TDS-3 alarm

I have run Spybot S&D and Adaware 6.0, I also have SpywareBlaster and SpywareGuard - all have been updated today where available. The scans do not come up with any problems but I have an alarm in TDS-3 of a 'possible web downloader' referring to the popuppopper folder - which blocks pop-up ads. Don't know if the problem is with the following:

O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\Security\AD-SPY~1\PopUps\POPUPP~1\PopLib.dll

I like the popuppopper application but don't want to keep it if its a threat.

Any help would be greatly appreciated and further comments on my log well received.

P.S. how do I start to understand what's good and bad in a HJT log because you guys must get really cheesed with reviewing everybody's logs

Logfile of HijackThis v1.97.7
Scan saved at 20:20:46, on 27/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
D:\My Programs\Software\Ghost\GhostStartService.exe
C:\Program Files\Eset\nod32krn.exe
D:\My Programs\Security\AntiVirus\Tmntsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\My Programs\Software\Ghost\GhostStartTrayApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Security\Firewall\ZAP\ZONEAL~1\zlclient.exe
C:\Program Files\Security\AntiTrojan\TauScan\Tauscan 1.6\taumon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Security\AntiTrojan\TDS\TDS-3.exe
D:\My Programs\Security\AntiVirus\pccguide.exe
D:\My Programs\Security\AntiVirus\PCCClient.exe
D:\My Programs\Security\AntiVirus\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
D:\My Programs\Utility\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
C:\Program Files\Security\Roboform\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Security\Firewall\ZAP\VisualZone\VisualZone.exe
C:\Program Files\Utilities\MRU\MRU-Blaster\scheduler.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Security\Ad-Spy Ware\SpywareGuard\SpywareGuard\sgmain.exe
C:\Program Files\Security\Ad-Spy Ware\SpywareGuard\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Security\Firewall\Port Explorer\Port Explorer\PortExplorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Utilities\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.visualizesoftware.com/visualzone/visualzone_faq.htm
O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\Security\AD-SPY~1\PopUps\POPUPP~1\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Security\Ad-Spy Ware\SpywareGuard\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Security\Roboform\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Security\Roboform\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] D:\My Programs\Software\Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Security\Firewall\ZAP\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\Program Files\Security\AntiTrojan\TauScan\Tauscan 1.6\taumon.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [TDS3] C:\Program Files\Security\AntiTrojan\TDS\TDS-3.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\My Programs\Security\AntiVirus\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\My Programs\Security\AntiVirus\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\My Programs\Security\AntiVirus\Pop3trap.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] D:\My Programs\Utility\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Security\Roboform\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\Utilities\MRU\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\Utilities\MRU\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Security\Ad-Spy Ware\SpywareGuard\SpywareGuard\sgmain.exe
O4 - Global Startup: VisualZone.lnk = C:\Program Files\Security\Firewall\ZAP\VisualZone\VisualZone.exe
O8 - Extra context menu item: Customize Menu   &4 - file://C:\Program Files\Security\Roboform\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms   &] - file://C:\Program Files\Security\Roboform\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms   &[ - file://C:\Program Files\Security\Roboform\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms   &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms   &[ (HKLM)
O9 - Extra button: PopupPopper Control Panel (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar   &2 (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{A59ED4A2-D942-42A3-8ED5-B6BD79F402D7}: NameServer = 195.92.195.95 195.92.195.94

 

Hi long name previously known as mfreemanhcp17
The HJT is Pieter c.s.'s specialty so i'm not going to touch that part; in my uneducated view in this i don't see nothing inappropriate, others might have recommendations.

But you can zip and submit the alarm to Gavin to look into it and if necessary refine the detection.
submit@diamondcs.com.au

 

Hi Jooske,

that's correct

The log was completely clean, but I moved the topic to this section because it was more like a specific TDS question, and the HT log checked to be completely clean.

You answered the question by asking to submit the alarm, thanks!

Take care

Cheers,

 

Thanks Unzy and you're welcome!
You guys do a great job with those HJT logs!