My dear Wilders friends, it's been a while since I've asked a question like this but here goes.... Is there a way to tell what process is holding which registry keys? And if so how? A friend of mine had a serious malware infection on her computer and so far I've removed almost all of it but Spybot still reports these two keys by CMD Service. It tells me to scan at start-up but no matter how many times I do this I'm just not successful. Also, is there a way to scrub a reg key/value regardless of whether it's being held in memory or not? I really like Spybot's shredder for this reason but it obviously only works for files. Thank you in advance for your help.