Jump to content

Unable to Delete Registry Entry


ibflav

Recommended Posts

Hello there. I am unable to delete the following from my registry: HKEY_CURRENT_USER\Software\CsPOEAvrIQ4D

 

When attempting to delete, I get the message: Error while deleting CsPOEAvrIQ4D

 

When attempting to rename, I get the message: Error while renaming CsPOEAvrIQ4D.

 

When attempting to view the permissions, I get the message: Unable to display security information.

 

Anyone have any suggestions how to get it off my system registry?

Link to comment
Share on other sites

Hi ibflav and Welcome to the Forum :)

 

Can you download Hijack This and post the log on the 'Spyware Hell - HijackThis Log Analysis' group and we can help you get cleaned up.

 

Download Hijack This from Here

 

Save Hijack This to your desktop. Double click on the HJTsetup.exe icon. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue. Put a check by Create a desktop icon then click Next again. At the final dialogue box click Finish and it will launch Hijack This. Click on the Do a system scan and save a log file button. It will scan and then open the results in notepad and also save them into the C:\Program Files Hijack This folder

 

Next can you download the two attached .zip files and save them to your desktop, Extract them and run in safe mode by double clicking look.bat and look1.bat, It will export the information from the registry keys and save it to a text file called look.txt and look1.txt on c:\drive but it may only be able to export the information in safe mode as this looks like a possible Rootkit entry (If it is related to a rootkit then the exports may fail but we can use other methods if thats the case).

 

To Reboot into Safe Mode , Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter. (To reboot back to normal mode just restart the pc)

 

Reboot back to Normal mode and post a Hijack This log and the contents of Look.txt and Look1.txt which will be found in c:\drive on the Spyware Hell area.

 

(It will only create the text file if it can find the specified keys, One checks in HKLM the other checks HKCU so post back look.txt or look1.txt if they exist)

 

 

Regards Andy

Link to comment
Share on other sites

Hello there. I am unable to delete the following from my registry: HKEY_CURRENT_USER\Software\CsPOEAvrIQ4D

 

When attempting to delete, I get the message: Error while deleting CsPOEAvrIQ4D

 

When attempting to rename, I get the message: Error while renaming CsPOEAvrIQ4D.

 

When attempting to view the permissions, I get the message: Unable to display security information.

 

Anyone have any suggestions how to get it off my system registry?

 

Hi ibflav!

 

Does your user account have admin permissions? If not you will need to logon as Administrator to change any of those settings.

 

In addition, following Andy's suggestion would be a good choice as well.

Good luck!

Windows Pro Media 8.1 x64  |  8GB Ram  |  500G HDD 7200 RPM  |  All  that I know about my graphics is that it's Intel  :)

Link to comment
Share on other sites

Hi ibflav and Welcome to the Forum :)

 

Can you download Hijack This and post the log on the 'Spyware Hell - HijackThis Log Analysis' group and we can help you get cleaned up.

 

Download Hijack This from Here

 

Save Hijack This to your desktop. Double click on the HJTsetup.exe icon. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue. Put a check by Create a desktop icon then click Next again. At the final dialogue box click Finish and it will launch Hijack This. Click on the Do a system scan and save a log file button. It will scan and then open the results in notepad and also save them into the C:\Program Files Hijack This folder

 

Next can you download the two attached .zip files and save them to your desktop, Extract them and run in safe mode by double clicking look.bat and look1.bat, It will export the information from the registry keys and save it to a text file called look.txt and look1.txt on c:\drive but it may only be able to export the information in safe mode as this looks like a possible Rootkit entry (If it is related to a rootkit then the exports may fail but we can use other methods if thats the case).

 

To Reboot into Safe Mode , Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter. (To reboot back to normal mode just restart the pc)

 

Reboot back to Normal mode and post a Hijack This log and the contents of Look.txt and Look1.txt which will be found in c:\drive on the Spyware Hell area.

 

(It will only create the text file if it can find the specified keys, One checks in HKLM the other checks HKCU so post back look.txt or look1.txt if they exist)

Regards Andy

 

 

Thanks Andy. I did as advised and the post now sits in Spyware Hell.

Link to comment
Share on other sites

Hi Ibflav

 

Sorry just noticed the reply, Its a rootkit infection :blink: and possibly a new variant with it having entries in HKLM and HKCU But the information in the logs makes it easy to deal with :D

 

I will add a post to your Hijack Topic now

 

Andy

Link to comment
Share on other sites

Teamwork :)

 

EDIT: just noticed ContextPlus's new homepage which states

 

"ContextPlus Software Distribution has been Discontinued

 

Due to concerns over the practices of some of its distribution partners, ContextPlus has determined that it is no longer able to ensure the highest standards of quality and customer care and therefore is discontinuing further distribution of its software"

 

 

No ContextPlus would mean No Apropos so its good news (if true) :P

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

 

i believe i am having a similiar problem as ibflav. I am trying to install adobe acrobat and it gave me an error saying i could not access the registry:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

 

i tried changing the permission of it or renameing it using registar lite but with no luck.

Could this be a spyware infection?

 

Also i have tried to use Andy's Look.bat and look1.bat, but no results were generated.

 

I will now post the hijack this log to "spyware hell - hijack this log analysis".

 

Thx!!

 

-Eugene-

hijackthis.txt

hijackthis.txt

Link to comment
Share on other sites

Hi,

 

i believe i am having a similiar problem as ibflav. I am trying to install adobe acrobat and it gave me an error saying i could not access the registry:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

 

i tried changing the permission of it or renameing it using registar lite but with no luck.

Could this be a spyware infection?

 

Also i have tried to use Andy's Look.bat and look1.bat, but no results were generated.

 

I will now post the hijack this log to "spyware hell - hijack this log analysis".

 

Thx!!

 

-Eugene-

 

Hi Quark,

 

*Download DAF / Full Version.

*Launch dial-a-fix.exe > click tools > click repair permissions > click go > when it's finished reboot.

*(again)Launch dial-a-fix.exe > click green check mark (at bottom of screen) > click go > reboot

*Now try installing Adobe (although you should install Foxit Reader instead)

 

Here is the HijackThis thread if the above solution doesn't work.

 

Read before posting

HijackThis Guide

Post HijackThis Log Here

Windows Pro Media 8.1 x64  |  8GB Ram  |  500G HDD 7200 RPM  |  All  that I know about my graphics is that it's Intel  :)

Link to comment
Share on other sites

  • 3 weeks later...

Hi krit86lr,

 

Sorry for the overly late reply, have been suffering from broken router and internet issues for the last while.

 

Thanks for your help!!! However my problem is still not resolved as i get the same error again when i try to install adobe. But it's ok i guess, i should be formatting my computer soon as i havn't done so in 4 years. Thanks a lot for your help though!!!

 

wish you all the best!!

 

Quark~

Link to comment
Share on other sites

Hi krit86lr,

 

Sorry for the overly late reply, have been suffering from broken router and internet issues for the last while.

 

Thanks for your help!!! However my problem is still not resolved as i get the same error again when i try to install adobe. But it's ok i guess, i should be formatting my computer soon as i havn't done so in 4 years. Thanks a lot for your help though!!!

 

wish you all the best!!

 

Quark~

 

Just a thought. How much free HD space do you have available. Adobe is a very bloated program, and if you haven't formatted in 4 years it's possible that you can't download it because it's too big for your computer right now. (Don't misunderstand, after 4 years you definitely could be due for a format).

 

Also, have tried to do all of this deleting, and installing in Safe Mode?

 

:D K

Windows Pro Media 8.1 x64  |  8GB Ram  |  500G HDD 7200 RPM  |  All  that I know about my graphics is that it's Intel  :)

Link to comment
Share on other sites

krit86lr : send people to the medium version when it is just a permissions fix routine

 

Sure. No problem. ;)

Windows Pro Media 8.1 x64  |  8GB Ram  |  500G HDD 7200 RPM  |  All  that I know about my graphics is that it's Intel  :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.