Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
72 Posts
Discussion Starter #1
Hi all, new to the forums. Have today noticed a program on my Pc i want rid of, but which doesn't seem to want to leave. Earlier something like a 180searchassistant loaded up, didnt know what it was, said it was installed with something else, which i dont believe as i havent installed anything new for weeks. Uninstalled that, but this MediaAccK.exe and MediaAccess.exe tasks wont go away....I've looked at various guides to get rid of it, have run spybot, ad-aware, hi-jack this.....the log looks like this...



Logfile of HijackThis v1.98.2
Scan saved at 7:18:55 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/woodhouse
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot\SpybotSD.exe" /autocheck
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\tmpUpgrade\..\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\tmpUpgrade\..\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4587/mcfscan.cab


And still can't get rid of it.....can anyone help? (oh, and is there anything else on that list that looks abit fishy?)

Thanks
James
 

·
Registered
Joined
·
200 Posts
Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.
 

·
Registered
Joined
·
200 Posts
Hello, Lostnumber. Thanks for waiting patiently.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.


Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Download Blockrem from HERE. Unzip it to its own folder on your desktop.


Please download Cleanup! or use this (Alternate Link) if the main link does not work and install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.



Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time).

C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe



Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe


Please remember to close all other windows, including browsers then click Fix checked.



Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).


Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Media Access


Open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.Once it is running, please follow the onscreen instructions.


Delete the following Folders indicated in BLUE if they still exist.

C:\Program Files\Media Access\



Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files


Click OK, Press the CleanUp! button to start the program and reboot when prompted.



Perform an online scan with:
Panda ActiveScan

  1. Click on the Scan your PC button & a pop up window shall appear. (Ensure that your pop up blocker doesn't block it)
  2. Click On Next
  3. Enter your e-mail address & click Send. (It will begin downloading Panda's ActiveX controls which are about 8MB in size)
  4. In the next window, & checkmark the following:
    • Disinfect automatically
    • Scan compressed files
    • Scan e-mail files
    • Detect unknown viruses (Heuristic)
    • Detect spyware
  5. Begin the scan by selecting All My Computer

    You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  6. If it finds any malware, it will offer you a report. Click on see report
  7. Then click Save report
  8. Post the contents of the report in your next reply



Please post a fresh Hijack This log and the report from Panda ActiveScan so that we can check if your system is clean.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top