Running Malwarebytes Premium. Here is a sample from the log. Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49219, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49219, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49231, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49243, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49255, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49267, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49279, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49291, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49303, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49315, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49327, Outbound, C:\Windows\System32\spoolsv.exe, 198.105.244.114 is a know bad place to go. Neither Malwarebytes nor Microsoft's security program finds any problems with spoolsv.exe, the print spooler. The Properties of spoolsv.exe matches other copies exactly, including size. My tentative conclusion is that something is trying to "print" to the network as a means of phoning home. Identifying that something is my immediate concern. One recent change in my system is installing a new hard drive, onto which a copy of W7 was installed as dual boot with this copy of W7. The new copy was then updated to the latest 7.1, fully patched, and then to W10. Since then I have had to uninstall one Gigabyte utility from the W10 copy. Note that I have done minimal browsing from W10 but I am running there without Malwarebytes. Both hard drives are visible from both copies of Windows. I can't see how the W10 copy could be involved, but what do I know? Thanks for any light you can shed! RH in CT FRST.txt Addition.txt