Boot in Safe Mode
Switch off System Restore
Use ctrl/alt/del and in Taskmanager try to stop:
MsnMsgr.Exe
emptemp2.exe
PowerReg Scheduler V3.exe
Next, UNinstall anything to do with this FAKE:
C:\Program Files\MSN Messenger\MsnMsgr.Exe
Next, run HJT on its own and let it 'fix' if still there:
C:\Program Files\
MSN Messenger\MsnMsgr.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: emptemp2.lnk = C:\Program Files\
Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Startup:
PowerReg Scheduler V3.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105964427656
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C20EB175-0DD0-4979-A994-1F0DBA69F627} (EGEGAUTH Class) -
http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1032_EN_XP.cab
If these are NOT from YOUR ISP, 'fix' with HJT
O17 - HKLM\System\CCS\Services\Tcpip\..\{98EE1F25-E5F2-4CB3-9E11-0DBA7D058FDF}: NameServer = 203.12.160.35 203.12.160.36
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.
Empty all contents from your \Temp directory.
Boot normal. If all OK, turn System Restore back on.
And stop using IE except for Windows updates!
go to
www.getfirefox.com