Hi,

Can anyone advise whether the following HJT entries are suspicious:

O4 - HKLM\..\Policies\Explorer\Run: [qX8MXgD0xj] C:\Documents and Settings\All Users\Application Data\qbgnwnir\kzyzajat.exe

O21 - SSODL: ApiMnt - {3BEC3050-8B2F-5E91-FCBF-08891E626AE7} - C:\Program Files\eylqvab\ApiMnt.dll

Many thanks,

I consider both items suspicious.

HJT changes are reversible. Castlecops site indicates listing o21 findings means it does not appear on the whitelist.

I suggest that you follow Malware Removal Procedure in this forum.

I agree on that. I couldn't identify anything in either entry. That makes them 'suspicious' Chance are you have other entries you're not catching..

How do you figure it's not suspicious?
qX8MXgD0xj ... qbgnwnir\kzyzajat.exe
( All random file names & entries. Most legitimate programs use recognizable file names)

C:\Program Files\eylqvab\ApiMnt.dll
Is suspicious to me because after searching it, it turns up only 2 Results in Google. This post, and one other HJT Log. No legitimate files. Either it's a new program, or a new malware.

I would recommend fixing both those items. If problems persist, post the log, or try undoing the actions.