Does it find it upon rescan?
Does it find it upon rescan?
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Tonight's AVG scan was clean (cookies only, no trojans or viruses).
Good
Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply along with a fresh HijackThis log.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
When I click on the Kapersky Website link, I get an Internet Explorer window saying there was a problem and it has to close. Tried several times, with same result.
Then please try this instead:
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
- Check the box next to "YES, I accept the Terms of Use."
- Click "Start"
- Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.- Click "Start". Make sure that the options:
- Remove found threats is UNCHECKED
- Scan unwanted applications is CHECKED
- Click "Scan"
- Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
- Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste the contents of log.txt in your next reply.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Here are the ESET scan results.
===
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=e395a69fd435d6458b88288da198e7af
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-18 08:14:31
# local_time=2009-09-18 02:14:31 (-0700, Mountain Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 62 16 20 753521936562500
# compatibility_mode=1026 21 83 97 28554296562500
# scanned=57446
# found=50
# cleaned=0
# scan_time=3179
C:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe Win32/Adware.HiWire application 00000000000000000000000000000000 I
C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\bgqwwsnw.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fmifkfgn.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gtccwsvp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\hniivpof.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jvwfpfxx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mghrgosi.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\npyyuwol.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qiphxufk.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\waksdqvj.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\wscui.cpl.vir a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir a variant of Win32/Adware.WindowsAntivirusPro.B application 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus4.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP465\A0112299.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112300.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112301.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112302.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112303.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112304.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112305.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112306.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112307.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112308.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112309.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112310.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112311.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112312.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112313.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112314.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112315.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112316.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112317.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112318.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112319.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112320.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112321.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112322.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112323.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112324.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{655C26A1-AE5A-4C5B-83DE-4947D7E20376}\RP466\A0112325.exe a variant of Win32/Kryptik.AKT trojan 00000000000000000000000000000000 I
${Memory} Win32/Olmarik.MF trojan 00000000000000000000000000000000 I
and just in case you need it, here is a new HJT file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:56 PM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Works\WkDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Filseclab Messenger.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1252200236875
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
--
End of file - 7551 bytes
Empty this folder:
C:\Qoobox\Quarantine
Delete this:
C:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe
Empty Recycle Bin.
Still problems?
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Today's AVG scan found two "infections" AVG could not heal. They are the same two from the other days this week (except last night's clean scan). AVG says the following are "virus identified Packed.Hidden"
\\?\globalroot\systemroot\system32\vsfocetkopabwq.dll
and
c:\Window\Explorer.exe (3128)
I ran a trial google search, and the second result I tried to go to started to redirect and a received an AVG threat warning.
(I still get the paging file error as well every time I boot up.)
Explorer.exe is false positive; another one isn't.
Open notepad and copy/paste the text in the codebox below into it:
Save this as "CFScript"Code:File:: C:\windows\system32\vsfocetkopabwq.dll
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006