Help getting rid of this virus/malware/whatever it is.

[thetrap]

An annoying virus has been installed on to my computer. Three programs were installed and found under the uninstall or change a program I uninstalled two of them. I can't remember what they were called. I have windows 7. When I try to uninstall the program "Pro Pc Cleaner" a window pops up and says "The file 'Uninst000.Ca.dll' is not marked for installation.". I managed to get the pro pc cleaner uninstall option from the program somewhere and it displayed the same window and gave me this log.

=== Logging started: 3/30/2015 18:41:17 ===
Action start 18:41:17: INSTALL.
Action start 18:41:17: AI_SET_MAINT.
Action ended 18:41:17: AI_SET_MAINT. Return value 1.
Action start 18:41:17: AI_DpiContentScale.
Action ended 18:41:17: AI_DpiContentScale. Return value 1.
Action start 18:41:17: AI_ResolveKnownFolders.
Action ended 18:41:17: AI_ResolveKnownFolders. Return value 1.
Action start 18:41:17: PrepareDlg.
Info 2898. For DlgFont8 textstyle, the system created a 'Tahoma' font, in 0 character set.
Info 2898. For VerdanaBold13 textstyle, the system created a 'Verdana' font, in 0 character set.
Info 2826. Control BottomLine on dialog PrepareDlg extends beyond the boundaries of the dialog to the right by 3 pixels.
Action ended 18:41:17: PrepareDlg. Return value 1.
Action start 18:41:17: AI_BACKUP_AI_SETUPEXEPATH.
Action ended 18:41:17: AI_BACKUP_AI_SETUPEXEPATH. Return value 1.
Action start 18:41:17: AppSearch.
Action ended 18:41:17: AppSearch. Return value 1.
Action start 18:41:17: AI_AppSearchEx.
Action ended 18:41:17: AI_AppSearchEx. Return value 1.
Action start 18:41:17: FindRelatedProducts.
Action ended 18:41:17: FindRelatedProducts. Return value 0.
Action start 18:41:17: AI_RESTORE_LOCATION.
Action ended 18:41:17: AI_RESTORE_LOCATION. Return value 1.
Action start 18:41:17: SET_APPDIR.
Action ended 18:41:17: SET_APPDIR. Return value 1.
Action start 18:41:17: SET_SHORTCUTDIR.
Action ended 18:41:17: SET_SHORTCUTDIR. Return value 1.
Action start 18:41:17: CostInitialize.
Action ended 18:41:17: CostInitialize. Return value 1.
Action start 18:41:17: FileCost.
Action ended 18:41:17: FileCost. Return value 1.
Action start 18:41:17: CostFinalize.
Action ended 18:41:17: CostFinalize. Return value 1.
Action start 18:41:17: MigrateFeatureStates.
Action ended 18:41:17: MigrateFeatureStates. Return value 0.
Action start 18:41:17: MaintenanceWelcomeDlg.
Info 2826. Control BottomLine on dialog MaintenanceWelcomeDlg extends beyond the boundaries of the dialog to the right by 3 pixels.
Info 2898. For DlgFontBold8 textstyle, the system created a 'Tahoma' font, in 0 character set.
Info 2826. Control BannerLine on dialog MaintenanceTypeDlg extends beyond the boundaries of the dialog to the right by 3 pixels.
Info 2826. Control BottomLine on dialog MaintenanceTypeDlg extends beyond the boundaries of the dialog to the right by 3 pixels.
Info 2826. Control BannerLine on dialog VerifyRemoveDlg extends beyond the boundaries of the dialog to the right by 3 pixels.
Info 2826. Control BottomLine on dialog VerifyRemoveDlg extends beyond the boundaries of the dialog to the right by 3 pixels.
Action ended 18:41:35: MaintenanceWelcomeDlg. Return value 1.
Action start 18:41:35: ProgressDlg.
Info 2826. Control BannerLine on dialog ProgressDlg extends beyond the boundaries of the dialog to the right by 3 pixels.
Info 2826. Control BottomLine on dialog ProgressDlg extends beyond the boundaries of the dialog to the right by 3 pixels.
Action ended 18:41:35: ProgressDlg. Return value 1.
Action start 18:41:35: ExecuteAction.
Action start 18:41:35: INSTALL.
Action start 18:41:35: AI_ResolveKnownFolders.
Action ended 18:41:35: AI_ResolveKnownFolders. Return value 1.
Action start 18:41:35: AppSearch.
Action ended 18:41:35: AppSearch. Return value 0.
Action start 18:41:35: AI_AppSearchEx.
Action ended 18:41:35: AI_AppSearchEx. Return value 1.
Action start 18:41:35: FindRelatedProducts.
Action ended 18:41:35: FindRelatedProducts. Return value 0.
Action start 18:41:35: ValidateProductID.
Action ended 18:41:35: ValidateProductID. Return value 1.
Action start 18:41:35: SET_TARGETDIR_TO_APPDIR.
Action ended 18:41:35: SET_TARGETDIR_TO_APPDIR. Return value 1.
Action start 18:41:35: CostInitialize.
Action ended 18:41:35: CostInitialize. Return value 1.
Action start 18:41:35: FileCost.
Action ended 18:41:35: FileCost. Return value 1.
Action start 18:41:35: IsolateComponents.
Action ended 18:41:35: IsolateComponents. Return value 0.
Action start 18:41:35: CostFinalize.
Action ended 18:41:35: CostFinalize. Return value 1.
Action start 18:41:35: MigrateFeatureStates.
Action ended 18:41:35: MigrateFeatureStates. Return value 0.
Action start 18:41:35: Uninst000.CA.dll_fix100.
Error 2753. The File 'Uninst000.CA.dll' is not marked for installation.
MSI (s) (84:3C) [18:41:38:653]: Product: Pro PC Cleaner -- Error 2753. The File 'Uninst000.CA.dll' is not marked for installation.

Action ended 18:41:38: Uninst000.CA.dll_fix100. Return value 3.
Action ended 18:41:38: INSTALL. Return value 3.
Action ended 18:41:38: ExecuteAction. Return value 3.
Action start 18:41:38: FatalError.
Info 2826. Control BottomLine on dialog FatalError extends beyond the boundaries of the dialog to the right by 3 pixels.
Action start 18:41:41: AI_SHOW_LOG.
Action ended 18:41:41: AI_SHOW_LOG. Return value 1.
Action ended 18:41:41: FatalError. Return value 2.
Action ended 18:41:41: INSTALL. Return value 3.
=== Logging stopped: 3/30/2015 18:41:41 ===
MSI (c) (D0:E0) [18:41:41:617]: Product: Pro PC Cleaner -- Configuration failed.

MSI (c) (D0:E0) [18:41:41:617]: Windows Installer reconfigured the product. Product Name: Pro PC Cleaner. Product Version: 2.5.9. Product Language: 1033. Manufacturer: Rainmaker Software Group LLC.. Reconfiguration success or error status: 1603.


Whenever I try to get on the internet it is pop ups galore. So I do not feel safe using this computer for anything I need to be secure. Does anyone know how to fix this? Thanks in advance.

 

[eatmypie]

Can you possibly upload something like a memdump to somewhere like a dropbox? That way I could see what services and process ID's and PPID's are running on your system in better detail. Just make sure you compress with 7z

 

[thetrap]

Can you possibly upload something like a memdump to somewhere like a dropbox? That way I could see what services and process ID's and PPID's are running on your system in better detail. Just make sure you compress with 7z

I'm sorry I haven't heard of memdump and I don't know what the process ID's and PPID's are. I can try to find out if I really need to.

 

[eatmypie]

Just follow this guide http://superuser.com/questions/224496/how-do-i-create-a-memory-dump-of-my-computer-freeze-or-crash the guide is the first answer. Just make sure you screenshot your current reg when you go in to edit the stuff so you can change them back once the dump file is created.

 

[thetrap]

Do I need to do the manual crash with the minidump?

 

[eatmypie]

Yeah once the crash happens the file with the information will be saved onto your pc. It is the only real way I know of on getting crash to happen manually.

 

[thetrap]

Couldn't get it to crash. Can I use another key than scroll lock because I don't have that on my keyboard? I will be trying again tomorrow night.

 

[eatmypie]

you don't have CTRL on your keyboard? it just was set up so if you press CTRL plus the scroll button on your mouse it would crash

 

[thetrap]

This is on a laptop and although I have a USB mouse connected, the instructions you gave me uses the scroll lock keyboard key. There is not one on the laptop so I don't know if i can bind a different key other than the scroll lock.

 

[eatmypie]

CrashOnCtrlScroll to CrashOnCtrlP

 

[thetrap]

Alright I think this is what you need. https://www.dropbox.com/s/4b7e1zstwgjmd60/033115-66472-01.dmp?dl=0