jpetrovick Posted April 20, 2009 Posted April 20, 2009 When I try to use Dial-a-fix to Repair/Reinstall IE, I get an error that tells me "IESETUP.DLL is missing IEAccessSysInst". I get this same error when I go to C:\WINDOWS\inf , click on ie.inf, and hit "Install". I am running XP SP-2, and trying to recover files IE that were probably corrupted by a nasty trojan, Brastk.Exe. I got rid of the trojan, but cannot successfully download updates from Windows or MS. Since my IE-6 came pre-installed, I don't have IE on a CD, and I haven't been able to locate a copy of IE6. I'd rather not do a full system recovery. I've tried other "fixes" and tests but none have solved the problem. I can connect to the net with Firefox, but not with IE-6 (or IE-7). My anti-virus program is NIS2009. Any idea what IEAccessSysinst is all about? Please advise. JPetrovick
Administrator Tarun Posted April 20, 2009 Administrator Posted April 20, 2009 Welcome to Lunarsoft, jpetrovick! Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log. To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section.
jpetrovick Posted April 22, 2009 Author Posted April 22, 2009 Welcome to Lunarsoft, jpetrovick! Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log. To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section. Thanks for the info, I'll give it a try. General Question: What is the possibility that my "IEAccessInst" issue exists simply because it was a component of IE7 (that didn't get deleted when I removed IE7 a couple months ago)? Is there a way to confirm that IE7 is really gone?
Administrator Tarun Posted April 22, 2009 Administrator Posted April 22, 2009 None that I know of, however I would recommend updating to IE7 and then IE8. I also believe you need SP3.
jpetrovick Posted April 23, 2009 Author Posted April 23, 2009 Welcome to Lunarsoft, jpetrovick! Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log. To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section. Hello Again Tarun, Per your advice, I ran the Anti-Malware Toolkit (following directions & instructions in PC Cleanup) and have attached my Hijack log. Please advise> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:59:57 PM, on 4/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\msdtc.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jim & Sally\Desktop\Download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM) O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://12.20.72.79/wcsapp/weblib/Javascrip...g/ie/SecMgr.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1237677226399 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 5054 bytes
Administrator Tarun Posted April 23, 2009 Administrator Posted April 23, 2009 Did Malwarebytes or SUPERAntiSpyware find any malware?
jpetrovick Posted April 23, 2009 Author Posted April 23, 2009 Did Malwarebytes or SUPERAntiSpyware find any malware? Tarun, Malwarebytes found nothing, and SAS found one trojan thread.
James_A Posted April 23, 2009 Posted April 23, 2009 Why is inetinfo.exe (part of IIS) running on an XP box? C:\WINDOWS\system32\inetsrv\inetinfo.exe .
jpetrovick Posted April 24, 2009 Author Posted April 24, 2009 Why is inetinfo.exe (part of IIS) running on an XP box? C:\WINDOWS\system32\inetsrv\inetinfo.exe . Hello James A. Thanks for noticing this. I owe you!! If inetinfo.exe should not exist on XP, I have no idea why its there, unless perhaps my Norton Internet Security put it there. I do not knowingly use any intranet services. In Control Panel, I looked into at my installed Windows programs, and under the Internet Information Services (IIS) heading, I see these components are checked: COMMON FILES, IIS Snap-Ins, SMTP Service, and WORLD WIDE WEB SERVICE. What do you suggest? Deletion? None of the Malware programs found it. Please advise. jpetrovick
Eldmannen Posted April 24, 2009 Posted April 24, 2009 I suggest you uninstall them, if you do not use them.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.