Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 20 of 21 Posts

·
Registered
Joined
·
1,400 Posts
Discussion Starter · #1 ·
Every few days, an item called "Front Line Reg Cleaner" pops up uninvited on my desktop, asking me to Register/Purchase it. As I already have a very capable registry cleaner, is there any way I can block this permanently to prevent it continuing to appear? Many thanks for any advice.
 

·
Retired Trusted Advisor
Joined
·
5,465 Posts
Many here would advise against using any registry cleaner at all; contrary to their own advertising they don't improve performance and they are responsible for a lot of problems. These include problems with both your installed software and Windows itself which may not appear for a while afterwards. If I were in your situation I would be inclined to remove the program that you have already as well as getting rid of the popup--neither is necessary.

As to the uninvited popup, the majority of them are created by malware on your machine. I'll ask you to post a HJT log following the instructions here and I'll ask for one of the trained antimalware guys here to take over.
 

·
Trusted Advisor
Joined
·
85,504 Posts
Submit a HiJackThis log here, as requested. The other reports and logs can wait for now.

Stay away from registry cleaner/optimizer/booster/tuneup type programs. They do little-to-nothing to improve speed. What they do is break programs and damage the operating system. :down:

----------------------------------------------------------------
 

·
Registered
Joined
·
1,400 Posts
Discussion Starter · #4 ·
Sorry - far too involved for me with my limited computer knowledge - I would not know how to submit a hijack log. I will simply cancel the popup whenever it appears on my desktop!!!
 

·
Trusted Advisor
Joined
·
85,504 Posts
Sorry - far too involved for me with my limited computer knowledge - I would not know how to submit a hijack log. I will simply cancel the popup whenever it appears on my desktop!!!
It looks like your thread has been moved to the "Virus & Other Malware Removal" section.

Submitting a HiJackThis log is simple. Here are the instructions:

Go here and click the green icon to download and save HiJackThis 2.0.4.

After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it.

Allow it to install in its default location - C:\Program Files.

After it's been installed, start it and then click "Do a system scan and save a log file".

When the scan is finished in less than 30 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the entire log file here.

--------------------------------------------------------------
 

·
Trusted Advisor
Joined
·
85,504 Posts
Your HiJackThis log can't be viewed as an attachment, so I'm copying-and-pasting it here.

Give me a few minutes to review it, then I'll get back to you.

--------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:37:17, on 03/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Douglas\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputersownersclub.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MicroNEXT Wireless Utility.lnk = C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BgRaSvc - Unknown owner - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

---------------------------------------------------------------
 

·
Trusted Advisor
Joined
·
85,504 Posts
I wasn't aware that you're using Windows 7(64-bit). HiJackThis doesn't work properly with the 64-bit version of Windows, so several of the log entries aren't displayed properly.

Let's put HiJackThis to another use so we can get an idea of what's installed in that computer.

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

--------------------------------------------------------------------
 

·
Trusted Advisor
Joined
·
85,504 Posts
I'm copying-and-pasting your HiJackThis uninstall list here so it can be viewed.

Give me a few minutes to review it and get back to you.

---------------------------------------------------------------

Acrobat.com
Acronis*True*Image*Home
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AMD DnD V1.0.20
Apple Application Support
Apple Software Update
BT Broadband Desktop Help
BTHomeHub
Canon MP Navigator EX 1.0
Canon MP210 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
DVD Suite
eBay Icon
erLT
Frontline Registry Cleaner
Google Update Helper
GoToAssist Corporate
GoToAssist Corporate
Junk Mail filter update
LabelPrint
Logitech SetPoint
Malwarebytes' Anti-Malware
MediaShow
MicroNEXT MicroNEXT USB Wireless
Microsoft Choice Guard
Microsoft Money
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoNow! 1.0
Power2Go 5.0
PowerBackup
PowerDirector Express
PowerDVD
PowerDVD Copy
PowerProducer
QuickTime
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
TeamViewer 5
The Lord of the Rings FREE Trial
TreeSize Free V2.4
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin

----------------------------------------------------------------
 

·
Trusted Advisor
Joined
·
85,504 Posts
Uninstall Frontline Registry Cleaner

-------------------------------------------

Update Adobe Reader 9.4.1 to Adobe Reader X(10.0)

The new version will install over the old version, so there's no need to uninstall it first.

-------------------------------------------

Start Malwarebytes Anti-Malware(which you already have installed), then update its definition files, then run a quick scan, then select and remove everything it finds, then restart if prompted to.

Start Malwarebytes Anti-Malware again, then click "Logs"(tab), then highlight the scan log entry, then click "Open", then copy-and-paste the scan log here.

-------------------------------------------
 

·
Registered
Joined
·
1,400 Posts
Discussion Starter · #13 ·
Thanks - I have now installed the latest version of Adobe Reader, and uninstalled the Frontline Reg Cleaner program (which I did not know I had - could that be the reason for the unwanted popups?) but cannot see how to update definition files in my Malwarebytes program. I run that program each day, and it has never found any viruses. If you can advise about the "definition files" I can carry out the rest of your instructions, I'm sure.
 

·
Trusted Advisor
Joined
·
85,504 Posts
Thanks - I have now installed the latest version of Adobe Reader, and uninstalled the Frontline Reg Cleaner program (which I did not know I had - could that be the reason for the unwanted popups?) but cannot see how to update definition files in my Malwarebytes program. I run that program each day, and it has never found any viruses. If you can advise about the "definition files" I can carry out the rest of your instructions, I'm sure.
Start Malwarebytes Anti-Malware.

Click "Updates(tab) - Check for Updates".

When the definition files have updated, click "OK".

Click "Scanner(tab) - Perform quick scan - Scan".

If infections are found during the scan, the number of infections will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that everything is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------------------
 

·
Registered
Joined
·
1,400 Posts
Discussion Starter · #15 ·
As requested, I carried out a Quick Scan in Malwarebytes, but it showed as "Scan Successful - no malicious items deleted. A log file has been saved to the Logs folder" Nowhere does it give me an option to "Show Results", so there is nothing to remove I assume. I restarted the program and checked the Logs tab, which showed only the log for the scan carried out as above. In case this is what you require, I will copy/paste it to this reply. Please advise if anything else needed. Again many thanks.
 

Attachments

·
Trusted Advisor
Joined
·
85,504 Posts
You left off the top portion of your Malwarebytes log, so I have no way of knowing which version of the program you have and if the definition files are up-to-date.

A quick scan would've also taken much longer than 26 seconds.

---------------------------------------------------------------

Since your original complaint was getting a pop-up from Frontline Registry Cleaner(which you're no longer getting since you uninstalled it), there's no need for me to assist you any further.

----------------------------------------------------------------
 

·
Registered
Joined
·
1,400 Posts
Discussion Starter · #17 ·
I can't understand why the "Quick Scan" is only taking 25-26 seconds - it usually takes about three minutes!! But I have run it three times since your last note and that is what it is doing! Should I try the longer scan to see what that takes?
 

·
Registered
Joined
·
1,400 Posts
Discussion Starter · #18 ·
Sorry - just noticed your comments about no further help - thanks for all you did. Of course I won't know whether the popups have stopped for a few days as that was the usual time between them!!
 

·
Trusted Advisor
Joined
·
85,504 Posts
If you've uninstalled Frontline Registry Cleaner and have deleted its folder(if it's still there) from inside the C:\Program Files folder, you shouldn't get pop-ups from it anymore.

--------------------------------------------------------------
 

·
Registered
Joined
·
1,400 Posts
Discussion Starter · #20 ·
Thank you very much for your help (and your patience!) I had no idea that it would mean so much effort to get rid of the problem, but again thank you. I will now mark the thread as "Solved".

Best regards.
 
1 - 20 of 21 Posts
Status
Not open for further replies.
Top