Sign in to follow this  
jimbo21784@yahoo.com

Possibly hijacked laptop

Recommended Posts

For about three days now I have begun receiving a suspicious error when I click to open my IE Browser.n The error is :
ieuser.exe - Bad Image
C:\\Windows\system32\sensapi.dii is either not designed to run on Windows or it contains an error. Try instaling the program again using the original installation media or contact your syste administrator or the softwar vendor fr suport.

OK allows the IE to open.

I submitted this to the Microsoft supprt area and received some feedback about running scans and such and proposed to them how it seemed to start with the last Windows Defender update but they told me it seemed like a possible hijack attempt.

So, since I told them I use Lavasoft Ad Aware Pro and the personal Firewall they pointed me to you.

I ran the GMER rookit scan and a full Ad Aware scan with a few cookies found.

Here's GMER Results:
GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-04-11 20:25:07
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys1e8c03d022
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys1e8c03d022 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64\AsDsm.sys 34872 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

Then I ran the HijackTHis scan wit the fllowin results:

GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-04-11 20:25:07
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys1e8c03d022
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys1e8c03d022 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64\AsDsm.sys 34872 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

The error still dislays.

What do I do next?

Jim

---

Two days ago I added a topic (inserted below) about my Laptop possibly being hijacked/infected and included all the logs and diagnostic results listed to do.

Since Lavasoft did not respond quickly I conintued working with Microsoft to try and narrow down and identify the problem. Last night on the phone with Microsoft Technical Support I found that I do not get the error detailed in my first topic below when I wired my laptop to my router and started up in Safemode with networking.

MS suggested I uninstall all my Lavasoft products and see if I get the error message then. I really don;t want to do that but I need some kind of Lavasoft response. I can't keep working on my laptop with this error issue.

I get the error everytime I open a browser and many multiple times when I am downloading, installing items such as the diagnostic tools you and MS recommended running.

So the questions is how long do I wait to hear back from Lavasoft. Edited by visitor
merged topics/posts to keep 0 replies

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this