0

Hello
here is a problem that I look in the msconfig, I just type it in run command to look at the startup items. Meanwhile I find an entry that doesn't have any name, no command is there but the location is the same as the other programs have.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

what's that...?

And normally what kind of programs we allow in the startup. Means like Adobe put many entries in the startup we can remove these and like Quicktime and itunes helper etc etc.. and yes especially Bluetooth.
One more thing is very strange that I never install rocketDock on my laptop but I found an entry of it too at startup programs. and the location is
D:\Program files\RocketDock\RocketDock.exe

Please help
Thanks so much.

2
Contributors
3
Replies
4
Views
8 Years
Discussion Span
Last Post by Chaky
0

Please, clarify what do you mead by "entry that doesn't have any name"
Entries in "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" are all Dwords and all must have "names".
For example:
Dword name "QuickTime Task" (this part is mandatory)
Dword value "C:\Program Files\QuickTime\qttask.exe" -atboottime"

Which of two are you referring to?

In case you are referring to "(default)", then it is possible that you have some malware running.

Regarding RocketDocks, I suggest that you uninstall it ("add/remove programs" in control panel).

0

Please, clarify what do you mead by "entry that doesn't have any name"
Entries in "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" are all Dwords and all must have "names".
For example:
Dword name "QuickTime Task" (this part is mandatory)
Dword value "C:\Program Files\QuickTime\qttask.exe" -atboottime"

Which of two are you referring to?

In case you are referring to "(default)", then it is possible that you have some malware running.

Regarding RocketDocks, I suggest that you uninstall it ("add/remove programs" in control panel).

Yes I'm also worried about it. because it doesn't have any name I can select it and the checkbox also shown for it.but it show the last path that is for HKCU like which is for win current user. I have windows defender and Panda antivirus but they never figure out anything. whenever I opened the panda it shows me the hundreds of spyware detected and a virus. but it is all disinfected by it.

Moreover I never install rocket dock and it is not in the control panel too. Obviously I think when I never install it how it could be there. I have a utility which is called Tweak UI by power toys for windows xp and Iuse it only for removing the shortcut arrow, these looks bad to me that's why.

I'm grateful to you for your response.

0

I also used TweakUI and I never got any RocketDoc with it.

That registry entry is obviously a rootkit.
Rootkit=invisible entry used by malware and copy-protection software (securom, which DOESN'T plant any rootkits in "run" key). Invisible, meaning can't be selected, hence can't be removed via regedit. But, nevertheless, it is functional.

My best advice for you would be to use some kind of rootkit remover.
If you feel brave enough, run combofix (it also deals with rootkits) on your own responsibility, but I strongly suggest that you post a new thread in malware forum and post hijackthis log there.
There are allot of ppl with know-how that will help.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.