Autostart [Windows XP]

Prev: Setting a DOS variable
Next: Component Services Error 8008005

From: Alan Edwards on 11 Sep 2005 08:10

I am afraid you don't supply enough information for me to give an
opinion.
I suggest you look up the virus (or whatever it is) in Kapersky's
support site and see what steps you need to take to remove it.
Have a look at these thousands of hits on Google:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2005-15,GGLD:en&q=optimize%2Eexe

....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html

On Sun, 11 Sep 2005 04:51:05 -0700, Strela
<Strela(a)discussions.microsoft.com> wrote:

>Hello, Alan!
>Thanks, I will research it.
>I have another problem. My Anti-Virus Kaspersky places file ýoptimize.exeý
>in Back up and notices that it is infected. I erase it buy it comes back.
>Want shall I do?
>Best regards.
>
>
>"Alan Edwards" wrote:
>
>> I don't know which one is the best for MediaGateway, I am afraid.
>> I have only tried Ad-Aware, Spybot and the MS Antispyware.
>> All are painless.
>> I keep MS Antispyware running but I may check with Ad-Aware and Spybot
>> once or twice a year, though I may have different security as I never
>> find anything.
>>
>> ....Alan
>> --
>> Alan Edwards, MS MVP Windows - Internet Explorer
>> http://dts-l.org/index.html
>>
>> On Fri, 9 Sep 2005 11:48:23 -0700, Strela
>> <Strela(a)discussions.microsoft.com> wrote:
>>
>> >The problem is back!
>> >
>> >"Strela" wrote:
>> >
>> >> Hello, Allan!
>> >> Tone in your messages was so calm that I did not realize that I had a bigger
>> >> problem with my computer as I thought. I did everything as you suggested me
>> >> to do and today when I started my computer the Program Star up did not
>> >> appear. Everything was as it before.
>> >> I have to thank you for professional help. I would destroy my computer
>> >> otherwise.
>> >>
>> >> But now when I know that my computer has a ýspyý and after reading those
>> >> links you send me to, I want to get rid of Media Gateway. Actually I heard
>> >> about Gateway before but I did not pay attention then and completely forgot
>> >> about it afterwards.
>> >>
>> >> It is strange that I have got it because I have Kaspersky Anti-Virus program
>> >> and Microsoft Firewall and I thoght that I should be warned about the
>> >> ýintrusioný. But obviously did not.
>> >>
>> >> Now, will you, please, help me to get rid of it? There are a lot of
>> >> different tools for this and I need an advice, which is the best and most
>> >> ýpainfulý one of them. What would you do?
>> >>
>> >> Best regards.
>> >>
>> >>
>> >>
>> >> "Alan Edwards" wrote:
>> >>
>> >> > No, it is not the same. Msinfo32 does not show quotation marks that
>> >> > may need to be there in this case.
>> >> > Do NOT delete it if you want MediaGateway, though you may not want
>> >> > such adware.
>> >> >
>> >> > Right-click Media Gateway in the right-hand pane of Regedit, select
>> >> > Modify and add quotation marks before and after the value so it looks
>> >> > like:
>> >> > "c:\program files\media gateway\mediagateway.exe"
>> >> >
>> >> > Do NOTHING with MediaGateway.exe in C:\Program Files unless you
>> >> > decide to delete the reference in Regedit first.
>> >> >
>> >> > Read a few of these first and decide if you want this questionable
>> >> > application.
>> >> > http://www.google.com/search?hl=en&q=mediagateway+adware&btnG=Google+Search
>> >> >
>> >> > ....Alan
>> >> > --
>> >> > Alan Edwards, MS MVP Windows - Internet Explorer
>> >> > http://dts-l.org/index.html
>> >> >
>> >> >
>> >> > On Thu, 8 Sep 2005 06:02:02 -0700, Strela
>> >> > <Strela(a)discussions.microsoft.com> wrote:
>> >> >
>> >> > >Hello, Alan!
>> >> > >I found MediaGateway according to your description:
>> >> > >(HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
>> >> > >It looks exactly as you wrote (Media Gateway "c:\program files\media
>> >> > >gateway\mediagateway.exe").
>> >> > >You suggested to altering it. How? Shall I delete it?
>> >> > >I also Found MediaGateway and MediaGateway(2) in My computer/C:\Program
>> >> > >Files" folder. What shall I do with them?
>> >> > >Best regards.
>> >> > >
>> >> > >
>> >> > >"Alan Edwards" wrote:
>> >> > >
>> >> > >> I noticed you have a "C\Program" folder as well as a C:\Program Files"
>> >> > >> folder. That used to cause conflicts in Win9x and perhaps it still can
>> >> > >> in XP?
>> >> > >> There used to be a site explaining it all.
>> >> > >> "program folder opening at Startup" problem
>> >> > >> http://pages.infinit.net/mrobich/program_folder.html
>> >> > >> That is no longer available and I really don't recall the details of
>> >> > >> the solution.
>> >> > >>
>> >> > >> I cannot see anything obvious in your list and if no one else can,
>> >> > >> then selectively disable items and reboot until you find the problem
>> >> > >> and then report back.
>> >> > >>
>> >> > >> You might try altering this one:
>> >> > >> Media Gateway c:\program files\media gateway\mediagateway.exe
>> >> > >> so it looks like this:
>> >> > >> Media Gateway "c:\program files\media gateway\mediagateway.exe"
>> >> > >> You will find it using Regedit (Start-Run-Regedit) under the key:
>> >> > >> HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >>
>> >> > >> ....Alan
>> >> > >> --
>> >> > >> Alan Edwards, MS MVP Windows - Internet Explorer
>> >> > >> http://dts-l.org/index.html
>> >> > >>
>> >> > >>
>> >> > >> On Wed, 7 Sep 2005 05:27:36 -0700, Strela
>> >> > >> <Strela(a)discussions.microsoft.com> wrote:
>> >> > >>
>> >> > >> >Hello, Alan!
>> >> > >> >Here is the information you asked me about.
>> >> > >> >I hope that it can help to find the problem.
>> >> > >> >Best regards.
>> >> > >> >
>> >> > >> > c:\windows\options\oemreset.exe /audit All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >CPRun c:\philips\cprun.exe connected planet.exe NT INSTANS\SYSTEM Autostart
>> >> > >> >CPRun c:\philips\cprun.exe connected planet.exe .DEFAULT Autostart
>> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT
>> >> > >> >INSTANS\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\LOKAL
>> >> > >> >TJýNST HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\NETWORK
>> >> > >> >SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >KAV50 "c:\program\kaspersky lab\kaspersky anti-virus personal pro 5\kav.exe"
>> >> > >> >-run -n personalpro -v 5.0.0.0 All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >Media Gateway c:\program files\media gateway\mediagateway.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >NeroCheck c:\windows\system32\nerocheck.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe NT
>> >> > >> >INSTANS\SYSTEM Autostart
>> >> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe .DEFAULT Autostart
>> >> > >> >Power2GoExpress DITT-D04A620689\Galina
>> >> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >QuickTime Task "c:\program\quicktime\qttask.exe" -atboottime All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >Recguard c:\windows\sminst\recguard.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >SiS Windows KeyHook c:\windows\system32\keyhook.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >SiSUSBRG c:\windows\sisusbrg.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >SoundMan soundman.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >SunJavaUpdateSched c:\program\java\jre1.5.0_04\bin\jusched.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >ctfmon.exe c:\windows\system32\ctfmon.exe DITT-D04A620689\Galina
>> >> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >desktop desktop.ini NT INSTANS\SYSTEM Autostart
>> >> > >> >desktop desktop.ini DITT-D04A620689\Galina Thulin Autostart
>> >> > >> >desktop desktop.ini .DEFAULT Autostart
>> >> > >> >desktop desktop.ini All Users Gemensam autostart
>> >> > >> >desktop(2) desktop(2).ini NT INSTANS\SYSTEM Autostart
>> >> > >> >desktop(2) desktop(2).ini .DEFAULT Autostart
>> >> > >> >eelr9ch4 c:\windows\system32\eelr9ch4.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >
>> >> > >> >
>> >> > >> >
>> >> > >> >"Alan Edwards" wrote:
>> >> > >> >
>> >> > >> >> Autostart is unlikely to be empty.
>> >> > >> >> Check in Msconfig for any oddities.
>> >> > >> >> (Start-Run-MSCONFIG-Startup tab)
>> >> > >> >> If you cannot see anything in Msconfig then:
>> >> > >> >>
>> >> > >> >> Start-Run-msinfo32
>> >> > >> >> Click the + beside Software Environment to expand.
>> >> > >> >> Click Startup Programs
>> >> > >> >> Ctrl+A to Select All, Ctrl+C to Copy.
>> >> > >> >> Paste that information in your message.
>> >> > >> >>
>> >> > >> >> ....Alan
>> >> > >> >> --
>> >> > >> >> Alan Edwards, MS MVP Windows - Internet Explorer
>> >> > >> >> http://dts-l.org/index.html
>> >> > >> >>
>> >> > >> >> On Wed, 7 Sep 2005 03:35:03 -0700, Strela
>> >> > >> >> <Strela(a)discussions.microsoft.com> wrote:
>> >> > >> >>
>> >> > >> >> >Hello!
>> >> > >> >> >Each time when I log in I get opened C:\Program as Autostart. But in reality
>> >> > >> >> >Autostart is empty. It started to appear for two weeks ago and I cannot
>> >> > >> >> >change it back. I checked everything.
>> >> > >> >> >Help!
>> >> > >> >>
>> >> > >>
>> >> >
>>

From: vk on 12 Sep 2005 02:08

you can open regedit,find this:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Delete have no use for autostart Applications.
But,I recommend "Security expert" with you.
use "Security expert" wills make you very convenient completion these
works.

Website: http://securityexpert.cnns.net
Download try out it:
http://securityexpert.cnns.net/download/securityexpert.exe

From: Strela on 13 Sep 2005 17:34

Hello, Alan!
My report (almost everything I did):
- I did adjustments in Regedit Nothing changed
- I run MS Config CleanUp Nothing changed
- I run Folder program repair Swedish, which is created to make a register
for system files or program files to prevent them from coming up with the
start - Nothing changing.
- I made hard disk cleaning Nothing changed
- I defragmented hard disk Nothing changed
- I did run Blaster program Nothing changed
- I erased all programs which I downloaded from www (Drawing for children,
DC++ - music, Real Arcade, etc) Nothing changed.
- I contacted Kaspersky Lab to get help with this irritating
Optimizer.exe. They advised me to search for answer on their www. There
were no.
- I used Ad-Aware (Lavasoft, Sweden). It recognized 44 objects among which
there were malware, data miner etc. I have 24 pages with the description of
them.
I restarted my computer and it was normal. Media Gateway was gone from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I thought
that it was over. Few hours late I restarted my computer again, it was
normal. Then I checked Kaspersky Back up there it was, optimizer.exe. I
did run Ad-Aware scan again and it found now 47 objects, optimazer.exe was
still there.
- I did run Kaspersky spetial treat clrav.com too.
- Media Gateway is still on the Software:
HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway,
and it is still on the root:
HKEY_CLASSES_ROOT\MediaGatewayX.Installer\CLSID

May I delete it from those keys now?

I hope that start up problem is solved now, thanks to you! This
optimizer-problem I will try to solve too. You are really a very good
consulter. Thank you very much.
Best regards

I hope that start up problem is solved

From: Alan Edwards on 13 Sep 2005 19:11

When you say "delete it from those keys", I hope you really mean
"delete those keys".
Yes you can delete the keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway
HKEY_CLASSES_ROOT\MediaGatewayX.Installer\CLSID

....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html

On Tue, 13 Sep 2005 14:34:34 -0700, Strela
<Strela(a)discussions.microsoft.com> wrote:

>Hello, Alan!
>My report (almost everything I did):
>- I did adjustments in Regedit ý Nothing changed
>- I run MS Config CleanUp ý Nothing changed
>- I run Folder program repair ý Swedish, which is created to make a register
>for system files or program files to prevent them from coming up with the
>start - Nothing changing.
>- I made hard disk cleaning ý Nothing changed
>- I defragmented hard disk ý Nothing changed
>- I did run Blaster program ý Nothing changed
>- I erased all programs which I downloaded from www (Drawing for children,
>DC++ - music, Real Arcade, etc) ý Nothing changed.
>- I contacted Kaspersky Lab to get help with this irritating
>ýOptimizer.exeý. They advised me to search for answer on their www. There
>were no.
>- I used Ad-Aware (Lavasoft, Sweden). It recognized 44 objects among which
>there were malware, data miner etc. I have 24 pages with the description of
>them.
>I restarted my computer and it was normal. Media Gateway was gone from
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I thought
>that it was over. Few hours late I restarted my computer again, it was
>normal. Then I checked Kaspersky Back up ý there it was, ýoptimizer.exeý. I
>did run Ad-Aware scan again and it found now 47 objects, ýoptimazer.exeý was
>still there.
>- I did run Kaspersky spetial treat ýclrav.comý too.
>- Media Gateway is still on the Software:
>HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway,
>and it is still on the root:
>HKEY_CLASSES_ROOT\MediaGatewayX.Installer\CLSID
>
>May I delete it from those keys now?
>
>I hope that start up problem is solved now, thanks to you! This
>optimizer-problem I will try to solve too. You are really a very good
>consulter. Thank you very much.
>Best regards
>
>I hope that start up problem is solved

First | Prev |
Pages: 1 2 3
Prev: Setting a DOS variable
Next: Component Services Error 8008005