Jump to content

IEAccessSysInst


jpetrovick

Recommended Posts

When I try to use Dial-a-fix to Repair/Reinstall IE, I get an error that tells me "IESETUP.DLL is missing IEAccessSysInst". I get this same error when I go to C:\WINDOWS\inf , click on ie.inf, and hit "Install". I am running XP SP-2, and trying to recover files IE that were probably corrupted by a nasty trojan, Brastk.Exe. I got rid of the trojan, but cannot successfully download updates from Windows or MS. Since my IE-6 came pre-installed, I don't have IE on a CD, and I haven't been able to locate a copy of IE6. I'd rather not do a full system recovery. I've tried other "fixes" and tests but none have solved the problem. I can connect to the net with Firefox, but not with IE-6 (or IE-7).

My anti-virus program is NIS2009. Any idea what IEAccessSysinst is all about?

Please advise.

JPetrovick

Link to comment
Share on other sites

  • Administrator

Welcome to Lunarsoft, jpetrovick!

Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log.

To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section.

Link to comment
Share on other sites

Welcome to Lunarsoft, jpetrovick!

Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log.

To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section.

Thanks for the info, I'll give it a try. General Question: What is the possibility that my "IEAccessInst" issue exists simply because it was a component of IE7 (that didn't get deleted when I removed IE7 a couple months ago)? Is there a way to confirm that IE7 is really gone?

Link to comment
Share on other sites

Welcome to Lunarsoft, jpetrovick!

Let's make sure your system is clean. Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log.

To restore your IE files, you may need to do a /sfc purgecache and /sfc scannow. You can find these in Dial-a-fix's Tools section.

Hello Again Tarun,

Per your advice, I ran the Anti-Malware Toolkit (following directions & instructions in PC Cleanup) and have attached my Hijack log.

Please advise>

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:59:57 PM, on 4/22/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\msdtc.exe

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Jim & Sally\Desktop\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://12.20.72.79/wcsapp/weblib/Javascrip...g/ie/SecMgr.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1237677226399

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab

O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - (no file)

--

End of file - 5054 bytes

Link to comment
Share on other sites

Why is inetinfo.exe (part of IIS) running on an XP box?

C:\WINDOWS\system32\inetsrv\inetinfo.exe

.

Hello James A.

Thanks for noticing this. I owe you!! If inetinfo.exe should not exist on XP, I have no idea why its there, unless perhaps my Norton Internet Security put it there. I do not knowingly use any intranet services. In Control Panel, I looked into at my installed Windows programs, and under the Internet Information Services (IIS) heading, I see these components are checked: COMMON FILES, IIS Snap-Ins, SMTP Service, and WORLD WIDE WEB SERVICE. What do you suggest? Deletion? None of the Malware programs found it.

Please advise.

jpetrovick

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...