PC Cleaner Pro

I have downloaded Avast Free 2016 but when I start the install it says that PC Cleaner Pro should be uninstalled first.

I have had the Laptop since new, PC Cleaner Pro has never been installed, there is no trace of the program and Malwarebytes can’t find it. How do I fix this problem, has anyone else seen this who can tell me what to look for??

Any help would be appreciated.

Windows XP SP4 in case it helps.

Steve

Please run Farbar and attach the logs (FRST.txt and Addition.txt) to your next post.
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Files attached (I hope).

Thanks for your help.

Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}

Essexboy will assist you when online … very soon

PC Cleaner Pro 2014 is a paid system optimizer program that is typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this program. Very often users have no idea where did it come from, so it’s not surprising at all that most of them assume that PC Cleaner Pro 2014 is a virus. This program is also bundled within the custom installer on many reputable download sites, so if you have downloaded a software from these websites, chances are that PC Cleaner Pro 2014 was installed during the software setup process.
PC Cleaner Pro 2014 it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program.

OK first we will get rid of the rootkit and then remove the other stuff afterwards

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please attach its contents on your next reply.

THEN

Please run a fresh FRST scan

I have done the TDSS scan and have the report on screen but can’t see how to attach it into the message (I must be missing something). I have attached the new FRST.txt.

Thanks for all your help.

Steve

I have done the TDSS scan and have the report on screen but can't see how to attach it into the message (I must be missing something).
you save it on your computer first, then attach ... if not to big you may copy and paste it here

I tried right click (to either copy or save) but right clicking doesn’t do anything, am I missing something??

(Sorry if I am being thick)

log is open in notepad ? … in top left corner, click file … save as … give it a name and save a place you find it, browse to it as you did with frst.txt and attach

for copy and paste, click edit at top left … mark all (all txt should be blue) right click on the blue txt and select copy … then paste here

It is not in notepad it is just the report with a green border around it. I can select the text but right click on that doesn’t work.

look at the bottom picture posted by Essexboy … there is a get report button in top right corner

I have done that and I have the report on screen but it is not in notepad, It has a green border around it and and won’t allow me to right click and there seems to be no way to save it.

OK wait for Essexboy

  • Open the report
  • Select all text (ctrl+a)
  • Copy the text (ctrl+c)
  • Open notepad
  • Paste the text there
  • Save the notepad file
  • Attach the file to your post

Post the bottom section if nothing else

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{3205543B-3D2C-4A24-9799-5DD34CD4C69D}.exe <==== ATTENTION HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart Toolbar: HKU\S-1-5-21-1039126241-2073917382-3098378779-3621 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-1039126241-2073917382-3098378779-3621 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\s.jubb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll => No File U5 d449d21c2eaaa3bf; C:\Windows\System32\Drivers\d449d21c2eaaa3bf.sys [56832 2014-03-31] () <===== ATTENTION Necurs Rootkit? S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.) C:\Program Files\Ask.com C:\Windows\System32\Drivers\d449d21c2eaaa3bf.sys AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB} CustomCLSID: HKU\S-1-5-21-1039126241-2073917382-3098378779-3621_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> no filepath Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

ctrl+a doesn’t work. Apologies, I am wrestling with a delinquent ADSL router which works occasionally, this make take some time. I will read the and action the rest of your posts.

Here is the fixlog.

I am getting there slowly, have to reset the router every 5 minutes.

Steve

And here are the Adwcleaner files.

Can I proceed with the Avast installation now??.

The only problem it has thrown up is that IPC Audio shuts down but I can probably live with that.

Steve

No as the rootkit has not gone… I really do need to see at least the last 10 lines of the TDSSKiller log

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/MalwarebytesAntiRootkit.png
Scan with Malwarebytes’ Anti-Rootkit

Please download Malwarebytes’ Anti-Rootkit and save the file to your desktop.
Note that the tool is still in its BETA stage, therefore not all functionalities may be added.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/MalwarebytesAntiRootkit.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool
[*]It will ask you for an extraction place - make sure you will unpack it to your desktop
[*]After the extraction, the tool should start itself (no action required)
[*]On the Introduction screen click Next
[*]On the Update screen click Update
[*]When prompted about the succesful update, click Next
[*]On the Scan System screen, make sure that all three options

[*]Drivers
[*]Sectors
[*]System

are checked for scanning and press Scan.

Wait patiently and don’t do anything on your machine while MBAR goes through your system!

[*]If no infection is found, just close the tool.
[*]If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.

When finished (either with or without cleanup), please navigate to the MBAR directory.
Search there for these two files:

mbar-log-date(time).txt
system-log.txt
Please include the content of both files in your reply.

Okay, by hook or by crook I will get it to you somehow tomorrow, and I will run the Malwarebytes routine also.

I have Rkill on there from a previous problem, is that worth a try?.

Thanks

Steve