Jump to content
CCleaner Community Forums

Recommended Posts

Hi Steve,


Excuse the delay, Ive just got back from work so have abit of catching up to do :)


Your best leaving the file is system32 for now until we can get some scanners run on your system to see what the infection is, you can get a list of the Image File Execution Options key if needed by going to start > run > then copy and paste


cmd /c reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s>%systemdrive%\Result.txt && notepad %systemdrive%\Result.txt


Press OK and it will export the key details to a text file named Result.txt then open it with notepad (it also saves to C:\Drive), the only entry that should show a debugger value is this example entry


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

Debugger REG_SZ ntsd -d

GlobalFlag REG_SZ 0x000010F0


I need to go back out for a while but I'll check on the HijackThis subforum for any updates when I get back and we can continue on there





Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...