This seems to be a new Rogue application. Obviously by its name it is not prompted as a security application, but may be disguised as a video codec or a multimedia player application. If you notice a folder of this name on your hard disk, you should also check its accompanying files.

It creates the following folders , delete them

   C:\Documents and Settings\[UserName]\Local Settings\Temp\WERf031.dir00
[there could be different variations of this foldername, such as WER4260.dir00]
   C:\Documents and Settings\[UserName]\Start Menu\Programs\videoplay
   C:\Program Files\videoplay
   c:\resycled  (notice the difference , the legitimate recycle bin is "recycled")

It creates the following processes, end them in the taskmanager, and then delete them from the hard disk
C:\Documents and Settings\[UserName]\Local Settings\Temp\matrix312013.exe
[there could be different variations of this file name such as matrix329413.exe]
c:\resycled\ntldr.com

 It creates the following files, delete them
C:\autorun.inf
C:\Documents and Settings\[UserName]\Local Settings\Temp\tmp3.tmp
C:\Documents and Settings\[UserName]\Local Settings\Temp\tmp5.tmp
C:\Windows\Temp\tmp6.tmp
[there could be several variations of this name such as tmp3.tmp, tmp4.tmp, tmp5.tmp etc]

The following module was loaded into the address space of other process, remove it
C:\Windows\System32\dll.dll

It creates the following keys in the registry, remove them.

     HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gaopdxvx
     HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoplay
     HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoplay\CLSID
     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoplay
     HKEY_CURRENT_USER\Software\videoplay
     HKEY_CURRENT_USER\Software\{NSINAME}
 

(reprinted with permission from Threatexpert)