Boot in Safe Mode
Try to UNinstall anything to do with this crap:
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\tioga\client\bin\tgcmd.exe
C:\apps\supportcom\bin\tgfix.exe
Next, press ctrl/alt/del and try to stop these processes:
msupd5.exe
regsvc.exe
mgbrvhyi.exe
tgcmd.exe
Next, run HJT on its own and 'fix' (if still there):
C:\WINNT\system32\
msupd5.exe
C:\WINNT\system32\
regsvc.exe
C:\WINNT\system32\
mgbrvhyi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hub.slb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.hub.slb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {19465EEA-66ED-9DD5-4C60-836C3AF45C0D} - C:\WINNT\system32\
cfcbvxva.dll
O2 - BHO: (no name) - {C34ACC26-C638-0FDD-BC9D-A3857A1CFB08} - C:\WINNT\system32\
ufzyblth.dll
O4 - HKLM\..\Run: [Tgaddsrv] "C:\
apps\supportcom\bin\tgfix.exe" /fds
http://nam.mydexa.com/opssupport
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\
tioga\client\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\
STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [mgbrvhyi] C:\WINNT\system32\
mgbrvhyi.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe
p2esocks_1029.dll,InstantAccess
O4 - Global Startup: cp_lawsonprod.bat
--->>> you decide <<<---
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .ext: C:\Program Files\Internet Explorer\PLUGINS\
npradia.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hub.slb.com
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://www.addictivetechnologies.net/DM0/cab/36yf30fg.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) -
http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1029_EN.cab
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) -
http://www.clickedyclick.com/Download_Helper/fsloader_v3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eur.slb.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B2D6404-F5C0-4950-9D2E-D801E1813733}: NameServer = 134.32.125.3,134.32.26.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eur.slb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eur.slb.com
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINNT\system32\msupd5.exe
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.