Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Autoruns
  New Posts New Posts RSS Feed - Image Hijacks - ntsd.exe - what is it?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Image Hijacks - ntsd.exe - what is it?

 Post Reply Post Reply
Author
Message
cookieJones View Drop Down
Newbie
Newbie


Joined: 17 March 2008
Location: United States
Status: Offline
Points: 23
Post Options Post Options   Thanks (0) Thanks(0)   Quote cookieJones Quote  Post ReplyReply Direct Link To This Post Topic: Image Hijacks - ntsd.exe - what is it?
    Posted: 18 June 2008 at 8:36am
I would like to understand this Image Hijacks entry:

Autorun Entry: "Your Image File Name Here without a path"
Description: "Symbolic debugger for Windows 2000"
Image path: c:\windows\system32\ntsd.exe

I think I've seen it before on other machines, but this is a fresh install of XP SP3, nothing but drivers installed so far.  My other XP machine (SP2) has no entries under Image Hijacks.  Both machines have Autoruns v9.14.

Is this a good guy or bad guy?




Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 June 2008 at 8:43am
Hi Cookie,
 
That particular entry is normal and expected, and [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path] has been a part of any Windows installation that I've seen.
 
Quote My other XP machine (SP2) has no entries under Image Hijacks.
I would expect that someone has deleted the mentioned key, then.
 
Quote   Both machines have Autoruns v9.14
FWIW, the current version is 9.21.
Daily affirmation:
net helpmsg 4006
Back to Top
cookieJones View Drop Down
Newbie
Newbie


Joined: 17 March 2008
Location: United States
Status: Offline
Points: 23
Post Options Post Options   Thanks (0) Thanks(0)   Quote cookieJones Quote  Post ReplyReply Direct Link To This Post Posted: 18 June 2008 at 8:55am
Thank you. 

p.s.  It's very possible I deleted the entry on the other machine a long time ago - hard to remember that far back.  Well at least it hasn't hurt anything - that I can tell, ... so far.
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 June 2008 at 9:27am
Quote Well at least it hasn't hurt anything - that I can tell, ... so far.
It probably won't, ever.  It seems to be just an "informative" or "instructional" entry that is not really used by anything.
Daily affirmation:
net helpmsg 4006
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down