# I need a hand here, please...



## Gordito (Mar 12, 2005)

hello,

i am writing you because i have recently realized that my computer is running slower than normal, and when i used "CTRL+ALT+DELETE" it showed 2 programs running that i never had before they are:

"Mediaaccess"
"Mediaacck"

when i opt to shut them down, my computer waits a few seconds then i select end task, but they still are there when i "CTRL+ALT+DELETE". i have "hijackthis", which i tried to use to fix this situation, and i see a line for this "mediaaccess" thing, but when i check the box to fix it, it reappears upon rebooting my computer?????  i have also used the "MSCONFIG" and unchecked this there as well, to no avail.

if you can help me get rid of these pesky things i would be greatly appreciative.

hope to hear from you soon, thanks!


----------



## flavallee (May 12, 2002)

Why don't you post a copy of your HijackThis log here so we can look at it?


----------



## Gordito (Mar 12, 2005)

here is a copy of my recent "HijackThis" file:

Logfile of HijackThis v1.98.2
Scan saved at 6:07:10 PM, on 3/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.flashcom.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/old
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe


----------



## Gordito (Mar 12, 2005)

i guess i should let you know, my computer runs windows me edition


----------



## JSntgRvr (Jul 1, 2003)

http://forums.techguy.org/t110854.html

Use the link above and perform at least two Online Virus Scans.

Also download and run the following programs:

Spybot search and Destroy

Adaware

Make sure you update these programs online prior to the Scan. Delete all malware found.

In order to see all running processes in your computer throughout HijackThis, you must run the computer in Normal Mode.

Run Msconfig. Click on Normal Startup. Click Apply, then OK, restart the computer when prompted.

After you have performed the above, run HJT and post a new log. We will need some feedback pertaining to the outcome on all these processes.


----------



## The_Egg (Sep 16, 2002)

And be sure to upgrade HijackThis to the latest v1.99.1 first:
http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

Note: Media Access is a new windupdates variant
http://sandbox.norman.no/live_2.html?logfile=112898


----------



## flavallee (May 12, 2002)

Gordito:

I don't see *ScanRegistry* or *StateMgr* in your list of running processes. Those two, along with *SystemTray*, should always remain checked and enabled in the MSCONFIG "Startup" tab.

I don't see an antivirus program installed and running in the background.


----------



## TOGG (Apr 2, 2002)

gordito,

I don't want to add to your concerns but, I'm going to!

Assuming that you do install and run AdAware, be careful if it finds something called TIB or TIBS on your system. Some people have been having problems after letting AA 'fix' TIB;http://www.lavasoftsupport.com/index.php?showtopic=60484&hl=tib+browser+object You probably don't need to wade through the whole of the Lavasoft Forum thread (unless of course, AA does find TIB on your system), just be aware of the possibility.

I don't have ME but I believe that it has System Restore. If any baddies are found I believe that it is sometimes necessary to clear Restore points as well, but I'll leave that to the experts to advise you about.


----------



## Greyhawk (Mar 16, 2005)

I just resolved my problem with "MediaAccess" and "MediaAcck". I used a "manual" solution, without any tools.

Simply remove ALL access privileges on the "C:\Program Files\Media Access" directory for ALL users, including the user SYSTEM. Then reboot. Voilà!  Now simply give yourself enough privileges to delete the directory. You must ADMINISTRATOR rights on the local machine.

This solution worked great on a Windows XP. I don't know much about Windows ME, so maybe this is also possible on Win ME, or maybe not.


----------



## Shadex (Mar 16, 2005)

Sorry for the question, but how do you remove access privileges off the program?

I tried surfing the web to figure it out but could not find it, help would 
be greatly appreciated. 

Thanks.


----------



## Cheeseball81 (Mar 3, 2004)

Is Media Access listed in Add/Remove Programs by any chance?


----------



## JSntgRvr (Jul 1, 2003)

Where is Gordito's feedback?


----------



## Greyhawk (Mar 16, 2005)

To change the access privileges, open your "Windows Explorer" and navigate to "C:\Program Files". In the right pane, you should see the "Media Access" directory. Right click on it and choose "Properties". You should then see a "Security" tab, click on it. This window will list all access privileges for all users. This is true on Windows 2000 and XP, don't know about ME.

Then you simply select a user in the upper part of the window and click the "Remove" button. You do that for all users.


----------



## barnabas (Mar 18, 2005)

Don't bother with Ad-Aware, SpyBot or Spyware Doctor. I use all three, updating daily and none of them catch it. I am using a system that runs on 98 SE (w/98 Lite). I started to remove (Add/Remove) Media Access and got the following in an Information box:









When I clicked on Yes, I got another Information box with this:
Do you want to keep these important features on your computer?

1. Relevancy of advertisment;
2. Improved Media Access capabilities;
3. Enhanced ad support.

When I clicked on No, it appears to have removed the offending items. Of course I haven't restarted my system since then.

Hmm, perhaps I should.

I'll be back to let you know if that was successful.

Jason


----------



## OBP (Mar 8, 2005)

Greyhawk, most users will not be able to see the "Security" tab in Folder/File Properties, if they can't then they need to - 
To display the Security tab
Open Folder Options in Control Panel.
Click Start, and then click Control Panel.
Double-click Folder Options.
On the View tab, under Advanced settings, clear Use simple file sharing [Recommended].


----------



## JSntgRvr (Jul 1, 2003)

Has anybody seen Gordito?


----------



## Cheeseball81 (Mar 3, 2004)

I haven't.


----------



## OBP (Mar 8, 2005)

Perhaps their computer has died.


----------



## imrankhi (Mar 19, 2005)

dear gordito,
i have the same problem...
if you get any solution, plz do let me know...
regards,
imran ahmed



Gordito said:


> hello,
> 
> i am writing you because i have recently realized that my computer is running slower than normal, and when i used "CTRL+ALT+DELETE" it showed 2 programs running that i never had before they are:
> 
> ...


----------



## OBP (Mar 8, 2005)

imrankhi, why not create your own post on here and you will get plenty of help?


----------

