CCleaner is reporting an error in registers and offering to fix, but each time I fix it, it just show again in next scan. So I took a look in regedit and yes - one can't delete it.



The file Flash9b.ocx is not even existing anyway. I also tried end up all applications, finally even Eplorer and regedit was the only one application that run - yet I was still unable to remove this registers entry.

Anyone got a clue why?

I took a look using Process View and there is not any hidded processes anyway. Runscanner reporting nothing suspicious also.

Run CCleaner in Safe Mode and see what happens.

Flash9b.ocx is write protected and have read only attribute.

Go into safe mode, "cut" the file, "paste" it into a temp. directory - C:/Temp. for example. Right-click it and remove "read only" and "write protection" checkmarks, now you should be able to delete it.

Regards Abydos

Digerati - attempt to boot in safe mode ended up in BSOD when it can't load VGA drivers. I quess I should enable it in Autoruns first, lol...


Abydos - I did not have any file Flash9b.ocx on my machine at all. I clearly state that in my post:
"The file Flash9b.ocx is not even existing anyway."

Well, its part of the Adobe Flash player. The info given on Adobe.com, says to uninstall flashplayer and then re-install. Using the installer to delete the registry entry in the process.

http://kb.adobe.com/selfservice/viewConten...7&sliceId=1
You mean this uninstall?
And then install?

That is what I did in the first place. Sorry

I tried the uninstall right now again and again no luck, the registry carp** value is still there. Can't be deleted. Unbelievable.

Digerati - so I fixed my machine to boot in safe mode and quess what. No change. CCleaner cannot remove it. Latest version.
BTW the first clean took 120 sec (!) on almost 3Ghz Opteron, lol.
Registry was much faster, but no sucess.

Other ideas to try?

I starting to think that using a ERD commander to boot... but will I be then able to tweak registers? Dunno... probably don't.

I would run through your arsenal of anti-malware tools (see my canned text,Cleaning Out Malware if you don't already have a complete security suite).

If the scans come clean, and it is still an issue, then I would let the site HijackThis (HJT) experts take a look at a log. See the What theTech HijackThis Log Procedures for complete instructions on creating a HJT log, and directions for where to post it.

Well, no mallware there and even the hijack this log look clean to me... so what about delete the Flash directory inside the WinNT/System32 /Macromed directory?

That should do it!

...okay, I'm back, no change. The register value is still not delateble dayam. Time to run your mallware scans...

Unless you are proficient at researching and understanding every entry in the HJT log yourself, it is best left to the formally trained who stay current with the latest threats - that's why I suggested you have the experts take a look. When you say the log looks, "clean to me...", no offense meant but since I don't see any site credentials for you, I have to assume you are like me, and not a HJT expert. You said you found no malware - what did you check with?

At this point, if you checked for malware already, then my advice from above stands, I recommend someone qualified and current check a new log - just to be safe. If you can claim that then no problem and I will believe your log is clean. But if you can't say to yourself you are proficient AND current, then having your log analyzed is still a good idea - And if you were right all along, then no harm done and you will have more confidence in checking it yourself next time. Why? If it appears something is being run from within that directory, I would want to know what calls up that file. Deleting the directory won't tell me, but may result in constant "file or folder not found" errors on top of the problems you already have.

Since a search of the site does not show a log posted, please run one by them before making any changes that may affect the log - such as deleting folders! Thanks.

You are right. It never also hurt let others check it out, even if I'm right and there is nothing suspicious
Done, posted there: http://forums.whatthetech.com/trodas_Win2k...log_t91284.html
Cleanest machine ever, right?


Spybot, AdWare and CCleaner as well, as Runscanner. Wait, time to add the Runscanner log to the HijackThis topic... done.



Very true. And even I consider myself expert sometimes, errors happen. Usually when I get overconfident...



Because I LOVE deleting files that are not necessary!

Done. No help, not even after reboot. Even when CCleaner is the only application running (even Explorer I ended!) it still can't delete the register entry. And mind you, there on whole HDD is not one single Flash9b.ocx fine and I triple checked that out. Nothing even looking remotely like Flash is in Autoruns (latest) anymore.
I kill the registers with fire! :-)

I quess I should search for the register key ( HKEY_CLASSES_ROOT\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A} ) - mainly THIS part: 1171A62F-05D2-11D1-83FC-00A0C9089C5A to see, if there aren't some dependencies about it.

In it are two keys. InprocServer32 and Programmable. I tried renaming them (nice trick when something is locked, it usually work) so I can delete them later. I ended up having another two keys that I can't remove - InprocServer32xxx and Programmablexxx ...!

One thing is for sure - if someone is trying to tell me THIS story, then I would't believe him.

Hi Trodas

I looked up on your log-file, and there you stated that you have removed IE!??

You do know, that certain non-ms programs are dependant on the explorer library right?

You sure, this file wasn't installed before you removed explorer? (That would be install of Flashplayer)

All kind of weird things can happen when one remove Explorer. I certainly wouldn't, despite I'm running Firefox whenever possible.
IE is an integrated part of windows. In fact windows explorer and Internet explorer is basically one program with different opening modus. But I guess you already know that. Just a reminder of stating the obvious with regards to why you could have so many problems with a single file. But if it doesn't take up any resources, nothing have dependencies with it and it just sits there, why go to such great length of deleting a single entry which literally occupies no space?

Regards Abydos

I have the same problem with this exact same registry key. I am running Vista and have ensured that the permissions are setup in the registry so I can delete this file. I NEED it to be deleted because it is interfereing with my Update of the Zune software for some reason. I have completely uninstalled everything Adobe and this key still persists and cannot be deleted for any reason, it's almost as if the registry has been corrupted somehow. It is incredibly perplexing.

Was anyone else ever able to figure this out?

ok it turns out that the problem was security related. I had granted myself permissions but it seems that Adobe was setting the "Everyone" user to deny writes to that registry key. I wasn't aware of this but the Everyone permission trumps the user specific permissions.