From: Alan Edwards on
No, it is not the same. Msinfo32 does not show quotation marks that
may need to be there in this case.
Do NOT delete it if you want MediaGateway, though you may not want
such adware.

Right-click Media Gateway in the right-hand pane of Regedit, select
Modify and add quotation marks before and after the value so it looks
like:
"c:\program files\media gateway\mediagateway.exe"

Do NOTHING with MediaGateway.exe in C:\Program Files unless you
decide to delete the reference in Regedit first.

Read a few of these first and decide if you want this questionable
application.
http://www.google.com/search?hl=en&q=mediagateway+adware&btnG=Google+Search

....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html


On Thu, 8 Sep 2005 06:02:02 -0700, Strela
<Strela(a)discussions.microsoft.com> wrote:

>Hello, Alan!
>I found MediaGateway according to your description:
>(HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
>It looks exactly as you wrote (Media Gateway "c:\program files\media
>gateway\mediagateway.exe").
>You suggested to altering it. How? Shall I delete it?
>I also Found MediaGateway and MediaGateway(2) in My computer/C:\Program
>Files" folder. What shall I do with them?
>Best regards.
>
>
>"Alan Edwards" wrote:
>
>> I noticed you have a "C\Program" folder as well as a C:\Program Files"
>> folder. That used to cause conflicts in Win9x and perhaps it still can
>> in XP?
>> There used to be a site explaining it all.
>> "program folder opening at Startup" problem
>> http://pages.infinit.net/mrobich/program_folder.html
>> That is no longer available and I really don't recall the details of
>> the solution.
>>
>> I cannot see anything obvious in your list and if no one else can,
>> then selectively disable items and reboot until you find the problem
>> and then report back.
>>
>> You might try altering this one:
>> Media Gateway c:\program files\media gateway\mediagateway.exe
>> so it looks like this:
>> Media Gateway "c:\program files\media gateway\mediagateway.exe"
>> You will find it using Regedit (Start-Run-Regedit) under the key:
>> HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>>
>> ....Alan
>> --
>> Alan Edwards, MS MVP Windows - Internet Explorer
>> http://dts-l.org/index.html
>>
>>
>> On Wed, 7 Sep 2005 05:27:36 -0700, Strela
>> <Strela(a)discussions.microsoft.com> wrote:
>>
>> >Hello, Alan!
>> >Here is the information you asked me about.
>> >I hope that it can help to find the problem.
>> >Best regards.
>> >
>> > c:\windows\options\oemreset.exe /audit All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >CPRun c:\philips\cprun.exe connected planet.exe NT INSTANS\SYSTEM Autostart
>> >CPRun c:\philips\cprun.exe connected planet.exe .DEFAULT Autostart
>> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT
>> >INSTANS\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\LOKAL
>> >TJýNST HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\NETWORK
>> >SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >KAV50 "c:\program\kaspersky lab\kaspersky anti-virus personal pro 5\kav.exe"
>> >-run -n personalpro -v 5.0.0.0 All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >Media Gateway c:\program files\media gateway\mediagateway.exe All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >NeroCheck c:\windows\system32\nerocheck.exe All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe NT
>> >INSTANS\SYSTEM Autostart
>> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe .DEFAULT Autostart
>> >Power2GoExpress DITT-D04A620689\Galina
>> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >QuickTime Task "c:\program\quicktime\qttask.exe" -atboottime All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >Recguard c:\windows\sminst\recguard.exe All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >SiS Windows KeyHook c:\windows\system32\keyhook.exe All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >SiSUSBRG c:\windows\sisusbrg.exe All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >SoundMan soundman.exe All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >SunJavaUpdateSched c:\program\java\jre1.5.0_04\bin\jusched.exe All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >ctfmon.exe c:\windows\system32\ctfmon.exe DITT-D04A620689\Galina
>> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >desktop desktop.ini NT INSTANS\SYSTEM Autostart
>> >desktop desktop.ini DITT-D04A620689\Galina Thulin Autostart
>> >desktop desktop.ini .DEFAULT Autostart
>> >desktop desktop.ini All Users Gemensam autostart
>> >desktop(2) desktop(2).ini NT INSTANS\SYSTEM Autostart
>> >desktop(2) desktop(2).ini .DEFAULT Autostart
>> >eelr9ch4 c:\windows\system32\eelr9ch4.exe All
>> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >
>> >
>> >
>> >"Alan Edwards" wrote:
>> >
>> >> Autostart is unlikely to be empty.
>> >> Check in Msconfig for any oddities.
>> >> (Start-Run-MSCONFIG-Startup tab)
>> >> If you cannot see anything in Msconfig then:
>> >>
>> >> Start-Run-msinfo32
>> >> Click the + beside Software Environment to expand.
>> >> Click Startup Programs
>> >> Ctrl+A to Select All, Ctrl+C to Copy.
>> >> Paste that information in your message.
>> >>
>> >> ....Alan
>> >> --
>> >> Alan Edwards, MS MVP Windows - Internet Explorer
>> >> http://dts-l.org/index.html
>> >>
>> >> On Wed, 7 Sep 2005 03:35:03 -0700, Strela
>> >> <Strela(a)discussions.microsoft.com> wrote:
>> >>
>> >> >Hello!
>> >> >Each time when I log in I get opened C:\Program as Autostart. But in reality
>> >> >Autostart is empty. It started to appear for two weeks ago and I cannot
>> >> >change it back. I checked everything.
>> >> >Help!
>> >>
>>
From: Strela on
Hello, Allan!
Tone in your messages was so calm that I did not realize that I had a bigger
problem with my computer as I thought. I did everything as you suggested me
to do and today when I started my computer the Program Star up did not
appear. Everything was as it before.
I have to thank you for professional help. I would destroy my computer
otherwise.

But now when I know that my computer has a spy and after reading those
links you send me to, I want to get rid of Media Gateway. Actually I heard
about Gateway before but I did not pay attention then and completely forgot
about it afterwards.

It is strange that I have got it because I have Kaspersky Anti-Virus program
and Microsoft Firewall and I thoght that I should be warned about the
intrusion. But obviously did not.

Now, will you, please, help me to get rid of it? There are a lot of
different tools for this and I need an advice, which is the best and most
painful one of them. What would you do?

Best regards.



"Alan Edwards" wrote:

> No, it is not the same. Msinfo32 does not show quotation marks that
> may need to be there in this case.
> Do NOT delete it if you want MediaGateway, though you may not want
> such adware.
>
> Right-click Media Gateway in the right-hand pane of Regedit, select
> Modify and add quotation marks before and after the value so it looks
> like:
> "c:\program files\media gateway\mediagateway.exe"
>
> Do NOTHING with MediaGateway.exe in C:\Program Files unless you
> decide to delete the reference in Regedit first.
>
> Read a few of these first and decide if you want this questionable
> application.
> http://www.google.com/search?hl=en&q=mediagateway+adware&btnG=Google+Search
>
> ....Alan
> --
> Alan Edwards, MS MVP Windows - Internet Explorer
> http://dts-l.org/index.html
>
>
> On Thu, 8 Sep 2005 06:02:02 -0700, Strela
> <Strela(a)discussions.microsoft.com> wrote:
>
> >Hello, Alan!
> >I found MediaGateway according to your description:
> >(HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
> >It looks exactly as you wrote (Media Gateway "c:\program files\media
> >gateway\mediagateway.exe").
> >You suggested to altering it. How? Shall I delete it?
> >I also Found MediaGateway and MediaGateway(2) in My computer/C:\Program
> >Files" folder. What shall I do with them?
> >Best regards.
> >
> >
> >"Alan Edwards" wrote:
> >
> >> I noticed you have a "C\Program" folder as well as a C:\Program Files"
> >> folder. That used to cause conflicts in Win9x and perhaps it still can
> >> in XP?
> >> There used to be a site explaining it all.
> >> "program folder opening at Startup" problem
> >> http://pages.infinit.net/mrobich/program_folder.html
> >> That is no longer available and I really don't recall the details of
> >> the solution.
> >>
> >> I cannot see anything obvious in your list and if no one else can,
> >> then selectively disable items and reboot until you find the problem
> >> and then report back.
> >>
> >> You might try altering this one:
> >> Media Gateway c:\program files\media gateway\mediagateway.exe
> >> so it looks like this:
> >> Media Gateway "c:\program files\media gateway\mediagateway.exe"
> >> You will find it using Regedit (Start-Run-Regedit) under the key:
> >> HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >>
> >> ....Alan
> >> --
> >> Alan Edwards, MS MVP Windows - Internet Explorer
> >> http://dts-l.org/index.html
> >>
> >>
> >> On Wed, 7 Sep 2005 05:27:36 -0700, Strela
> >> <Strela(a)discussions.microsoft.com> wrote:
> >>
> >> >Hello, Alan!
> >> >Here is the information you asked me about.
> >> >I hope that it can help to find the problem.
> >> >Best regards.
> >> >
> >> > c:\windows\options\oemreset.exe /audit All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >CPRun c:\philips\cprun.exe connected planet.exe NT INSTANS\SYSTEM Autostart
> >> >CPRun c:\philips\cprun.exe connected planet.exe .DEFAULT Autostart
> >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT
> >> >INSTANS\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\LOKAL
> >> >TJÄNST HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\NETWORK
> >> >SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >KAV50 "c:\program\kaspersky lab\kaspersky anti-virus personal pro 5\kav.exe"
> >> >-run -n personalpro -v 5.0.0.0 All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >Media Gateway c:\program files\media gateway\mediagateway.exe All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >NeroCheck c:\windows\system32\nerocheck.exe All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe NT
> >> >INSTANS\SYSTEM Autostart
> >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe .DEFAULT Autostart
> >> >Power2GoExpress DITT-D04A620689\Galina
> >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >QuickTime Task "c:\program\quicktime\qttask.exe" -atboottime All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >Recguard c:\windows\sminst\recguard.exe All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >SiS Windows KeyHook c:\windows\system32\keyhook.exe All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >SiSUSBRG c:\windows\sisusbrg.exe All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >SoundMan soundman.exe All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >SunJavaUpdateSched c:\program\java\jre1.5.0_04\bin\jusched.exe All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >ctfmon.exe c:\windows\system32\ctfmon.exe DITT-D04A620689\Galina
> >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >desktop desktop.ini NT INSTANS\SYSTEM Autostart
> >> >desktop desktop.ini DITT-D04A620689\Galina Thulin Autostart
> >> >desktop desktop.ini .DEFAULT Autostart
> >> >desktop desktop.ini All Users Gemensam autostart
> >> >desktop(2) desktop(2).ini NT INSTANS\SYSTEM Autostart
> >> >desktop(2) desktop(2).ini .DEFAULT Autostart
> >> >eelr9ch4 c:\windows\system32\eelr9ch4.exe All
> >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> >
> >> >
> >> >
> >> >"Alan Edwards" wrote:
> >> >
> >> >> Autostart is unlikely to be empty.
> >> >> Check in Msconfig for any oddities.
> >> >> (Start-Run-MSCONFIG-Startup tab)
> >> >> If you cannot see anything in Msconfig then:
> >> >>
> >> >> Start-Run-msinfo32
> >> >> Click the + beside Software Environment to expand.
> >> >> Click Startup Programs
> >> >> Ctrl+A to Select All, Ctrl+C to Copy.
> >> >> Paste that information in your message.
> >> >>
> >> >> ....Alan
> >> >> --
> >> >> Alan Edwards, MS MVP Windows - Internet Explorer
> >> >> http://dts-l.org/index.html
> >> >>
> >> >> On Wed, 7 Sep 2005 03:35:03 -0700, Strela
> >> >> <Strela(a)discussions.microsoft.com> wrote:
> >> >>
> >> >> >Hello!
> >> >> >Each time when I log in I get opened C:\Program as Autostart. But in reality
> >> >> >Autostart is empty. It started to appear for two weeks ago and I cannot
> >> >> >change it back. I checked everything.
> >> >> >Help!
> >> >>
> >>
>
From: Strela on
The problem is back!

"Strela" wrote:

> Hello, Allan!
> Tone in your messages was so calm that I did not realize that I had a bigger
> problem with my computer as I thought. I did everything as you suggested me
> to do and today when I started my computer the Program Star up did not
> appear. Everything was as it before.
> I have to thank you for professional help. I would destroy my computer
> otherwise.
>
> But now when I know that my computer has a spy and after reading those
> links you send me to, I want to get rid of Media Gateway. Actually I heard
> about Gateway before but I did not pay attention then and completely forgot
> about it afterwards.
>
> It is strange that I have got it because I have Kaspersky Anti-Virus program
> and Microsoft Firewall and I thoght that I should be warned about the
> intrusion. But obviously did not.
>
> Now, will you, please, help me to get rid of it? There are a lot of
> different tools for this and I need an advice, which is the best and most
> painful one of them. What would you do?
>
> Best regards.
>
>
>
> "Alan Edwards" wrote:
>
> > No, it is not the same. Msinfo32 does not show quotation marks that
> > may need to be there in this case.
> > Do NOT delete it if you want MediaGateway, though you may not want
> > such adware.
> >
> > Right-click Media Gateway in the right-hand pane of Regedit, select
> > Modify and add quotation marks before and after the value so it looks
> > like:
> > "c:\program files\media gateway\mediagateway.exe"
> >
> > Do NOTHING with MediaGateway.exe in C:\Program Files unless you
> > decide to delete the reference in Regedit first.
> >
> > Read a few of these first and decide if you want this questionable
> > application.
> > http://www.google.com/search?hl=en&q=mediagateway+adware&btnG=Google+Search
> >
> > ....Alan
> > --
> > Alan Edwards, MS MVP Windows - Internet Explorer
> > http://dts-l.org/index.html
> >
> >
> > On Thu, 8 Sep 2005 06:02:02 -0700, Strela
> > <Strela(a)discussions.microsoft.com> wrote:
> >
> > >Hello, Alan!
> > >I found MediaGateway according to your description:
> > >(HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
> > >It looks exactly as you wrote (Media Gateway "c:\program files\media
> > >gateway\mediagateway.exe").
> > >You suggested to altering it. How? Shall I delete it?
> > >I also Found MediaGateway and MediaGateway(2) in My computer/C:\Program
> > >Files" folder. What shall I do with them?
> > >Best regards.
> > >
> > >
> > >"Alan Edwards" wrote:
> > >
> > >> I noticed you have a "C\Program" folder as well as a C:\Program Files"
> > >> folder. That used to cause conflicts in Win9x and perhaps it still can
> > >> in XP?
> > >> There used to be a site explaining it all.
> > >> "program folder opening at Startup" problem
> > >> http://pages.infinit.net/mrobich/program_folder.html
> > >> That is no longer available and I really don't recall the details of
> > >> the solution.
> > >>
> > >> I cannot see anything obvious in your list and if no one else can,
> > >> then selectively disable items and reboot until you find the problem
> > >> and then report back.
> > >>
> > >> You might try altering this one:
> > >> Media Gateway c:\program files\media gateway\mediagateway.exe
> > >> so it looks like this:
> > >> Media Gateway "c:\program files\media gateway\mediagateway.exe"
> > >> You will find it using Regedit (Start-Run-Regedit) under the key:
> > >> HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >>
> > >> ....Alan
> > >> --
> > >> Alan Edwards, MS MVP Windows - Internet Explorer
> > >> http://dts-l.org/index.html
> > >>
> > >>
> > >> On Wed, 7 Sep 2005 05:27:36 -0700, Strela
> > >> <Strela(a)discussions.microsoft.com> wrote:
> > >>
> > >> >Hello, Alan!
> > >> >Here is the information you asked me about.
> > >> >I hope that it can help to find the problem.
> > >> >Best regards.
> > >> >
> > >> > c:\windows\options\oemreset.exe /audit All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >CPRun c:\philips\cprun.exe connected planet.exe NT INSTANS\SYSTEM Autostart
> > >> >CPRun c:\philips\cprun.exe connected planet.exe .DEFAULT Autostart
> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT
> > >> >INSTANS\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\LOKAL
> > >> >TJÄNST HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\NETWORK
> > >> >SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >KAV50 "c:\program\kaspersky lab\kaspersky anti-virus personal pro 5\kav.exe"
> > >> >-run -n personalpro -v 5.0.0.0 All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >Media Gateway c:\program files\media gateway\mediagateway.exe All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >NeroCheck c:\windows\system32\nerocheck.exe All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe NT
> > >> >INSTANS\SYSTEM Autostart
> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe .DEFAULT Autostart
> > >> >Power2GoExpress DITT-D04A620689\Galina
> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >QuickTime Task "c:\program\quicktime\qttask.exe" -atboottime All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >Recguard c:\windows\sminst\recguard.exe All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >SiS Windows KeyHook c:\windows\system32\keyhook.exe All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >SiSUSBRG c:\windows\sisusbrg.exe All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >SoundMan soundman.exe All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >SunJavaUpdateSched c:\program\java\jre1.5.0_04\bin\jusched.exe All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >ctfmon.exe c:\windows\system32\ctfmon.exe DITT-D04A620689\Galina
> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >desktop desktop.ini NT INSTANS\SYSTEM Autostart
> > >> >desktop desktop.ini DITT-D04A620689\Galina Thulin Autostart
> > >> >desktop desktop.ini .DEFAULT Autostart
> > >> >desktop desktop.ini All Users Gemensam autostart
> > >> >desktop(2) desktop(2).ini NT INSTANS\SYSTEM Autostart
> > >> >desktop(2) desktop(2).ini .DEFAULT Autostart
> > >> >eelr9ch4 c:\windows\system32\eelr9ch4.exe All
> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> > >> >
> > >> >
> > >> >
> > >> >"Alan Edwards" wrote:
> > >> >
> > >> >> Autostart is unlikely to be empty.
> > >> >> Check in Msconfig for any oddities.
> > >> >> (Start-Run-MSCONFIG-Startup tab)
> > >> >> If you cannot see anything in Msconfig then:
> > >> >>
> > >> >> Start-Run-msinfo32
> > >> >> Click the + beside Software Environment to expand.
> > >> >> Click Startup Programs
> > >> >> Ctrl+A to Select All, Ctrl+C to Copy.
> > >> >> Paste that information in your message.
> > >> >>
> > >> >> ....Alan
> > >> >> --
> > >> >> Alan Edwards, MS MVP Windows - Internet Explorer
> > >> >> http://dts-l.org/index.html
> > >> >>
> > >> >> On Wed, 7 Sep 2005 03:35:03 -0700, Strela
> > >> >> <Strela(a)discussions.microsoft.com> wrote:
> > >> >>
> > >> >> >Hello!
> > >> >> >Each time when I log in I get opened C:\Program as Autostart. But in reality
> > >> >> >Autostart is empty. It started to appear for two weeks ago and I cannot
> > >> >> >change it back. I checked everything.
> > >> >> >Help!
> > >> >>
> > >>
> >
From: Alan Edwards on
I don't know which one is the best for MediaGateway, I am afraid.
I have only tried Ad-Aware, Spybot and the MS Antispyware.
All are painless.
I keep MS Antispyware running but I may check with Ad-Aware and Spybot
once or twice a year, though I may have different security as I never
find anything.

....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html

On Fri, 9 Sep 2005 11:48:23 -0700, Strela
<Strela(a)discussions.microsoft.com> wrote:

>The problem is back!
>
>"Strela" wrote:
>
>> Hello, Allan!
>> Tone in your messages was so calm that I did not realize that I had a bigger
>> problem with my computer as I thought. I did everything as you suggested me
>> to do and today when I started my computer the Program Star up did not
>> appear. Everything was as it before.
>> I have to thank you for professional help. I would destroy my computer
>> otherwise.
>>
>> But now when I know that my computer has a ýspyý and after reading those
>> links you send me to, I want to get rid of Media Gateway. Actually I heard
>> about Gateway before but I did not pay attention then and completely forgot
>> about it afterwards.
>>
>> It is strange that I have got it because I have Kaspersky Anti-Virus program
>> and Microsoft Firewall and I thoght that I should be warned about the
>> ýintrusioný. But obviously did not.
>>
>> Now, will you, please, help me to get rid of it? There are a lot of
>> different tools for this and I need an advice, which is the best and most
>> ýpainfulý one of them. What would you do?
>>
>> Best regards.
>>
>>
>>
>> "Alan Edwards" wrote:
>>
>> > No, it is not the same. Msinfo32 does not show quotation marks that
>> > may need to be there in this case.
>> > Do NOT delete it if you want MediaGateway, though you may not want
>> > such adware.
>> >
>> > Right-click Media Gateway in the right-hand pane of Regedit, select
>> > Modify and add quotation marks before and after the value so it looks
>> > like:
>> > "c:\program files\media gateway\mediagateway.exe"
>> >
>> > Do NOTHING with MediaGateway.exe in C:\Program Files unless you
>> > decide to delete the reference in Regedit first.
>> >
>> > Read a few of these first and decide if you want this questionable
>> > application.
>> > http://www.google.com/search?hl=en&q=mediagateway+adware&btnG=Google+Search
>> >
>> > ....Alan
>> > --
>> > Alan Edwards, MS MVP Windows - Internet Explorer
>> > http://dts-l.org/index.html
>> >
>> >
>> > On Thu, 8 Sep 2005 06:02:02 -0700, Strela
>> > <Strela(a)discussions.microsoft.com> wrote:
>> >
>> > >Hello, Alan!
>> > >I found MediaGateway according to your description:
>> > >(HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
>> > >It looks exactly as you wrote (Media Gateway "c:\program files\media
>> > >gateway\mediagateway.exe").
>> > >You suggested to altering it. How? Shall I delete it?
>> > >I also Found MediaGateway and MediaGateway(2) in My computer/C:\Program
>> > >Files" folder. What shall I do with them?
>> > >Best regards.
>> > >
>> > >
>> > >"Alan Edwards" wrote:
>> > >
>> > >> I noticed you have a "C\Program" folder as well as a C:\Program Files"
>> > >> folder. That used to cause conflicts in Win9x and perhaps it still can
>> > >> in XP?
>> > >> There used to be a site explaining it all.
>> > >> "program folder opening at Startup" problem
>> > >> http://pages.infinit.net/mrobich/program_folder.html
>> > >> That is no longer available and I really don't recall the details of
>> > >> the solution.
>> > >>
>> > >> I cannot see anything obvious in your list and if no one else can,
>> > >> then selectively disable items and reboot until you find the problem
>> > >> and then report back.
>> > >>
>> > >> You might try altering this one:
>> > >> Media Gateway c:\program files\media gateway\mediagateway.exe
>> > >> so it looks like this:
>> > >> Media Gateway "c:\program files\media gateway\mediagateway.exe"
>> > >> You will find it using Regedit (Start-Run-Regedit) under the key:
>> > >> HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >>
>> > >> ....Alan
>> > >> --
>> > >> Alan Edwards, MS MVP Windows - Internet Explorer
>> > >> http://dts-l.org/index.html
>> > >>
>> > >>
>> > >> On Wed, 7 Sep 2005 05:27:36 -0700, Strela
>> > >> <Strela(a)discussions.microsoft.com> wrote:
>> > >>
>> > >> >Hello, Alan!
>> > >> >Here is the information you asked me about.
>> > >> >I hope that it can help to find the problem.
>> > >> >Best regards.
>> > >> >
>> > >> > c:\windows\options\oemreset.exe /audit All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >CPRun c:\philips\cprun.exe connected planet.exe NT INSTANS\SYSTEM Autostart
>> > >> >CPRun c:\philips\cprun.exe connected planet.exe .DEFAULT Autostart
>> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT
>> > >> >INSTANS\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\LOKAL
>> > >> >TJýNST HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\NETWORK
>> > >> >SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >KAV50 "c:\program\kaspersky lab\kaspersky anti-virus personal pro 5\kav.exe"
>> > >> >-run -n personalpro -v 5.0.0.0 All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >Media Gateway c:\program files\media gateway\mediagateway.exe All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >NeroCheck c:\windows\system32\nerocheck.exe All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe NT
>> > >> >INSTANS\SYSTEM Autostart
>> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe .DEFAULT Autostart
>> > >> >Power2GoExpress DITT-D04A620689\Galina
>> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >QuickTime Task "c:\program\quicktime\qttask.exe" -atboottime All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >Recguard c:\windows\sminst\recguard.exe All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >SiS Windows KeyHook c:\windows\system32\keyhook.exe All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >SiSUSBRG c:\windows\sisusbrg.exe All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >SoundMan soundman.exe All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >SunJavaUpdateSched c:\program\java\jre1.5.0_04\bin\jusched.exe All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >ctfmon.exe c:\windows\system32\ctfmon.exe DITT-D04A620689\Galina
>> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >desktop desktop.ini NT INSTANS\SYSTEM Autostart
>> > >> >desktop desktop.ini DITT-D04A620689\Galina Thulin Autostart
>> > >> >desktop desktop.ini .DEFAULT Autostart
>> > >> >desktop desktop.ini All Users Gemensam autostart
>> > >> >desktop(2) desktop(2).ini NT INSTANS\SYSTEM Autostart
>> > >> >desktop(2) desktop(2).ini .DEFAULT Autostart
>> > >> >eelr9ch4 c:\windows\system32\eelr9ch4.exe All
>> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> > >> >
>> > >> >
>> > >> >
>> > >> >"Alan Edwards" wrote:
>> > >> >
>> > >> >> Autostart is unlikely to be empty.
>> > >> >> Check in Msconfig for any oddities.
>> > >> >> (Start-Run-MSCONFIG-Startup tab)
>> > >> >> If you cannot see anything in Msconfig then:
>> > >> >>
>> > >> >> Start-Run-msinfo32
>> > >> >> Click the + beside Software Environment to expand.
>> > >> >> Click Startup Programs
>> > >> >> Ctrl+A to Select All, Ctrl+C to Copy.
>> > >> >> Paste that information in your message.
>> > >> >>
>> > >> >> ....Alan
>> > >> >> --
>> > >> >> Alan Edwards, MS MVP Windows - Internet Explorer
>> > >> >> http://dts-l.org/index.html
>> > >> >>
>> > >> >> On Wed, 7 Sep 2005 03:35:03 -0700, Strela
>> > >> >> <Strela(a)discussions.microsoft.com> wrote:
>> > >> >>
>> > >> >> >Hello!
>> > >> >> >Each time when I log in I get opened C:\Program as Autostart. But in reality
>> > >> >> >Autostart is empty. It started to appear for two weeks ago and I cannot
>> > >> >> >change it back. I checked everything.
>> > >> >> >Help!
>> > >> >>
>> > >>
>> >
From: Strela on
Hello, Alan!
Thanks, I will research it.
I have another problem. My Anti-Virus Kaspersky places file optimize.exe
in Back up and notices that it is infected. I erase it buy it comes back.
Want shall I do?
Best regards.


"Alan Edwards" wrote:

> I don't know which one is the best for MediaGateway, I am afraid.
> I have only tried Ad-Aware, Spybot and the MS Antispyware.
> All are painless.
> I keep MS Antispyware running but I may check with Ad-Aware and Spybot
> once or twice a year, though I may have different security as I never
> find anything.
>
> ....Alan
> --
> Alan Edwards, MS MVP Windows - Internet Explorer
> http://dts-l.org/index.html
>
> On Fri, 9 Sep 2005 11:48:23 -0700, Strela
> <Strela(a)discussions.microsoft.com> wrote:
>
> >The problem is back!
> >
> >"Strela" wrote:
> >
> >> Hello, Allan!
> >> Tone in your messages was so calm that I did not realize that I had a bigger
> >> problem with my computer as I thought. I did everything as you suggested me
> >> to do and today when I started my computer the Program Star up did not
> >> appear. Everything was as it before.
> >> I have to thank you for professional help. I would destroy my computer
> >> otherwise.
> >>
> >> But now when I know that my computer has a spy and after reading those
> >> links you send me to, I want to get rid of Media Gateway. Actually I heard
> >> about Gateway before but I did not pay attention then and completely forgot
> >> about it afterwards.
> >>
> >> It is strange that I have got it because I have Kaspersky Anti-Virus program
> >> and Microsoft Firewall and I thoght that I should be warned about the
> >> intrusion. But obviously did not.
> >>
> >> Now, will you, please, help me to get rid of it? There are a lot of
> >> different tools for this and I need an advice, which is the best and most
> >> painful one of them. What would you do?
> >>
> >> Best regards.
> >>
> >>
> >>
> >> "Alan Edwards" wrote:
> >>
> >> > No, it is not the same. Msinfo32 does not show quotation marks that
> >> > may need to be there in this case.
> >> > Do NOT delete it if you want MediaGateway, though you may not want
> >> > such adware.
> >> >
> >> > Right-click Media Gateway in the right-hand pane of Regedit, select
> >> > Modify and add quotation marks before and after the value so it looks
> >> > like:
> >> > "c:\program files\media gateway\mediagateway.exe"
> >> >
> >> > Do NOTHING with MediaGateway.exe in C:\Program Files unless you
> >> > decide to delete the reference in Regedit first.
> >> >
> >> > Read a few of these first and decide if you want this questionable
> >> > application.
> >> > http://www.google.com/search?hl=en&q=mediagateway+adware&btnG=Google+Search
> >> >
> >> > ....Alan
> >> > --
> >> > Alan Edwards, MS MVP Windows - Internet Explorer
> >> > http://dts-l.org/index.html
> >> >
> >> >
> >> > On Thu, 8 Sep 2005 06:02:02 -0700, Strela
> >> > <Strela(a)discussions.microsoft.com> wrote:
> >> >
> >> > >Hello, Alan!
> >> > >I found MediaGateway according to your description:
> >> > >(HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
> >> > >It looks exactly as you wrote (Media Gateway "c:\program files\media
> >> > >gateway\mediagateway.exe").
> >> > >You suggested to altering it. How? Shall I delete it?
> >> > >I also Found MediaGateway and MediaGateway(2) in My computer/C:\Program
> >> > >Files" folder. What shall I do with them?
> >> > >Best regards.
> >> > >
> >> > >
> >> > >"Alan Edwards" wrote:
> >> > >
> >> > >> I noticed you have a "C\Program" folder as well as a C:\Program Files"
> >> > >> folder. That used to cause conflicts in Win9x and perhaps it still can
> >> > >> in XP?
> >> > >> There used to be a site explaining it all.
> >> > >> "program folder opening at Startup" problem
> >> > >> http://pages.infinit.net/mrobich/program_folder.html
> >> > >> That is no longer available and I really don't recall the details of
> >> > >> the solution.
> >> > >>
> >> > >> I cannot see anything obvious in your list and if no one else can,
> >> > >> then selectively disable items and reboot until you find the problem
> >> > >> and then report back.
> >> > >>
> >> > >> You might try altering this one:
> >> > >> Media Gateway c:\program files\media gateway\mediagateway.exe
> >> > >> so it looks like this:
> >> > >> Media Gateway "c:\program files\media gateway\mediagateway.exe"
> >> > >> You will find it using Regedit (Start-Run-Regedit) under the key:
> >> > >> HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >>
> >> > >> ....Alan
> >> > >> --
> >> > >> Alan Edwards, MS MVP Windows - Internet Explorer
> >> > >> http://dts-l.org/index.html
> >> > >>
> >> > >>
> >> > >> On Wed, 7 Sep 2005 05:27:36 -0700, Strela
> >> > >> <Strela(a)discussions.microsoft.com> wrote:
> >> > >>
> >> > >> >Hello, Alan!
> >> > >> >Here is the information you asked me about.
> >> > >> >I hope that it can help to find the problem.
> >> > >> >Best regards.
> >> > >> >
> >> > >> > c:\windows\options\oemreset.exe /audit All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >CPRun c:\philips\cprun.exe connected planet.exe NT INSTANS\SYSTEM Autostart
> >> > >> >CPRun c:\philips\cprun.exe connected planet.exe .DEFAULT Autostart
> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT
> >> > >> >INSTANS\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\LOKAL
> >> > >> >TJÄNST HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\NETWORK
> >> > >> >SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >KAV50 "c:\program\kaspersky lab\kaspersky anti-virus personal pro 5\kav.exe"
> >> > >> >-run -n personalpro -v 5.0.0.0 All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >Media Gateway c:\program files\media gateway\mediagateway.exe All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >NeroCheck c:\windows\system32\nerocheck.exe All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe NT
> >> > >> >INSTANS\SYSTEM Autostart
> >> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe .DEFAULT Autostart
> >> > >> >Power2GoExpress DITT-D04A620689\Galina
> >> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >QuickTime Task "c:\program\quicktime\qttask.exe" -atboottime All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >Recguard c:\windows\sminst\recguard.exe All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >SiS Windows KeyHook c:\windows\system32\keyhook.exe All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >SiSUSBRG c:\windows\sisusbrg.exe All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >SoundMan soundman.exe All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >SunJavaUpdateSched c:\program\java\jre1.5.0_04\bin\jusched.exe All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >ctfmon.exe c:\windows\system32\ctfmon.exe DITT-D04A620689\Galina
> >> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >desktop desktop.ini NT INSTANS\SYSTEM Autostart
> >> > >> >desktop desktop.ini DITT-D04A620689\Galina Thulin Autostart
> >> > >> >desktop desktop.ini .DEFAULT Autostart
> >> > >> >desktop desktop.ini All Users Gemensam autostart
> >> > >> >desktop(2) desktop(2).ini NT INSTANS\SYSTEM Autostart
> >> > >> >desktop(2) desktop(2).ini .DEFAULT Autostart
> >> > >> >eelr9ch4 c:\windows\system32\eelr9ch4.exe All
> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >> > >> >
> >> > >> >
> >> > >> >
> >> > >> >"Alan Edwards" wrote:
> >> > >> >
> >> > >> >> Autostart is unlikely to be empty.
> >> > >> >> Check in Msconfig for any oddities.
> >> > >> >> (Start-Run-MSCONFIG-Startup tab)
> >> > >> >> If you cannot see anything in Msconfig then:
> >> > >> >>
> >> > >> >> Start-Run-msinfo32
> >> > >> >> Click the + beside Software Environment to expand.
> >> > >> >> Click Startup Programs
> >> > >> >> Ctrl+A to Select All, Ctrl+C to Copy.
> >> > >> >> Paste that information in your message.
> >> > >> >>
> >> > >> >> ....Alan
> >> > >> >> --
> >> > >> >> Alan Edwards, MS MVP Windows - Internet Explorer
> >> > >> >> http://dts-l.org/index.html
> >> > >> >>
> >> > >> >> On Wed, 7 Sep 2005 03:35:03 -0700, Strela
> >> > >> >> <Strela(a)discussions.microsoft.com> wrote:
> >> > >> >>
> >> > >> >> >Hello!
> >> > >> >> >Each time when I log in I get opened C:\Program as Autostart. But in reality
> >> > >> >> >Autostart is empty. It started to appear for two weeks ago and I cannot
> >> > >> >> >change it back. I checked everything.
> >> > >> >> >Help!
> >> > >> >>
> >> > >>
> >> >
>