ok, from normal boot mode run MBam, make sure it's updated, then have it fix any issues that it finds, if it asks to reboot, do so. After it reboots run Mbam again and check to see if the infection returned, don't have mbam fix anything this time, just use it to find the infected file/registry entry.. Then run hijackthis, scan and creat logfile; then look for the following:

O4 - HKLM\..\Run: [Yqebebeva] rundll32.exe "C:\WINDOWS\isabogiseyite.dll",e

or something like that; It will usually be the same name/s as the entry/s shown in your latest mbam log. If you see them in your hijack this scan, check the box next to the entry and have hijack this fix the issue; then run MBAM after running the hijackthis fix.. Have mbam fix any issues that it finds. Killing the entries in hijackthis should allow MBAM to delete the files without rebooting, but it's only removing the recently created files/registry changes, rather than finding and deleting the malware that is creating the files.. If it happens over and over like this, the infection may be in the form of a rootkit.

If nothing is found, try the vundofix application from normal mode. See if vundofix finds anything; then try rebooting into normal mode and run MBAM once again to see if the infection returns. If it does. It most likely will keep on returning since neither application is finding the malware that is creating the new files.. You may need another couple of applications, crapcleaner and combofix are two recommended applications to help deal with vundo.. You can run crapcleaner on your own and have it fix any issues that it finds, provided you follow the crapcleaner instructions, and know how to configure it's MANY settings, to suite your needs. I have a couple posts on running and configuring crapcleaner on here somewhere. I will quote the instructions to this thread once I find them.

Combofix requires specific instructions from someone that knows how to use it; I'm not certain of the process, it would be best if jholland "Judy" or another forum staff member takes a look into helping with your issue. I may have muddied the water, but no more than following the instructions posted in the before you post for help sticky.. so it's best to post any new Mbam logs/hijackthis logs that you have created while trying to fix the issue since this post.. That way we can backtrack what has been found so far.

I have asked for help on this one from other staff volunteers as I don't usually provide help in here, the anti-spyware/malware stuff seems to be mostly greek to me, although it's becoming easier, I still don't know all the tricks..