Infection which disables Anti-virus software, repeatedly opens IE

Hello,

I'd like to start by saying that yes, I did read the READ & RUN ME FIRST thread, and I did attempt to follow all of the steps. However, after having downloaded and installed Spybot Search & Destroy, I was unable to run it as the main .exe file was missing. The same thing has happened when I've tried downloading Avast, and it wouldn't even let me complete the installation for AVG or Norton.

Furthermore, when I tried to boot in safe mode, all I got was a nice little BSOD for a split second before the computer rebooted again. I attempted to boot into safe mode several times, but it wouldn't let me. I can boot just fine into normal mode with no BSOD, however.

I'm also a bit wary of performing step 6A, since the malware infection has been repeatedly opening IE, I'd rather not risk opening it myself to use for anything. I've used Opera for years, and am using it right now to post this.

So with that in mind, I did attempt to complete the rest of the steps, and ran Ccleaner and Counterspy in normal windows. Since running Counterspy, I haven't had any trouble, but I am skeptical that the infection is gone, as I've thought I had killed it already a few times only to have it reappear later.

I've included the logs from Counterspy, runkeys, and newfiles, and will make a second post with the log from HijackThis. I'd just like to note that since the username for my windows account is the same as my real name, I've replaced all instances of it in those files with my nickname on this forum for my own privacy.

So here's the history of the infection and everything I know about it:

About a week and a half ago, I finally got around to installing SP2 and all of the security updates available for windows through windows update. Shortly after this, I downloaded a file I obviously shouldn't have, which promptly infected my computer BraveSentry. I removed the infection, but soon my computer started beeping at me incessantly (the "default beep" sound, to be specific). So I opened the task manager and found three instances of iexplore.exe running despite there not being a single IE window open. I promptly closed all three, and went back to what I was doing, when it started beeping again. I opened the task manager again and closed it again.

I also looked for suspicious processes running and found svehost.exe running, so I closed that as well, found and deleted the file, then googled it to find out it was WORM_SPYBOT.H. I deleted the registry keys mentioned on the page I found, and thinking that might be the end of it, I continued what I was doing. A little while later I get the same beeping, and an IE process running again. Fed up, I try the bandaid solution of renaming the iexplore.exe file so that the virus can't open it any more, but either it or windows just creates a new one over and over every time I try deleting or renaming it.

At this point I decide I need to permanently fix this, so I run Adaware (which seemingly worked fine, and did find and remove some cookies) and go to run the anti-virus software I had on my computer (but had never used) called ClamWin (an open source program) but I find the .exe file is missing. So I decide to download AVG. I do, and get an error just as it finishes installing. I try again to no avail. I download and install Avast and discover that its main .exe file is missing too, but AHA! There's still the file ashSimp2.exe in the Avast directory, which I use to run a scan with. It finds about half a dozen trojans (whose names I can't remember) by the time it finishes its thorough scan. I have them all deleted, and hope that it's over. But it isn't. A little while later I get that beeping again and again I have to go close the IE process over and over. I run the Avast and Adaware scans again, they fnd more trojans and cookies and delete them, but that obviously doesn't do anything to fix the problem.

I start thinking to myself that maybe Avast just isn't equipped to deal with this infection, but something like Norton might be. So I go to download NAV, but again I get an error when I try to install it. This infection is one tough nugget. Also by this time, I've found and removed three worms running as proccesses in the task manager: svehost.exe (WORM_SPYBOT.H), wintems.exe (W32/Bagle.gen aka Win32/Mitglieder.CT!Trojan) and hldrrr.exe (Trojan.Toosoo.R).

I then decide to ask for some help on a forum, I found this one and started to follow the procedure in the READ & RUN ME FIRST sticky before creating a new thread, and I followed all of the steps I was able to follow before posting this thread.

So essentially what I have is a very nasty infection that is either spoofing other infections or actually installing these other trojans and worms on my computer; which is able to disable anti-virus software I download even when I've disabled every single non-essential process (including explorer); and which for some reason or another, is constantly running the iexplore.exe process but not actually opening any IE windows.

I would greatly appreciate any help that any of you can offer, and I thank you deeply for offering your time to help me.

 

Hijack this log

 

I'm in the process of doing everything you've stated, including even removing the poker software, and I will post an update along with the information you requested when I am finished.

However, I have to tell you that I am 100% certain that this infection is not a result of Pokerstars, Pokerstove or Pokeroffice. Pokerstars is a highly reputable card room that would have way too much to lose by offering infected software and Pokerstove and Pokeroffice are used by so many people, none of whom have ever complained about malware caused by them that I am absolutely certain they are safe to use. I do know where the virus originated and it had absolutely nothing to do with poker.

I don't know why you see the word Poker and immediately assume that it must be bad, but I can assure you that those programs are not at all malicious.

 

I've finished everything that you've asked me to do (including removing the poker software even though I know it is safe), and here are the log files:

 

And here's the combofix file

 

I know this problem was close to being solved anyway, but my computer was a mess and I wanted to be 100% sure it was clean, so I just decided to reformat the partition. Just wanted to let you know. I've got some questions about organizing my partitions (Their letters got all messed up when I installed windows) but I'm sure there's another forum for that, so I'll ask there. Thank you very much for your help.