Hi --AuRyn-- and Welcome to the Bleeping Computer!
Download WinPFind: http://www.bleepingcomputer.com/files/winpfind.php
Right Click the Zip Folder and Select "Extract All"
Don't use it yet
Download Pocket KillBox from here:http://www.atribune.org/downloads/KillBox.exeHighlight
the list below and press Ctrl+C
Open Pocket Killbox
-> Click File
-> Click Paste from Clipboard
Place a tick by Delete on Reboot
-> Place a check by Process all in List
Click the Red Circle
to the Prompts
that follow and let Killbox Reboot the PCReboot
into SAFE MODE
(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet
O4 - HKLM\..\RunOnce: [0tp06.exe] C:\WINDOWS\System32\0tp06.exe /k
O4 - HKCU\..\RunOnce: [0tp06.exe] C:\WINDOWS\System32\0tp06.exe /k
Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button
From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"
It will scan the entire System, so please be patient
One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder
and enable everything in the startup area. To get to MSCONFIG, click on Start
-> type in MSCONFIG
-> click OK
Under the "General" Tab
Make Sure "Normal Startup-load all device drivers and services
" has a green tick by it
->Follow the Prompts to Restart
Restart Normal and Download and Save Blacklight
to your desktop:
then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next
You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).Copy and paste
this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
Post back with a fresh HijackThis log and the results of WinPFind and Blacklight.