highjack log ?

[ksrkc]

Here's part of a log I did, I was told to get rid of these lines, and I did. I had a surveilance program called "loxxee". uses a hotkey to log into, also has a key logger in it plus sreenshots, does anyone know which line is it was, and can it be reversed? Thanks for any help! greg


R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: IMHelper Class - {36E359F2-0C67-4eac-880A-E10D8CBDDC54} - c:\windows\system32\fsmifm.dat

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O21 - SSODL: SysTrayGUID - {342D5ACA-6747-4740-BE55-12D6966E6534} - c:\windows\system32\sextsext.dll

[Basementgeek]

Who told you to remove these ? Another forum maybe ?

If you have XP try doing a system restore back to a time before "you" fixed it.

BG

[steamwiz]

Restoring deleted hijackthis entries from backups

Start hijackthis

Click "open the misc tools section"

Click "backups"

Highlight the line you want to replace...

click "restore"

[ksrkc]

Basemeantgeek, I'm sorrry, I forgot to mention that I was on another forum, not this one, when I was having my log checked. I came across this one after that and really liked this one.

steamwiz, I saw that feature, but am not sure which line is the one that I need?

[Basementgeek]

It sounds like you want this spyware back, is this true ?

Post a link to your log in the other forum.

BG

[steamwiz]

Hi

There's just one entry it could be....

I know what all the entries are except one, and I know they are nothing to do with it....

This one :-

O2 - BHO: IMHelper Class - {36E359F2-0C67-4eac-880A-E10D8CBDDC54} - c:\windows\system32\fsmifm.dat

is totaly random... unique CLSId & random filename ... just what you would expect from a keylogger, & it is quite logical that it would be a BHO...

So... replace this one :-

O2 - BHO: IMHelper Class - {36E359F2-0C67-4eac-880A-E10D8CBDDC54} - c:\windows\system32\fsmifm.dat

If you would like me to check it out first, to make sure it isn't some other malware, you can send me the file...and I'll look at it.

Please find the following file (zip it - this is important) and send it to me here for closer inspection...

steamwizAThelp2go.com ... replace AT with @


c:\windows\system32\fsmifm.dat

steam