ran a number of programs such as SpyBot Search & Destroy, GMer's RootKit detector
Did you enable the 'TeaTimer' in Spybot when you installed it?
If so, please disable it.
Please disable Spybot S&Dís TeaTimer protection, because it is known to interfere with our fixes.
You can enable it again after you're clean.
Open Spybot and click on 'Mode
' then click 'Advanced Mode
Click on 'Tools
' in bottom left hand corner.
Click on the 'System Startup
' box and/or uncheck 'Resident
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident
Reboot the computer.
Have you tried running 'SuperAntiSpyware' from one of the other accounts?
It should also clean the others.
Please download and scan with SUPERAntiSpyware Free
- Double-click SUPERAntiSypware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
- In the Main Menu, click the Preferences... button.
- Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
- Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen and exit the program.
- Do not run a scan just yet.
Please reboot your computer in Safe Mode
by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;You will need to use the 'keyboard arrow keys' to navigate on this menu
* Select the first option, to run Windows in Safe Mode
, then press "Enter
* Then choose your usual account.Scan with SUPERAntiSpyware as follows:
- Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes" and reboot normally.
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
If this doesn't work, have you tried making a new account for the infected user?
If that works, remove the infected account.