Did you run IE Reset, (as requested) 2 days ago? (^^ up there)
Because many entries look to be individualized in your log
You may want to do it again, with IE closed
You can also open HJT scan only, and fix the following 3 entries:
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
Then re-open Internet Explorer and run through the standard initial configurations by MS
My biggest concern is this:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x856ED1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x856ed1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
But Kaspersky online scanner detected nothing
We can just as easily copy another Atapi.sys from another computer, but do you have another computer running Windows Vista?
If so, here is the command to copy Atapi.sys to your USB Flash Drive, from the
other computer (please substitute
F for your Flash drive drive letter)
cmd /c copy C:\WINDOWS\system32\drivers\atapi.sys F:\ >log.txt&log.txt
You will get notified: "1 file(s) copied"
We can then copy this new file to your
C:\, overwriting the old one
But, do you have another computer to do this in the first place?
Please run the following command, on the possible still infected computer:
cmd /c dir /a c:\atapi.sys >log.txt&log.txt
A text file opens, please post the content.