1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Front Line Reg Cleaner - Nuisance!

Discussion in 'Virus & Other Malware Removal' started by dougglos, Jan 2, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,109
    First Name:
    Douglas
    Every few days, an item called "Front Line Reg Cleaner" pops up uninvited on my desktop, asking me to Register/Purchase it. As I already have a very capable registry cleaner, is there any way I can block this permanently to prevent it continuing to appear? Many thanks for any advice.
     
  2. Ent

    Ent Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,467
    First Name:
    Josiah
    Many here would advise against using any registry cleaner at all; contrary to their own advertising they don't improve performance and they are responsible for a lot of problems. These include problems with both your installed software and Windows itself which may not appear for a while afterwards. If I were in your situation I would be inclined to remove the program that you have already as well as getting rid of the popup--neither is necessary.

    As to the uninvited popup, the majority of them are created by malware on your machine. I'll ask you to post a HJT log following the instructions here and I'll ask for one of the trained antimalware guys here to take over.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,814
    First Name:
    Frank
    Submit a HiJackThis log here, as requested. The other reports and logs can wait for now.

    Stay away from registry cleaner/optimizer/booster/tuneup type programs. They do little-to-nothing to improve speed. What they do is break programs and damage the operating system. (n)

    ----------------------------------------------------------------
     
  4. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,109
    First Name:
    Douglas
    Sorry - far too involved for me with my limited computer knowledge - I would not know how to submit a hijack log. I will simply cancel the popup whenever it appears on my desktop!!!
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,814
    First Name:
    Frank
    It looks like your thread has been moved to the "Virus & Other Malware Removal" section.

    Submitting a HiJackThis log is simple. Here are the instructions:

    Go here and click the green icon to download and save HiJackThis 2.0.4.

    After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it.

    Allow it to install in its default location - C:\Program Files.

    After it's been installed, start it and then click "Do a system scan and save a log file".

    When the scan is finished in less than 30 seconds, a log file will appear.

    Save that log file.

    Return here to your thread, then copy-and-paste the entire log file here.

    --------------------------------------------------------------
     
  6. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,109
    First Name:
    Douglas
    Have now saved the hijack this file - hope this is what you wanted, I have attempted to attach it to this reply!
     

    Attached Files:

  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,814
    First Name:
    Frank
    Your HiJackThis log can't be viewed as an attachment, so I'm copying-and-pasting it here.

    Give me a few minutes to review it, then I'll get back to you.

    --------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 00:37:17, on 03/01/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
    C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Douglas\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputersownersclub.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: MicroNEXT Wireless Utility.lnk = C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BgRaSvc - Unknown owner - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe
    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    ---------------------------------------------------------------
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,814
    First Name:
    Frank
    I wasn't aware that you're using Windows 7(64-bit). HiJackThis doesn't work properly with the 64-bit version of Windows, so several of the log entries aren't displayed properly.

    Let's put HiJackThis to another use so we can get an idea of what's installed in that computer.

    Start HiJackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    --------------------------------------------------------------------
     
  9. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,109
    First Name:
    Douglas
    Thanks for all your efforts to date - I will attach that "Uninstall List" file to this reply.
     
  10. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,109
    First Name:
    Douglas
    Slight problem but trying again!
     

    Attached Files:

  11. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,814
    First Name:
    Frank
    I'm copying-and-pasting your HiJackThis uninstall list here so it can be viewed.

    Give me a few minutes to review it and get back to you.

    ---------------------------------------------------------------

    Acrobat.com
    Acronis*True*Image*Home
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    AMD DnD V1.0.20
    Apple Application Support
    Apple Software Update
    BT Broadband Desktop Help
    BTHomeHub
    Canon MP Navigator EX 1.0
    Canon MP210 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    DVD Suite
    eBay Icon
    erLT
    Frontline Registry Cleaner
    Google Update Helper
    GoToAssist Corporate
    GoToAssist Corporate
    Junk Mail filter update
    LabelPrint
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    MediaShow
    MicroNEXT MicroNEXT USB Wireless
    Microsoft Choice Guard
    Microsoft Money
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PhotoNow! 1.0
    Power2Go 5.0
    PowerBackup
    PowerDirector Express
    PowerDVD
    PowerDVD Copy
    PowerProducer
    QuickTime
    Realtek High Definition Audio Driver
    ScanSoft OmniPage SE 4
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    TeamViewer 5
    The Lord of the Rings FREE Trial
    TreeSize Free V2.4
    Visual C++ 8.0 Runtime Setup Package (x64)
    Windows Installer Clean Up
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin

    ----------------------------------------------------------------
     
  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,814
    First Name:
    Frank
    Uninstall Frontline Registry Cleaner

    -------------------------------------------

    Update Adobe Reader 9.4.1 to Adobe Reader X(10.0)

    The new version will install over the old version, so there's no need to uninstall it first.

    -------------------------------------------

    Start Malwarebytes Anti-Malware(which you already have installed), then update its definition files, then run a quick scan, then select and remove everything it finds, then restart if prompted to.

    Start Malwarebytes Anti-Malware again, then click "Logs"(tab), then highlight the scan log entry, then click "Open", then copy-and-paste the scan log here.

    -------------------------------------------
     
  13. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,109
    First Name:
    Douglas
    Thanks - I have now installed the latest version of Adobe Reader, and uninstalled the Frontline Reg Cleaner program (which I did not know I had - could that be the reason for the unwanted popups?) but cannot see how to update definition files in my Malwarebytes program. I run that program each day, and it has never found any viruses. If you can advise about the "definition files" I can carry out the rest of your instructions, I'm sure.
     
  14. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,814
    First Name:
    Frank
    Start Malwarebytes Anti-Malware.

    Click "Updates(tab) - Check for Updates".

    When the definition files have updated, click "OK".

    Click "Scanner(tab) - Perform quick scan - Scan".

    If infections are found during the scan, the number of infections will be highlighted in red.

    When the scan is finished, click "Show Results".

    Make sure that everything is selected, then click "Remove Selected".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start Malwarebytes Anti-Malware again.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    --------------------------------------------------------------------
     
  15. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,109
    First Name:
    Douglas
    As requested, I carried out a Quick Scan in Malwarebytes, but it showed as "Scan Successful - no malicious items deleted. A log file has been saved to the Logs folder" Nowhere does it give me an option to "Show Results", so there is nothing to remove I assume. I restarted the program and checked the Logs tab, which showed only the log for the scan carried out as above. In case this is what you require, I will copy/paste it to this reply. Please advise if anything else needed. Again many thanks.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972166

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice