I, too, am a victim of this infection. I have run all of the fifteen steps, and have attached my files. I could not get ComboFix to run (something about an illegal instruction in the 16-bit MS-DOS subsystem) so I went the dss route, and Panda Antirootkit did not detect or remove anything. Symptoms: Sluggish IE -- it takes almost a minute and a half to open new instances or tabs. When I boot up and log on, I get a window with Photogallery in the title bar, and in the window a message saying "Preparing to install" and a progress bar. If I do not cancel, it goes on to ask me for the Photogallery disk, with a default browse location of "1". I have no idea what this is or where it came from, and I have no such disk. I have to cancel it three times to get it to go away. I also get a Crash Recovery window saying "Your last session crashed. Please check and open last URLs." The only URL listed is either a.doginhispen.com, b.skitodayplease.com, or 184.108.40.206, and it can be different with every boot and logon. Sometimes after logon the window just appears out of nowhere whether I have IE open or not. Of course I do not select it. I have installed and can run SpySweeper, SpyBot, SpyHunter, Windows Defender, AVG and they all show something different. Thanks in advance for help with this.