Its time to get rid of those registry entries you mentioned for MntDrCore.exe and svch0st.exe (note this has a numeric 0 in the 5th position). We'll also take of killVBS.vbs while we're at it.
Download ERUNT from here and back up your entire registry
http://www.snapfiles.com/get/erunt.htmlNext we'll create a registry fix. Copy and paste ALL of the information below in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE > ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop
REGEDIT4
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08ef52f9-313f-11dc-b644-00167675b7f3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ea80f37-2868-11dc-b61f-00167675b7f3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f2db76-313e-11dc-b643-00167675b7f3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f59142c-2f9d-11dc-b639-00167675b7f3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b2273dc-2be9-11dc-b62e-00167675b7f3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90805d17-30f9-11dc-b640-00167675b7f3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c29761e-2a1b-11dc-b623-00167675b7f3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba03a77c-2539-11dc-9e59-00167675b7f3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c393d5ae-2a1c-11dc-b624-00167675b7f3}]
To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.
Now open OTMoveIt and paste in this path
c:\virus
c:\windows\system32\killvbs.vbsClick the move button and post the results (killvbs.vbs may not be found but I would like to make sure it is gone).
Your L: and M: drives both also carried the infection. You should now mount each of them and delete any of these files if found in the root
MntDrCore.exe
SSCVIIHOST.exe
Svch0st.exe < - Again, this has a numeric 0 in the 5th position
You must also empty the recycle bin for all drives as a fake ctfmon.exe located in the recycle bin on the M: drive was being run from the registry.
After doing all of the above please post fresh ComboFix and HJT logs.
EDIT: added a path to the OTMoveIT list
Did you create a file named C:\virus.zip on 8 August? Possibly to upload a sample to avast, or is this file unknown to you?