Front Line Reg Cleaner - Nuisance!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,326
Every few days, an item called "Front Line Reg Cleaner" pops up uninvited on my desktop, asking me to Register/Purchase it. As I already have a very capable registry cleaner, is there any way I can block this permanently to prevent it continuing to appear? Many thanks for any advice.
 

Ent

Josiah
Retired Trusted Advisor
Joined
Apr 11, 2009
Messages
5,467
Many here would advise against using any registry cleaner at all; contrary to their own advertising they don't improve performance and they are responsible for a lot of problems. These include problems with both your installed software and Windows itself which may not appear for a while afterwards. If I were in your situation I would be inclined to remove the program that you have already as well as getting rid of the popup--neither is necessary.

As to the uninvited popup, the majority of them are created by malware on your machine. I'll ask you to post a HJT log following the instructions here and I'll ask for one of the trained antimalware guys here to take over.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,507
Submit a HiJackThis log here, as requested. The other reports and logs can wait for now.

Stay away from registry cleaner/optimizer/booster/tuneup type programs. They do little-to-nothing to improve speed. What they do is break programs and damage the operating system. (n)

----------------------------------------------------------------
 

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,326
Sorry - far too involved for me with my limited computer knowledge - I would not know how to submit a hijack log. I will simply cancel the popup whenever it appears on my desktop!!!
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,507
Sorry - far too involved for me with my limited computer knowledge - I would not know how to submit a hijack log. I will simply cancel the popup whenever it appears on my desktop!!!
It looks like your thread has been moved to the "Virus & Other Malware Removal" section.

Submitting a HiJackThis log is simple. Here are the instructions:

Go here and click the green icon to download and save HiJackThis 2.0.4.

After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it.

Allow it to install in its default location - C:\Program Files.

After it's been installed, start it and then click "Do a system scan and save a log file".

When the scan is finished in less than 30 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the entire log file here.

--------------------------------------------------------------
 

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,326
Have now saved the hijack this file - hope this is what you wanted, I have attempted to attach it to this reply!
 

Attachments

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,507
Your HiJackThis log can't be viewed as an attachment, so I'm copying-and-pasting it here.

Give me a few minutes to review it, then I'll get back to you.

--------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:37:17, on 03/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Douglas\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputersownersclub.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MicroNEXT Wireless Utility.lnk = C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BgRaSvc - Unknown owner - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

---------------------------------------------------------------
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,507
I wasn't aware that you're using Windows 7(64-bit). HiJackThis doesn't work properly with the 64-bit version of Windows, so several of the log entries aren't displayed properly.

Let's put HiJackThis to another use so we can get an idea of what's installed in that computer.

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

--------------------------------------------------------------------
 

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,326
Thanks for all your efforts to date - I will attach that "Uninstall List" file to this reply.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,507
I'm copying-and-pasting your HiJackThis uninstall list here so it can be viewed.

Give me a few minutes to review it and get back to you.

---------------------------------------------------------------

Acrobat.com
Acronis*True*Image*Home
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AMD DnD V1.0.20
Apple Application Support
Apple Software Update
BT Broadband Desktop Help
BTHomeHub
Canon MP Navigator EX 1.0
Canon MP210 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
DVD Suite
eBay Icon
erLT
Frontline Registry Cleaner
Google Update Helper
GoToAssist Corporate
GoToAssist Corporate
Junk Mail filter update
LabelPrint
Logitech SetPoint
Malwarebytes' Anti-Malware
MediaShow
MicroNEXT MicroNEXT USB Wireless
Microsoft Choice Guard
Microsoft Money
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoNow! 1.0
Power2Go 5.0
PowerBackup
PowerDirector Express
PowerDVD
PowerDVD Copy
PowerProducer
QuickTime
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
TeamViewer 5
The Lord of the Rings FREE Trial
TreeSize Free V2.4
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin

----------------------------------------------------------------
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,507
Uninstall Frontline Registry Cleaner

-------------------------------------------

Update Adobe Reader 9.4.1 to Adobe Reader X(10.0)

The new version will install over the old version, so there's no need to uninstall it first.

-------------------------------------------

Start Malwarebytes Anti-Malware(which you already have installed), then update its definition files, then run a quick scan, then select and remove everything it finds, then restart if prompted to.

Start Malwarebytes Anti-Malware again, then click "Logs"(tab), then highlight the scan log entry, then click "Open", then copy-and-paste the scan log here.

-------------------------------------------
 

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,326
Thanks - I have now installed the latest version of Adobe Reader, and uninstalled the Frontline Reg Cleaner program (which I did not know I had - could that be the reason for the unwanted popups?) but cannot see how to update definition files in my Malwarebytes program. I run that program each day, and it has never found any viruses. If you can advise about the "definition files" I can carry out the rest of your instructions, I'm sure.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,507
Thanks - I have now installed the latest version of Adobe Reader, and uninstalled the Frontline Reg Cleaner program (which I did not know I had - could that be the reason for the unwanted popups?) but cannot see how to update definition files in my Malwarebytes program. I run that program each day, and it has never found any viruses. If you can advise about the "definition files" I can carry out the rest of your instructions, I'm sure.
Start Malwarebytes Anti-Malware.

Click "Updates(tab) - Check for Updates".

When the definition files have updated, click "OK".

Click "Scanner(tab) - Perform quick scan - Scan".

If infections are found during the scan, the number of infections will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that everything is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------------------
 

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,326
As requested, I carried out a Quick Scan in Malwarebytes, but it showed as "Scan Successful - no malicious items deleted. A log file has been saved to the Logs folder" Nowhere does it give me an option to "Show Results", so there is nothing to remove I assume. I restarted the program and checked the Logs tab, which showed only the log for the scan carried out as above. In case this is what you require, I will copy/paste it to this reply. Please advise if anything else needed. Again many thanks.
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top