This is not really malware, I know. It is one of the "legitimate" rootkits and it is installed (according to Wikipedia) by many MMORPGs. In my case, it has been on my computer for almost a year since I installed Alliance of Valiant Arms, a free MMORPG that Steam was offering. I have long since uninstalled the game, but apparently this file remained. Webroot has not detected it. Probably understandable. HitmanPro has also not detected it, until now. I don't know if this is due to just a database change/update or if this is because they started using BitDefender (which is a very good thing btw)! I no longer use this game and I probably won't ever because I didn't like it and it was buggy; nevertheless, it was legit. I'm wondering now if I should activate my HMP license and have it clear this "rootkit" or manually tell Webroot to remove this file, OR do nothing since it is really there for anti-cheat purposes and it may get installed again if I ever install another MMORPG that uses it. Just some quick details courtesy of HMP's description: File/detection name is GameMon.des It installs in C:/Windows/SysWOW64 It's 3.8 MB Entropy is 7.9 Product is nProtect Game Monitor Vendor is INCA Internet Co., Ltd. Service name is npggsvc Sorry to beat around the bush HitManPro, but if my paid solution has a good manual cleanup feature (which Webroot does), I'm apt to use that instead of buying your license. Joe, if I were to use manual cleanup for this, I assume I can simply point it to that file.