did read and run but still having problems

Step 6 of the READ ME requests two online scanner logs please attach them.

Also step 7 gives directions for installing HijackThis properly. Please follow those steps and install HJT properly.

Is this a contiunation of your other thread: i need help with a trojan adclicker

If so, you must stay in one thread.

 

You did not have to re-download it. You just need to follow the directions to install it properly. The reason you cannot upload it again is because it is probably exactly the same as the last one which means you still did not install it properly and still have it running from:

C:\Documents and Settings\admin\My Documents\HijackThis.exe

You must follow the directions and create a c:\Program Files\HJT folder and then unzip the downloaded file into that folder.

 

Your online scanner logs are a good example of why we enforce step 6 of the READ & RUN ME. This is just a statement of fact. There is nothing that you did wrong. I just wanted to point this out because when you look at the BitDefender log you will see tons of bad stuff deleted that would not show in a HijackThis log and it was not picked up by any of the other tools.

 

After getting HijackThis installed properly, continue with below.

First empty your Norton Quarantine if anything is still in it.

For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\DOCUME~1\user\LOCALS~1\Temp\1F2.tmp.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {9DCBB1DC-3AC3-F6EF-3D33-03958BE2C94C} - C:\WINDOWS\crln32.dll (file missing)
O2 - BHO: Class - {BA72B260-086C-8201-41C8-0314544BE181} - C:\WINDOWS\system32\netew32.dll (file missing)
O4 - HKLM\..\Run: [1F2.tmp] C:\DOCUME~1\user\LOCALS~1\Temp\1F2.tmp.exe
O4 - HKLM\..\Run: [1F3.tmp] C:\DOCUME~1\user\LOCALS~1\Temp\1F3.tmp.exe
O4 - HKLM\..\Run: [1F3.tmp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\1F3.tmp.exe
O4 - HKLM\..\Run: [1F2.tmp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\1F2.tmp.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\user\Local Settings\Temp\1F0.tmp <--- it would be best to delete all file allowed in this temp folder
C:\Documents and Settings\user\Local Settings\Temp\1F2.tmp
C:\Documents and Settings\user\Local Settings\Temp\1F2.tmp.exe
C:\Documents and Settings\user\Local Settings\Temp\1F3.tmp
C:\Documents and Settings\user\Local Settings\Temp\1F3.tmp.exe
C:\Documents and Settings\admin\Favorites\SITES ABOUT\Ab scissor.url
C:\Documents and Settings\admin\Favorites\Only sex website.url

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Reminder Note: Once we have determine you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

It's rather simple. There is not too much to explain. After opening explorer just expand the folders in the left pane until locate where you want to get to and click on it. It is like opening a file cabinet and looking thru the folders stored in it and in each folder of the file cabinet there are more papers which is the same as the files in the folders on your disk drive.

 

You HJT log is clean. Just make sure you look for an delete the files if they are still there.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!