I had problems with a red circle with a white x in it on my taskbar, a bubble cam up saying my computer has been infected. I know his is spyware of some type, so I ran Ad-Aware scan. It will no remove all he files. The file it won't remove is comdlj32.dll, par of the Win32.Trojan.MatrixHasYou. I have updated all the definitions. Can anyone help??? I have included the log below.
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, November 26, 2006 10:46:34 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:Se1R134 20.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):36 total references
Tracking Cookie(TAC index:3):10 total references
Win32.Trojan.MatrixHasYou(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11/26/2006 10:46:34 AM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 616
ThreadCreationTime : 11/26/2006 5:27:47 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 11/26/2006 5:27:57 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 11/26/2006 5:27:59 AM
BasePriority : High
Win32.Trojan.MatrixHasYou Object Recognized!
Type : Process
Data : comdlj32.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 11/26/2006 5:28:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 11/26/2006 5:28:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 11/26/2006 5:28:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 11/26/2006 5:28:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1072
ThreadCreationTime : 11/26/2006 5:28:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1168
ThreadCreationTime : 11/26/2006 5:28:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1220
ThreadCreationTime : 11/26/2006 5:28:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1380
ThreadCreationTime : 11/26/2006 5:28:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [prismxl.sys]
FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
ProcessID : 1688
ThreadCreationTime : 11/26/2006 5:28:13 AM
BasePriority : Normal
FileVersion : 6.0.1.22
ProductVersion : 6.0.1.22
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : © 1997-2004 New Boundary Technologies
OriginalFilename : PrismXL.sys
#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1720
ThreadCreationTime : 11/26/2006 5:28:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 228
ThreadCreationTime : 11/26/2006 5:29:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:15 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 948
ThreadCreationTime : 11/26/2006 5:29:18 AM
BasePriority : Normal
FileVersion : 6.0.0.18
ProductVersion : 6.0.0.18
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:16 [googleupdater.exe]
FilePath : C:\Program Files\Google\Google Updater\
ProcessID : 3080
ThreadCreationTime : 11/26/2006 5:29:47 AM
BasePriority : Normal
FileVersion : 1.4.681.27779.beta
ProductVersion : 1.4.681.27779.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : Google Updater
InternalName : Google Updater
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdater.exe
Comments : Google Updater
#:17 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 3168
ThreadCreationTime : 11/26/2006 5:29:48 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor
#:18 [qbupdate.exe]
FilePath : C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\
ProcessID : 3328
ThreadCreationTime : 11/26/2006 5:29:50 AM
BasePriority : Normal
FileVersion : 16.0 R5
ProductVersion : 16.0 R5
ProductName : QuickBooks Automatic Update
CompanyName : Intuit Inc.
FileDescription : QuickBooks Automatic Update
InternalName : QuickBooks Automatic Update
LegalCopyright : © 2005 Intuit Inc. All rights reserved.
OriginalFilename : QuickBooks Automatic Update.exe
#:19 [hpqimzone.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 3400
ThreadCreationTime : 11/26/2006 5:29:52 AM
BasePriority : Normal
#:20 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 3404
ThreadCreationTime : 11/26/2006 5:29:52 AM
BasePriority : Normal
FileVersion : 8.04.0623.0
ProductVersion : 8.04.0623.0
ProductName : Microsoft® Works 8
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:21 [exec.exe]
FilePath : C:\Program Files\BlueLight Internet\
ProcessID : 3540
ThreadCreationTime : 11/26/2006 5:38:53 AM
BasePriority : Normal
FileVersion : 4, 3, 0, 0
ProductVersion : 4, 3, 0, 0
CompanyName : NetZero
FileDescription : ZCast
InternalName : ZCOM_exec
LegalCopyright : Copyright © 2002 United Online, Inc.
#:22 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2336
ThreadCreationTime : 11/26/2006 3:10:08 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:23 [exec.exe]
FilePath : C:\Program Files\BlueLight Internet\
ProcessID : 1604
ThreadCreationTime : 11/26/2006 3:10:31 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 0
ProductVersion : 4, 3, 0, 0
CompanyName : NetZero
FileDescription : ZCast
InternalName : ZCOM_exec
LegalCopyright : Copyright © 2002 United Online, Inc.
#:24 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1276
ThreadCreationTime : 11/26/2006 3:25:17 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:25 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3044
ThreadCreationTime : 11/26/2006 3:29:19 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:26 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 604
ThreadCreationTime : 11/26/2006 3:36:16 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:27 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3056
ThreadCreationTime : 11/26/2006 3:37:05 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:owner@edge.ru4.com/
Expires : 11/18/2036 10:31:40 AM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:44
Value : Cookie:owner@realmedia.com/
Expires : 12/31/2020 7:00:00 PM
LastSync : Hits:44
UseCount : 0
Hits : 44
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fortunecity[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@fortunecity.com/
Expires : 12/31/2020 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@2o7.net/
Expires : 11/25/2011 10:29:36 AM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@atdmt.com/
Expires : 11/24/2011 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@media.adrevolver.com/adrevolver/
Expires : 8/17/2009 8:39:04 AM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@adrevolver.com/
Expires : 11/26/2007 2:29:16 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@mediaplex.com/
Expires : 6/21/2009 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@doubleclick.net/
Expires : 11/25/2009 10:30:36 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@reduxads.valuead[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:owner@reduxads.valuead.com/
Expires : 12/31/2020 7:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 11
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.MatrixHasYou Object Recognized!
Type : File
Data : comdlj32.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Disk Scan Result for C:\DOCUME~1\Owner\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-2404064476-2898592394-2659268225-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.MatrixHasYou Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\session manager
Value : PendingFileRenameOperations
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 49
10:48:39 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:05.562
Objects scanned:111705
Objects identified:12
Objects ignored:0
New critical objects:12
Full Version: Win32.Trojan.MatrixHasYou ... help
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
QUOTE(tamhowd @ Nov 26 2006, 10:56 AM) 
... comdlj32.dll... ...Win32.Trojan.MatrixHasYou
Lavasoft's Ad-aware known as : Win32.Trojan.MatrixHasYou
Aliases:
• Symantec: Trojan.Abwiz
• Mcafee: Downloader-ASH
• Kaspersky: Packed.Win32.Tibs
• TrendMicro: TROJ_ABWIZ.T
This is the only tool I know of which will remove all forms of
Trojan.Abwin or Win32.Trojan.MatrixHasYou
NOTE: If you are going to use this tool and instructions please, PRINT This Information, You Need To Goto Safe Mode.
FROM: Symantec
http://securityresponse.symantec.com/avcenter/FixAbwiz.exe
Download the FixAbwiz.exe file from: http://securityresponse.symantec.com/avcenter/FixAbwiz.exe.
Save the file to a convenient location, such as your Windows desktop.
Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.
Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.
Close all the running programs.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
How to Turn Off System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
Before running the tool, restart the computer in Safe mode.
To get into Safe mode, Windows XP, Before Windows XP Starts Press Function Key 8, 'F8', and you will come to a screen
in which you have choices...
When you are in Windows Safe Mode:
Locate the file that you just downloaded.
Double-click the FixAbwiz.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then reenable System Restore.
If you are on a network or if you have a full-time connection to the Internet,
reconnect the computer to the network or to the Internet connection.
When the tool has finished running, you will see a message
indicating whether the threat has infected the computer.
The tool displays results similar to the following:
------------------------------------------------------
Total number of the scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries
What the tool does
---------------------
The Removal Tool does the following:
Terminates the associated processes
Deletes the associated files
Deletes the registry values added by the threat
++++++++++++++++++++++++++++++++++++++++++++
Please Run Ad-Aware Again After Every Thing Above To Make Sure It Is Gone.
I tried what you said twice and I get the following message "Symantec Trojan.Abwiz.F Removal Tool 1.0.0
Trojan.Abwiz.F has not been found on your computer."
I scanned with Microsoft Defender it picks it up as being called Vxgame and file is comdlj32.dll
It will not come off though and I still have no control over firewall and get the "your computer is infected...click here" message. Anymore idas???
Trojan.Abwiz.F has not been found on your computer."
I scanned with Microsoft Defender it picks it up as being called Vxgame and file is comdlj32.dll
It will not come off though and I still have no control over firewall and get the "your computer is infected...click here" message. Anymore idas???
Hi,tamhowd
If you stell need help post us a new HijackThis logfile
and we will have a look at it for you.
Gogo ;
If you stell need help post us a new HijackThis logfile
and we will have a look at it for you.
Gogo ;
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.