Hi, I have 2 desktops (one Vista, one XP-SP3), they are connected to internet through an SMC gateway/router with SPI firewall enabled and unique password/username. Would appreciate some help in a puzzling situation, here is what happened chronologically: 1. internet service was cut off by ISP due to Mebroot / rootkit (that's what they told me) 2. ran MBAM on both desktops in safe mode and nothing was found 3. to play safe, ran fixmbr, bootfix on both desktops, afterwards, ran MBAM again, found nothing 4. to even play safer, ran scan with 2 other free virus scanner and found nothing 5. both desktops have MBAM installed, up to date and enabled 6. called ISP and told them what actions were taken, service was turned back on 7. 6 days later, service was shut off again with same virus signature, during this period, both desktops were only used for simple browsing, no download (especially P2P), no online gaming, no questionable web sites etc. 8. MBAM found nothing but I repeated 3 & 4 anyway 9. called ISP which re-enabled my service 10. 4 days later, ISP shut me off again, same virus.. Questions: 1. How do I know if ISP is correctly identifying a virus? 2. Before reformatting and reinstalling Windows on both desktops, any simple way confirming desktops do have virus? 3. I am asuming MBAM will detect mebroot and continue to safeguard desktops from it, correct? 4. Both desktops are running smoothly, no slow down, no browser redirection, absolutely no issue, I checked the registry and cannot find entries related to the virus as suggested by some people. Really puzzled, would appreciate some help. Thanks in advance.