A nasty infection or corruption?

Hi, I have been having a lot of problems (please see: http://forums.majorgeeks.com/showthread.php?p=1623579), I’ll repost the problems here if necessary but I would like to ask a question first. I’ve tried the read and run me section first and combofix won’t load, I get a message (windows 7) that combofix isn’t commonly used and I’m blocked for my “protection”, SUPERAntiSpyware and Malwarebytes Anti-Malware downloaded apparently fine. Should I proceed without combofix or is there a way to download it. Thanks

 

This problem started about 4 days ago, I installed the following updates KB2529073, KB890880, KB2534366 automatically when I closed down my PC. The next day I noticed I couldn’t play WMV video files but other media seemed unaffected, so I installed the next windows update hoping it would fix the problem (KB2533552), but it didn’t. I started downloading the latest definitions for Norton internet security 2011 as I thought a scan would reveal any problems. When Norton tried to install the updates it reported that I had no protection and started downloading 97MB to fix the problem.
Next I tried system restore, but I couldn’t restore past the critical updates. I tried SFC /scannow to see if a file had become corrupted and they had, some were fixed but others weren’t (see attachment sfc.txt). After SFC I tried playing WMV files and they played fine but explorer froze and reported that Symantec framework (at least that’s what I can remember) had stopped working. Upon restart, explorer worked but the video files wouldn’t play.
I decided to find out if malware was to blame and downloaded the tools from majorgeeks. Downloading was managed by a pop-up on the base of explorer that looks like its part of Norton (but I'm not sure), it warned that combofix and MGTools were potentially dangerous but at the same time the Norton Insight pop-up said they were fine. I had to re-download combofix during the cleaning procedure as the first download said I couldn’t access the C:\ folder on execution, I also had to re-download MGTools mid-process as I couldn’t download into the root directory the first time. Please note I’m not sure if combofix was 100% successful, as I think I failed to fully shut off Norton during stages 1-5.
During the cleaning process I also got some messages that may be useful(
Before the cleaning process I tried to create a restore point and got the following message “C:\Windows\system32\srrstr.dll is either not designed to run on windows or contains an error”
After I used Malwarebytes and tried to save the log, this message was displayed “notepad bad image C:\Windows\system32\NetworkExplorer.dll is either not designed to run on windows or it contains an error”
And after I ran comobofix I was promted to make explorer by default browser.)

 

I’ve attached to log files to this post. I didn't run RootRepeal as my copy of windows 7 is 64 bit.

Also during the MGtools execution, a hijackthis window opened and I clicked the accept button. Was I supposed to do this? I've just noticed that was mentioned under the instructions for all other windows users, not under the windows 7 MGTools instructions.

 

Hi, I’ve just noticed some strange files, I don’t know if they’re important but I’ll add the details in case they help with diagnosing the problem. The desktop has 2 copies of desktop.ini files and they have identical names which I thought was impossible, I had hidden files visible before this process and I’ve never noticed them before.

One copy contains “ [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183 ”

While the other contains “ [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Norton Internet Security.lnk=@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102”

There are also desktop.ini files in other directories, including the video library which contains two copies
One contains “[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21791
InfoTip=@%SystemRoot%\system32\shell32.dll,-12690
IconResource=%SystemRoot%\system32\imageres.dll,-189
IconFile=%SystemRoot%\system32\shell32.dll
IconIndex=-238”

While the other contains “[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21804
InfoTip=@%SystemRoot%\system32\shell32.dll,-12690
IconResource=%SystemRoot%\system32\imageres.dll,-3”

 

Thanks for your help Kestrel13, I completed your combofix instructions and it seemed to go to plan, although foolishly I did open up the Norton Window to double check I closed it all down when I know you shouldn’t open any windows during its process. I closed off the UAC again before using combofix, was that correct?

My machine blue screened yesterday for the first time, it produced something called a mini memory dump (or something like that) and a xhtml fie. Was this likely to have been caused by malware? I don’t know if it was the right thing to do, but I tried playing video files after the first READ & RUN ME procedures and today after combofix, and it still doesn’t play WMV files.

One last thing I missed out updating Java from the read and run me instructions as I couldn't find any old copy to delete, was that OK?

 

Sorry about that I missed it, the Zip is included with this post. I also accidently went online with my UAC off, I don’t know if that’s relevant. BTW during MGTools execution, windows reported a problem with “Stelwerx whoamI” or something like that, it either said it had stopped running or was unavailable. Also, the Malwarebytes antimalware software icon has been replaced by a generic one on the desktop, it happened after the read me run me procedure, so I reinstalled but it happened again. I turned Norton back on and the UAC after MGTools and rebooted, when I tried to use the video player it still won’t play WMV files.

 

I carried out your instructions but there hasn't been any change for the video player, it's still refusing to play wmv files. As for stability, I haven't really been using my PC (using an old one) as its NIS subscription ran out yesterday. Are system files still missing or corrupt as in the sfc.txt file I uploaded earlier?
The two filenames you listed were empty files and I deleted them. I had to download TDSSKiller and copy it to the problem PCs desktop because of the NIS problem. When ran TDSSKiller it found nothing, I also ran Getlogs.bat and I've attached the Zip file.

I was going to remove Norton and install a new copy with another subscription, as it wasn't fully working before the subscription ran out. The green ticks stopped showing up in Google for safe sites and occasionally I get a message from explorer that an add on isn't working (I'm guessing it's for Norton). Should I remove Norton and start again or should I wait for further cleaning?

Do you think I still have malware elements that need to be rooted out? The last time I had a malware problem on another PC about a year ago, I noticed during clean up that registry entries were removed by SAS/Malwarebytes. But none were removed this time as far as I can tell, is that a bad sign or just run-of-the-mill?
Thanks

 

Ok Many thanks for your help, I start that software post. What I was asking in a roundabout way was do you think it was malware that caused these corrupt files, or are there no signs of that, and was it in part or whole a hardware problem, like a memory problem causing the corruption. I have made a quick couple of memory passes but have found no problem, I don't want to make a more long winded scan unless a memory problem is likely.