Fighting ddaby infection. disabling many features of windows. please help

[cdny]

i have been fighting ddaby.dll and have run online scan which quarantined some files. upon reboot i am infected again.
i have a hijack this log, but IE has been modified not to open exe links and i am also unable to click the button to attach the hijack log here on this thread.
I do not know what to do.
I have run antivirus from safe mode which quarantined files, ddaby disappeared until reboot.
open windows do not minimize to toolbar and am unable to install antivirus software now, states windows installer service has not been started. tried to start manually, returns error about depenedants could not be started.
do not know what to do.
any asisstance would be greatly appreciated.
i wish i could attach the hijack log, but IE does not alow me to select the drop down menu
cd

 

[momok]

Hi cdny and welcome to techspot. =)

It seems you are unable to install any essential programs you will need for cleaning the system. Are you able to boot into safe mode? If you can run HijackThis, can u copy and paste the log here?

I suggest you do the following before doing anything else

Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
Do follow all the instructions exactly.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.

Our experts here will tend to your queries thereafter.

Also, please provide the results of the Antirootkit scan


Regards,
momok =)

This thread is for the use of cdny only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.

 

[cdny]

ok, three posts needed before i can post any links.....

 

[cdny]

cant paste from right click from within IE. I was going to copy and paste the forum posting error.
i'm going to try from notepad to IE now with the hijack log

 

[cdny]

part2

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KFBS - Unknown owner - C:\DOCUME~1\Matt\LOCALS~1\Temp\KFBS.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SystemSuite Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11706 bytes

1/3/2008 11:04:12 PM Denied (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\qttask .exe" -atboottime") changed in System Startup global entry!
1/3/2008 11:04:17 PM Denied (based on user decision) value "ISUSPM Startup" (new data: ""C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup") changed in System Startup global entry!
1/3/2008 11:04:28 PM Denied (based on user decision) value "{7EB77857-A7C0-462C-9612-B8A53490E6DD}" (new data: "") added in Browser Helper Object!
1/3/2008 11:04:35 PM Denied (based on user decision) value "{7EB77857-A7C0-462C-9612-B8A53490E6DD}" (new data: "") added in Browser Helper Object!
1/3/2008 11:04:38 PM Denied (based on user decision) value "{7EB77857-A7C0-462C-9612-B8A53490E6DD}" (new data: "") added in Browser Helper Object!
1/3/2008 11:04:40 PM Denied (based on user decision) value "{7EB77857-A7C0-462C-9612-B8A53490E6DD}" (new data: "") added in Browser Helper Object!

 

[cdny]

the links to clean or reformat you have listed within your reply to me, IE will not let me open any links. i have to write down the address and manually type it within IE.
spybot log is huge, but starts off with virtumonde-c:\windows\sys32\ybadd.ini