Mbab Won't Install, Can't Rename, Also Mgtools Unable Zip File

Greetings and welcome to the Major Geeks Malware Forum.

While I review what you have posted please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download Farbar Recover Scan Tool for 64 bit systems and save (or copy and paste) the file onto your Desktop
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
• 2 Notepad documents should now be open on your desktop.
• Please attempt to copy and paste each report in a separate reply. If unable to do so attach both reports.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• FRST.txt
• Addition.txt

 

Thank you for the reports.

I would recommend against downloading Peer 2 Peer software as that is a means through which malware can be delivered.

There is limited available memory and that may cause some general performance issues.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

• Download Revo Uninstaller Free Portable and save it to your Desktop
• Right click on the folder and select Extract All..., then click Extract
• Double click on the RevoUninstaller-Portable folder
• Right click on RevoUPort and select Run as administrator
• Click OK on the License Agreement
• From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

Code:

Web Companion

• If the program's uninstaller appears work through the steps to remove the program(s)
• Be sure the Advanced option is selected then click Scan
• For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
• Once done click Finish
• Reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST64 icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST64 will do it for you

Code:

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

C:\Users\Bill\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bcpkjmpohkhcgbaimmfobaakcejogeha [2021-09-01]
2024-01-14 14:11 - 2013-07-29 17:22 - 000000000 ____D C:\Temp
C:\Program Files (x86)\Lavasoft
C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
Task: {1D15FDD0-3398-4C59-BD78-4493482FADA9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File) 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-1559877457-2290078684-91609129-1001_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\Bill\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File 
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2021-09-24] (Bitdefender SRL -> Bitdefender)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [76744 2021-11-10] (EnigmaSoft Limited -> EnigmaSoft Limited)
S2 DellDigitalDelivery; "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X] <==== ATTENTION 
HKU\S-1-5-21-1559877457-2290078684-91609129-1001\...\Run: [CrashPlanTray] => C:\Users\Bill\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe (No File) 
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6100 series: CNMLMAG.DLL (No File) 
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION 
HKU\S-1-5-21-1559877457-2290078684-91609129-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9123248 2021-09-24] (Lavasoft Software Canada Inc. -> Lavasoft) <==== ATTENTION 
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
Edge Notifications: Default -> hxxps://coldact.click
FF Homepage: Mozilla\Firefox\Profiles\fbq3ksyp.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2021-07-25 04:47:42&bName=
FF NewTab: Mozilla\Firefox\Profiles\fbq3ksyp.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2021-07-25 04:47:42&bName=
OPR DefaultSuggestURL: Opera Stable -> hxxps://suggest.yandex.ru/suggest-ya.cgi?v=4&part={searchTerms}&l10n={language}
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
cmd: del C:\Windows\prefetch\*.* /q
Emptytemp:
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
• Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
• Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Web Companion removed?
• Fixlog
• Update on computer performance

 

Thank you for stopping to check.

Go ahead and run the Fixlist.

 

Hi Bill.

Glad things are working well.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

• Have you Been Hacked? 10 Indicators That Say Yes
• So How did I get infected?
• How to Spot the Real Download Button on Websites
• Pirated Software is All Fun and Games Until Your Data is Stolen
• Do You Need Anti-Ransomware Software for Your PC?
  How Browser Extensions Turn Into Malware
• Why You Should Update All Your Software
• How Safe Are Password Managers?
• Whats the Best Way to Back Up My Computer?
• Why Is My Internet So Slow?

Thank you for placing your trust in Major Geeks. It was a pleasure serving you.

 

Close the program. Manually delete the FRST-Older folder then run it again.