getting duplicate iexplore instances which appear on ctrl+alt+del.have run everything known to man for malware and virus.have found this in hijack this log and it reappears and backs itself up some time after opening windows and iexplore reappears also. 04 - HKCU\..\RunServices: [Bird Link] C:\WINDOWS\APPLIC~1\MPEGON~1\Team Else.exe Any ideas welcome

There must be a second part somewhere in your startup or an infected program that is putting it back. Unless you are getting infected from another system. I hope you have some sort of firewall in place. Have you installed a MPEG video player recently? It might be part of it. Recommend you do the following. Go to the the C:\Windows\Applications Data\MPEGON~1\ folder and locate the Team Else.exe file and look at its properties. See if you can not sort out what it is and that it is OK. If not, go to the web site VirusTotal.com. Click "Browse.." button on their web page by "Select file" and locate the file on your system, and upload it to their server. Then wait and see if they recognize it as a know virus/trojan.

am posting hi jack this log. teknum has returned also had been gone 2 days plus another team else has appeared! many thanks for help. Logfile of HijackThis v1.99.0 Scan saved at 20:05:58, on 07/01/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISSERV.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\SSDPSRV.exe C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.exe C:\PROGRAM FILES\TV VIEWER\ANNCLIST.exe C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISUM.exe C:\WINDOWS\EXPLORER.exe C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\IAMAPP.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe O4 - HKLM\..\RunServices: [VidSvr] O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.exe" /0 O4 - HKCU\..\Run: [Bird Link] C:\WINDOWS\APPLIC~1\MPEGON~1\Team Else.exe O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/ActiveData.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v45/yacscom.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4417/mcfscan.cab

Wilbert, you were helped by one of the best here. http://castlecops.com/postp409519.html Fix checked this line O4 - HKCU\..\Run: [Bird Link] C:\WINDOWS\APPLIC~1\MPEGON~1\Team Else.exe Reboot into safe mode Find and delete: C:\WINDOWS\APPLIC~1\MPEGON~1<delete this folder. it has a longer name starting with MPEGON~1