Thanks for helping, Borislav.I have run the TDSSkiller application. It found one infected driver. I then rebooted as directed. Following is the log. I left out the list of drivers it scanned for easier reading. 2010/12/28 07:08:09.0848 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/28 07:08:09.0848 ==================================================== 2010/12/28 07:08:09.0848 SystemInfo: 2010/12/28 07:08:09.0848 2010/12/28 07:08:09.0848 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/28 07:08:09.0848 Product type: Workstation 2010/12/28 07:08:09.0848 ComputerName: RANDY-LT 2010/12/28 07:08:09.0848 UserName: randy 2010/12/28 07:08:09.0848 Windows directory: C:\WINDOWS 2010/12/28 07:08:09.0848 System windows directory: C:\WINDOWS 2010/12/28 07:08:09.0848 Processor architecture: Intel x86 2010/12/28 07:08:09.0848 Number of processors: 1 2010/12/28 07:08:09.0848 Page size: 0x1000 2010/12/28 07:08:09.0848 Boot type: Normal boot 2010/12/28 07:08:09.0848 ==================================================== 2010/12/28 07:08:10.0449 Initialize success 2010/12/28 07:08:20.0974 ==================================================== 2010/12/28 07:08:20.0974 Scan started 2010/12/28 07:08:20.0974 Mode: Manual; 2010/12/28 07:08:20.0974 ==================================================== 2010/12/28 07:10:26.0044 Scan finished 2010/12/28 07:10:26.0044 ==================================================== 2010/12/28 07:10:26.0064 Detected object count: 1 2010/12/28 07:11:26.0040 Cdrom (a31d3f13c972a6a5cb3b15f69fa3b531) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/28 07:11:26.0040 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: a31d3f13c972a6a5cb3b15f69fa3b531, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe 2010/12/28 07:11:29.0836 Backup copy found, using it.. 2010/12/28 07:11:29.0956 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot 2010/12/28 07:11:29.0956 Rootkit.Win32.TDSS.tdl3(Cdrom) - User select action: Cure 2010/12/28 07:12:20.0088 Deinitialize success So far, there has been no pop ups. On a possibly unrelated issue, I set the Malwarebytes protection mode to on and set start with Windows. Until yesterday, this has always enabled protection on Windows start up. Now, when I boot the system, Malwarebytes protection is disabled. I have to manually start the protection. I have performed a full scan after updating the application to 1.50.1.1100 and the database to version 5405. It found no suspicious items.