TheJoker MVM join:2001-04-26 Charlottesville, VA |
to Tornado15550
Re: Remove PC Cleaner ProGo to Start > All Programs > Accessories > Command Prompt, and in the window that opens type REGEDIT and hit enter.
When the Registry Editor opens, Click on the small triangle to the left of HKEY_LOCAL_MACHINE (or double-click on the entry) to expand the key. Then do the same thing to expand Software and then expand Wow6432Node. Then write down the name of all the registry keys under Wow6432Node and post them (an export of that key would end up being quite large, so we will settle for just writing them down). |
actions · 2013-Jun-23 11:49 am · (locked) |
|
Hi, Here is the list of all the keys under Wow6432Node: ACE Compression Software Adobe AdwCleaner AMD AppDataLow Apple Computer, Inc. Apple Inc. ATI ATI Technologies Aureal Autodesk BcmSetup CDDB Classes Clients CoreCodec Creative Creative Tech Cyberlink Cygwin Data Fellows Dell Dell Computer Corporation Dell Inc. DivX DivXNetworks DT Soft Eset IDT IM Providers Intel JavaSoft JreMetrics Kaydara Macromedia Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware (Trial) MAXSOFT-OCRON Microsoft MimarSinan Motive Mozilla mozilla.org MozillaPlugins ODBC OldTimer Tools PC-Doctor Policies PowerPivot Radialpoint Realtek Realtek Semiconductor Corp. RegisteredApplications Roadkil Roxio Samsung Skype SoftThinks Sonic Sophos Swearware Symantec Volatile W3i Windows Xing Technology Corp. |
actions · 2013-Jun-23 1:03 pm · (locked) |
TheJoker MVM join:2001-04-26 Charlottesville, VA |
Double-click SystemLook_x64.exe to run it. - Copy the content of the following quotebox into the main textfield quote: ::regfind Roadkil :filefind *Roadkil* :folderfind *Roadkil*
- Click the Look button to start the scan. - When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop as SystemLook.txt |
actions · 2013-Jun-23 2:36 pm · (locked) |
|
Hi TheJoker, Here is the log from SystemLook:
SystemLook 30.07.11 by jpshortstuff Log created at 12:38 on 23/06/2013 by Tornado15550 Administrator - Elevation successful
No Context: Roadkil
========== filefind ==========
Searching for "*Roadkil*" No files found.
========== folderfind ==========
Searching for "*Roadkil*" No folders found.
-= EOF =- |
actions · 2013-Jun-23 2:44 pm · (locked) |
TheJoker MVM join:2001-04-26 Charlottesville, VA |
Please try again, you were successful for the last two terms, but may have missed a colon for the first search. Double-click SystemLook_x64.exe to run it. - Copy the content of the following quotebox into the main textfield quote: ::regfind Roadkil
- Click the Look button to start the scan. - When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop as SystemLook.txt |
actions · 2013-Jun-23 3:03 pm · (locked) |
|
Hi, I apologize. I've run SystemLook again, as requested. Here is the log:
SystemLook 30.07.11 by jpshortstuff Log created at 13:06 on 23/06/2013 by Tornado15550 Administrator - Elevation successful
No Context: Roadkil
-= EOF =- |
actions · 2013-Jun-23 3:07 pm · (locked) |
TheJoker MVM join:2001-04-26 Charlottesville, VA
1 recommendation |
My error, that should only contain one colon, so let's redo that one. Double-click SystemLook_x64.exe to run it. - Copy the content of the following quotebox into the main textfield quote: :regfind Roadkil
- Click the Look button to start the scan. - When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop as SystemLook.txt |
actions · 2013-Jun-23 3:20 pm · (locked) |
|
Hi, no problem! Here is the log: SystemLook 30.07.11 by jpshortstuff Log created at 13:26 on 23/06/2013 by Tornado15550 Administrator - Elevation successful
========== regfind ==========
Searching for "Roadkil" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Roadkil]
-= EOF =- |
actions · 2013-Jun-23 3:27 pm · (locked) |
TheJoker MVM join:2001-04-26 Charlottesville, VA |
I really don't see anything else that I can identify. We've searched the registry for every instance of "clean", and don't see anything that's not realted to a legitimate program. Let's see what this scanner finds. The instructions may be outdated. * In Internet Explorer, Click here to use the F-Secure Online Scanner- Then click the Run Now button below. - You should get a notification to install an ActiveX control. Click on it and select to install the ActiveX control. - Once the ActiveX control is installed, you should accept the License terms by clicking OK below to start the scan. - Click the Full System Scan button. - It will start to download scanner components and databases; this can take a while. - The main scan will start. - When the scanner is finished scanning, click the Automatic cleaning (recommended) button - If your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure. - The cleaning can take a while, so please be patient. - Then click the Show report button and copy and paste what's present under Results in your next reply. |
actions · 2013-Jun-23 3:43 pm · (locked) |
|
Hi TheJoker, I've run the F-Secure Online Scanner. It seems to have changed a little bit as there was just a 'Scan now' option instead of a Full System Scan. After the scan was over, I saw this screen, where there was no Show report or Results option:
|
actions · 2013-Jun-23 4:13 pm · (locked) |
TheJoker MVM join:2001-04-26 Charlottesville, VA |
The problem may be with the WMI service, as apparently Windows 7 Action center uses that rather than registry entries. There is this utility that you may find useful: » technet.microsoft.com/en ··· 265.aspxThe page says it's version 2.0, and compatible with up to Windows Vista, but when you click the link for Microsoft Downloads Center you find it's really verson 2.1 and has been updated for Windows 7. See the instructions for checking the report it produces: quote: What Do I Do When the Utility Finishes?
Once the WMI Diagnosis Utility finishes you should examine the log file. To be honest, much of the log file will be of little use to you: its simply a blow-by-blow account of each test that the tool ran. Instead, you should open the log file and search for the WMI REPORT: BEGIN section of the file. The report section provides a summary of the tests run by the tool.
quote: Errors will usually be accompanied by suggested ways to try and fix the problem:
|
actions · 2013-Jun-24 6:21 pm · (locked) |
|
Hi, and thanks again for your reply. Here is the log that was created by the WMI service. Since the log was too big, I decided to post it as an attachment. |
actions · 2013-Jun-24 9:53 pm · (locked) |
TheJoker MVM join:2001-04-26 Charlottesville, VA
1 recommendation |
Was that run as administrator? I see errors in the log due to insufficient access. You don't have any malware installed at this point, and the error may be a WMI error (Windows error). I recommend you ask for more expert assistance in » Microsoft and refer to this topic. Go to start > run and copy and paste the next command in the field: ComboFix /uninstallMake sure there's a space between Combofix and / Then hit enter. This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points. Double click OTL.exe that you downloaded earlier. [*]Click the CleanUp button. [*]Select Yes when the "Begin cleanup Process?" prompt appears. [*]If you are prompted to reboot during the cleanup, select Yes. [*]The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. The following tools may not have been removed by OTL Cleanup. If still there, you can delete them, and any logs they created: AdwCleaner Junkware Removal Tool SystemLook_x64 Sophos Virus Removal Tool and F-Secur Online Scanner can be uninstalled from Control Panel's Programs and Features. I recommend reading » Security Cleanup FAQ » How do I prevent Browser Hijacks and Spyware? |
actions · 2013-Jun-25 12:20 am · (locked) |
2 edits |
Hi, I was able to remove PC Cleaner PRO from Action Center. Here are the steps to remove it (if anyone may encounter this problem in the future): 1) Right-click on Computer 2) Click on Manage 3) Click on the plus sign(+) next to Services and Applications in the left-hand column 4) Click on Services 5) Find the service called Windows Management Instrumentation, right-click on it, and choose Stop. 6) Open Computer 7) Double-click on Drive C (or whatever drive Windows is installed on) 8) Double-click on the Windows folder 9) Double-click on System32 10) Double-click on WBEM 11) Right-click on the Repository folder and click Delete and remove it 12) Close the My Computer windows and return to the Windows services screen using steps 1 - 4 shown above 13) Find the service called Windows Management Instrumentation, right-click on it, and choose Start. Restarting this service will rebuild the repository folder information. 14) Restart your computer After performing these steps, Action Center will stop reporting PC Cleaner PRO in the antivirus category. Screenshot 1:
Screenshot 2:
I would like to thank you, TheJoker for your help, efforts and time. Have a good evening!
|
actions · 2013-Jun-30 4:55 am · (locked) |
TheJoker MVM join:2001-04-26 Charlottesville, VA |
Thanks for your post back that you were able to find a solution. |
actions · 2013-Jun-30 11:42 am · (locked) |
|