BleepingComputer.com: Virus - Win32/patched.HN.trojan

Hi:

I am operating on Windows Vista 32 on a Dell XPS M1530. This virus appeared at the same time (at least the same day) as a Google Redirect started on my laptop. That day, my Spybot S & D was disabled, Ad-Aware was disabled, Malwarebytes was disabled. I have been able to run Malwarebyte on a flash drive and it locates the virus but it reappears on next reboot.

This is a list of what is being found by Ad-Aware and Malwarebytes. I am not asking that all be cleeared on this post, just thought it would be useful to know to help get rid of Win/32/patched.HN.trojan:

virus.win32.Agent.mpq (v)
Win32/patched.HN.trojan
Win32/patched.HN.trojan
Win32/patched.HN.trojan
Win32/patched.HN.trojan
Win32/patched.HN.trojan
A variant of Java/TrojanDownLoader.OpenStream.NCE.trojan
A variant of Java/TrojanDownLoader.OpenStream.NCE.trojan
Java/TrojanDownLoader.OpenStream.NBS.trojan
A variant of Win32/Rootkit.Agent.NUT.trojan
eSet
C:\$Recycle.Bin\S-1-5-21-2647880645-1392542597-3976084825-1000\$R4VM6MC.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Common Files\Intuit\DataProtect\IBuEngHost.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe Win32/Patched.HN trojan error while cleaning
C:\ProgramData\Lavasoft\Ad-Aware\Update\AAWService.exe.to_be_patched Win32/Patched.HN trojan cleaned - quarantined
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-78d356e3 Java/TrojanDownloader.OpenStream.NBS trojan cleaned by deleting - quarantined
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-2d883fde a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-394a2aac a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Windows\System32\WLTRYSVC.EXE Win32/Patched.HN trojan error while cleaning
C:\Windows\System32\drivers\i8042prt.sys a variant of Win32/Rootkit.Agent.NUT trojan unable to clean

Welcome aboard

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
  
• Report FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List last 10 Event Viewer log
  
• List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.