Hi all, I am experiencing an issue very similar to this person's: http://www.techspot.com/vb/topic149524.html I suspect it to be a similar issue, because when I see my history, I see arcadelevels.com, even though I have never been there. Description: Basically, it seems as if svchost.exe is spawning iexplore.exe with the -embedding parameter. Using process explorer, in the dll window for iexplore.exe, some strange, un-deletable temp files are being used (C:\Windows\Temp\~DF5D3D2AA42B296AAC.TMP, and others similarly named). Whenever I try to kill the process, it just pops back up. What I have tried For the moment, I have set my firewall to block iexplore.exe. These are the ip addresses it is trying to phone home to: 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124. That's not all of them, I think. Port ranges are about from 6300-6500. In addition, to prevent any more phoning home activity, I have iexplore.exe suspended in process explorer. I looked at msconfig and sysinternals autoruns to see if any suspicious items were starting up. Nada. I am totally at a loss at how to proceed. I have scanned using all sorts of anti-spyware/malware programs, and they have found nothing. I am currently using Comodo antivirus (and the rest of the internet security suite). I have not scanned with a different antivirus. Other I have attached my logs. My gmer log is too big to be attached - what should I do? Also, most of the entries seem to be for comodo, so should I do it again without comodo running? Not sure if this is related, but program for my pciexpress esata card might have been hijacked (SATARaid5ConfigService.exe). Recently it has been requesting access to the internet, even though it has never before. The ip address it tried to phone home to is 126.96.36.199 Thank you for any help!