dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
2053

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker to Tornado15550

MVM

to Tornado15550

Re: Remove PC Cleaner Pro

Go to Start > All Programs > Accessories > Command Prompt, and in the window that opens type REGEDIT and hit enter.

When the Registry Editor opens, Click on the small triangle to the left of HKEY_LOCAL_MACHINE (or double-click on the entry) to expand the key. Then do the same thing to expand Software and then expand Wow6432Node. Then write down the name of all the registry keys under Wow6432Node and post them (an export of that key would end up being quite large, so we will settle for just writing them down).

Tornado15550
join:2012-12-16
Canada

Tornado15550

Member

Hi,
Here is the list of all the keys under Wow6432Node:
ACE Compression Software
Adobe
AdwCleaner
AMD
AppDataLow
Apple Computer, Inc.
Apple Inc.
ATI
ATI Technologies
Aureal
Autodesk
BcmSetup
CDDB
Classes
Clients
CoreCodec
Creative
Creative Tech
Cyberlink
Cygwin
Data Fellows
Dell
Dell Computer Corporation
Dell Inc.
DivX
DivXNetworks
DT Soft
Eset
IDT
IM Providers
Intel
JavaSoft
JreMetrics
Kaydara
Macromedia
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware (Trial)
MAXSOFT-OCRON
Microsoft
MimarSinan
Motive
Mozilla
mozilla.org
MozillaPlugins
ODBC
OldTimer Tools
PC-Doctor
Policies
PowerPivot
Radialpoint
Realtek
Realtek Semiconductor Corp.
RegisteredApplications
Roadkil
Roxio
Samsung
Skype
SoftThinks
Sonic
Sophos
Swearware
Symantec
Volatile
W3i
Windows
Xing Technology Corp.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

Double-click SystemLook_x64.exe to run it.
- Copy the content of the following quotebox into the main textfield
quote:
::regfind
Roadkil
:filefind
*Roadkil*
:folderfind
*Roadkil*
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop as SystemLook.txt

Tornado15550
join:2012-12-16
Canada

Tornado15550

Member

Hi TheJoker,
Here is the log from SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:38 on 23/06/2013 by Tornado15550
Administrator - Elevation successful

No Context: Roadkil

========== filefind ==========

Searching for "*Roadkil*"
No files found.

========== folderfind ==========

Searching for "*Roadkil*"
No folders found.

-= EOF =-

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

Please try again, you were successful for the last two terms, but may have missed a colon for the first search.

Double-click SystemLook_x64.exe to run it.
- Copy the content of the following quotebox into the main textfield
quote:
::regfind
Roadkil
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop as SystemLook.txt

Tornado15550
join:2012-12-16
Canada

Tornado15550

Member

Hi,
I apologize. I've run SystemLook again, as requested.
Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 13:06 on 23/06/2013 by Tornado15550
Administrator - Elevation successful

No Context: Roadkil

-= EOF =-

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

My error, that should only contain one colon, so let's redo that one.

Double-click SystemLook_x64.exe to run it.
- Copy the content of the following quotebox into the main textfield
quote:
:regfind
Roadkil
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop as SystemLook.txt

Tornado15550
join:2012-12-16
Canada

Tornado15550

Member

Hi, no problem!
Here is the log:
SystemLook 30.07.11 by jpshortstuff
Log created at 13:26 on 23/06/2013 by Tornado15550
Administrator - Elevation successful

========== regfind ==========

Searching for "Roadkil"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Roadkil]

-= EOF =-

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

I really don't see anything else that I can identify. We've searched the registry for every instance of "clean", and don't see anything that's not realted to a legitimate program.

Let's see what this scanner finds. The instructions may be outdated.

* In Internet Explorer, Click here to use the F-Secure Online Scanner
- Then click the Run Now button below.
- You should get a notification to install an ActiveX control. Click on it and select to install the ActiveX control.
- Once the ActiveX control is installed, you should accept the License terms by clicking OK below to start the scan.
- Click the Full System Scan button.
- It will start to download scanner components and databases; this can take a while.
- The main scan will start.
- When the scanner is finished scanning, click the Automatic cleaning (recommended) button
- If your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
- The cleaning can take a while, so please be patient.
- Then click the Show report button and copy and paste what's present under Results in your next reply.

Tornado15550
join:2012-12-16
Canada

Tornado15550

Member

Hi TheJoker,
I've run the F-Secure Online Scanner.
It seems to have changed a little bit as there was just a 'Scan now' option instead of a Full System Scan.
After the scan was over, I saw this screen, where there was no Show report or Results option:


TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

The problem may be with the WMI service, as apparently Windows 7 Action center uses that rather than registry entries. There is this utility that you may find useful:
»technet.microsoft.com/en ··· 265.aspx

The page says it's version 2.0, and compatible with up to Windows Vista, but when you click the link for Microsoft Downloads Center you find it's really verson 2.1 and has been updated for Windows 7.

See the instructions for checking the report it produces:
quote:
What Do I Do When the Utility Finishes?

Once the WMI Diagnosis Utility finishes you should examine the log file. To be honest, much of the log file will be of little use to you: it’s simply a blow-by-blow account of each test that the tool ran. Instead, you should open the log file and search for the WMI REPORT: BEGIN section of the file. The report section provides a summary of the tests run by the tool.
quote:
Errors will usually be accompanied by suggested ways to try and fix the problem:

Tornado15550
join:2012-12-16
Canada

Tornado15550

Member

WMIDIAG-V2.1···_19.27.0
2,630,073 bytes
(WMIDIAG-V2.1_WIN7_.CLI.SP1.64_TORNADO15550-PC_2013.06.24_19.27.03.LOG)
Hi, and thanks again for your reply.
Here is the log that was created by the WMI service.
Since the log was too big, I decided to post it as an attachment.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

Was that run as administrator? I see errors in the log due to insufficient access.

You don't have any malware installed at this point, and the error may be a WMI error (Windows error). I recommend you ask for more expert assistance in »Microsoft and refer to this topic.

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.

Double click OTL.exe that you downloaded earlier.

[*]Click the CleanUp button.
[*]Select Yes when the "Begin cleanup Process?" prompt appears.
[*]If you are prompted to reboot during the cleanup, select Yes.
[*]The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

The following tools may not have been removed by OTL Cleanup. If still there, you can delete them, and any logs they created:

AdwCleaner
Junkware Removal Tool
SystemLook_x64

Sophos Virus Removal Tool and F-Secur Online Scanner can be uninstalled from Control Panel's Programs and Features.

I recommend reading »Security Cleanup FAQ »How do I prevent Browser Hijacks and Spyware?

Tornado15550
join:2012-12-16
Canada

2 edits

Tornado15550

Member

Hi, I was able to remove PC Cleaner PRO from Action Center.
Here are the steps to remove it (if anyone may encounter this problem in the future):
1) Right-click on Computer

2) Click on Manage

3) Click on the plus sign(+) next to Services and Applications in the left-hand column

4) Click on Services

5) Find the service called Windows Management Instrumentation, right-click on it, and choose Stop.

6) Open Computer

7) Double-click on Drive C (or whatever drive Windows is installed on)

8) Double-click on the Windows folder

9) Double-click on System32

10) Double-click on WBEM

11) Right-click on the Repository folder and click Delete and remove it

12) Close the My Computer windows and return to the Windows services screen using steps 1 - 4 shown above

13) Find the service called Windows Management Instrumentation, right-click on it, and choose Start. Restarting this service will rebuild the repository folder information.

14) Restart your computer

After performing these steps, Action Center will stop reporting PC Cleaner PRO in the antivirus category.
Screenshot 1:



Screenshot 2:



I would like to thank you, TheJoker for your help, efforts and time.
Have a good evening!

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

Thanks for your post back that you were able to find a solution.