As it turns out, I have a number of trojan horses etc in my computer. I will list the problems first, and then all the steps I have taken (as per your website's instructions). My operating system is Windows XP Pro with Service Pack 2.
The problems:
1) almost every program I use will lock up (even ones such as MS Excel & Word), and I have to use "control-alt-delete" to close them - it says program "not responding"
2) opening any program or doing any operation takes very long as often the CPU usage goes to and stays at 100%
3) most of the time I cannot connect to the internet, & when I double-click on the little 2-computer icon (at the bottom right of the screen), I get the message to check my connection/cables. Periodically, it will come online. To sent this to you, I am using my wife's computer.
4) my desktop has been taken over by a blank red screen, with a flashing box in the middle stating I should buy their anti-infection software (there is a link titled "RazeSpyware"). My program icons on the left are still there, and they do work, but very slowly. Also, I cannot right click on the desktop - nothing happens, I cannot get to its properties.
5) Sygate found 2 problem files in Windows\system32 (wvwkl.exe and pcqjf.exe) but I cannot open system32 in Windows Explorer, it just goes blank (even though I am the administrator.
6) In Regcleaner, there are always 2 entries listed as "new", even though I remove them each time. They are "Soundfont" and "Sygate Using Netport"
7) In C:\Program Files there is a folder called "xerox", which I did not install. It has a subfolder, "nwwia" which I cannot delete because it is always "in use". I used "control-alt-delete" to end the process, but I cannot get back to the file to delete it before it is running again.
The steps I have taken thus far:
1) I have run AVG, AdAware, Spybot many times. Most often they freeze while in system32, & occasionally a SYSTEM SHUTDOWN message from NT Authority System will appear, & the computer will shut down.
2) I went to your website & followed as many steps as I could:
3) I did Cleanup
4) tried AdAware - the computer shut down, even in Safe Mode, but, on the 4th try, it did make it through
5) did CWShredder
6) did Spybot, which stated that there was a problem in the "include file C:\Program Files\Spybot_Search_Destroy\Includes\Hijackers.sbi
7) did Ewido (but I couldn't update it as it is past the 30-day trial period)
8) cannot do Trend online scan as I cannot connect - wait - it just came on.
ran the Trend scan, it got quite a few, but couldn't get "TSPY_AGENT.TQ"
9) did AVG
10) did Trojan Hunter
11) rebooted - the internet connection is once again gone (an X over the icon)
- the desktop popup for RazeSpyware is gone, but the desktop is still blank (no picture) and I cannot access the properties
- with no applications open, the CPU usage still fluctuates between 2% and 100%
HERE ARE THE SCAN LOGS:
Logfile of HijackThis v1.99.1
Scan saved at 1:31:27 AM, on 7/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HiJack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy.vc.shawcable.net:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9ECF2E-A6CE-4AE1-9330-995C734EEBEA}: NameServer = 85.255.116.36,85.255.112.75
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.36 85.255.112.75
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.36 85.255.112.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.36 85.255.112.75
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:08:57 PM, 7/20/2006
+ Report-Checksum: 931D55A7
+ Scan result:
C:\WINDOWS\system32\csolz.exe -> Downloader.Agent.uj : Cleaned with backup
C:\WINDOWS\system32\dmflm.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\dmpum.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\rgvaz.exe -> Trojan.DNSChanger.ef : Cleaned with backup
C:\WINDOWS\system32\tfavr.exe -> Trojan.DNSChanger.ef : Cleaned with backup
C:\WINDOWS\system32\{F6FB892C-17B2-4F32-A2C1-0D6B9C5135F0}.exe -> Adware.Raze : Cleaned with backup
::Report End
THESE ARE THE 2 NEW ITEMS FOUND BY REGCLEANER:
RegCleaner 4.3 by Jouni Vuorio
Author : SoundFont
Software : Files
Age : New
If you choose to remove this item these keys would be removed
HKEY_LOCAL_MACHINE\Software\SoundFont\Files\0
HKEY_LOCAL_MACHINE\Software\SoundFont\Files
HKEY_CLASSES_ROOT\.ops
HKEY_CLASSES_ROOT\Access.Application.9\shell\open\command
HKEY_CLASSES_ROOT\Access.BlankDatabaseTemplate.9\shell\open\command
HKEY_CLASSES_ROOT\Access.BlankProjectTemplate.9\shell\open\command
HKEY_CLASSES_ROOT\Access.DatabaseWizardTemplate.9\shell\open\command
HKEY_CLASSES_ROOT\Access.Shortcut.DataAccessPage.1\shell\open\command
HKEY_CLASSES_ROOT\Access.Shortcut.Diagram.1\shell\open\command
HKEY_CLASSES_ROOT\Access.Shortcut.Form.1\shell\open\command
HKEY_CLASSES_ROOT\Access.Shortcut.Macro.1\shell\open\command
HKEY_CLASSES_ROOT\Access.Shortcut.Module.1\shell\open\command
HKEY_CLASSES_ROOT\Access.Shortcut.Report.1\shell\open\command
HKEY_CLASSES_ROOT\Access.Shortcut.StoredProcedure.1\shell\open\command
HKEY_CLASSES_ROOT\Access.Shortcut.View.1\shell\open\command
HKEY_CLASSES_ROOT\Access.WizardDataFile.9\shell\open\command
HKEY_CLASSES_ROOT\Access.Workgroup.9\shell\open\command
HKEY_CLASSES_ROOT\accesshtmlfile\shell\open\command
HKEY_CLASSES_ROOT\accessthmltemplate\shell\open\command
HKEY_CLASSES_ROOT\acrobat\shell\open\command
HKEY_CLASSES_ROOT\AcroExch.Document\shell\open\command
HKEY_CLASSES_ROOT\AcroExch.Document.7\shell\open\command
HKEY_CLASSES_ROOT\AcroExch.FDFDoc\shell\open\command
HKEY_CLASSES_ROOT\AcroExch.XDPDoc\shell\open\command
HKEY_CLASSES_ROOT\AcroExch.XFDFDoc\shell\open\command
HKEY_CLASSES_ROOT\AIFFFile\shell\open\command
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_CLASSES_ROOT\ASFFile\shell\open\command
HKEY_CLASSES_ROOT\ASXFile\shell\open\command
HKEY_CLASSES_ROOT\AUFile\shell\open\command
HKEY_CLASSES_ROOT\AVIFile\shell\open\command
HKEY_CLASSES_ROOT\CakewalkBundleFile\shell\open\command
HKEY_CLASSES_ROOT\CakewalkProjectFile\shell\open\command
HKEY_CLASSES_ROOT\CakewalkTemplateFile\shell\open\command
HKEY_CLASSES_ROOT\cdafile\shell\open\command
HKEY_CLASSES_ROOT\certificate_wab_auto_file\shell\open\command
HKEY_CLASSES_ROOT\daap\shell\open\command
HKEY_CLASSES_ROOT\dqyfile
HKEY_CLASSES_ROOT\EBXTransfer\shell\open\command
HKEY_CLASSES_ROOT\EDNActivation\shell\open\command
HKEY_CLASSES_ROOT\Excel.Addin\shell\open\command
HKEY_CLASSES_ROOT\Excel.Backup\shell\open\command
HKEY_CLASSES_ROOT\Excel.Chart.8\shell\open\command
HKEY_CLASSES_ROOT\Excel.CSV\shell\open\command
HKEY_CLASSES_ROOT\Excel.DIF\shell\open\command
HKEY_CLASSES_ROOT\Excel.Macrosheet\shell\open\command
HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\open\command
HKEY_CLASSES_ROOT\Excel.SLK\shell\open\command
HKEY_CLASSES_ROOT\Excel.Template\shell\open\command
HKEY_CLASSES_ROOT\Excel.Workspace\shell\open\command
HKEY_CLASSES_ROOT\Excel.XLL\shell\open\command
HKEY_CLASSES_ROOT\Excelhtmlfile\shell\open\command
HKEY_CLASSES_ROOT\Excelhtmltemplate\shell\open\command
HKEY_CLASSES_ROOT\FILEMGMT.FileSvcMgmtAboutObject.1
HKEY_CLASSES_ROOT\FILEMGMT.FileSvcMgmtExtObject.1
HKEY_CLASSES_ROOT\FILEMGMT.FileSvcMgmtObject.1
HKEY_CLASSES_ROOT\fphtmlfile\shell\open\command
HKEY_CLASSES_ROOT\giffile\shell\open\command
HKEY_CLASSES_ROOT\Google Earth.etafile\shell\open\command
HKEY_CLASSES_ROOT\Google Earth.kmlfile\shell\open\command
HKEY_CLASSES_ROOT\Google Earth.kmzfile\shell\open\command
HKEY_CLASSES_ROOT\gopher\shell\open\command
HKEY_CLASSES_ROOT\GraphicsLink.File\shell\open\command
HKEY_CLASSES_ROOT\htfile\shell\open\command
HKEY_CLASSES_ROOT\htmlfile\shell\open\command
HKEY_CLASSES_ROOT\HTTP\shell\open\command
HKEY_CLASSES_ROOT\https\shell\open\command
HKEY_CLASSES_ROOT\ifofile\shell\open\command
HKEY_CLASSES_ROOT\itms\shell\open\command
HKEY_CLASSES_ROOT\itmss\shell\open\command
HKEY_CLASSES_ROOT\itpc\shell\open\command
HKEY_CLASSES_ROOT\ITS FILE\shell\open\command
HKEY_CLASSES_ROOT\iTunes.aa\shell\open\command
HKEY_CLASSES_ROOT\iTunes.aif\shell\open\command
HKEY_CLASSES_ROOT\iTunes.aifc\shell\open\command
HKEY_CLASSES_ROOT\iTunes.aiff\shell\open\command
HKEY_CLASSES_ROOT\iTunes.cda\shell\open\command
HKEY_CLASSES_ROOT\iTunes.cdda\shell\open\command
HKEY_CLASSES_ROOT\iTunes.itl\shell\open\command
HKEY_CLASSES_ROOT\iTunes.itpc\shell\open\command
HKEY_CLASSES_ROOT\iTunes.m3u\shell\open\command
HKEY_CLASSES_ROOT\iTunes.m4a\shell\open\command
HKEY_CLASSES_ROOT\iTunes.m4b\shell\open\command
HKEY_CLASSES_ROOT\iTunes.m4p\shell\open\command
HKEY_CLASSES_ROOT\iTunes.m4v\shell\open\command
HKEY_CLASSES_ROOT\iTunes.mov\shell\open\command
HKEY_CLASSES_ROOT\iTunes.mp2\shell\open\command
HKEY_CLASSES_ROOT\iTunes.mp3\shell\open\command
HKEY_CLASSES_ROOT\iTunes.mpeg\shell\open\command
HKEY_CLASSES_ROOT\iTunes.mpg\shell\open\command
HKEY_CLASSES_ROOT\iTunes.pcast\shell\open\command
HKEY_CLASSES_ROOT\iTunes.pls\shell\open\command
HKEY_CLASSES_ROOT\iTunes.rmp\shell\open\command
HKEY_CLASSES_ROOT\iTunes.wav\shell\open\command
HKEY_CLASSES_ROOT\iTunes.wave\shell\open\command
HKEY_CLASSES_ROOT\jarfile\shell\open\command
HKEY_CLASSES_ROOT\JNLPFile\shell\open\command
HKEY_CLASSES_ROOT\jntfile\shell\open\command
HKEY_CLASSES_ROOT\jpegfile\shell\open\command
HKEY_CLASSES_ROOT\jtpfile\shell\open\command
HKEY_CLASSES_ROOT\klrun\shell\open\command
HKEY_CLASSES_ROOT\LDAP\shell\open\command
HKEY_CLASSES_ROOT\m3ufile\shell\open\command
HKEY_CLASSES_ROOT\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command
HKEY_CLASSES_ROOT\magnet\shell\open\command
HKEY_CLASSES_ROOT\mailto\shell\open\command
HKEY_CLASSES_ROOT\MediaPackageFile\shell\open\command
HKEY_CLASSES_ROOT\mhtmlfile\shell\open\command
HKEY_CLASSES_ROOT\MIDFile\shell\open\command
HKEY_CLASSES_ROOT\MMST\shell\open\command
HKEY_CLASSES_ROOT\MMSU\shell\open\command
HKEY_CLASSES_ROOT\mp3file\shell\open\command
HKEY_CLASSES_ROOT\mpegfile\shell\open\command
HKEY_CLASSES_ROOT\MS-ITSS FILE\shell\open\command
HKEY_CLASSES_ROOT\MSBD\shell\open\command
HKEY_CLASSES_ROOT\MSFSStore
HKEY_CLASSES_ROOT\msgfile\shell\open\command
HKEY_CLASSES_ROOT\MSInfo.Document\shell\open\command
HKEY_CLASSES_ROOT\NBBACKUPType\shell\open\command
HKEY_CLASSES_ROOT\NBCOMPRESSType\shell\open\command
HKEY_CLASSES_ROOT\NBJOBType\shell\open\command
HKEY_CLASSES_ROOT\Nero Cover Designer.Document\shell\open\command
HKEY_CLASSES_ROOT\Nero Cover Designer.Template\shell\open\command
HKEY_CLASSES_ROOT\Nero.NeroFileSystemDescContainer
HKEY_CLASSES_ROOT\Nero.NeroFileSystemDescContainer.1
HKEY_CLASSES_ROOT\Nero.NeroFileSystemTrackOptions
HKEY_CLASSES_ROOT\Nero.NeroFileSystemTrackOptions.1
HKEY_CLASSES_ROOT\NeroCDCoverType\shell\open\command
HKEY_CLASSES_ROOT\NeroSuperVideoType\shell\open\command
HKEY_CLASSES_ROOT\news\shell\open\command
HKEY_CLASSES_ROOT\nntp\shell\open\command
HKEY_CLASSES_ROOT\Office.ProfileSettings.10\shell\open\command
HKEY_CLASSES_ROOT\Office.ProfileSettings.10
HKEY_CLASSES_ROOT\ossfile\shell\open\command
HKEY_CLASSES_ROOT\Outlook.NavigatorBarFile\shell\open\command
HKEY_CLASSES_ROOT\Outlook.Template\shell\open\command
HKEY_CLASSES_ROOT\pcast\shell\open\command
HKEY_CLASSES_ROOT\PCDfile\shell\open\command
HKEY_CLASSES_ROOT\pcxfile\shell\open\command
HKEY_CLASSES_ROOT\PDVDmpgfile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.ActionsFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.ArbitraryMapFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.ASVColAdjFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.AXTAdjColFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.BrushesFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.CHAFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.ColorTableFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.CurvesFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.CustomFilterKernel\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.DuotoneSettingsFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.FileInfo\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.Gradients\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.HalftoneScreens\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.HueSatFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.Image.5\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.LevelsFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.MonitorSetupFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.PlugIn\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.PreferencesFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.PrintingInksFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.SepTablesFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.SwatchesFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.TransferFunctionsFile\shell\open\command
HKEY_CLASSES_ROOT\Photoshop.VariationsFile\shell\open\command
HKEY_CLASSES_ROOT\plsfile\shell\open\command
HKEY_CLASSES_ROOT\pngfile\shell\open\command
HKEY_CLASSES_ROOT\PowerPoint.Addin.8\shell\open\command
HKEY_CLASSES_ROOT\PowerPoint.Show.8\shell\open\command
HKEY_CLASSES_ROOT\PowerPoint.SlideShow.8\shell\open\command
HKEY_CLASSES_ROOT\PowerPoint.Template.8\shell\open\command
HKEY_CLASSES_ROOT\PowerPoint.Wizard.8\shell\open\command
HKEY_CLASSES_ROOT\powerpointhtmlfile\shell\open\command
HKEY_CLASSES_ROOT\powerpointhtmltemplate\shell\open\command
HKEY_CLASSES_ROOT\pszfile\shell\open\command
HKEY_CLASSES_ROOT\Publisher.Document.10\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.aac\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.adts\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.aif\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.aifc\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.aiff\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.caf\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.cdda\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.dif\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.dv\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.mac\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.mov\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.mp4\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.mqv\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.pct\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.pic\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.pict\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.pnt\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.pntg\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.qht\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.qhtm\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.qt\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.qti\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.qtif\shell\open\command
HKEY_CLASSES_ROOT\QuickTime.qtl\shell\open\command
HKEY_CLASSES_ROOT\Reason.rns\shell\open\command
HKEY_CLASSES_ROOT\Reason.rps\shell\open\command
HKEY_CLASSES_ROOT\Reason.rsb\shell\open\command
HKEY_CLASSES_ROOT\ROTSPrefs\shell\open\command
HKEY_CLASSES_ROOT\ROTSSavedGame\shell\open\command
HKEY_CLASSES_ROOT\rqyfile
HKEY_CLASSES_ROOT\rtffile\shell\open\command
HKEY_CLASSES_ROOT\SAFRCFileDlg.FileSave
HKEY_CLASSES_ROOT\SAFRCFileDlg.FileSave.1
HKEY_CLASSES_ROOT\SAPI.SpFileStream
HKEY_CLASSES_ROOT\SAPI.SpFileStream.1
HKEY_CLASSES_ROOT\Scripting.FileSystemObject
HKEY_CLASSES_ROOT\Shell.ThumbnailExtract.Docfile.1
HKEY_CLASSES_ROOT\sig2dat\shell\open\command
HKEY_CLASSES_ROOT\snews\shell\open\command
HKEY_CLASSES_ROOT\SoundRec\shell\open\command
HKEY_CLASSES_ROOT\SpybotSD.DisabledFile\shell\open\command
HKEY_CLASSES_ROOT\SpybotSD.SBEFile\shell\open\command
HKEY_CLASSES_ROOT\SpybotSD.SBIFile\shell\open\command
HKEY_CLASSES_ROOT\SpybotSD.SBSFile\shell\open\command
HKEY_CLASSES_ROOT\SpybotSD.TInfoFile\shell\open\command
HKEY_CLASSES_ROOT\SpybotSD.UTIFile\shell\open\command
HKEY_CLASSES_ROOT\SpybotSD.UTSFile\shell\open\command
HKEY_CLASSES_ROOT\T126_Whiteboard\shell\open\command
HKEY_CLASSES_ROOT\urn:content-classes:filestartaddress
HKEY_CLASSES_ROOT\vcard_wab_auto_file\shell\open\command
HKEY_CLASSES_ROOT\vobfile\shell\open\command
HKEY_CLASSES_ROOT\wab_auto_file\shell\open\command
HKEY_CLASSES_ROOT\WAXFile\shell\open\command
HKEY_CLASSES_ROOT\Whiteboard\shell\open\command
HKEY_CLASSES_ROOT\Windows.Movie.Maker\shell\open\command
HKEY_CLASSES_ROOT\WinRAR\shell\open\command
HKEY_CLASSES_ROOT\WinRAR.REV\shell\open\command
HKEY_CLASSES_ROOT\WinRAR.ZIP\shell\open\command
HKEY_CLASSES_ROOT\wmafile\shell\open\command
HKEY_CLASSES_ROOT\WMDFile\shell\open\command
HKEY_CLASSES_ROOT\WMP.DVR-MSFile\shell\open\command
HKEY_CLASSES_ROOT\WMSFile\shell\open\command
HKEY_CLASSES_ROOT\WMVFile\shell\open\command
HKEY_CLASSES_ROOT\WMZFile\shell\open\command
HKEY_CLASSES_ROOT\Word.Backup.8\shell\open\command
HKEY_CLASSES_ROOT\Word.Document.8\shell\open\command
HKEY_CLASSES_ROOT\Word.RTF.8\shell\open\command
HKEY_CLASSES_ROOT\Word.Template.8\shell\open\command
HKEY_CLASSES_ROOT\wordhtmlfile\shell\open\command
HKEY_CLASSES_ROOT\wordhtmltemplate\shell\open\command
HKEY_CLASSES_ROOT\Wordpad.Document.1\shell\open\command
HKEY_CLASSES_ROOT\WPLFile\shell\open\command
HKEY_CLASSES_ROOT\wrifile\shell\open\command
HKEY_CLASSES_ROOT\WVXFile\shell\open\command
HKEY_CLASSES_ROOT\x-internet-signup\shell\open\command
HKEY_CLASSES_ROOT\xbmfile\shell\open\command
HKEY_CLASSES_ROOT\xmlfile\shell\open\command
HKEY_CLASSES_ROOT\xnkfile\shell\open\command
HKEY_CLASSES_ROOT\xslfile\shell\open\command
HKEY_CLASSES_ROOT\Software\Sygate\UsingNetport
RegCleaner 4.3 by Jouni Vuorio
Author : Sygate
Software : UsingNetport
Age : New
If you choose to remove this item this key would be removed
HKEY_CLASSES_ROOT\Software\Sygate\UsingNetport
I hope this is enough information - and THANK YOU FOR YOUR HELP!