Office installer starts with Spywareblaster

Hello everyone )

Does anyone know why the Office or Word installer would start up when Spywareblaster is launched and how to stop it?

Many thanks!
Cuddles

 

I have installed both SpywareBlaster and Spywareguard on a few PC's without a problem. But have the same problem as yourself on a friends PC which is a P233, bit lower spec. Its weird that it asks for the MS Office CDROM ?
This PC is running win XP prof, with all the latest patches etc so I can't see whats missing?
Adrian

 

Hi Cuddles,

Looks like you will have to uninstall and install Office to get it right.

https://www.wilderssecurity.com/showthread.php?t=12830

Regards,

Pieter

 

Hi adriancollins,

Welcome at Wilders.
Our posts crossed. The same would apply to you as well, I should think.

Regards,

Pieter

 

Pieter - many thanks for your quick response!

I will pass this on to my friend as it's not my computer that's affected and let you know.

 

On my PC, Spywareblaster originally ran okay but recently, everytime I tried starting the program, the Dell installer kept coming up. I tried uninstalling and reinstalling and tried both the prior version and version 2.6.1. Finally, I called Dell to try to get some help for the problem. All they could think of was to "repair" WinXP (I'm running Pro version). I did that and then reinstalled Spywareblaster but the problem still occurred. I'm at wits end. I loved the program while it was working and wish someone could help me solve this problem.

 

I don't know if this is why the Dell installer kept opening when trying to run Spywareblaster and other programs but:

1. I found that my home page had been changed to www.portalsearching.com.

2. I found that an active X program called BHO.clsDockWindows and four files (BHO.INF, BHO.DLL, MSINET.OCX and VBSHELL.TLB) had been added along with related registry changes.

3. I found that a program MDM.EXE and registry entries for "Machine Debug Manager for Visual Studios Debuggers) had been added.

After removing #'s 2 & 3 and changing #1 back to my original home page, my programs began to work again. Unfortunately, I still have some problems including having the home page option grayed out in IE (I changed the page in the registry) and the Windows Media Player seems to be inoperable (it just doesn't start up).

Note that when all this occurred, I was running WinXPPro with all security updates, ZoneAlarm (the newest version), McAfee v6.02.3000,
SpyBot Search & Destroy, and Spywareblaster 2.6.1. I'm not sure what else I could do to protect myself except disable active X components in IE but that would cause problems on certain pages.

 

Hi frastioeifarl,

Could you post your HijackThis log
Download, Unzip and run HijackThis. Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
Don´t fix anything yet. Most of what it finds is harmless.

Regards,

Pieter

 

I forgot to mention that I also did the WinXP repair reinstall. Also, once I reinstalled SpywareBlaster (which now works fine), I was able to remove the graying from the home page option of Internet Explorer.

Regarding HijackThis, I'll download it and upload the log shortly.

 

Here's my HiJackThis Log:

Logfile of HijackThis v1.97.2
Scan saved at 3:56:30 PM, on 9/30/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\tbctray.exe
C:\Program Files\SETI@home\SETI@home.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\PROGRA~1\WALLPA~1\WALLPA~1.EXE
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\MightyFax NT\MFNTCTL.EXE
D:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\redchair software\Notmad Explorer\notmgr.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Archives\Internet\SpyBot\HijackThis1.97.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.comcast.net
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {D6862A22-1DD6-11D3-BB7C-444553540000} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NOMAD Detector] C:\Program Files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Visioneer OneTouch\OneTouchMon.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [WallPaper] C:\PROGRA~1\WALLPA~1\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\POP-UP~1\POPUPS~1.EXE"
O4 - Startup: Greetings Workshop Reminders.lnk = D:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Notmad Manager.lnk = C:\Program Files\redchair software\Notmad Explorer\notmgr.exe
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: TweakIE 3.0 (HKLM)
O9 - Extra 'Tools' menuitem: TweakIE 3.0 (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Gin -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37894.4456712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Hi frastioeifarl,

You did a nice clean-up. Just a few orphaned registry entries left.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {D6862A22-1DD6-11D3-BB7C-444553540000} - (no file)

Then reboot.

You do have a lot of programs starting up.
You can check them against this list to see if you really need them: http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

Regards,

Pieter

 

Ow, I forgot.

The Spybot S&D download Protection will not work because of this:
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
You may have to re-install the program to repair that.

And welcome at Wilders.

Regards,

Pieter

 

Pieter,

Thanks for your assistance. I now have Windows Media Player working (they had an update posted so I just downloaded that). Spybot *seems* to be working without that line in the registry. Is there something that isn't obvious that would require the reinstall?

Everything on the system seems to be working okay now (knock on wood). Thanks again for everything.

 

Hi frastioeifarl,

The BHO that belonged to Spybot S&D was removed.
That BHO is necessary for the feature that warns you when a offending piece of software is getting downloaded from a website.

Regards,

Pieter