Jump to content
CCleaner Community Forums

Recommended Posts

Hi Steve,

 

Excuse the delay, Ive just got back from work so have abit of catching up to do :)

 

Your best leaving the file is system32 for now until we can get some scanners run on your system to see what the infection is, you can get a list of the Image File Execution Options key if needed by going to start > run > then copy and paste

 

cmd /c reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s>%systemdrive%\Result.txt && notepad %systemdrive%\Result.txt

 

Press OK and it will export the key details to a text file named Result.txt then open it with notepad (it also saves to C:\Drive), the only entry that should show a debugger value is this example entry

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

Debugger REG_SZ ntsd -d

GlobalFlag REG_SZ 0x000010F0

 

I need to go back out for a while but I'll check on the HijackThis subforum for any updates when I get back and we can continue on there

 

Cheers

 

Andy

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...