Hi all,

As my computer is managed by policy so I can't stop the antivirus service. ComboFix can't continue without stopped antivirus service. Therefore I post the log of HiJackThis instead:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06, on 2009-01-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Novadigm\AXF\Bin\XFSrvcNT.Exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\apss.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
c:\Program Files\Novadigm\radexecd.exe
c:\Program Files\Novadigm\radsched.exe
c:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Zebedee\zebedee.exe
C:\WINNT\system32\CCM\CcmExec.exe
c:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Novadigm\AXF\Bin\XFStatus.Exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\stsystra.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\ITSCWeb\ITSCweb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Progra~1\Novadigm\rnsdaemn.exe
C:\Progra~1\Novadigm\rnsdaemonkit.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\Program Files\Meeting Center\Modules\Calendar\AddInMon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Unikey\UniKeyXP.exe
C:\WINNT\regedit.exe
C:\ComboFix\pv.cfexe
C:\Documents and Settings\1314205\Desktop\FIX\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Pointdev\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AXF XFRunOne.Exe] "C:\Program Files\Novadigm\AXF\Bin\XFRunOne.Exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] c:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SWFAss] c:\winnt\SYSTEM32\KIX32.exe /i c:\winnt\SWFAss.KIX
O4 - HKLM\..\Run: [ITSCsystray] C:\Program Files\ITSCWeb\ITSCweb.exe
O4 - HKLM\..\Run: [wallpaper] c:\winnt\system32\kix32.exe c:\winnt\wallpaper.kix
O4 - HKLM\..\Run: [RNSDaemon] C:\Progra~1\Novadigm\rnsdaemn.exe
O4 - HKLM\..\Run: [Rnsdaemonkit] C:\Progra~1\Novadigm\rnsdaemonkit.exe
O4 - HKLM\..\Run: [EFSAssistant] "C:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MeetingLauncher] c:\Program Files\Meeting Center\Modules\Launcher\mcLauncher.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MeetingLauncher] c:\Program Files\Meeting Center\Modules\Launcher\mcLauncher.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\j2re1.4.2_08\bin\NPJPI142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\j2re1.4.2_08\bin\NPJPI142_08.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) -
O23 - Service: Admin Password Scrambler (APS) - Unknown owner - C:\WINNT\System32\apss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - c:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - c:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - c:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Radia Notify Daemon (radexecd) - Novadigm - c:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - c:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Novadigm - c:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - c:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: XFSrvcNT - Hewlett-Packard - C:\Program Files\Novadigm\AXF\Bin\XFSrvcNT.Exe
O23 - Service: Zebedee Client Service - Unknown owner - C:\Program Files\Zebedee\zebedee.exe

--
End of file - 12231 bytes

Dear Touch,

I've tried to stop the service Antivirus as you mentioned successfully. Please see the attached the log file as of ComboFix.

Regards,

Chau.