Posted April 20, 200915 yr When I try to use Dial-a-fix to Repair/Reinstall IE, I get an error that tells me "IESETUP.DLL is missing IEAccessSysInst". I get this same error when I go to C:\WINDOWS\inf , click on ie.inf, and hit "Install". I am running XP SP-2, and trying to recover files IE that were probably corrupted by a nasty trojan, Brastk.Exe. I got rid of the trojan, but cannot successfully download updates from Windows or MS. Since my IE-6 came pre-installed, I don't have IE on a CD, and I haven't been able to locate a copy of IE6. I'd rather not do a full system recovery. I've tried other "fixes" and tests but none have solved the problem. I can connect to the net with Firefox, but not with IE-6 (or IE-7). My anti-virus program is NIS2009. Any idea what IEAccessSysinst is all about? Please advise. JPetrovick
April 20, 200915 yr Administrator Welcome to Lunarsoft, jpetrovick! Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log. To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section.
April 22, 200915 yr Author Welcome to Lunarsoft, jpetrovick! Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log. To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section. Thanks for the info, I'll give it a try. General Question: What is the possibility that my "IEAccessInst" issue exists simply because it was a component of IE7 (that didn't get deleted when I removed IE7 a couple months ago)? Is there a way to confirm that IE7 is really gone?
April 22, 200915 yr Administrator None that I know of, however I would recommend updating to IE7 and then IE8. I also believe you need SP3.
April 23, 200915 yr Author Welcome to Lunarsoft, jpetrovick! Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log. To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section. Hello Again Tarun, Per your advice, I ran the Anti-Malware Toolkit (following directions & instructions in PC Cleanup) and have attached my Hijack log. Please advise> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:59:57 PM, on 4/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\msdtc.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jim & Sally\Desktop\Download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM) O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://12.20.72.79/wcsapp/weblib/Javascrip...g/ie/SecMgr.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1237677226399 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 5054 bytes
April 23, 200915 yr Author Did Malwarebytes or SUPERAntiSpyware find any malware? Tarun, Malwarebytes found nothing, and SAS found one trojan thread.
April 23, 200915 yr Why is inetinfo.exe (part of IIS) running on an XP box? C:\WINDOWS\system32\inetsrv\inetinfo.exe .
April 24, 200915 yr Author Why is inetinfo.exe (part of IIS) running on an XP box? C:\WINDOWS\system32\inetsrv\inetinfo.exe . Hello James A. Thanks for noticing this. I owe you!! If inetinfo.exe should not exist on XP, I have no idea why its there, unless perhaps my Norton Internet Security put it there. I do not knowingly use any intranet services. In Control Panel, I looked into at my installed Windows programs, and under the Internet Information Services (IIS) heading, I see these components are checked: COMMON FILES, IIS Snap-Ins, SMTP Service, and WORLD WIDE WEB SERVICE. What do you suggest? Deletion? None of the Malware programs found it. Please advise. jpetrovick
Archived
This topic is now archived and is closed to further replies.