Help with av_md.exe

[mrkam]

Hi
I am using Vista ultimate version. I tried to restart my PC and although it started windows after 2-3 minutes windows will not respond and will not let me do anything, so I started in safe mode and scanned using Malware Bytes v1.42 and here is the log file


Malwarebytes' Anti-Malware 1.42
Database version: 3436
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18865

12/27/2009 2:28:47 AM
mbam-log-2009-12-27 (02-28-47).txt

Scan type: Quick Scan
Objects scanned: 102409
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\av_md.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\svehost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\KaM\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\KaM\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\KaM\AppData\Roaming\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

After that I tried to system restore but It does not work, It does not give any errors but It is stucked at system initialization(I waited for 5 hours)
Any advice at this point?
Thanks.

[Pondus]

MBAM is designed to work best in normal mode and not safe mode, so update and run a new quick scan

respond and will not let me do anything, so I started in safe mode and scanned using Malware Bytes v1.42 and here is the log file

sorry did not see this

[Tarq57]

Attempting to use system restore after running MBAM was probably not the best thing to do.
Try and boot into normal mode.
Then, as Pondus suggested, run another quick scan with MBAM.

[mrkam]

Attempting to use system restore after running MBAM was probably not the best thing to do.
Try and boot into normal mode.
Then, as Pondus suggested, run another quick scan with MBAM.

I didnt use system restore after MBAM. I restarted, but nothing was changed so I started in safe mode again and then tried system restore. By the way before trying anything else I had already tried system restore. Right now I can only do something in safe mode.

[Tarq57]

Try "Last known good configuration".

What other security software is installed/active?

[mrkam]

Last Known Good Configuration does the same thing windows startes, and I cant do anything after few minutes. I am only using Avast home edition 4.8.

[Tarq57]

Do you have your Vista installation CD?
You could try a repair install of Windows.

[mrkam]

I am using HP notebook which does not give installation CD, but instead has a recovery center. This "recovery center" only offers going back to factory settings(deleting everything). So I can backup my files and use this option but I do not want to do that.

[Tarq57]

If you have access to a clean computer, I'd suggest trying a rescue disk. In This post there is a list with links to three you could try. (Choose one).
Kaspersky and DrWeb also have these available, if you prefer I'll find some links.
I don't know what else to suggest.

[Tarq57]

Here's another post with links to the Kaspersky and DrWeb bootable recovery disks.http://forum.avast.com/index.php?topic=49359.msg417179#msg417179

[mrkam]

If my system files are corrupted, will I be able to fix them by using DrWeb(or any other options) or will I have to repair(re-install) windows system files? Because if I will have to deal with windows after cleaning virus(or whatever is wrong with my pc), It is the same story. Since I can only start in safe mode, my guess is windows needs repair(I have no knowledge on these stuff tho.). So what do you suggest?
 
Thanks Tarq for your time and help. I know it is messed up and cant be helped much. 

[Tarq57]

I'm sorry, mrkam, but I haven't any experience of using such a disk, only read about the process and results, mainly on this forum (you could try a forum search for more info, maybe).
What I've read leads me to think that this might be the best chance of fixing your problem. (Wouldn't hurt to back up your files first, if you can.)
I've read that DrWeb has a good reputation at being able to heal infected files. I'd probably go with that one, but frankly, any of them are likely to be able to fix your system up, if it's fixable.
You need to make sure your computer can boot from a CD. This can be checked in the BIOS settings, but I think that's pretty standard.

[mrkam]

Ok, I will try these things
1. Your first advice,  try to repair windows.

http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/

This link provides a recovery disk for users that does not have an installation disk but instead a so-called ''recovery center''.

2. Try using DrWeb

But first I need to backup my files as I may mess things further where I cant get backups easily. I will post the results in case someone else has the same(similar) problem.
 

[mrkam]

Hello,

I just backed up all my important files and after that, instead of trying to repair anything I just wiped everything out and re-installed windows, so basically this is the trivial solution. Anyhow i didnt want to go through all the repairing stuff, so this probably wont help any1  . Still I do not know what is the cause of this problem and how to prevent it if that ever happens again. 

Thanks