Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Adaware to delete or not to delete

  1. Apr 24, 2005 #1
    I have ad aware SE personal edition and ran it. it picked up some critical objects and a whole bunch of negligible objects. how do I know what to delete and what not to delete? I've heard that if I just delete all of it there might be something the computer needs to run properly. I don't want to mess up my system by deleting something it needs, but I want to get rid of anything else that would be harmful. advice, plz!
  2. jcsd
  3. Apr 24, 2005 #2
    well i use my general rule of thumb that if its located within the /system folder, dont delete it - some adaware is located there yes, but most are classified as priority deletes or what-not
  4. Apr 24, 2005 #3


    User Avatar
    Gold Member

    Yah, TsunamiJoe has it...

    Post a screenshot and maybe we can help determine which ones to delete and which not to delete. Be careful about files in teh system directory though because some adware or spyware or viruses will diguise themselves by using file names very similar to normal system ones. rundll32.exe for example, has a name similar to it like rundl32.exe which is in actuality a virus. rundll32.exe is the real system file... be careful to check for near-spellings and such.
  5. Apr 25, 2005 #4
    Adaware makes backups of everything it "deletes." If you have a system problem after Adaware "deletes" some items, then procede to run Adaware's restore function.
  6. Apr 25, 2005 #5


    User Avatar
    Science Advisor
    Gold Member

    ......... and google everything you're not aware of before deletion & see if the symptoms and descriptions match.
  7. Apr 25, 2005 #6
    also my personal favorite is a program called registry mechanic - it solves all my problems lol, (you may need to fake register it of course lol, but keep that on the DL there buddy :) )
  8. Apr 25, 2005 #7


    User Avatar
    Gold Member

    lol keeping it on the DL is really contrary to posting it in a public thread :P
  9. Apr 25, 2005 #8
    from my experience, Adaware is excellent software. I have been using it with my customized settings to scan and I always mindlessly just press "next" because I trust it so much to not delete something vital. =)

    I would tentatively suggest you to trust to delete, but to be safe, scan the things it finds for any "red flags"; this would be effective proportional to the amount of computer experience and knowledge you have =)

    Hope that helps!
  10. Apr 26, 2005 #9
    I've used Adaware for ages and I always delete everything it finds. If malware has a name similar to a system file it won't delete the system file because it's looking for the signature of the malware inside the file. It doesn't do it by name.

    Anyway, I of course take no resposibility should your system crash. :smile: But as I said, I always delete everything and I've never had a problem.

    You can also set a system restore point before running it. And always check for updates!
  11. Apr 26, 2005 #10
    I find spybot is the best at removing Spyware... Anyway prevention is the best remedey so you FireFox and wont get anywhere near the amount of malware on your internet browsing PC
  12. Apr 26, 2005 #11
    you caught me! lol

    but yes firefox is nice, and if you dont use any p2p stuff, you ought not get any more bad stuff i wouldnt think
  13. Apr 26, 2005 #12
    I've been using IE for a long time with absolutely no problems, I've tightened up the security settings, I run Adaware only when I contract a virus, and my 866mHz computer still runs as smooth as a kitty =)
    Prevention, yes.
    Avoid pornography and "bad" sites, and be wary of what you click.
    Sites with popups, etc.
  14. Apr 27, 2005 #13
    true but artemis, alot of people need low internet security for sites and even certain certificates, and even then you dont even have to click on things nowadays to contract spyware and the like
  15. May 6, 2005 #14
    Thanks guys! :)
    How do you do a screenshot???
    how do I check for correct spellings of actual files vs. viruses?
    where can I find 'registry mechanic'?
    what is DL??
    and what is p2p stuff???

    sorry to be so ignorant, but I'm still learning. lol
    I have firefox, but some things don't seem to want to work with it such as my propel accelerator and popup blocker. I avoid porn sites and don't click on any ads or pop ups or anything. who said cybering was safe sex? LMAO!!! DON'T GO THERE!!!
  16. May 6, 2005 #15
    "How do you do a screenshot???"

    Screenshot key, top right of your key board...probably says something like "print screen" on it.

    "how do I check for correct spellings of actual files vs. viruses?"

    Often times, you can't. And actually, if you have an excessive number of svchost.exe's running, you're probably being used...nothing too much to worry about unless you have random uploading/downloading.

    As far as viruses go...

    Be very careful...and honestly, if a virus is only one file, it'll probably just be idling there anyway...I have five "viruses" on my computer, though they really aren't. Probably some cheap trojan or dumb file...then again I don't keep anything personal on here so nothing to worry about. :tongue2: But there's not too much to be afraid of if the virus program says it's a baddy, just manually go in and delete the sucker.

    "where can I find 'registry mechanic'?"

    Honestly I wouldn't worry about these, they always make me uneasy. I prefer to edit registry myself, and only if I must.

    "what is DL??"

    In this case, "down-low", means keep it secret. However, it's also often used as a short cut way of saying download.

    "and what is p2p stuff???"

    I know that as pay-to-play for games, or it can be used as peer-to-peer as in file sharing.

    And coming from a guy who has experienced all spyware imaginable, I've always been able to get rid of it. A combo of ad-aware, spybot, hijack this, and a little use of my own noodle, nothing can stand up to me. :)


    Since I'm here, I"ll post my little spyware removal steps:

    In Windows Explorer, make sure that the option to "show all files and folders, including hidden and system" is turned on. Open a my computer window, then go to "tools, folder options, view"...then look under that list.

    Update all of your spyware removal programs.

    Reboot in safe mode. Some computers do F8 or F11, differs. The only sure way is to go to run, type in msconfig, then under "boot.ini" click "safeboot". To come back out of this, just do the same thing except click normalboot.

    Empty the "Temp" folder:
    C:\Documents and Settings\{user}\Local Settings\Temp (some computers can't take deleting them all at once if you've let them build up too much, in this case, delete portions at a time)

    Delete all cookies (Don't really have to...but may as well be safe)

    Run hijackthis (search google for it, handy thing) with nothing open except for it alone. If you'd like, and I recommend it, allow it to create a restore point. You shouldn't have to use it, but if you screw up it's good to have a backup.

    Let HJT fix ANYTHING you have of the following items (click the box):

    Fix ANY of these Running processes: if you have them:
    C:\PROGRA~1\Web Offer\wo.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe

    Fix ALL R0 and R1 if you have Begin2search, Coolwebsearch or any other pesky Search, such as:
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Search***istant = http://www.begin2search.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Search***istant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

    Fix ANY R3 with (no file) or (file missing) such as:
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - Default URLSearchHook is missing

    Fix ALL 01 entries:
    O1 - Hosts: websearch.com
    O1 - Hosts: www.websearch.com

    Fix ANY O2 with (no name) and either (no file) or (file missing), such as:
    O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)

    Fix ANY of these O2, O3 and O4, they are guaranteed BADDIES, shoot them down:
    O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\SYSTEM\DSKTRF.DLL
    O2 - BHO: ohb Cl*** - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll
    O2 - BHO: MultiMPPObj Cl*** - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
    O2 - BHO: Band Cl*** - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL

    O4 - HKLM\..\Run: [SoundMan] soundman.exe

    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKCU\..\Run: [svc] C:\WINDOWS\system32\svc.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [vs2P38h] oddtreg.exe ..... (this one's [name between brackets] might vary)
    O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

    These are (real) samples of spyware. Anything looking like them is suspicious.
    If you have any, do a "Google" with only the file-name. If you can't find it, fix it. When in doubt, leave it for now.
    O4 - HKLM\..\Run: [mqkumupqecyfw] C:\WINDOWS\System32\xvbfxo.exe
    O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
    O4 - HKLM\..\Run: [bgsocc] C:\WINDOWS\System32\bgsocc.exe
    O4 - HKLM\..\Run: [jmruplg] C:\WINDOWS\Lmddwz.exe
    O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe

    Fix this 09 if you have it:
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

    Fix these 014 if you have them:

    Fix ALL O16 - DPF: entries, even if they have familiar/trusted/common names, such as:
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Cl***) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab [Broken]

    Also, any of these you should delete too.

    C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
    C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mustangsandmore.com/cgi-...1000&LastLogin= [Broken]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mustangsandmore.com/cgi-...1000&LastLogin= [Broken]
    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {3CA03C79-9265-26CC-D104-15550AF52934} - C:\WINDOWS\System32\jfujibxr.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\9FAaQWyv.dll

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [stlyh] C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
    O4 - HKLM\..\Run: [ak0HRs1w] C:\PROGRA~1\wroowwvt\vrssotp.exe
    O4 - HKLM\..\Run: [boag7m5u] C:\documents and settings\scott macleod\local settings\temp\boag7m5u.exe
    O4 - HKLM\..\Run: [af40d78e1561] C:\WINDOWS\System32\CFGMGR32.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Han442nJ.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\msCE.tmp"
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [Zsha] C:\WINDOWS\System32\??rss.exe

    O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/gam...nts/y/ht0_x.cab [Broken]
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab [Broken]
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...0d [Broken] 3e80deecaa8
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll [Broken]
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab27513.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sh...n/bin/cabsa.cab [Broken]
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec...ta/SymAData.dll [Broken]
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab [Broken]
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab [Broken]
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yah...ebio5_0_2_1.cab [Broken]

    Now hit the Fix checked button and let HijackThis do what it is good at...

    After HJT is finished, while still in Safe Mode, delete any of these directories if you have them:
    C:\Program Files\AWS\WEATHE~1
    C:\Program Files\AWS
    C:\Program Files\Web Offer
    C:\Program Files\Windows ControlAd
    C:\Program Files\AutoUpdate
    C:\Program Files\Common Files\WinTools
    C:\Program Files\TV Media
    C:\WINDOWS\System32\P2P Networking
    After HJT is finished, while still in Safe Mode, delete these directories:
    C:\Program Files\Windows ControlAd\
    C:\WINDOWS\System32\P2P Networking\
    C:\Program Files\wroowwvt\

    Next, run adaware with in-depth scan, full scan.

    Then spybot: search and destroy, and then click immunize after running that scan.

    Just go back to msconfig as before, mentioned up there, and you'll reboot to a nice shiny computer. :)
    Last edited by a moderator: May 2, 2017
  17. May 6, 2005 #16
    Oh, and firefox is over-rated in my opinion. It's cool and all but IE's fine. It's your choice though, of course.

    Google toolbar and windows blockers do well enough unless you nearly go out of your way to get spyware...and it also helps to be familiar with the sites you go to. Avoiding bad things comes with experience.
  18. May 6, 2005 #17
    wow That was a GREAT post! Thank you so much for posting that!
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook