Wow, this is getting strange.
I copied the files while in safe mode and renamed them to the desktop with a preceding underscore.

I submitted to Virus Total.
First I tried to submit the netrapp.dll copy. Again I got a response the file was 0 bytes. Just like I got yesterday when I submitted it. When I was going to try and re-submit the file, it was gone off desktop....

Then I submitted the dmserverf.dll file and it said it had already been analyzed. I am attaching the previous report.

File dmserverf.dll received on 02.28.2009 16:39:30 (CET)
Current status: finished
Result: 0/39 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.02.28 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.28 -
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.27 -
AVG 8.0.0.237 2009.02.27 -
BitDefender 7.2 2009.02.28 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.02.28 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.28 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.28 -
GData 19 2009.02.28 -
Ikarus T3.1.1.45.0 2009.02.28 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.02.28 -
McAfee 5538 2009.02.27 -
McAfee+Artemis 5538 2009.02.27 -
Microsoft 1.4306 2009.02.28 -
NOD32 3896 2009.02.28 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.28 -
Panda 10.0.0.10 2009.02.27 -
PCTools 4.4.2.0 2009.02.28 -
Prevx1 V2 2009.02.28 -
Rising 21.18.52.00 2009.02.28 -
SecureWeb-Gateway 6.7.6 2009.02.28 -
Sophos 4.39.0 2009.02.28 -
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.02.28 -
TheHacker 6.3.2.6.267 2009.02.28 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.28 -
Additional information
File size: 104960 bytes
MD5...: da5a07f8e4d3875431c5e10471658495
SHA1..: bd141e97375ce9d35260dbef83992f027610c59d
SHA256: d50677c43fce11dda3e6d9bab4b2808a0e29af54c63b454acf 1a675fa7c27e60
SHA512: b196ef6acf61080880ea48d55b86a7b6355af4edbf478b1947 566dedf71f167b
51fa84cda17481387a096cc6e79cb704638178373896d6075b d4680b1f454e5e
ssdeep: 1536:O3YxZri30NJMP8OSaseG3s1KjIkn1sINRweOLgIB:OGRU 4JMPhtseG3s1Gs
I4SQ
PEiD..: -
TrID..: File type identification
BONK lossless/lossy audio compressor (99.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.6%)
PEInfo: -


So then I ran the Combo Fix program.
It deleted the dmserverf.dll during the process but once restarted it reappeared even though I said no when asked if I wanted it installed via WinPatrol, It says it is an Internet Explorer add-on.

Also, your notes didn't mention that my computer would do a restart during the process. So, WinPatrol started up again. I had disabled it earlier, prior to running combofix. But I THINK combofix ran successfully, you tell me, OK?

Thank You once again...

It deleted the dmserverf.dll during the process but once restarted it reappeared even though I said no when asked if I wanted it installed via WinPatrol, It says it is an Internet Explorer add-on.

Suggest you uninstall 'WinPatrol' for now. It is making things more complicated.

Disable add-ons as follows:

• IE: Tools>Manage Add-ons>Enable or Disable add-ons
• Locate the relevant add-on (click 'file' column header to sort), click on line item of interest, and click disable BUTTON.
• Might be a good idea to disable all add-ons for now. And, add them back one at a time at a later point.

But I THINK combofix ran successfully, you tell me, OK?

You need to post the original log.

Uninstalled Winpatrol.
Disabled both netrapp.dll & dmserverf.dll from IE Tools.
Restarted and nettrapp.dll reappeared.
Confirmed it was still disabled.
Disabled ALL via IE Tools.
Restarted & netrapp.dll reappeared.
Reran Combofix using prescribed guidelines.
Am attaching BOTH the initial log and the one I just now ran.
Earlier one was renamed to _ComboFix

Maybe not so strangely, but as of now after running combofix the netrapp.dll trojan warning HAS'NT YET APPEARED

1st Combofix:
ComboFix 09-02-28.01 - STEVEN COLEMAN 2009-03-01 14:31:25.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.154 [GMT -8:00]
Running from: c:\documents and settings\STEVEN COLEMAN\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\At1.job
c:\windows\system32\dmserverf.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.

2009-02-28 18:25 . 2009-02-28 18:25 <DIR> d-------- c:\documents and settings\SUSAN SCHREINER\Application Data\skypePM
2009-02-28 18:25 . 2009-02-28 18:25 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-28 18:21 . 2009-02-28 18:21 <DIR> d-------- c:\documents and settings\SUSAN SCHREINER\Application Data\Skype
2009-02-28 18:20 . 2009-02-28 18:20 <DIR> dr------- c:\program files\Skype
2009-02-28 18:20 . 2009-02-28 18:20 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-28 18:19 . 2009-02-28 18:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-02-28 17:11 . 2005-12-05 19:27 7,136 -ra------ c:\windows\system32\drivers\lv302af.sys
2009-02-28 17:10 . 2008-04-13 10:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-28 17:10 . 2008-04-13 10:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2009-02-28 17:08 . 2005-12-05 19:30 916,096 -ra------ c:\windows\system32\drivers\LV302AV.SYS
2009-02-28 17:08 . 2005-12-05 19:26 380,928 -ra------ c:\windows\system32\LVUI2RC.dll
2009-02-28 17:08 . 2005-12-05 19:25 217,088 -ra------ c:\windows\system32\LVUI2.dll
2009-02-28 17:08 . 2005-12-05 19:25 204,800 -ra------ c:\windows\system32\lvcodec2.dll
2009-02-28 17:08 . 2005-12-05 19:22 110,592 -ra------ c:\windows\system32\lvcoinst.dll
2009-02-28 17:08 . 2008-04-13 16:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2009-02-28 17:08 . 2008-04-13 16:12 53,760 --a------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-02-28 17:08 . 2005-12-05 19:26 39,424 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2009-02-28 17:08 . 2005-12-05 18:28 13,126 -ra------ c:\windows\system32\lvcoinst.ini
2009-02-28 17:08 . 2005-12-05 18:27 2,112 -ra------ c:\windows\system32\Repository.reg
2009-02-28 17:00 . 2005-12-09 15:31 245,824 -ra------ c:\windows\system32\InstExec.exe
2009-02-28 17:00 . 2005-12-09 15:35 245,824 -ra------ c:\windows\Instexec.exe
2009-02-28 17:00 . 2005-12-09 15:31 719 -ra------ c:\windows\system32\InstExec.ini
2009-02-28 16:59 . 2009-02-28 16:59 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-28 16:58 . 2009-02-28 16:58 <DIR> d-------- c:\program files\Logitech
2009-02-28 16:58 . 2005-12-07 10:29 39,936 --a------ c:\windows\system32\VxLibRes.dll
2009-02-28 16:23 . 2009-02-28 16:23 <DIR> d-------- c:\program files\Prevx
2009-02-28 16:23 . 2009-02-28 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-02-28 16:23 . 2009-02-28 16:23 22,536 --a------ c:\windows\system32\drivers\pxscan.sys
2009-02-28 16:23 . 2009-02-28 16:23 67 --a------ c:\windows\wininit.ini
2009-02-28 08:42 . 2009-02-28 08:42 <DIR> d--hs---- C:\FOUND.001
2009-02-27 19:04 . 2009-02-27 19:04 <DIR> d-------- c:\documents and settings\STEVEN COLEMAN\Application Data\Leadertech
2009-02-27 19:03 . 2009-02-27 19:03 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-27 19:02 . 2009-02-27 19:03 <DIR> d-------- c:\program files\Diskeeper Corporation
2009-02-27 18:39 . 2009-02-27 18:40 <DIR> d-------- c:\program files\CCleaner
2009-02-27 16:52 . 2009-02-27 16:52 1,172 --a------ c:\windows\mozver.dat
2009-02-26 17:08 . 2009-02-26 17:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-26 17:08 . 2009-02-26 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 10:04 . 2008-12-20 15:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-02-25 10:04 . 2007-04-17 01:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-25 10:04 . 2007-03-07 21:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-25 10:04 . 2008-12-20 15:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-25 10:04 . 2008-12-20 15:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-25 10:04 . 2008-12-20 15:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-02-25 10:04 . 2008-12-20 15:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-02-25 10:04 . 2008-12-20 15:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-25 10:04 . 2008-12-19 01:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-25 08:52 . 2006-09-18 17:55 109,744 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-25 08:52 . 2006-09-18 17:55 48,816 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-25 08:51 . 2009-02-25 08:51 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-02-25 08:51 . 2009-02-25 08:51 <DIR> d-------- c:\program files\Symantec
2009-02-25 08:51 . 2009-02-25 08:51 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-02-25 08:51 . 2009-02-25 08:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-25 08:09 . 2009-02-25 08:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-25 02:11 . 2008-04-13 09:28 2,940,928 --------- c:\windows\system32\dllcache\wmploc.dll
2009-02-25 01:56 . 2008-06-13 03:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-02-25 01:54 . 2008-04-11 11:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-25 01:54 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-25 01:54 . 2008-12-11 02:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-02-25 01:54 . 2008-05-01 06:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-02-25 01:54 . 2008-05-08 06:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-02-25 01:53 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-02-25 01:53 . 2008-10-03 02:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-02-25 01:44 . 2009-02-25 01:44 <DIR> d-------- c:\documents and settings\HEATHER SCHREINER\Application Data\SUPERAntiSpyware.com
2009-02-24 22:26 . 2009-02-24 22:26 <DIR> d-------- c:\windows\provisioning
2009-02-24 22:26 . 2009-02-24 22:26 <DIR> d-------- c:\windows\peernet
2009-02-24 22:24 . 2009-02-24 22:24 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-24 22:14 . 2009-02-24 22:15 <DIR> d-------- c:\windows\EHome
2009-02-24 19:23 . 2009-02-24 19:23 <DIR> d-------- c:\documents and settings\HEATHER SCHREINER\Application Data\Malwarebytes
2009-02-24 19:22 . 2009-02-24 19:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 19:22 . 2009-02-24 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 19:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 19:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-24 19:01 . 2009-02-24 19:01 <DIR> d-------- c:\documents and settings\HEATHER SCHREINER\Application Data\WinPatrol
2009-02-24 15:38 . 2009-02-24 15:38 <DIR> d-------- c:\program files\BillP Studios
2009-02-24 15:34 . 2009-02-24 15:34 <DIR> d-------- c:\documents and settings\SUSAN SCHREINER\Application Data\WinPatrol

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-01 22:33 104,960 ----a-w c:\windows\system32\wqtxwmiaf.dll
2009-01-17 05:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2006-05-30 03:26 17,144 ----a-w c:\documents and settings\HEATHER SCHREINER\Application Data\GDIPFONTCACHEV1.DAT
2006-10-11 09:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 09:05 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 09:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 09:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 09:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2003-01-01 09:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012003010120030 102\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94EB5688-E5A6-43D5-B05E-6CE5179FFC9C}]
2003-01-01 00:34 108800 --a------ c:\windows\System32\netrapp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D63318AE-892A-41B9-88FC-68CBD6AE075F}]
2009-03-01 14:33 104960 --a------ c:\windows\system32\dmserverf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-05 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185872]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X 86\2\printray.exe" [2000-05-09 36864]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\El kCtrl.exe" [2004-11-01 262144]
"VTTimer"="VTTimer.exe" [2003-08-20 c:\windows\system32\VTTimer.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywvpbxxz]
2009-03-01 14:33 104960 c:\windows\system32\dmserverf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.s ys [2009-02-28 22536]
R0 qedfmmcr;qedfmmcr;c:\windows\system32\drivers\qedf mmcr.sys [2004-05-24 23424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-28 4150840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-11-13 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
S2 nviapyzh;Direct Parallel Link Helper;c:\windows\System32\svchost.exe -k netsvcs [2004-05-24 14336]
S3 FXDRV;FXDRV;\??\h:\fxdrv.sys --> h:\Fxdrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nviapyzh
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\STEVEN COLEMAN\Application Data\Mozilla\Firefox\Profiles\1vqvpsse.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components \qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 14:36:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-821584077-2312385931-2348863013-1006\Software\America Online\ieToolbar\CustomSearch\*8g¼àüc¼*]
"Url"=""
"Post"=""
"Index"=dword:1a4362e3
"Installed"=dword:00000001

[HKEY_USERS\S-1-5-21-821584077-2312385931-2348863013-1006\Software\America Online\ieToolbar\ersion\CustomSearch\*]
"Url"=""
"Post"=""
"Index"=dword:1a4362e3
"Installed"=dword:00000001

[HKEY_USERS\S-1-5-21-821584077-2312385931-2348863013-1006\Software\America Online\ieToolbar\ersion\CustomSearch\*°ˆ5w*]
"Url"=""
"Post"=""
"Index"=dword:1a4362e3
"Installed"=dword:00000001

[HKEY_USERS\S-1-5-21-821584077-2312385931-2348863013-1006\Software\America Online\ieToolbar\ersion\CustomSearch\¼°5h¼ÐŠd¼*]
"Url"=""
"Post"=""
"Index"=dword:1a4362e3
"Installed"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
c:\program files\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
c:\program files\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
c:\program files\COMMON FILES\AOL\ACS\ACSD.EXE
c:\program files\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
c:\program files\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE
c:\windows\SYSTEM32\DRIVERS\KODAKCCS.EXE
c:\program files\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
c:\windows\SYSTEM32\MSPMSPSV.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
************************************************** ************************
.
Completion time: 2009-03-01 14:42:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-01 22:42:20

Pre-Run: 29,662,412,800 bytes free
Post-Run: 31,015,124,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
248 --- E O F --- 2009-02-25 19:20:08

2nd recent combofix:
ComboFix 09-02-28.01 - SUSAN SCHREINER 2009-03-01 16:59:46.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.155 [GMT -8:00]
Running from: c:\documents and settings\SUSAN SCHREINER\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-03-01 14:40 . 2009-03-01 14:40 <DIR> d-------- c:\documents and settings\STEVEN COLEMAN\Application Data\WinPatrol
2009-02-28 18:25 . 2009-02-28 18:25 <DIR> d-------- c:\documents and settings\SUSAN SCHREINER\Application Data\skypePM
2009-02-28 18:25 . 2009-02-28 18:25 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-28 18:21 . 2009-02-28 18:21 <DIR> d-------- c:\documents and settings\SUSAN SCHREINER\Application Data\Skype
2009-02-28 18:20 . 2009-02-28 18:20 <DIR> dr------- c:\program files\Skype
2009-02-28 18:20 . 2009-02-28 18:20 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-28 18:19 . 2009-02-28 18:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-02-28 17:11 . 2005-12-05 19:27 7,136 -ra------ c:\windows\system32\drivers\lv302af.sys
2009-02-28 17:10 . 2008-04-13 10:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-28 17:10 . 2008-04-13 10:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2009-02-28 17:08 . 2005-12-05 19:30 916,096 -ra------ c:\windows\system32\drivers\LV302AV.SYS
2009-02-28 17:08 . 2005-12-05 19:26 380,928 -ra------ c:\windows\system32\LVUI2RC.dll
2009-02-28 17:08 . 2005-12-05 19:25 217,088 -ra------ c:\windows\system32\LVUI2.dll
2009-02-28 17:08 . 2005-12-05 19:25 204,800 -ra------ c:\windows\system32\lvcodec2.dll
2009-02-28 17:08 . 2005-12-05 19:22 110,592 -ra------ c:\windows\system32\lvcoinst.dll
2009-02-28 17:08 . 2008-04-13 16:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2009-02-28 17:08 . 2008-04-13 16:12 53,760 --a------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-02-28 17:08 . 2005-12-05 19:26 39,424 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2009-02-28 17:08 . 2005-12-05 18:28 13,126 -ra------ c:\windows\system32\lvcoinst.ini
2009-02-28 17:08 . 2005-12-05 18:27 2,112 -ra------ c:\windows\system32\Repository.reg
2009-02-28 17:00 . 2005-12-09 15:31 245,824 -ra------ c:\windows\system32\InstExec.exe
2009-02-28 17:00 . 2005-12-09 15:35 245,824 -ra------ c:\windows\Instexec.exe
2009-02-28 17:00 . 2005-12-09 15:31 719 -ra------ c:\windows\system32\InstExec.ini
2009-02-28 16:59 . 2009-02-28 16:59 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-28 16:58 . 2009-02-28 16:58 <DIR> d-------- c:\program files\Logitech
2009-02-28 16:58 . 2005-12-07 10:29 39,936 --a------ c:\windows\system32\VxLibRes.dll
2009-02-28 16:23 . 2009-02-28 16:23 <DIR> d-------- c:\program files\Prevx
2009-02-28 16:23 . 2009-02-28 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-02-28 16:23 . 2009-02-28 16:23 22,536 --a------ c:\windows\system32\drivers\pxscan.sys
2009-02-28 16:23 . 2009-02-28 16:23 67 --a------ c:\windows\wininit.ini
2009-02-28 08:42 . 2009-02-28 08:42 <DIR> d--hs---- C:\FOUND.001
2009-02-27 19:04 . 2009-02-27 19:04 <DIR> d-------- c:\documents and settings\STEVEN COLEMAN\Application Data\Leadertech
2009-02-27 19:03 . 2009-02-27 19:03 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-27 19:02 . 2009-02-27 19:03 <DIR> d-------- c:\program files\Diskeeper Corporation
2009-02-27 18:39 . 2009-02-27 18:40 <DIR> d-------- c:\program files\CCleaner
2009-02-27 16:52 . 2009-02-27 16:52 1,172 --a------ c:\windows\mozver.dat
2009-02-26 17:08 . 2009-02-26 17:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-26 17:08 . 2009-02-26 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 10:04 . 2008-12-20 15:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-02-25 10:04 . 2007-04-17 01:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-25 10:04 . 2007-03-07 21:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-25 10:04 . 2008-12-20 15:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-25 10:04 . 2008-12-20 15:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-25 10:04 . 2008-12-20 15:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-02-25 10:04 . 2008-12-20 15:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-02-25 10:04 . 2008-12-20 15:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-25 10:04 . 2008-12-19 01:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-25 08:52 . 2006-09-18 17:55 109,744 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-25 08:52 . 2006-09-18 17:55 48,816 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-25 08:51 . 2009-02-25 08:51 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-02-25 08:51 . 2009-02-25 08:51 <DIR> d-------- c:\program files\Symantec
2009-02-25 08:51 . 2009-02-25 08:51 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-02-25 08:51 . 2009-02-25 08:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-25 08:09 . 2009-02-25 08:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-25 02:11 . 2008-04-13 09:28 2,940,928 --------- c:\windows\system32\dllcache\wmploc.dll
2009-02-25 01:56 . 2008-06-13 03:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-02-25 01:54 . 2008-04-11 11:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-25 01:54 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-25 01:54 . 2008-12-11 02:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-02-25 01:54 . 2008-05-01 06:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-02-25 01:54 . 2008-05-08 06:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-02-25 01:53 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-02-25 01:53 . 2008-10-03 02:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-02-25 01:44 . 2009-02-25 01:44 <DIR> d-------- c:\documents and settings\HEATHER SCHREINER\Application Data\SUPERAntiSpyware.com
2009-02-24 22:26 . 2009-02-24 22:26 <DIR> d-------- c:\windows\provisioning
2009-02-24 22:26 . 2009-02-24 22:26 <DIR> d-------- c:\windows\peernet
2009-02-24 22:24 . 2009-02-24 22:24 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-24 22:14 . 2009-02-24 22:15 <DIR> d-------- c:\windows\EHome
2009-02-24 19:23 . 2009-02-24 19:23 <DIR> d-------- c:\documents and settings\HEATHER SCHREINER\Application Data\Malwarebytes
2009-02-24 19:22 . 2009-02-24 19:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 19:22 . 2009-02-24 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 19:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 19:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-24 19:01 . 2009-02-24 19:01 <DIR> d-------- c:\documents and settings\HEATHER SCHREINER\Application Data\WinPatrol
2009-02-24 15:38 . 2009-02-24 15:38 <DIR> d-------- c:\program files\BillP Studios
2009-02-24 15:34 . 2009-02-24 15:34 <DIR> d-------- c:\documents and settings\SUSAN SCHREINER\Application Data\WinPatrol

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-01 22:33 104,960 ----a-w c:\windows\system32\wqtxwmiaf.dll
2009-01-17 05:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2006-05-30 03:26 17,144 ----a-w c:\documents and settings\HEATHER SCHREINER\Application Data\GDIPFONTCACHEV1.DAT
2006-10-11 09:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 09:05 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 09:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 09:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 09:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2003-01-01 09:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012003010120030 102\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-01_14.40.43.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-02 00:50:30 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_5b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94EB5688-E5A6-43D5-B05E-6CE5179FFC9C}]
2003-01-01 00:34 108800 --a------ c:\windows\System32\netrapp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D63318AE-892A-41B9-88FC-68CBD6AE075F}]
2009-03-01 14:33 104960 --a------ c:\windows\system32\dmserverf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-05 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185872]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X 86\2\printray.exe" [2000-05-09 36864]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\El kCtrl.exe" [2004-11-01 262144]
"VTTimer"="VTTimer.exe" [2003-08-20 c:\windows\system32\VTTimer.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywvpbxxz]
2009-03-01 14:33 104960 c:\windows\system32\dmserverf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.s ys [2009-02-28 22536]
R0 qedfmmcr;qedfmmcr;c:\windows\system32\drivers\qedf mmcr.sys [2004-05-24 23424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-28 4150840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-11-13 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 nviapyzh;Direct Parallel Link Helper;c:\windows\System32\svchost.exe -k netsvcs [2004-05-24 14336]
S3 FXDRV;FXDRV;\??\h:\fxdrv.sys --> h:\Fxdrv.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nviapyzh
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\SUSAN SCHREINER\Application Data\Mozilla\Firefox\Profiles\ckfftdyc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components \qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 17:02:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-01 17:03:49
ComboFix-quarantined-files.txt 2009-03-02 01:03:46

Pre-Run: 31,046,123,520 bytes free
Post-Run: 31,027,527,680 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
199 --- E O F --- 2009-02-25 19:20:08

I think we're getting close !!

Combofix items (suspected reinfection/reinstall agent):

2009-03-01 22:33 104,960 ----a-w c:\windows\system32\wqtxwmiaf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94EB5688-E5A6-43D5-B05E-6CE5179FFC9C}]
2003-01-01 00:34 108800 --a------ c:\windows\System32\netrapp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D63318AE-892A-41B9-88FC-68CBD6AE075F}]
2009-03-01 14:33 104960 --a------ c:\windows\system32\dmserverf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywvpbxxz]
2009-03-01 14:33 104960 c:\windows\system32\dmserverf.dll

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items, IF STILL PRESENT:

O2 - BHO: (no name) - {94EB5688-E5A6-43D5-B05E-6CE5179FFC9C} - C:\WINDOWS\System32\netrapp.dll
O2 - BHO: (no name) - {D63318AE-892A-41B9-88FC-68CBD6AE075F} - c:\windows\system32\dmserverf.dll

O20 - Winlogon Notify: ywvpbxxz - C:\WINDOWS\SYSTEM32\dmserverf.dll

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.




1) Please download the Killbox.
Unzip it to the desktop and run it.

2) Select "Delete on Reboot".
3) Then Click the "All Files" button.

4) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

c:\windows\system32\wqtxwmiaf.dll
c:\windows\System32\netrapp.dll
c:\windows\system32\dmserverf.dl

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" to reboot next.




POST A REVISED HIJACKTHIS LOG for review:

• Reboot.
• Post a new HijackThis log.
• Provide any feedback commentary as appropriate - how things are now behaving: any new or remaining apparent issues.

Tried everything you suggested.
However couldn't seem to copy all 3 files and paste at same time.
Copied each and pasted each, hitting delete after each paste,
For the first 2 files I said NO to reboot now, after pasting the 3rd file I said yes to reboot.

After rebooting NAV Trojan warning appeared again

Re-ran HJT and located the files to be fixed,
Checked Fix Checked.
(Is something suppose to happen, after clicking fix checked,other than the HJT screen goes blank after answering the warnings / messages?)


Anyway here is the HJT Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:51 PM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94EB5688-E5A6-43D5-B05E-6CE5179FFC9C} - C:\WINDOWS\System32\netrapp.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: (no name) - {D63318AE-892A-41B9-88FC-68CBD6AE075F} - c:\windows\system32\dmserverf.dll (file missing)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ywvpbxxz - dmserverf.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7907 bytes

(Is something suppose to happen, after clicking fix checked,other than the HJT screen goes blank after answering the warnings / messages?)

No that is all you get - the proof of results is that your removal items no longer appear in the log and your issues seem to be resolved.



Close all windows and browsers.
Open HijackThis

Click on Open the Misc Tools section
Click on Delete a File On Reboot
Navigate to the file in question to select it or copy/type the complete FILE PATH (below) and then click the ‘Open’ BUTTON:

C:\WINDOWS\System32\netrapp.dll

Exit Hijackthis (x – BUTTON) and REBOOT.


NOTE:
When an infection uses checks to see if one of its files has been deleted, ’Replace with Dummy’ fools the infection into thinking the file is still there, so it will not be rewritten.




SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O2 - BHO: (no name) - {94EB5688-E5A6-43D5-B05E-6CE5179FFC9C} - C:\WINDOWS\System32\netrapp.dll
O2 - BHO: (no name) - {D63318AE-892A-41B9-88FC-68CBD6AE075F} - c:\windows\system32\dmserverf.dll (file missing)

O20 - Winlogon Notify: ywvpbxxz - dmserverf.dll (file missing)

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



Post a new HJT log and any current feedback.

I ran HJT following your directions.

Trojan reappeared.

Then ran superantispyware from program directory using "safe boot".
As soon as I started the scan i also disabled explorer.exe via task manager.
SAS didn't find the netrapp.dll file or the other.

Trojan reappeared.

Then ran Killbox telling it to delete on reboot using a dummy file for both files.
(using full directory path)

Trojan reappeared.

Here is latest HJT log.

I'm about ready to give up, any more tricks up your sleeve??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:38 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94EB5688-E5A6-43D5-B05E-6CE5179FFC9C} - C:\WINDOWS\System32\netrapp.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: (no name) - {D63318AE-892A-41B9-88FC-68CBD6AE075F} - c:\windows\system32\dmserverf.dll (file missing)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ywvpbxxz - dmserverf.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7955 bytes

Let us review what seems to be known about netrapp.dll:

http://www.d-a-l.com/help/183512-post9.html
Description: Alcohol 120%
Company: Alcohol Soft Development Company
File Version: 3.0.0.0
Date Created: 01/20/2008
Size: 106 kb

Did you try and locate for removal any of the following FOLDERS, if found:

C:\Program Files\Alcohol Soft\Alcohol 120
C:\Program Files\Alcohol Soft


There could be something running from such a folder that recreates 'netrapp.dll' or Norton does an incomplete removal such that no other tool get a chance to give it a complete try.

Potentially, there is still a service running related to the above that needs to belocated, then stopped and/or disabled, and then subsequently deleted eventually:

• Right-click My Computer>Manage>Services And Applications>double-click Services
• Look for potential 'service names':
  • Alcohol,
  • Alcohol Autorun, or
  • StarWind iSCSI Service.
    
• Right-click on an item of interest>Properties
• If necessary and possible make 'Service status'=Stop and/or 'Startup type'=Disabled
• REBOOT when done.

The following line items (with dmserverf.dll now missing/removed) should have been easily removed if you ran all the steps given, here:
http://www.d-a-l.com/help/183621-post16.html

O2 - BHO: (no name) - {D63318AE-892A-41B9-88FC-68CBD6AE075F} - c:\windows\system32\dmserverf.dll (file missing)

O20 - Winlogon Notify: ywvpbxxz - dmserverf.dll (file missing)

Another possibility is:
You could try 'unregistering' the REMAINING DLL file (try in SAFEMODE, if necessary):

• At the Taskbar, select Start -> Run. Type:

  cmd

• To unregister a file, copy and paste (or type) at the 'command line prompt', and hit Enter KEY:

  regsvr32 -u C:\windows\System32\netrapp.dll

• REBOOT

Otherwise, try the following scan:



Click here to download Dr.Web CureIt and save it to your desktop.

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, see if you can click the icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Post the Dr. Web CureIt Results.


Also, please post a revised HijackThis LOG.