Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Browsers redirection... no spyware found?

  • Please log in to reply
1 reply to this topic

#1 marious


  • Members
  • 1 posts
  • Local time:11:57 AM

Posted 18 November 2009 - 06:42 AM

So I had some virusus/spyware on my computer, I got rid of them all, after that I scanned with Malwarebytes, Adaware and Nod. Nothing found.

But while browsing I am redirected from time to time. But the weird part is that I am being redirected to 'normal' sites like eg. ups site, globalbusonline.com, lookupadeal.co.uk... i checked hosts file and nothing there... i checked the processes and cannot see anything suspicious. I got rid of all add-ons etc...
I tried IE and firefox :-(

ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/11/18 12:17
Program Version: Version
Windows Version: Windows XP SP3

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA0E6C000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
Path: C:\Documents and Settings\Admin3\Local Settings\Apps\2.0\Q8YN6JNX.JV9\CM6JZLHO.PK5\manifests\LogMeIn Host Software.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin3\Local Settings\Apps\2.0\Q8YN6JNX.JV9\CM6JZLHO.PK5\manifests\LogMeIn Host Software.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin3\Local Settings\Apps\2.0\Q8YN6JNX.JV9\CM6JZLHO.PK5\manifests\LogMeInBootstrapper.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin3\Local Settings\Apps\2.0\Q8YN6JNX.JV9\CM6JZLHO.PK5\manifests\LogMeInBootstrapper.manifest
Status: Locked to the Windows API!

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\Lbd.sys" at address 0xa1d9987e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\Lbd.sys" at address 0xa1d99bfe

Hidden Services
Service Name: RasServer
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Service Name: zxuynry
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs


Edited by marious, 18 November 2009 - 07:50 AM.

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:57 PM

Posted 21 November 2009 - 03:49 PM

%SystemRoot%\system32\svchost.exe -k netsvcs
Hooked by "C:\WINDOWS\system32\DRIVERS\Lbd.sys" at address 0xa1d9987e

Indicate a problem that needs to be addressed in the HJT forum

Since that you were successful in creating a Root Repeal log you need to post it in our HJT forum There they will help you with the removal through some custom scripts and programs that we cannot run here in this forum

First, try to run a DDS / HJT log as outlined in our preparation guide:

If it won't run, don't worry, just give a brief description and tell them that this log was all you could get to run successfully

Post here:

The HJT team is extremely busy, so be patient and good luck
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users