Avenue A and Double click

Spybot is showing Avenue A, Inc. and DoubleClick on every scan. There are also other things that it reads from time to time, but these two are always there. I have done everything in the read this first. I have downloaded Ewido as well, and it doesn't help. I have system restore turned off. and I booted in safe mode, still no help. I have HJT, but don't know what do delete. I'm at a loss. I'm usually very good at getting rid of spyware too. I just can't get do this one. Anyone know what to do? Also, how did I get it? and how do I prevent this from happening again? I don't use the internet for anything except school work, hotmail, and ebay. I don't know where the spyware comes from. You guys are the best. I know you can help. Thanks.

 

Post a HijackThis log as an ATTACHMENT.

 

Here is my HJT log. thank you for your quick reply
thedagem

 

Uninstall Kazza, Kazaa Lite, Kazaa Lite K++. These applications are infected with spyware.

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Post a fresh HijackThis log as an ATTACHMENT.

 

Here is my new logfile. I appreciate your help. My friend that gave me the version of Kazaa that I'm using has told me that it is the lite version which comes with no spyware. so I left it installed. I googled it as well, and he seems to be right. What are your thoughts on this. I have Kazaa lite k++.
Thanks
Thedagem

 

No version of Kazaa is spyware free, it is Urban Myth that Kazaa Lite is Spyware free. If you enjoy having spybot tell you that you have Avenue.A and Double-click everytime you scan with then leave Kazza Lite installed. Your choice.

Other than what I said above your HijackThis log shows no signs of infection.

 

I still have the 2 things on there, and now advertising.com is showing up in spybot as well. I have deleted Kazaa

 

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments

 

I havn't run any of it yet, for some reason, panda active scan doesn't work. I'm trying it in both IE and in Firefox, and a window comes up then immediately dissappears, I've allowed popups, and I've turned off my firewall, what do I do?
I will run the rest of the scans now as you requested. thank you for not giving up on me.
Thedagem

 

here are the two logs I could get. Panda scan does not work for some reason.

 

fast click and mediaplex are also showing up.

 

FastClick and MediaPlex are legit pop-ups. Both are legit companies that several sights use to display ads. Use a pop-up blocker to stop those.

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

here are the logs you requested. Thank you.
Thedagem

 

Spy Sweeper found some stuff and removed it; your HijackThis log is clean. How is your system running?

 

it seems to be running fine. It never really did slow down at all, I just noticed that spybot kept comming up with stuff, and one time it would have like 2 objects and the next time it would be 30, I wanted to get rid of it before it became a problem. Spybot still comes up with advertising.com, and avenue A, Inc. I have no Idea what to do.
Thedagem

 

Scan with SPybot and post your Spybot report as an attachment.

 

Like I said, it always comes up with certain ones, but others will just randomly come up. Here is the report you requested. This time only DoubleClick came up.
I didn't know how to save a log in spybot, so I did a print screen, and saved it in paint. sorry.
Thedagem

 

Click on Mode and Slect Adavanced mode, then expand tools in the left window and select View Report. Next click on View Report in the Right Window, save that report to your desktop and attach to your next reply.

 

it says the file is too large to attatch.
Do you have an alternate way of me getting it to you?
Thedagem

 

here is the first half of the report

 

and here is the second half
hope this helps
thedagem

 

here's an interesting fact. It won't let me install any new spyware removal programs. Spyware doctor or anything like that. It always says it can't install a certain Dll file. I don't know what that means. if it's important or not. I guess I'm just getting a bit frustrated. Hope this helps.
Thanks
thedagem

 

Those are tracking cookies placed on your system when you visit sites that use those advertising services.

What dll is it?

 

These things never came up before though. How do I stop em, since I've been in this forum, I havn't been to any sites besides google, hotmail, and here. Where are these cookies comming from?

It says C:\WINDOWS\system32\vbscript.dll
Unable to register the DLL/OCX: DllRegisterServer failed; code 0x8002801C.
Click Retry to try again, Ignore to proceed anyway (not recommended), or Abort to cancel installation.

and I get a similar message everytime i try to install a new scanner.
Thedagem

 

Boot to safe mode using the Search function on the Start Menu search for:

Run Regedit and delete the following registry values:

 

I may be doing something wrong, but I followed your steps. i did not find a single file that you suggested to delete. I may have to change some windows options or something. I did boot in safe mode, and I did what you requested, but I did not find any of them.
Thedagem

 

Please make sure System Restore is OFF.

Make sure you have done the following:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Now look for and delete the files I listed in Post #25 of this thread.

 

Those settings are already like that from the read this first.
Still didn't find any of that stuff.

 

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

here it is

 

The log shows your system to be clean. Use the Immunize feature of Spybot along with enabling all protection in SpywareBlaster will help protect your system to a certain degree. Other than blocking cookies completely, just regularly scan your system and remove unwanted cookies.