I’m connected to a workstation remotely via LogMeIn to do some cleanup work. I download and run SuperAntiSypware (SAS). It reports that it finds two issues:
Security.HiJack[ImageFileExecutionOptions]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger
Searching the Internet suggests that these are false positives. But why? Finally I find the answer on the Experts-Exchange website: SAS will only flag these two registry keys when LogMeIn is running!
So, if you are running SAS via a LogMeIn session, and it flags these two registry keys, you can safely uncheck them.