Hello, I hope this is the right forum. I know that this is an easy fix, but i'm frustrated. I have been removing malware all weekend. I just reinstalled spybot s&d. There are three user accts on comp. Running windows xp sp2. The problem is that teatimer, is only starting on the admin acct that it was installed from. It is not starting on the two limited accts.Spybot is installed in C:\programs,but i can't locate the icon for teatimer in the folder, to move to the all users startup folder. I believe that in my frustration i'm over looking something. Any help would be greatly appreciated . Thanks Joe Mc

are all three user accounts administative? or the other 2 limited users(xp?)

teatimer is protecting administrative changes to the registry?

Chewy, I appreciate the reply. The two accts that teatimer isn't showing on are limited. Is that ok ? I have had 3 malware problems in the last 6 months and believe it's from one of the limited accts d\ling pictures.

jpegs and mp3's are pretty foolproof until it involves some microsoft program with some vulnerabilty that can be exploited

now IE or java from a bad website is a different story, the new spybot immunize should protect from the worst sites since the hosts file protection is global

someone can still install malware from a limited account by running as administrator, is your account password protected?

the default safe mode hidden adminstrator's account should be protected also, kids pass these tricks around, you can run a script from safe mode and enable that login for normal mode, run the script again and turn it off before you come home

I had this all types out and someone moved the post

Thanks Chewy, Yes the admin acct is p\w protected. I have been browsing thru the am i infected forum. I first noticed the malware problems when is started folding. After browsing the forums, i'm wondering if i have ever gotten rid of the malware to begin with. I do all my banking/bill's online. I won't be doing that anymore until i figure out whats up.This weekend my av/malware programs found.RiskTool.Win32.PsKill.p
Trojan.WinREG.StartPage
Trojan.Win32.RC5_Dropper.e Trojan horse downloader. presario A Anything else I should be doing would be greatly appreciated. Should I post in the am i infected forum ? Thanks joe mc

post some logs and details there, but just for the programs you are using

if it looks like it's a more serious problem then you will be refered on to the hijackthis forum, they are overloaded and there's quite a wait there, unfortunately there's not enough trained helpers to go around

don't get carried away with do-it-yourself fixes and use dangerous tools, you'll be reloading your computer

Thanks Chewy , i Will post there. Thanks for the help. Joe mc

I forgot to mention, one of the most dangerous programs in my experience is teatimer

that's the first thing they turn off when they are trying to fix your computer

Chewy, I have learned more from coming to bleeping comp,in the last few months. You guys/gals are great. I wish that i had a better understanding of computers when i started. I could have avoided alot of problems. I will turn teatimer off now. Thanks Joe MC

to assist; this thread http://www.bleepingcomputer.com/forums/ind...howtopic=136654

is now running in the 'am I infected' section ,to avoid duplication of advise