TaskMgr, ProcExp, RegEdit fail to start

A couple of days ago, I got hit with Win32/WinWebSec (according to Windows Defender) from a website while using Firefox (not the latest version - my bad). I cleaned it off fairly quickly, but since then I noticed certain applications such as taskmgr, procexp, regedit and some others wouldn't load. I would double click on them, the loading hourglass would appear and then nothing. I could get them to work by renaming them from .exe to .com so I started Process Monitor and found that ntsd.exe was being started instead of the application. Looking through the registry, I found the "HKLM\Software\Microsoft\Windows NT\Current Version\Image File Execution Options" and that each application that would not load was listed as a sub-key. These applications each had a value that told windows to debug the program with ntsd.exe instead of running it (the value was: "Debugger: ntsd.exe -d"). Doing a little research online, I found that this is a way of debugging applications whose startup you don't have control of (services, etc). I found about 30 applications setup this way and I imagine that the malware inserted these values as a way to hinder users from removing it.

To clean this, I just deleted the application keys from under the "Image File Execution Options" key.

Just thought I would post this in case anyone else came across the same problem.