All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions.
See this pictorial guide.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how
HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how
HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(
if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
mmsass
<According to your HJT log, this service is definitely running.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(
if there).
AS.exe
mmdmm.exe
ApcMain.exe
dna.exe
Close task manager.
O4 - HKLM\..\Run: [ActiveSpeed] C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [Tucan] "C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for AntiRootkit.zip\PAVARK.exe" /Monitor
O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m (User '?')
O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" (User '?')
O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [Tucan] "C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for AntiRootkit.zip\PAVARK.exe" /Monitor (User '?')
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE76A0-CB0A-4F8E-9B06-8D5579267825}: NameServer = 213.55.64.36 213.55.64.38
<Only fix this, if it doesn`t belong to your ISP.
Click on the fix checked button.
Close HJT.
Locate and delete the following
bold files and/or directories(
if there).
mmdmm.exe<Search your system for this file and delete all instances found.
Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.
Click edit and choose find. Type mmdmm.exe into the dialogue box and click the find next button. Regedit will now search your registry for any entries that contain a reference to mmdmm.exe and display them in the righthand pane. Right click on any such mmdmm.exe entries and choose delete.
Now click edit again and choose find next. Again, delete any entries that reference mmdmm.exe.
Repeat the above, until no more mmdmm.exe entries are found.
Close regedit.
Reboot into normal mode and rehide your protected OS files.
Run the Panda antirootkit scan and let me know if it finds anything. If it does, I need to know exactly what is found and it`s exact file path.
Post fresh HJT, AVG Antispyware and Combofix logs.
Regards Howard
This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.