Player working (they had an update posted so I just downloaded that). Spybot *seems* to be working without that line in the registry. Is there something that isn't obvious that would require the reinstall?

    Everything on the system seems to be working okay now (knock on wood). Thanks again for everything.
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi frastioeifarl,

    The BHO that belonged to Spybot S&D was removed.
    That BHO is necessary for the feature that warns you when a offending piece of software is getting downloaded from a website.

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.