Done "Read & Run Me First" to remove Malware... all seems better except

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

What are these:
C:\Documents and Settings\2\Desktop\default.xex
C:\Documents and Settings\2\Desktop\Woodmn

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now empty:
C:\WINDOWS\Temp\
C:\Documents and Settings\2\Local Settings\temp\

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Be sure to tell us how things are running.

 

Sorry..we didn't use avenger..so not to worry with that.

Did you save what I wrote in the quote box to notepad and then title it fixMw.reg when you save it and select "all files" as the type?

 

This indicates to me that you did not highlight the text in the quote box and then open notepad and paste it in.....then save the notepad as directed.

 

Looks good......now as far as your desktop...you need to right click it / properties / desktop / customize / web / and make sure there is nothing there...

If you are not having any other malware problems, it is time to do our final steps:

1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
2.
* Click START then RUN
* Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
* Note: The space between the cf and the /U, it must be there.
3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
5. If you are running Windows XP or Windows ME, do the below:
* Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
6. After doing the above, you should work thru the below link:
How to Protect yourself from malware!

 

You're very welcome....safe surfing.