Alienware full of aliens

While I look at the rest of your logs, please rerun both RogueKiller and Hitman and have them both fix everything they find.

Reboot and rescan with both RogueKIller and Hitman and attach the new logs.

 

I want the new Roguekiller and Hitman logs.

 

I take it you want to keep Sendori and the Ask Toolbar?

 

Then why didn't you fix them in Roguekiller as I asked?

Use add/remove programs to uninstall:
Ask Toolbar
Sendori


Why do you have all these user accounts:
C:\Users\protect.arabic
C:\Users\protect.chinese simplified
C:\Users\protect.chinese traditional
C:\Users\protect.croatian
C:\Users\protect.czech
C:\Users\protect.danish
C:\Users\protect.dutch
C:\Users\protect.ed
C:\Users\protect.english
C:\Users\protect.finnish
C:\Users\protect.french
C:\Users\protect.german
C:\Users\protect.greek
C:\Users\protect.hebrew
C:\Users\protect.hungarian
C:\Users\protect.italian
C:\Users\protect.japanese
C:\Users\protect.korean
C:\Users\Protect.lgg
C:\Users\protect.norwegian
C:\Users\protect.polish
C:\Users\protect.portuguese
C:\Users\protect.portuguese brazilian
C:\Users\protect.romanian
C:\Users\protect.russian
C:\Users\protect.slovak
C:\Users\protect.slovenian
C:\Users\protect.spanish
C:\Users\protect.swedish
C:\Users\protect.thai
C:\Users\protect.turkish

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the area. Do not include the word Code.

Code:

:Processes
explorer.exe
 
:files
C:\Users\J.shephard\AppData\Local\90208904dsisetup902242542.exe
C:\Users\J.shephard\AppData\Local\dsisetup309089142.exe
C:\Users\J.shephard\AppData\Local\nsqDEE2.tmp
C:\Windows\TEMP\*.*
C:\Users\J.shephard\AppData\Local\Temp\*.*
C:\Program Files (x86)\Sendori
 
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Sendori Tray"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
 
:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Rerun RogueKiller and fix everything. Same with Hitman.......reboot, rescan and attach the new logs.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

Then attach the below logs:

* OTM log
* C:\MGlogs.zip
* RogueKiller log
* Hitman log

Make sure you tell me how things are working now!

 

They are not user accounts. They are just files in the C:\Users folder. User accounts would be folders and they would show up in the user's lists in newfiles.txt and in userinfo.txt

 

Looking much better. Just a few things to address.

First, you really need to clean up your desktop. It's a great place for malware to hide.

Now, Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

.
After clicking Fix, exit HJT.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the area. Do not include the word Code.

Code:

:Processes
explorer.exe

:files
C:\Program Files (x86)\Super Optimizer\SuperOptimizer.exe
C:\Program Files (x86)\Super Optimizer
C:\Windows\TEMP\*.*
C:\Users\J.shephard\AppData\Local\Temp\*.*
C:\Windows\system32\tasks\Super Optimizer Schedule

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Super Optimizer"=-

[HKEY_USERS\S-1-5-21-385493766-3721828443-1661336113-1001\Software\Microsoft\Windows\CurrentVersion\run]
"Super Optimizer"=-

:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

Then attach the below logs:

* OTM log
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

NOTE: All of the below still show in the installed programs list and need to be uninstalled. Previous procedures may have broken the ability to uninstall. Uninstalls should be first.

Ask Toolbar
Defaulttab
Iminent
Strongvault Online Backup

 

Attach the log from MBAM. What issues are you having?

 

See message # 13 . I forgot to post the list.

 

You can try using Revo Uninstaller to remove these programs:


Ask Toolbar
Defaulttab
Iminent
Strongvault Online Backup

You did not attach the correct log from MBAM. Try again. Make sure you save it as a txt file.

 

I assume you had MBAM fix what it found. Let's just take one more look at your logs. Please run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

Then attach the below logs:

* C:\MGlogs.zip

 

I still see Iminent in your installed programs list. The below registy patch should remove the last of it.



Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Are you having any other problems?

 

Good to know.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!