InstantAccess

InstantAccess is an adware application that usually contains dialer functionality.

InstantAccess encompasses a number of related applications including some known as Electronic-Group, EGroup, IEAccess, Phone2Enter and P2E.

When InstantAccess is installed the following folders and files may be created:

<Desktop>\Instant Access.lnk
<Desktop>\FunFunFun.lnk
<Desktop>\NoCreditCard.url
<User>\Start Menu\Instant Access.lnk
<Program Files>\Instant Access
<Program Files>\Instant Access\instant access.exe
<Program Files>\Instant Access\Center
<Program Files>\Instant Access\Center\Exe
<Program Files>\Instant Access\Center\Exe\<date>
<Program Files>\Instant Access\Center\Exe\<date>\img
<Program Files>\Instant Access\Center\Icons
<Program Files>\Instant Access\Dialer
<Program Files>\Instant Access\Dialer\Exe
<Program Files>\Instant Access\Dialer\Exe\<date>\dialerexe.ini
<Program Files>\Instant Access\Dialer\Exe\<date>\Instant Access.exe
<Program Files>\Instant Access\Dialer\Exe\<date>\Common
<Program Files>\Instant Access\Dialer\Exe\<date>\img\ncc.ico
<Program Files>\Instant Access\Multi
<Windows>\DialPass
<Windows>\mc
<Windows>\mc\magiccontrol.dll
<Windows>\mslagent
<Windows>\mslagent\2_mslagent.dll
<Windows>\mslagent\3_mslagent.dll
<Windows>\mslagent\acknowledged.mc2
<Windows>\mslagent\CompManagerPersist.mc2
<Windows>\mslagent\mslagent.exe
<Windows>\mslagent\OrderPersist.mc2
<Windows>\mslagent\uninstall.exe
<Windows>\navmpc
<Windows>\navmpc\navpmc.exe
<Windows>\simcss
<Windows>\simcss\acknowledged.mc2
<Windows>\simcss\CompManagerPersist.mc2
<Windows>\simcss\except.mc2
<Windows>\simcss\OrderPersist.mc2
<Windows>\simcss\simcss.exe
<Windows>\simcss\TimePersist
<Windows>\simcss\uninstall.exe
<Windows>\wincomp
<Windows>\wincomp\acknowledged.mc2
<Windows>\wincomp\CompManagerPersist.mc2
<Windows>\wincomp\except.mc2
<Windows>\wincomp\OrderPersist.mc2
<Windows>\wincomp\TimePersist
<Windows>\wincomp\uninstall.exe
<Windows>\wincomp\wincomp.exe
<Windows>\winmgts
<Windows>\winmgts\acknowledged.mc2
<Windows>\winmgts\CompManagerPersist.mc2
<Windows>\winmgts\except.mc2
<Windows>\winmgts\OrderPersist.mc2
<Windows>\winmgts\TimePersist
<Windows>\winmgts\uninstall.exe
<Windows>\winmgts\winmgts.exe
<Windows>\wintrim
<Windows>\wintrim\acknowledged.mc2
<Windows>\wintrim\CompManagerPersist.mc2
<Windows>\wintrim\egping.dll
<Windows>\wintrim\except.mc2
<Windows>\wintrim\OrderPersist.mc2
<Windows>\wintrim\TimePersist
<Windows>\wintrim\uninstall.exe
<Windows>\wintrim\wintrim.exe
<System>\eg_auth.dll
<System>\egaccess.dll
<System>\EGAUTH<version>.dll
<System>\egcomlib_<version>.dll
<System>\egcomlib2.dll
<System>\egcomservice_<version>.dll
<System>\egcomservice2.dll
<System>\egdhtml_<version>.dll
<System>\eghtml2.dll
<System>\eghtmldialer.dll
<System>\egmchk.dll
<System>\ia.dll
<System>\ieaccess2.dll
<System>\liveservice.dll
<System>\msclock32.dll
<System>\msegcompid.dll
<System>\msplock32.dll
<System>\nethv32.dll
<System>\netslv32.dll
<System>\one2onesvc.dll
<System>\p2eclient.exe
<System>\p2esock<version>.dll
<System>\p2esocks.dll
<System>\sysnetsvc32.dll

where <date> is a date-based number and <version> is a version number.

The following registry entry is created to run mslagent.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
mslagent
<Windows>\mslagent\mslagent.exe

The following registry entry is created to run code exported by egcomservice_<version>.dll on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Instant Access
rundll32.exe EGCOMSERVICE_<version>.dll,InstantAccess

The files InstantAccess DLLs are registered as COM objects, creating registry entries under:

HKCR\mslagent.3
HKCR\mslagent.3.1
HKCR\MagicControl.MagicComponent
HKCR\MagicControl.MagicComponent.1
HKCR\IEAccess2.IEDial
HKCR\IEAccess2.IEDial.1
HKCR\EGPing.EGMagicPing
HKCR\EGPing.EGMagicPing.1
HKCR\EGHTMLDialer.HTMLDialer
HKCR\EGHTMLDialer.HTMLDialer.1
HKCR\EGDHTML.EGDialHTML
HKCR\EGDHTML.EGDialHTML.1
HKCR\EGCOMSERVICE2.EGComSvc2
HKCR\EGCOMSERVICE2.EGComSvc2.1
HKCR\EGCOMSERVICE.EGComSvc
HKCR\EGCOMSERVICE.EGComSvc.1
HKCR\EGCOMLIB2.EGComLibrary2
HKCR\EGCOMLIB2.EGComLibrary2.1
HKCR\EGCOMLIB.EGComLibrary
HKCR\EGCOMLIB.EGComLibrary.1
HKCR\EGAUTH.EGEGAUTH
HKCR\EGAUTH.EGEGAUTH.1
HKCR\Cltguider.Cltbuilder
HKCR\Cltguider.Cltbuilder.1
HKCR\CLSID\(F72BC3F0-6C20-4793-9DDA-258589D8A907)
HKCR\CLSID\(D7A82A12-05F5-42D8-B30D-6EF995075D2D)
HKCR\CLSID\(CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED)
HKCR\CLSID\(C6760A07-A574-4705-B113-7856315922C3)
HKCR\CLSID\(BFC9677B-8006-4336-9D49-2C797AEFCB9E)
HKCR\CLSID\(B843DA96-2B2D-447E-90AB-B92929AA11AF)
HKCR\CLSID\(B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C)
HKCR\CLSID\(A02780C3-7F77-4E28-855B-28890F3CF37A)
HKCR\CLSID\(75A603E7-8BB7-4272-ABBE-9846FF1241C1)
HKCR\CLSID\(6AA93DF6-6757-4338-9087-F7601DE18402)
HKCR\CLSID\(50AD557E-3426-41FD-AFDD-2AF39BB1C387)
HKCR\CLSID\(505098FD-5D61-4BC2-9B82-F969D0E932A2)
HKCR\CLSID\(486E48B5-ABF2-42BB-A327-2679DF3FB822)
HKCR\CLSID\(469C7080-8EC8-43A6-AD97-45848113743C)
HKCR\CLSID\(2AEEAC34-FD74-4142-B891-4B05C0C03C87)
HKCR\CLSID\(2ABE804B-4D3A-41BF-A172-304627874B45)
HKCR\CLSID\(1D2DCA0D-B30F-40AD-9690-087105F214EC)
HKCR\CLSID\(0878F049-D33E-45E0-A157-C36A6683CF25)
HKCR\CLSID\(0594AF7E-573B-40DF-8165-E47AB2EAEFE8)
HKCR\TypeLib\(F3A257E6-FA04-4B30-A1B6-6B89EB814544)
HKCR\TypeLib\(BA49BD6A-039C-428E-AF33-8C1288D75A7B)
HKCR\TypeLib\(BA232BA2-12D3-47CD-AA05-5E8F85DBC650)
HKCR\TypeLib\(9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0)
HKCR\TypeLib\(83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53)
HKCR\TypeLib\(83B8F65D-96E3-4518-A40C-E0CA84FF09FC)
HKCR\TypeLib\(82C0673C-F1D1-47BA-B904-AB0DE82300BC)
HKCR\TypeLib\(7699AEF9-F83A-44FA-B374-AA02CEDF247D)
HKCR\TypeLib\(0E594D22-ACE6-43A2-BCDA-BB7C65D3FE8C)
HKCR\TypeLib\(06EC63CC-4823-4836-ABB8-AB5F3971FA5C)

Registry entries may be created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winmgts
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincomp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\simcss
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\navpmc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent
HKCU\Software\mc
HKCU\Software\livesvc
HKLM\SOFTWARE\egroup
HKCU\Software\EGDHTML
HKCU\Software\O2OSvc

InstantAccess provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as: "winmgts", "wincomp", "simcss", "navpmc" and "mslagent".