virtualmonde [Archive] - Safer-Networking Forums

msutera

2008-05-02, 01:55

i have read the instuctions on how to remove this. here is the combo fix log.

please help.

omboFix 08-04-29.5 - Matt S 2008-05-01 18:44:38.1 - NTFSx86

Running from: C:\Users\Matt S\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\bho.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\tmp3.exe
C:\Windows\resources\AlrtBoot.dll
C:\Windows\System32\bhtfopbx.ini
C:\Windows\system32\bmoxwsvy.ini
C:\Windows\System32\cbcKRBeg.ini
C:\Windows\System32\cbcKRBeg.ini2
C:\Windows\System32\cbvkbgfi.ini
C:\Windows\System32\CKkTDfhk.ini
C:\Windows\System32\CKkTDfhk.ini2
C:\Windows\system32\ditwxkbm.ini
C:\Windows\System32\EMTwyGgh.ini
C:\Windows\System32\EMTwyGgh.ini2
C:\Windows\system32\eOUtCfhk.ini
C:\Windows\System32\eOUtCfhk.ini2
C:\Windows\system32\evwbngou.ini
C:\Windows\system32\grlmsuib.ini
C:\Windows\System32\gyeaviai.ini
C:\Windows\System32\hggiSvut.ini
C:\Windows\System32\hggiSvut.ini2
C:\Windows\System32\HkSBayay.ini
C:\Windows\System32\HkSBayay.ini2
C:\Windows\System32\hOUwyFii.ini
C:\Windows\System32\hOUwyFii.ini2
C:\Windows\system32\hrjcegca.ini
C:\Windows\System32\iknmdwva.ini
C:\Windows\System32\IlTsBaKj.ini
C:\Windows\System32\IlTsBaKj.ini2
C:\Windows\System32\iQprqBeg.ini
C:\Windows\System32\iQprqBeg.ini2
C:\Windows\system32\jsxbygpv.ini
C:\Windows\system32\khfDTkKC.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mgftxxjj.ini
C:\Windows\System32\nqeyrxhk.ini
C:\Windows\System32\nXIhRXyb.ini
C:\Windows\System32\nXIhRXyb.ini2
C:\Windows\system32\ofubyqgx.ini
C:\Windows\System32\OWaJmUvw.ini
C:\Windows\System32\OWaJmUvw.ini2
C:\Windows\System32\PAKUCfhk.ini
C:\Windows\System32\PAKUCfhk.ini2
C:\Windows\system32\pgtjdord.ini
C:\Windows\System32\pmbjagci.ini
C:\Windows\System32\PpqqYcdd.ini
C:\Windows\System32\PpqqYcdd.ini2
C:\Windows\system32\rciowesc.ini
C:\Windows\System32\RYxyxyay.ini
C:\Windows\System32\RYxyxyay.ini2
C:\Windows\system32\UBJPWvut.ini
C:\Windows\System32\UBJPWvut.ini2
C:\Windows\system32\ufjhkdvd.ini
C:\Windows\system32\uhuepwyr.ini
C:\Windows\System32\UwELlnpo.ini
C:\Windows\System32\UwELlnpo.ini2
C:\Windows\system32\wuwrfooi.ini
C:\Windows\System32\WvwEdcdd.ini
C:\Windows\System32\WvwEdcdd.ini2
C:\Windows\system32\x64
C:\Windows\System32\xbeMmUtv.ini
C:\Windows\System32\xbeMmUtv.ini2
C:\Windows\system32\xjbaynmf.ini
C:\Windows\System32\Ycbayccf.ini
C:\Windows\System32\Ycbayccf.ini2
C:\Windows\System32\YFfiRXyb.ini
C:\Windows\System32\YFfiRXyb.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 18:49 . 2008-05-01 18:49 0 --a------ C:\Windows\System32\cjatcfmx.exe
2008-05-01 18:42 . 2008-05-01 18:42 114,688 --a------ C:\Windows\System32\rilatspu.exe
2008-05-01 17:03 . 2008-05-01 11:27 35,617 --a------ C:\Windows\alaredun.ini
2008-04-28 07:43 . 2008-04-28 07:43 98,304 --a------ C:\Windows\System32\ryjwjwtk.exe
2008-04-25 13:35 . 2008-04-25 13:35 94,208 --a------ C:\Windows\System32\slmfczqp.exe
2008-04-23 12:07 . 2008-04-28 17:55 93 --a------ C:\Windows\System32\PDFWRITR.INI
2008-04-23 12:07 . 2008-04-28 17:55 93 --a------ C:\Windows\System32\__PDF.INI
2008-04-21 09:34 . 2008-04-21 12:51 414 ---hs---- C:\Windows\System32\qyvjqtiv.ini
2008-04-21 07:19 . 2008-04-21 07:55 594 ---hs---- C:\Windows\System32\scxraffu.ini
2008-04-20 19:24 . 2008-04-20 20:36 534 ---hs---- C:\Windows\System32\bvlwildk.ini
2008-04-18 14:56 . 2008-04-20 19:18 414 ---hs---- C:\Windows\System32\mukrnjvh.ini
2008-04-18 14:50 . 2008-04-18 14:50 94,208 --a------ C:\Windows\System32\dmzmbwte.exe
2008-04-18 12:46 . 2008-04-18 12:46 98,304 --a------ C:\Windows\System32\dgxezede.exe
2008-04-18 11:03 . 2008-04-18 11:03 98,304 --a------ C:\Windows\System32\anyxsbcd.exe
2008-04-18 09:39 . 2008-05-01 18:32 2,278 --a------ C:\Windows\wininit.ini
2008-04-18 09:16 . 2008-04-18 09:41 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{fc3f8451-0d46-11dd-8268-001bb97a67db}.TMContainer00000000000000000002.regtrans-ms
2008-04-18 09:16 . 2008-04-18 09:41 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{fc3f8451-0d46-11dd-8268-001bb97a67db}.TMContainer00000000000000000001.regtrans-ms
2008-04-18 09:16 . 2008-04-18 09:41 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{fc3f8451-0d46-11dd-8268-001bb97a67db}.TM.blf
2008-04-18 08:49 . 2008-04-18 08:48 691,545 --a------ C:\Windows\unins000.exe
2008-04-18 08:49 . 2008-04-18 08:49 2,541 --a------ C:\Windows\unins000.dat
2008-04-18 08:44 . 2008-04-18 08:58 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-18 08:44 . 2008-04-18 08:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-17 17:49 . 2008-04-16 04:07 290,816 --a------ C:\Windows\pmsoarbf.dll
2008-04-17 17:49 . 2008-04-16 04:07 98,304 --a------ C:\Windows\npqtsrak.exe
2008-04-17 17:48 . 2008-04-17 17:48 <DIR> d-------- C:\Users\All Users\qjyjsrax
2008-04-17 17:48 . 2008-04-17 17:48 90,112 --a------ C:\Windows\System32\yjyxufyx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 21:27 --------- d-----w C:\Program Files\Street Atlas USA 9.0
2008-04-10 07:09 --------- d-----w C:\Program Files\Windows Mail
2008-03-28 16:53 --------- d-----w C:\Program Files\Avery Dennison
2008-03-26 14:44 --------- d-----w C:\Users\Matt S\AppData\Roaming\EServices
2008-03-24 21:47 --------- d-----w C:\Program Files\Google
2008-03-10 23:21 120,952 ----a-w C:\GDIPFONTCACHEV1.DAT
2008-03-06 21:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 08:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 08:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-09-11 19:40 60,968 ----a-w C:\Users\Matt S\GoToAssistDownloadHelper.exe
2007-09-11 07:23 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 17:39 68856]
"osfxeesq"="C:\Windows\system32\yjyxufyx.exe" [2008-04-17 17:48 90112]
"lpnozovq"="C:\Windows\system32\anyxsbcd.exe" [2008-04-18 11:03 98304]
"lksmjmnm"="C:\Windows\system32\dgxezede.exe" [2008-04-18 12:46 98304]
"uvhuzsrz"="C:\Windows\system32\dmzmbwte.exe" [2008-04-18 14:50 94208]
"xglzkdwu"="C:\Windows\system32\odubwhwh.exe" [ ]
"nhebnjvz"="C:\Windows\system32\slmfczqp.exe" [2008-04-25 13:35 94208]
"xsbpbnhl"="C:\Windows\system32\ryjwjwtk.exe" [2008-04-28 07:43 98304]
"rwvavsdp"="C:\Windows\system32\rilatspu.exe" [2008-05-01 18:42 114688]
"fdcktdtj"="C:\Windows\system32\cjatcfmx.exe" [2008-05-01 18:49 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 03:11 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 23:11 4317184 C:\Windows\RtHDVCpl.exe]
"CHotkey"="zHotkey.exe" [2006-11-07 17:08 547840 C:\Windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2005-01-27 12:13 36864 C:\Windows\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 17:34 53248 C:\Windows\ModPS2Key.exe]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 19:04 2348584]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 09:56 236016]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MSServer"="C:\Windows\system32\fCRIyvts.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-08-17 10:14:08 1447184]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-08 17:39:15 125624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-05 13:57:31 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"P6VittJQhB"= C:\ProgramData\qjyjsrax\ydihebif.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"omlbpkaw"= {31A33F77-5BBC-455C-A68F-A1CD531C43A8} - C:\Windows\omlbpkaw.dll [ ]
"pmsoarbf"= {976CAF59-2005-48F8-8ACA-87DF3CBB8C97} - C:\Windows\pmsoarbf.dll [2008-04-16 04:07 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-293073017-2003164703-672087988-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DB570431-D2A3-4B35-B12B-E7DDA56E25AB}"= UDP:C:\Program Files\a la mode\Sched\eSched.exe:a la mode Assistant
"{9C1F48CD-3DDE-4B35-A24B-3C4463C86DC1}"= TCP:C:\Program Files\a la mode\Sched\eSched.exe:a la mode Assistant
"{B72E6C1C-EF1B-4C43-B07D-7CDB5ED51E21}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1908DFEC-AA83-4A95-AAFD-98EF845517DE}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E157A769-4C31-4969-AB0B-29CD41A1363C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A3F4B87F-B791-41B4-A689-1ED9A828B3E6}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F7B6F436-F9F4-446F-9114-8921BC7E770A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D62AFFD3-F94E-4175-8403-BF140E163F1F}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{CCABC8F7-79F0-4444-94CD-C717339AB3D5}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{600BBFA1-47E8-4C34-A376-A108FB938DA6}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F5CF8ADA-808E-49AD-A7FA-4154D1ED6AA5}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{7388CE47-2643-4D2F-80F2-2BCBA837CED6}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{9B1010A0-9228-4A92-8DFE-144820FC2181}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{23A701B3-0AEB-4FF0-985C-2F22C828D624}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{09FA56EC-1D0B-4050-B38E-F1F10DEBD99D}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{D60274C9-F840-46D5-BBC2-9EF3965E2BDD}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{71B71276-8B3B-4277-97D2-06E4103109AB}"= UDP:C:\Program Files\Common Files\AOL\1200695392\ee\aolsoftware.exe:AOL Shared Components
"{710CEBD2-58C0-47AC-8C28-35A88B55A83D}"= TCP:C:\Program Files\Common Files\AOL\1200695392\ee\aolsoftware.exe:AOL Shared Components
"{22F570DA-3A45-49F4-A1F8-76B6920892F4}"= UDP:C:\Program Files\Common Files\AOL\1200695392\ee\AOLDesktop.exe:AOL Desktop
"{4DFBE8D4-28C8-46B0-8332-F38E0FBF9C2B}"= TCP:C:\Program Files\Common Files\AOL\1200695392\ee\AOLDesktop.exe:AOL Desktop
"{24FCB9F1-C31D-4239-96BD-970542A8F8C2}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{4970F329-90F1-41C7-8941-81B36693C5E8}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2aa3dc7f-9772-11dc-a478-8000600fe800}]
\shell\AutoRun\command - K:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 18:49:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Sprite6.exe
.
**************************************************************************
.
Completion time: 2008-05-01 18:52:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 22:51:54

Pre-Run: 342,182,289,408 bytes free
Post-Run: 342,426,542,080 bytes free

239 --- E O F --- 2008-04-25 06:55:57

ken545

2008-05-03, 02:24

Hello msutera

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288) You need to read this as it will save us both time
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Download Trendmicros Hijackthis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe

Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Download VundoFix (http://www.atribune.org/ccount/click.php?id=4 ) to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a Hijackthis log.

Then run Combofix again and this is what I need to see, it most likely will not fit all in one post so take as many replies as you need to post all the reports, copy and paste them, do not attach them and use the Submit reply, do not start a new topic.

1. Vundofix log
2 Malwarebytes log
3. New Combofix log
4. Hijackthis log