Office crashed/broken during Malware fix

I am cleaning and/or fixing a computer remotely, 200 miles away, and have run into a problem with MS Office programs that started during a MG Malware removal session.

The machine is a Dell Inspiron N7110 running Win7 64 bit. While going through the malware removal that was affecting the Chrome browser (IE wouldn't run at all) I ran an OldTimers script that crashed the computer and made both Word and Excel inoperable. They will both load but as soon as a document is selected, even a blank, the program crashes with the message:
"Microsoft Excel/Word has stopped working.
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

I have gone through the ControlPanel / Programs / MSOffice - Change and selected Quick Fix (no change) and the Online Repair (no change). I would assume that the Online Repair is actually a reinstallation of the software, so that should have worked unless there's something in the registry that's corrupting the software or blocking it.

I guess I could download the Office suite again and try to install it but I thought that was what the Online Repair was all about.

The code that I pasted into the Move screen in OldTimer was:

rocesses
explorer.exe

:files
C:\ProgramData\greaatsaving
C:\ProgramData\PariceDownloader
C:\ProgramData\tpEERfeuCtcoupon
C:\Program Files (x86)\greaatsaving
C:\Program Files (x86)\tpEERfeuCtcoupon

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C52D1191-6264-42C5-BFBB-56F3C1FC53E0}]
:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]​

As soon as I clicked MoveIt! the computer crashed. On reboot, the software wouldn't run. I can't see anything in there that would mess up running a MS Office program.
Any suggestions?

 

Stachey...

It wasn't the OT script that caused the problem. Some of the software that was moved with the script was probably part of a dependency chain that Office depends on. That chain was probably created by the software (malware/adware) in the first place, so when it was removed other things added to the chain won't function.

Have you tried SFC /Scannow? Your friend will need a copy of the version of Win 7 64 that is on the system and may need the installation key for the process to finish. If he/she doesn't have a copy of the correct version of Win 7 burned to DVD, one can be obtained through the links here:

http://www.techverse.net/download-windows-7-iso-x86-x64-microsofts-official-servers/

Your friend if necessary should download the correct version of W7 64 for his/her PC and then burn it to DVD. Then the disk should be placed in the tray, so you can run the command.

To run SFC /Scannow, right click on the Command Prompt icon in Accessories and select Run as Administrator. Then just type SFC /Scannow. Make sure the disk is in the tray in case needed by Windows.

If your friend needs a key finder, I don't have a great recommendation. Google around to find one with reviews saying that it works for Windows 7. Someone else may have a sure and guaranteed reliable one. There could be a sticker on the PC somewhere with the key too...

 

Well, the computer is in an office that is closed for the weekend and I'm trying to use TeamViewer to get it up and running. We have it set up to run TeamViewer on boot, so rebooting the computer remotely isn't a problem. Burning and putting a physical disk in the tray, that's a problem.

Since I've run and saved the Belarc Advisor, I have the Win7 key and I also have the Office suite key. Can the Win7(64) iso file be located on the harddrive during the SFC scan?

You didn't comment on downloading and re-installing the Office suite idea. If the Online Repair for the Office program didn't work, does that mean that the problem is in the OS itself and not in the Office suite programs? Again, I have no physical contact with the machine.

 

I think it could be something to do with the Windows installer...maybe some Office .dlls aren't registered, so reinstalling Office might actually work.

Try SFC /Scannow without the disk. It might be able to complete all repairs.

I do think it might be the OS or something an OS fix would fix. I had a similar problem with MS Office and reinstalling Flash resolved that. It was actually a combination of things and sort of persistent rebooting. I even performed a repair installation of Windows (XP) and of Office, too.

Just trying to save you from the Office install with SPs and all that if possible.

Not sure about the .iso. It may be that you could mount it and SFC would use that, but you would need some software to do so. MS has one, but I use Magic Iso, so I can't remember what it's called. It's a standard CD/DVD drive emulator.

 

Ok, the message I received from sfc /scannow was:

Verification 100% complete.
Windows Resource Protection did not find any integrity violation.​

What was Plan B?

 

Just thought I would mention. I think what may happen here is that certain active x controls in MS Office (when Office won't open) get hijacked and used by malware...maybe they are reregistered somehow as something else or something. Anyway, when the malware is removed, the .dlls and active x components associated with it get removed too. You try to open Office, but it senses it is broken. Like the active x component actually became a shared component that the malware removal program sensed as dangerous.

The reason I think it might have been in Windows (Windows controls) in my case is that, when I had the problem, macros outside of MS Office (in ohter programs) would not run, nor video (Flash), and some other video related programs like vid editors wouldn't open. That was why I started off just reinstalling programs. After that I started working on fixing Office.

As for Office, I actually did just like you and ran the Office repair first to try to fix Office, and that didn't work, so I went to SFC /Scannow. However, all problems were still present, so I ran the repair installation on Win XP...sort of out of desperation. Felt like it didn't do much good. Then, when I noticed vids weren't working in the browsers, I reinstalled Flash and for good measure Shockware (I use Shockwave in a vid controller in Office (embedded vids)). There was improvement (vids played), and I think I was able to open some programs but not yet Office, somehow. Then a reboot, and I think Office opened. Macros still wouldn't run, so finally I reinstalled Office.

I have Win 2007 and the macro functionality is sort of weird in there. If you don't have Office 2007 SP3 and The Compatibility Pack for 2007, some otherwise good macros won't run (more modern/newer macros). I was hoping I could resolve it without reinstalling Office, because I was worried about losing macro functionality. Nonetheless, when it was all over, I wasn't sure reinstalling Office did the trick. Well, after the Office reinstall (I think I reinstalled over the top of Office...can't remember), I rebooted, and it was all resolved. I still think it was something to do with Flash and active x, because of the brokenness to programs other than office. active x I think has alot to do with the functionality of Office. Overall, if you haven't lost video, I wouldn't worry about it, though.

You may just want to go straight to reinstalling Office and see if that does the trick. You can then fetch all the required updates and components...

 

I dunno why, but...

After reading your post I thought that I'd try going through all the missing updates to the software listed on the Belarc readout. What piqued my interest was the fact that there were missing updates for Flash and Java and Acrobat. I went through and updated those products and was about to delete and reinstall the Office suite but thought that I'd check the functionality of Excel and Word.

Holy Productivity Suite, Batman. They work now!!

I'm not asking any more questions. I'll just put down the keyboard and step back slowly. Phew.

Thanks for the offhanded but correct and successful advice.

 

Yeah I thought it was strange the way it happened for me too.

I thought about it for some time and came to the conclusion that those add ons to Windows must share a .dll. So then the malware adds itself (registers itself the same way and ends up in the same .dll). Then the anti-malware finds it there. Instead of removing the reference, I think the malware program removes the entire file. Now programs don't know Flash is there or Java, etc. I think that must stop Office. It's the exact conclusion I came to as weird as it is.

It's the whole shared .dlls thing. Reinstalling any of those programs reinstates the file, then I think opening MS Office starts it looking for itself there or maybe references to Flash, which can be used in Office in an embedded video. Once it sees the file there, it may add itself, not sure, or maybe it just opens, sensing that all required components are available.

I actually came to the conclusion that it's probably a Windows Installer log of installed add ons for Windows or something of the nature.

Glad you had the guts to try that. Based on what I told you, I would have just reinstalled Office I'm pretty sure...