Unidentified Problems

Yesterday, I notcied the process "TheMatrixHasYou.exe" running on my computer, and I knew this was going to be the beginning of problems. I was unable to end any processes, or any tasks in CTRL+ALT+DLT. The window would turn grey and not allow me to click on any processes. After running various spyware/adware removal tools such as Search + Destroy, AdAware, and even my Norton, I was able to remove whatever was causing this process to be appearing. But, this afternoon my computer has been sluggishly slow, and it takes nearly two-three minutes after i type my password to login for my desktop to appear. When I do finally get to my desktop, i get an error titled "Cli.exe" saying something about 0xc0000005 not being able to open. Now Cli.exe is an ATI file if I'm not mistaken, but my ATI card/driver has never caused any problems before this TheMatrix process appeared.

I did go through all of these steps, and non of the scanners found anything wrong with my computer. But I definitly know there is something amiss. I cannot connect to the internet unless im in SafeMode, and my windows SP2 firewall has been disabled, and when I try to open it, it says "For an unidentified reason, Firewall cannot open" and closes.

A man from the GeekSquad at bestbuy told me this problem was not a virus or spyware, but something about a rootkit problem? No idea what that is... So they were no help (surprise, surprise) but I'm hoping you guys will be able to guide me in the right direction! Thnx in advance!

Logfile should be attatched.

 

Actually that is a know trojan.

Lets start by getting 2 more logs.

Do the following:
Running WinPfind by OldTimer
Using GetRunKey

Post both winpfind.txt and runkey.txt after you have finished.

 

Here are your logs. Thanks for replying, I appreciate your time and help!

 

Download and install
- Pocket Killbox
- ExplorerXP
- Registrar Lite

Run Registrar Lite, navigate to and action as indecated for each key.

Scan with HijackThis and fix the following line:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Just to double check, run ExplorerXP navigate and delete if they still exist.

Post a fresh HijackThis log.

Is TheMatrixHasYou.exe gone?

 

I followed all of your steps exactly. Yes, TheMatrixHasYou.exe is gone, but my system is still extremely slow, it takes 2-3 miniutes to login, and i still cannot connect to the internet in regular boot mode, ONLY in safemode.

BUT! I no longer get the "Cli.exe" 0xc0000005 error when I start up, that part is gone.

All the files you listed are gone, and i even went through and checked again for them, and they are indeed gone. But whatever is causing my problems is still there and slowing my system. Here is my newest HijackThis Log.

 

Also, whenever I try to open Windows Firewall from the control panel, I get a message "Due to an unidentified problem, windows firewall cannot open". This has been happening since my problems started. So at the moment I have no firewall.

 

The Windows Firewall is not a bi-directional firewall. You are better off installing a software firewall.

Your log is clean. It could be a conflict between Spyware Doctor and Norton.

Uninstall Spyware Doctor and reboot. What does that do for system performance?