Solved Cannot download anything

[copiman]

Dell Inspiron 2305
7 Home Premium 64-bit
AMD Athlon 2 x4 610e Processor 2,4 Ghz
4G RAM

When I download something in IE I get the following : Your current security settings do not allow this file to be downloaded.

When I download something in Google Chrome I get the following: It appears to try to download but indicates it was blocked.

All AV is disabled, firewall is turned off.
I was able to install Malwarebytes from a thumb drive and run it. Found a lot of PUPS and 2 trojans. All have been cleaned up. Also ran Adwcleaner and Ccleaner (not the registry part).

I am trying to install SP1 which is in the Windows Update but it always fails. Attempted to put it on a thumb drive but am confused as to how because on the site https://www.microsoft.com/en-us/download/details.aspx?id=5842 shows many to choose from. Never did it this way.

My thought process tells me to get the machine current on updates and then proceed. Not sure how to handle this one.

 

[torchwood]

Hi Copyman,
can you a run this tool, copy/paste output
http://go.microsoft.com/fwlink/?LinkID=52012

then copy/paste todays entries from the windowsUpdate log.

what version IE are you running.

Roy

 

[copiman]

Here they are. thanks for helping.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {A4CC52A7-C361-4313-A7CB-88F2B731A8AD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.150318-1623
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A4CC52A7-C361-4313-A7CB-88F2B731A8AD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2450691841-2486120219-3845643632</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron One 2305</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="6"/><Date>20101111000000.000000+000</Date></BIOS><HWID>B5B93607018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FL09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-1033-7600.0000-3322010
Installation ID: 005465648082220780551885769113719176146093508856997225
Processor Certificate URL: [URL="http://go.microsoft.com/fwlink/?LinkID=88338"]SpcService Web Service[/URL]
Machine Certificate URL: [URL="http://go.microsoft.com/fwlink/?LinkID=88339"]RacService Web Service[/URL]
Use License URL: [URL="http://go.microsoft.com/fwlink/?LinkID=88341"]UseLicenseService Web Service[/URL]
Product Key Certificate URL: [URL="http://go.microsoft.com/fwlink/?LinkID=88340"]PkcService Web Service[/URL]
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 5/28/2016 8:38:52 AM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:1:2016 21:15
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
 
HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEA6GGih0iLTI6I9D4/oKpiBPp9Qho=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   DELL    FL09   
  FACP   DELL    FL09   
  HPET   ALASKA  A M I
  MCFG   ALASKA  A M I
  SLIC   DELL    FL09   
  SSDT   A M I   POWERNOW
  OSFR   DELL    M08

I cannot find the windows update log. I thought it was in C:\users\username\AppData\Local\Microsoft\Windows\WindowsUpdate.log

 

[torchwood]

Hi Copyman,
c>windows> logs > WULogs
Are you dual booting or have an external drive with the OS on it

Roy

 

[copiman]

There is no WULogs in the logs file. No dual boot. I have an ISO download of the OS on a dvd with SP1. The OS on the PC in question has no SP1.

I attached a snip it of whats in the log folder.

 

[torchwood]

My Bad
C>windows>WindowsUpdate

What IE are you running???

can you remember trojans name, they do tend to alter permissions

The real easy way use your ISO sp1, clean install, that will clear any trojan remnants
http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html


Roy

 

[copiman]

Hope this is it. Internet Explorer 9. Trojan Agent and Trojan Sharpo.PGEN. I attached the Malwarebytes log as well.

 

[torchwood]

Hi Copyman
Rerun Malwarebytes, BUT in the dashboard enable Rootkit detection,
Im heading towards the clean install option, there's an awfull lot of infection.
WU log is showing permissions error

Roy

 

[copiman]

Ran Malwarebytes with Rootkit detection. Found 4 more trojans:

Root.Pihar.b.MBR
Forged Physical Sector
Trojan.Agent
Trojan.Agent

There was no log showing for me to post but thats all there was. Heck, I was thinking clean install after my first scan but was hoping to find a way around it. What do you think? Just go ahead with a clean install? I have an ISO file I downloaded a few years back or is there a better place to get it? Prior to install I normally do an image just in case something happens I can at least put it back to where its at now. Then I will do backup of data and then the install.

I do however have another question: Should I wipe everything on the drive and then install or should I just install on the C: partition and leave the recovery and OEM partition alone? Did not know if they were affected by the malware as well. I attached a snip it of disk management for you to review if you will.

 

[torchwood]

Hi Copiman,
Thats a real NASTY its hit MBR,(master boot record).
No other way in my opinion to go but a re-install.
If you want to double check post in Bleepingcomputers, am i infected sub-forum xref this thread.
Images can be corrupted as well depends on when the virus hit

Roy

 

[copiman]

I'm going to do a clean install. What about the partitions I mentioned? Should I leave the OEM and REcovery partitions in tacked and just load 7 on the C: partition? I attached a snip it from Disk Management. Also, where is the best place to get a fresh/clean ISO download?

 

[torchwood]

Hi Copiman,
Your choice i only run a C drive, and overwrote OEM and restore, then immediately created an image when i finshed my initial set-up.

If your system specs are still current >> student <<, have a word with your School/University IT people, you might be entitled to a Dreamspark licence. you also get extra's, have a read
https://www.google.co.uk/url?sa=t&r...k.com/&usg=AFQjCNETZxRSnlVkceMYCV8jMQUPHs1yTw

If not i'll put a call out.

Roy

 

[copiman]

Thanks Roy for all your help. I spoke with an Instructor at school because I needed Office 2013 for a class. He said Dreamspark did not offer Office. I will check with someone else about Dreamspark so I can see for myself what all they have. I looked at the software catalog on the site you posted and it did not look like a lot. Of course there may be more and I just havnt found all of it. I'll check into it.

Just completed the image and a backup. I'm going to wipe this puppy clean and install 7. Thanks again for helping me.