I've seen a few instances of malware that works as follows: I'll see some junk filename in task manager like fj6kgi.exe. Killing it simply causes another randomly named .exe file to appear. Msconfig shows the file lives in c:\windows\system32 I'll boot from a CD or view the disk from another machine but the .exe file can't be found. (yes, hidden & system files are visible) Listing all .exe files in the system32 folder and sorting by date shows no odd filenames with recent dates. So its like the files only exist when Windows is running (even in safe mode) and then it can't be killed or deleted. If Windows isn't running, there's no files to delete. Antivirus & antispyware programs don't detect it.