Someone Is Logged Into My Computer When I Try To Shutdown

I do not think your issue is malware related. However, let's remove some junk.

Please remove these items in ADWCleaner:
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group
PUP.Optional.SpyHunter, C:\sh4ldr
PUP.Optional.SpyHunter, C:\sh4ldr
PUP.Optional.SpyHunter, [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
PUP.Optional.SpyHunter, [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
PUP.Optional.DriverSupport, C:\ProgramData\UAB
PUP.Optional.DriverSupport, C:\Windows\System32\rnd_chunk.bin
PUP.Optional.DriverSupport, C:\Windows\SysWOW64\rnd_chunk.bin
PUP.Optional.DriverSupport, [Key] - HKLM\SOFTWARE\ActiveOptimization

Then use Hitman to remove these items:
¤¤¤ Registry : 17 ¤¤¤
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4202826809-1449890687-2335414762-1006\Software\Conduit -> Found

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Admin\AppData\Roaming\Easeware -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Driver Detective -> Found

Reboot and rerun both ADWCleaner and Hitman and attach the new logs.

If you want a drive updater, I suggest you use Drive Booster.

Your MGLogs.zip is from 2015 ....please run it anew and attach a current zip.

 

Sorry...too much going on at once....yes I did mean Roguekiller.

Please have ADW remove these items:
***** [ Folders ] *****

PUP.Optional.DriverDetective, C:\Program Files (x86)\Driver Detective


***** [ Files ] *****

PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS

***** [ Tasks ] *****

PUP.Optional.Legacy, Driver Detective-RTMRules
PUP.Optional.Legacy, Driver Detective-RTMScan
PUP.Optional.Legacy, Driver Detective-RTMUpdater

***** [ Registry ] *****
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriversHQ.DriverDetective.Client.exe

Even though you were on an Admin account, did you still right click MGTools.exe and run as Admin? Your log is basically empty. Please do it again and also get me a new RogueKiller log.

 

Use RogueKiller to remove these:
¤¤¤ Tasks : 1 ¤¤¤
[PUP.Gen1] \Driver Detective -- C:\Program Files (x86)\Driver Detective\DriversHQ.DriverDetective.Client.exe (/applicationMode:systemTray /showWelcome:false) -> Found

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Admin\AppData\Roaming\Easeware -> Found

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

If it all runs successful, attach the two logs.

 

Let's do one more thing to be sure, then I am going to send you to the software forum where you can explore your login options ( my suggestion would be to make sure each user sign out of their session).

Please download the latest version of FRST the below link.
Farbar Recovery Scan Tool and save it to your Desktop.

Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

 

It is attached to my last reply.

 

Ok...now I can say you are malware free. As per my recent suggestion:
I am going to send you to the software forum where you can explore your login options ( my suggestion would be to make sure each user sign out of their session).

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You are very welcome.

 

No...got what I needed with Farbar.