Access blocked - Virus Warning!
The URL address for this screen is "res://xmllib.dll/HTTP_Blocked.htm"
Here's a current HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 10:27:25 AM, on 7/7/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\msdtc.exe
H:\Symantec\SYMANT~1\SYMANT~1\DefWatch.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\llssrv.exe
H:\No-IP Dynamic Update Client\No-IP\DUC20.exe
H:\Symantec\SYMANT~1\SYMANT~1\Rtvscan.exe
H:\Quicken Online Backup\OLRegCap.EXE
H:\Quicken Online Backup\OLlaunch.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\explorer.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\ZONELABS\vsmon.exe
E:\WINNT\System32\SMSSU.EXE
E:\WINNT\System32\Tmntsrv32.EXE
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\Dfssvc.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\system32\ZONELABS\minilog.exe
H:\vision~3\paperp~1\pptd40nt.exe
E:\PROGRA~1\TEXTBR~1\Bin\INSTAN~1.EXE
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\WINNT\System32\DACONFIG.EXE
E:\WINNT\System32\qttask.exe
E:\WINNT\loadqm.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
H:\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
H:\Symantec\SYMANT~1\SYMANT~1\vptray.exe
H:\Visioneer\PaperPort\PPWebCap.exe
H:\SERV-U~1\Serv-U\SERVUT~1.EXE
E:\WINNT\win32res.exe
E:\WINNT\System32\SMSSU.EXE
E:\WINNT\System32\Tmntsrv32.EXE
H:\Microsoft Office\Office\FINDFAST.EXE
H:\Microsoft Office\Office\MSOFFICE.EXE
H:\Microsoft Office\Office\OSA.EXE
H:\QuickenW2K\QWDLLS.EXE
H:\WinZip 8.1\WZQKPICK.EXE
H:\Zone Labs\ZoneAlarm\zapro.exe
H:\lotus\wordpro\ltsstart.exe
H:\No-IP Dynamic Update Client\No-IP\DUC20.exe
H:\Quicken Online Backup\OLSysTray.exe
H:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - E:\WINNT\xmllib.dll
O4 - HKLM\..\Run: [AudioHQ] h:\creative\sblive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [PaperPort PTD] h:\vision~3\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [InstantAccess] E:\PROGRA~1\TEXTBR~1\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] E:\PROGRA~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [DACONFIGEXE] DACONFIG.EXE R
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [QuickTime Task] "E:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "H:\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] H:\Symantec\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] E:\PROGRA~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [PPWebCap] H:\Visioneer\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [ServUTrayIcon] H:\SERV-U~1\Serv-U\SERVUT~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Win32res] E:\WINNT\win32res.exe
O4 - HKCU\..\Run: [Spyware Doctor] "H:\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SMSSU] E:\WINNT\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] E:\WINNT\System32\Tmntsrv32.EXE
O4 - Startup: America Online 5.0 Tray Icon.lnk = H:\AOL 5.0\America Online 5.0\aoltray.exe
O4 - Startup: Lotus QuickStart.lnk = H:\lotus\wordpro\ltsstart.exe
O4 - Startup: No-IP DUC.lnk = H:\No-IP Dynamic Update Client\No-IP\DUC20.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Quicken Online Backup TaskBar Icon.LNK = H:\Quicken Online Backup\OLSysTray.exe
O4 - Global Startup: Billminder.lnk = H:\QuickenW2K\BILLMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = system32\spool\drivers\w32x86\2\E_SRCV03.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = H:\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = H:\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = H:\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = H:\QuickenW2K\QWDLLS.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = H:\Trend Micro Anti-Spyware\Tmas.exe
O4 - Global Startup: WinZip Quick Pick.lnk = H:\WinZip 8.1\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = H:\Zone Labs\ZoneAlarm\zapro.exe
O13 - WWW. Prefix: http://
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{51A4E744-E63E-4686-81C8-F6846140B70D}: NameServer = 151.164.11.201,151.164.1.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{51A4E744-E63E-4686-81C8-F6846140B70D}: NameServer = 151.164.11.201,151.164.1.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{51A4E744-E63E-4686-81C8-F6846140B70D}: NameServer = 151.164.11.201,151.164.1.8
O20 - Winlogon Notify: NavLogon - E:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - H:\Symantec\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - E:\WINNT\system32\ZONELABS\minilog.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - H:\No-IP Dynamic Update Client\No-IP\DUC20.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - H:\Symantec\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Quicken Online Backup RegCap (OLRegCap) - Intuit Inc. - H:\Quicken Online Backup\OLRegCap.EXE
O23 - Service: Quicken Online Backup Launcher (Quicken Online BackupLauncher) - Intuit Inc. - H:\Quicken Online Backup\OLlaunch.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - E:\WINNT\system32\ZONELABS\vsmon.exe
Thanks,
Ira