Also This:
As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.
Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.
Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen.
You have quite a mixture of malware. Let’s see what we can do with the first sweep.
I note that you are running HijackThis from Desktop; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the programme into it. It is very important you do this before anything else since backup files can be deleted if they are not within their own folder!
Click My Computer, then C:\ and then Program Files.
In the menu bar, go to File>New>Folder. That will create a folder named New Folder, which you can right-click on and rename to HJT or HijackThis. Now you have C:\Program Files\HijackThis. Cut ‘n’ Paste your HijackThis.exe into it.
Firstly could you please disable Spyware Doctor from running during the fix, it may just hinder our attempts to change anything.
To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:
Killbox by Option^Explicit
CCleaner
AntiPuper
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R3 - URLSearchHook: (no name) - {F7C70373-7EEC-F96A-55D7-5132BD6A55CD} - atl_helper.dll (file missing)
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll (file missing)
O4 - HKLM\..\Run: [dmgsh.exe] C:\WINDOWS\system32\dmgsh.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} –
Now close all windows other than HiJackThis, then click Fix Checked.
Please install Killbox by Option^Explicit.
* Please double-click Killbox.exe to run it.
* Select Delete on Reboot
* then Click on the All Files button.
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\dmgsh.exe
* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Utilities uncheck Ewido Security Suite log, then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues
[Link: geekstogo.com]
