Can't remove Trojan.BHO virus (followed all steps)

Welcome to Major Geeks!

While I read thru all of the logs, get started on the below.

First, tell me who is extracting/storing files like below to the C:\Program Files folder. These should be removed. This folder should only contain folders for installed programs. What ever these files are for needs to be properly installed into its own folder.

Code:

2006-12-16 02:16 927,320 -c--a-w c:\program files\HyCam2.exe
2006-12-16 02:16 87,656 ----a-w c:\program files\UnHyCam2.exe
2006-12-16 01:59 69,632 ----a-w c:\program files\CamRes2.dll
2006-12-14 19:13 113,628 -c--a-w c:\program files\HyCam2.chm
2006-12-14 16:18 3,274 -c--a-w c:\program files\agreement.txt
2006-12-07 00:14 57,344 ----a-w c:\program files\MClick2.dll
2006-07-09 11:13 82 ----a-w c:\program files\HomePage.url
2004-05-05 18:57 2,018 -c--a-w c:\program files\readme.txt
2004-04-16 20:07 675 -c--a-w c:\program files\HyCam2.cnt
1999-06-24 17:49 587 ----a-w c:\program files\8-44100d.wav
1999-06-24 17:49 421 ----a-w c:\program files\8-44100u.wav
1999-06-24 17:47 317 ----a-w c:\program files\8-22050d.wav
1999-06-24 17:47 225 ----a-w c:\program files\8-22050u.wav
1999-06-24 17:46 183 ----a-w c:\program files\8-11025d.wav
1999-06-24 17:46 135 ----a-w c:\program files\8-11025u.wav
1999-06-24 17:44 127 ----a-w c:\program files\8-8000u.wav
1999-06-24 17:43 151 ----a-w c:\program files\8-8000d.wav
1999-06-24 17:41 220 ----a-w c:\program files\16-8000u.wav
1999-06-24 17:40 260 ----a-w c:\program files\16-8000d.wav
1999-06-24 17:38 956 ----a-w c:\program files\16-44100u.wav
1999-06-24 17:37 1,186 ----a-w c:\program files\16-44100d.wav
1999-06-24 17:34 652 ----a-w c:\program files\16-22050d.wav
1999-06-24 17:34 442 ----a-w c:\program files\16-22050u.wav
1999-06-24 16:54 340 ----a-w c:\program files\16-11025d.wav
1999-06-24 16:50 326 ----a-w c:\program files\16-11025u.wav

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3

Now reboot your PC.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

 

See my first message before working thu this fix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner!

Now also run Malwarebytes again as a double check

Now goto this link Using MGtools and download the new version of MGtools.exe from the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe then attach the below logs:

• C:\ComboFix.txt
• the new Malwarebytes log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Please update Malwarebytes to the current version and definitions and run a new scan. Then reboot and run it again. Attach the new logs.

 

I foorgot something that could be important. Make very sure that while Malwarebytes is running that no borwsers are ever opened and I would also suggest disconnecting your PC from the internet by unplugging the cable.

 

Please run this procedure:Resetting Registry and File Permissions

• Please go to this link:http://live.sysinternals.com/
• find the psexec.exe file listed in the list and click on it and download and save it to your Desktop. Doing this properly is critical for other steps below.
• Now click Start, Run, and enter cmd and click OK. This will open a command prompt window with a prompt that shows the current folder you are in.
• For you the prompt should show C:\Documents and Settings\Kincso>
• Now type cd Desktop and hit the enter key. There is a space after the cd. If you do this properly, your prompt will change to C:\Documents and Settings\Kincso\Desktop>
• Type the below bold text and hit the enter key. This will open the Window Registry Editor. You will have to agree to the SysInternals License Agreement first that pops up.
  • psexec -s -i regedit
• In the Registry Editor click File, Import and then navigate to the fixme.reg file on your Desktop from the previous fix and double click on it to import it into your registry. If it works properly you should get a success message.
• If you get a success message continue on with the below, otherwise stop and explain to me any problems you had.

Now run Malwarebytes and attach the new log.