HI, I believe I have some malware that I cannot remove and would appreciate some help. I have run MBAM and it found a number of threats, seemingly resolved some and told me to reboot to resolve the rest. However when running a full scan after reboot there were more threats shown including the one that was supposed to have been deleted (C:\$Recycle BIn...). From searching the forums it seems like others with a similar problem have needed to be talked through fixing it and I will be the same. Any help will be greatly appreciated! I will attach the initial MBAM log file as well as the one after reboot and the DDS and Attach files. Thanks, Fraser First MBAM scan Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.14.11 Windows Vista Service Pack 2 x86 NTFS (Safe Mode) Internet Explorer 9.0.8112.16421 Fraser :: DOUGLAS-PC [administrator] 19/04/2013 21:18:35 mbam-log-2013-04-19 (21-18-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238157 Time elapsed: 5 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 4 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-3074228592-795862466-625756439-1002\$d26638e23478b50239d4b3e8e95bca87\n.) Good: (shell32.dll) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\$Recycle.Bin\S-1-5-21-3074228592-795862466-625756439-1002\$d26638e23478b50239d4b3e8e95bca87\n (Trojan.0Access) -> Delete on reboot. (end) ----------------------------------------------------------------------- Second MBAM scan after reboot Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.19.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Fraser :: DOUGLAS-PC [administrator] 19/04/2013 21:57:15 MBAM-log-2013-04-20 (00-05-46).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 493743 Time elapsed: 1 hour(s), 59 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\$Recycle.Bin\S-1-5-21-3074228592-795862466-625756439-1002\$d26638e23478b50239d4b3e8e95bca87\U\00000001.@ (Trojan.0Access) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3074228592-795862466-625756439-1002\$d26638e23478b50239d4b3e8e95bca87\U\80000000.@ (Trojan.0Access) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3074228592-795862466-625756439-1002\$d26638e23478b50239d4b3e8e95bca87\U\800000cb.@ (Trojan.0Access) -> No action taken. (end) -------------------------------------------------- attach.txt dds.txt