Cheat Engine

[Gniarf]

Dunno what this multiplex2011 is supposed to mean, but this file must be deleted, along its registry entry.
Same goes for 36120112.exe (you will probably find its registry entry in the same place as DAT297B.tmp.exe's).

I strongly recommend killing suspicious processes before deleting their registry entries (they could be recreating them). In fact since it's a malware you should kill its process on sight, period.

Actually sort your temp files by extension and look at all exes with a pumpkin icon. They are probably all (57kb in size and) the same malware.

Once you're done whacking pumpkins, reboot, and see if any odd process spawns in the taskmanager.
If nothing: Clear your temp files, you're out of the woods !
If something: reboot in safe mode, delete the virus' registry entries, reboot in normal mode.

[paupav]

ok, thanks.. but i have still this problem its there since my PC was slowed down (since i got that virus)...

it says program with witch you want to open file "Pavacic"

[Gniarf]

That's probably 2 other problems.
The only google hit I had for msibdp32.dll was http://xml.ssdsandbox.net/view/4791349d9fb0b772c5b2a10a285a813f which is pretty alarming. See if you have a weird exe in c:\ .
Search in your registry for "rundll32.exe msibdp32.dll", and bust this reg entry, but don't touch rundll32.exe or dwwin.exe(the files). Those are legit.


As for "pavačić", I assume that those 3 "open with" dialogs pop up when you start windows, right? Well you should be fairly familiar with busting stuff that pops up at startup by now... If you've got 3 boxes, you have at least 3 reg entries to bust...I think...
Otherwise, having a file with part of a user's name here isn't abnormal (mine is a text file with information about my network). I don't think NTUser.dat should be here though.

Lastly I don't recommend using usernames with non-ascii characters, see all those "Pava[junk]i[junk] Slavica" folders? They should all be the same but since non-ascii character support is poorly implemented in lots of programs, they create those bogus directories when they want to save things.

[paupav]

[Gniarf]

You don't bust the registry (unless you are crazy and want to reinstall windows). You bust (=delete) a registry entry by selecting it (like you did on that screenshot) and hitting the delete key.

You can delete the DAT297B.tmp.exe registry entry and the MSIDLL too.

On your screenshot the "HKCU" registry entry also points to a malware, follow the instructions given here: http://forums.malwarebytes.org/index.php?showtopic=106532 and make sure the HKCU reg entry and c:\users\[you]\appdata\roaming\install folders have been deleted.
(For the lol: how many threats detected?)

[potaters]

[paupav]

[Gniarf]

@potaters: DAT297B.tmp.exe is a semi-randomly generated name. There is little point in googling for that.
Oh and jesus can keep his PSP, but we may be able to work something out if he offers a cray.

@paupav: *facepalm* Those AVs are really pathetic...
Still according to this post MBAM was able to find it, so give it a shot.

Otherwise we're gonna do our little dirty job ourselves. As in: take all things cuttooth reported and delete them. FYI I don't have a C:\Users\[you]\AppData\Roaming\install folder, so anything there is malware.

I'll give you a tip: in the taskmanager go to the process tab->view->select columns and activate "Image path name" and "Command line".
Now if you see a process called -for example- explorer.exe with "Image path name"=c:\windows it's legit. If it's ANYTHING else, it's a malware, and you know where it is, and what to look for when cleaning your registry.
Note: c:\windows\system32\svchost.exe is legit, c:\windows\svchost.exe isn't.

EDIT: I remember you had SweetIM and (probably) uninstalled it. I did the same on a relative's machine, but Spybot still found plenty of leftovers, so I recommend running a Spybot S&D search as well as doing the immunization thing.

[paupav]

[Gniarf]

Yes.

Usually when I get virused, I install the free AV with the best file detection rate, and it doesn't find a thing even if I point it directly at the virus file. Avast doesn't have the best detection rate so it won't find anything either.
AV comparision: http://www.av-comparatives.org/comparativesreviews/detection-test

[paupav]

[Gniarf]

Since your computer is like a virus museum, that explains why MBAM found,ermm...some(?) stuff, but when I scan mine, well, I already told you what happens...I doubt it will find every malware on your PC, but it surely will be faster than cleaning all that by hand.

Oh and never stop an AV before it has finished scanning, who knows what else it'll find...

[paupav]

but my flash player still wont work... it says instal it and when it come to 50% this happen i remember that 1 virus that i deleted was in adobe flash player

[Gniarf]

Google is your friend, try this.

tip: alt+print screen=screenshot of only the active window.

[paupav]