Good work. It's adding known bad sites to your trusted zone. I suggest you install a free tool called Spyware Blaster when we get you clean to prevent this in the future. You may also consider using an alternative browser to IE, as most malware from surfing is targeted towards the most popular browser.
==============================================
Remove bad HijackThis entries
- Run HijackThis
- Click on the System Scan Only button
- Put a check beside all of the items listed below (if present):
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
=======================================================
Right click on this link
DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
========================================================
Was Avira Root Kit Detection able to fix the 3 registry entries it found? It doesn't look like it, but was curious.
=========================================================
Open Notepad (from accessories)
copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below into Notepad.
Code:
@echo off
ATTRIB -R c:\windows\system32\iwsnec.dll
ATTRIB -R c:\windows\system32\kbmccn.dll
del unhidedll.cmd and exit
Save it to your desktop as File name:
unhidedll.cmd
Save as type:
All Files
Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.
==========================================================
Upload a File to Virustotal
Please visit Virustotal found
HERE
- Click the Browse... button
- Navigate to the file c:\windows\system32\iwsnec.dll
- Click the Open button
- Click the Send button
- Copy and paste the results back here please.
Do the same for
c:\windows\system32\kbmccn.dll
===========================================================
After you do this, we have just a few more things to remove, then can clean up and secure the system.