Combofix part 2 attempt 2
Version with no blue screen this time - after CFcript.txt
UPdate:
After going back into Google and searching for random things I notice the error message is not there anymore, from ESET (well, so far!). So I looked at the ESET log and found the following info:
05/05/2010 20:57:16 Real-time file system protection file C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ohci1394.sys.vir Win32/Patched.EQ trojan unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\ComboFix\PEV.cfxxe.
05/05/2010 20:57:15 Real-time file system protection file C:\DOCUME~1\GERALD~1\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\ComboFix\CF19571.cfxxe.
05/05/2010 20:57:12 Real-time file system protection file C:\QooBox\Quarantine\C\WINDOWS\system32\Drivers\ohci1394.sys.vir Win32/Patched.EQ trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\ComboFix\CF19571.cfxxe.
05/05/2010 20:57:12 Real-time file system protection file C:\QOOBOX\32788R22FWJFW\ohci1394.sys Win32/Patched.EQ trojan unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\fc.exe.
05/05/2010 20:57:11 Real-time file system protection file C:\QooBox\32788R22FWJFW\ohci1394.sys Win32/Patched.EQ trojan unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\ComboFix\PEV.cfxxe.
04/05/2010 13:05:34 HTTP filter archive
http://www1.holdonsafety59-p.xorg.p...ra26HodeYbmFfa2Rxm2GZY2WMkMahqnNdqZ/JnptsZA== HTML/TrojanDownloader.FraudLoad.NAC trojan connection terminated SAMSUNG\Geraldine Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
01/05/2010 15:37:28 Real-time file system protection file C:\WINDOWS\TEMP\00005562.sys a variant of Win32/Rootkit.Kryptik.BK trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\spoolsv.exe.
01/05/2010 15:32:06 HTTP filter file
http://hypoload.in/gotnewupdate.exe a variant of Win32/Kryptik.DZL trojan connection terminated - quarantined SAMSUNG\Geraldine Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.
01/05/2010 15:30:51 Real-time file system protection file C:\WINDOWS\system32\net.net a variant of Win32/TrojanClicker.Punad.AA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\DOCUME~1\GERALD~1\LOCALS~1\Temp\xnwaomrsec.tmp.
01/05/2010 15:30:51 Real-time file system protection file C:\DOCUME~1\GERALD~1\LOCALS~1\Temp\xnwaomrsec.tmp a variant of Win32/TrojanClicker.Punad.AA trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\mshta.exe.
01/05/2010 15:30:50 Real-time file system protection file C:\WINDOWS\system32\net.net a variant of Win32/TrojanClicker.Punad.AA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\GERALD~1\LOCALS~1\Temp\xnwaomrsec.tmp.