Hi

I have tried to start spyboot several times today - but everytime it seems to hang at the same position - while scanning the 5929/33807 - CoolWWWSearch. Is there any familiar known problems due to this - could it be caused by any spyware which is denying Spyboot to go further ? I ran Adware earlier - and it could find anything serious.... I have read some of the messages due to scanspeed - but it dosn`t seem to be the same problem I have. I tried to let it run overnight last night - but it was still hanging.
I would be really grateful for an answer;

Below is a fresh Hijackthis-log.

madsli

Logfile of HijackThis v1.99.1
Scan saved at 16:14:54, on 11.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programfiler\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe
C:\Programfiler\F-Secure\Common\FSMA32.EXE
C:\Programfiler\F-Secure\Common\FSMB32.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Programfiler\F-Secure\Common\FCH32.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wm.exe
C:\Programfiler\F-Secure\Common\FAMEH32.EXE
C:\Programfiler\F-Secure\Anti-Virus\fsqh.exe
C:\Programfiler\F-Secure\Anti-Virus\fsrw.exe
C:\Programfiler\F-Secure\Common\FNRB32.EXE
C:\Programfiler\F-Secure\FWES\Program\fsdfwd.exe
C:\Programfiler\F-Secure\Common\FIH32.EXE
C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe
z:\naldesk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Programfiler\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\F-Secure\FSGUI\fsguidll.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Skype\Phone\Skype.exe
I:\util\NWquota\nwquota_eng.exe
C:\Programfiler\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///K:/PROGRAM/INT-NETT/Index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Smapp] C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSBO Clean] C:\Programfiler\KONICA MINOLTA\PageScope Box Operator\PSBO.exe /clean
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programfiler\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Programfiler\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Konverter koblingsmål til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konverter koblingsmål til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter valgte koblinger til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte koblinger til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Konverterer utvalg til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverterer utvalg til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/no/win/QuickTimeFullInstaller.exe
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/wildgames/polarbowler/install.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programfiler\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programfiler\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\system32\wm.exe

Hello and sorry for the wait.
Please go here and post a link back to this topic to flag a helper.

If you have waited three days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

Hi madsli,

Are you still having this problem? I dont' see anything obvious in your HijackThis log, but it's been quite a few days. If you're still having a problem could you refresh us on your current situation and post a fresh HijackThis log for review, just in case something changed?

Oh, and there is a new update for Spybot today too. Get that and let us know if you're still seeing the problem.

Hi

I got the solutions from another expert here....
http://forums.spybot.info/showthread.php?t=1669

The problem was caused by the HTT technology in the computer.
Thanks any way !

madsli

We're glad to hear the problem has been resolved :)

This thread will be moved to the archives (read only). Should you need it reopened, please send a private message to one of the Moderators. Thanks, and happy surfing:)