Can anyone tell me the best place to post a hijackthis log? I think I may have a keylogger or something. There are a few entries with a red X. Does anyone know what this means?

http://i36.tinypic.com/2hyc7xk.jpg

Very starnge log, all I can say only.

What software is that you're using? Looks like the software is just misinterpreting.


I use Eset's Sysinspector here (http://www.eset.com/download/sysinspector.php) See if that reports anything suspicious (red entries). Posting results might get whacked though because the forum TOS.

-{ Quote: "Can anyone tell me the best place to post a hijackthis log? I think I may have a keylogger or something. There are a few entries with a red X. Does anyone know what this means?

http://i36.tinypic.com/2hyc7xk.jpg" }-
caspian, perhaps a review of this Wilders thread: If you are currently infected (http://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3) will point you in the right direction.

Like Keyboard_Commando has stated, a HJT log posting here, not only would be immediately removed, but also close this thread, as per this Policy (http://www.wilderssecurity.com/showthread.php?t=42148).

The scan that I used originally was Trend hijachthis and I ran it through hijackthis.de to get the report.

I just ran the Eset Sysinspector. I found VSSVC.EXE in the Eset scan and it says that is is "Microsoft Volume Shadow Copy Service". I found netlogon.dll 102 and it says the internal name is Isass.exe and is a Microsoft product "Local security authority Process". I found a couple of the other ones and they also said Microsoft. I am pretty sure that I have run this same trend scan before and did not see any red X's. I wonder if I should just reinstall the OS?

This computer is a HP Pavilion Vista 64 bit.

May be problem with hijackthis.de. Can u re-try them?

BTW why did u run HJT scan?

I guess if you are running any virtualization products you could be getting reports of files running from places they shouldn't be - might explain this. But I'd still go with interpretation error of hijackthis.de. The reports given are somewhat generic.

Well I ran the eset scan that you recommended, Hitman Pro 3, F-Secure, Sophos, GMER and I can't find anything. Maybe it is just with the website hijackthis.de. But it says that the items are not operating from the location that they are suppose to be. I do have Returnil. But I get the same reading whether it is active or not. I also wonder if a Vista 64 bit OS is a little harder for hijackthis to analyze.