Anda di halaman 1dari 44

WindowexeAllkiller.

com

English | Portugus |

WindowexeAllkiller Introduction
Global (English) - Japan () - PRC ()

What is WindowexeAllkiller?
WindowexeAllkiller is a free utility that I have created as a
general service to the public.
A vast commercial apparatus, mostly of legitimate
companies, is putting products into commercial software
that interferes with the operation of laptops and
desktops. Thes speed and flexibility of these
sophisticated machines and their service to their owners
is compromised by software junk that is often difficult to
remove. To make matters worse, companies that offer to
help you remove this junk in many cases do so because
they want to install their own junk.
Windows operating systems are prone to a great deal of
malware that can slow down your computer and make it
difficult to use. It is not always easy to remove this
malware. WindowexeAllkiller is a way to remove
unwanted malware from your computer. It is not highly

automated: It requires the user to be able to identify what


it is that he or she wants to remove from the computer,
and the assumption is that the user has done some
research and carefully considered what to remove.
If you have found this web site because you are searching
on the specific file name of a browser help object or
commercial pop ups that are making it difficult to use
your computer, this is a good utility for you to try.
A word of caution: WindowexeAllkiller is a utility that
returns control of your machine to you. You must *actively
approve* --by placing a check mark--the utilities that
*stay* on your computer. The program check marks a few
automatically. Many of the things that you might choose
to remove are from legitimate companies that provide a
valuable service.
For example, you can remove the Adobe update reminder
that pops up very frequently on most pcs. But remember
that Adobe is a necessary web tool for reading pdf file
formats and that often times the automatic Adobe
updates are used to fix security issues.
A beginner user of WindowexeAllkiller should concentrate,
the first time, on the one or two most serious problems in
order to learn the program.
Once you are familiar with the program, you may find it is
a way to remove a large number of unwanted programs
at once. To be an effective user of WindowexeAllkiller you
need to have a clear idea of what you wish to remove

from your computer; once you have gotten rid of active


malware, you might use WindowexeAllkiller to customize
your computer's operations by setting aside certain
operations to do manually, such as updates.
If you are completely new to computers this utility is not
for you. If you have reached the point of doing extensive
research on how to remove a difficult object, and such
obvious steps as UNINSTALL in the windows control box
have not worked for you, this may help you out.
More experienced users may realize that
WindowexeAllkiller is a way to neutralize programs more
quickly than the UNINSTALL utility allows, because you
can neutralize many programs at once.
WindowexeAllkiller is therefore a time saving device or
advanced users who want to customize the operations of
their computer.
Before you use WindowexeAllkiller make sure you CREATE
A RESTORE POINT in your version of windows. This will
allow you to start over if there are problems. You will find
many instructions on how to do create a restore point on
the Internet. When you have later removed objects
successfully you might wish to CREATE A RESTORE POINT
so that you have a clean version of your computer to
return to in the future.
System Requirements : .Net framework 2.0, Windows
2000/XP/Vista/7/8 32/64bit
License : Freeware

I can't speak english well. I hope you don't mind


even if some sentences do not make sense.
Refer to the below user's detailed guide and
introduction video. It will help you to understand
better.
* We are looking for More experienced users of
WindowexeAllkiller who will translate this manual into
different languages. Please send us the translation via
email.
* Your website url or blog url will be display on top-right
page.
* e-mail : windowexe[at]windowexe.com
WindowexeAllkiller is easy to use, very simple and very
powerful, but A beginner user of WindowexeAllkiller
should be careful to use.
This utility can remove Startup, Browser Helper Object,
Toolbar, Services, Task scheduler, Chrome Extension and
Unwanted software(malware, trojan, malicious
svchost.exe, ad-popup, and so on..) at once.
LEAVE IT UNCHECKED that You wish to delete, Click the
button on the top. LEAVE IT UNCHECKED items will be all
deleted.
IMPORTANT:

UNCHECKED ITEMS = Delete


CHECKED ITEMS = Not Delete
Do not confuse this the other way around. It can
freeze your computer.

Section Information
[00-PROCESS]
Running processes. the system process does not appear
on the list.
* If LEAVE IT CHECKED, the process is not terminated.
[01-HKCUREG]
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Run Startup program.
* If LEAVE IT UNCHECKED, the items will be deleted.
[02-HKLMREG]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run Startup program.
* If LEAVE IT UNCHECKED, the items will be deleted.
[03-BHOCLSD]
Internet Explorer Browser Helper Object(BHO) module.
* If LEAVE IT UNCHECKED, the items will be deleted.
[04-TOOLBAR]
Internet Explorer Toolbar.
* If LEAVE IT UNCHECKED, the items will be deleted.

[05-SERVICE]
Windows Services.
- First column foreground color : Black - windows default
service. Red - third-party services.
- First column background color(service startup type) :
LightCyan - Auto, LightYellow - Manual, LightGray Disabled
- Second column foreground color(service status) :
VioletRed - Running service
- Second column background color : LightBlue - It's not
windows default dll files.
* If LEAVE IT UNCHECKED, the items will be deleted.
[06-TASKLST]
Task scheduler. (Exclude Microsoft's Default Task)
* If LEAVE IT UNCHECKED, the items will be deleted.
[07-STARTUP]
Global startup files.
Windows XP Global Startup path. (Language Support :
English, Japanese and Korean. Other Language is not
supported.)
- %USERPROFILE%\Start Menu\Programs\Startup
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup
Windows Vista/7/8 Global Startup path
- %APPDATA%\Microsoft\Windows\Start
Menu\Programs\Startup
- %ALLUSERSPROFILE%\Microsoft\Windows\Start

Menu\Programs\Startup
* If LEAVE IT UNCHECKED, the items will be deleted.
(Move to backup Directory)
[08-POLICYS]
Startup of Local Group Policy Editor.
HKCU\Software\Microsoft\Windows\CurrentVersion\policies
\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polici
es\Explorer\Run
* If LEAVE IT UNCHECKED, the items will be deleted.
[13-OTHPLUG]
3rd-party web browser extensions(firefox, opera, torch,
citrio, comodo dragon), this section is read only. do
nothing.
[14-CHRPLUG]
Extensions of Chrome.
* If LEAVE IT UNCHECKED, the items will be disabled the
Extension for Chrome.
[16-SEARCHS]
Internet Explorer Search Scopes.
* If LEAVE IT UNCHECKED, the items will be deleted.
[17-CONTEXT]

Internet Explorer Context Menu.


* If LEAVE IT UNCHECKED, the items will be deleted.
[18-EXTRABT]
Internet Explorer Extra Button.
* If LEAVE IT UNCHECKED, the items will be deleted.
[20-SHELLOP]
Shell Open Command Context Menu.
* If LEAVE IT UNCHECKED, the items will be deleted.
[21-SHELLEX]
Shellex Context Menu Handlers.
* If LEAVE IT UNCHECKED, the items will be deleted.
[37-APPCERT]
Session Manager AppCertDlls Value.
* If LEAVE IT UNCHECKED, the items will be deleted.
(Requires reboot)
[40-WNLOGON]
* If LEAVE IT CHECKED, 'Shell(explorer.exe),
UserInit(C:\Windows\system32\userinit.exe,)' of
'HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon' registry will be set the
default value. (only if the system drive is C:\)
[41-APPINIT]
* If LEAVE IT CHECKED, AppInit_Dlls of

"HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows" registry will be set the
default value. AppInit_Dlls = "" (zero length)
[42-RMHOSTS]
* If LEAVE IT CHECKED, Delete the %WINDIR
%\system32\drivers\etc\hosts file and create default hosts
file.
[45-HOMEPAG]
* If LEAVE IT CHECKED, Change your Internet explorer
homepage, open a WindowexeAllkiller.txt file and edit.
[46-SECHOME]
* If LEAVE IT CHECKED, does not remove Secondary Start
Pages.
[50-TYPEURL]
* If LEAVE IT CHECKED, Clear the Address Bar Dropdown
list. (Windows Explorer and Internet Explorer).
[51-RECYCLE]
* If LEAVE IT CHECKED, Empty Recycle bin.
[52-CLEARIE]
* If LEAVE IT CHECKED, Clear Internet Explorer history,
Saved form, Saved password, Cookie,(Support IE 7 or
higher)

[53-CLEARDO]
* If LEAVE IT CHECKED, Clear My Document History.
[54-CLEARIC]
* If LEAVE IT CHECKED, Clean the Notification Area Icon
Cache. (Requires reboot)
[60-RUNONCE]
* LEAVE IT UNCHECKED : Remove All RunOnce Startup /
LEAVE IT CHECKED : Do nothing
[61-LOGONSC]
* LEAVE IT UNCHECKED : Remove All Logon Script / LEAVE
IT CHECKED : Do nothing
[62-LOGOFSC]
* LEAVE IT UNCHECKED : Remove All Logoff Script / LEAVE
IT CHECKED : Do nothing
[63-SYSSTSC]
* LEAVE IT UNCHECKED : Remove All System start Script /
LEAVE IT CHECKED : Do nothing
[64-SHUTDSC]
* LEAVE IT UNCHECKED : Remove All Shutdown Script /
LEAVE IT CHECKED : Do nothing
[80-FAKEEXE]
Remove fake svchost.exe , csrss.exe , dllhost.exe ,

spoolsv.exe , smss.exe process. (not running from


C:\Windows\System32)
For example.
- If svchost.exe process is running from C:\Windows\temp
directory, this process will be move to Backup directory.
- If svchost.exe process is running from C:\Program
Files\anydir\anyname directory, this process will be move
to Backup directory.
- If csrss.exe process is running from C:\Program
Files\anydir directory, this process will be move to Backup
directory.
* If LEAVE IT CHECKED, does not remove fake svchost.exe
, csrss.exe , dllhost.exe , spoolsv.exe , smss.exe.
[98-LASTRUN]
Run a User-defined program, the user-defined program
will be run one second interval, open a
WindowexeAllkiller.txt file and edit.
For example. (Run a Task manager, 1 second after Run a
Internet explorer)
[98-LASTRUN]**C:\windows\system32\taskmgr.exe
[98-LASTRUN]**C:\Program Files\Internet
Explorer\iexplore.exe
* If LEAVE IT CHECKED, Run a user-defined program.
[99-ADDHKCU]
* If LEAVE IT CHECKED, Run WindowexeAllkiller at
Windows Startup.

Please LEAVE IT CHECKED you can trust program. LEAVE


IT UNCHECKED items(01, 02, 03, 04, 05, 06, 07, 08, 14,
17, 18, ~ to 37) will be all deleted.
Running Processes.

Disabled BHO and Disabled Toolbar Background color is


LightGray.

The items listed on second column with the Bright-Blue


color background in [05-SERVICE]** are ServiceName list

which are dll file used by svchost.exe process is not


provided by Microsoft.
Please search the dll file names on Google, as some files
are normal and some are not.
For example.
See below [05-SERVICE]**SstpSvc Service.
If SstpSvc Service's dll file name is not sstpsvc.dll, then
second column fill the bright blue.
[05-SERVICE]**SstpSvc C:\Windows\system32\svchost.exe -/C:\Windows\system32\sstpsvc.dll - Second column
background color is White.
[05-SERVICE]**SstpSvc C:\Windows\system32\svchost.exe -/C:\Windows\system32\malwaresvc.dll - Second column
background color is Bright blue.

3rd-party web browser extensions. read olny.

List of [14-CHRPLUG] Section. (Chrome Extension)

If Installed plug-in directory not exists, Foreground color is


SlateGray.

Shell Context Menu.


You can remove shell context menu easily. File, Directory,

Recycle Bin, Desktop, All File System Objects.

Search text
Auto Scroll, Change Cell Background Color.

Administrator Mode for Experienced user.


Type the Double-quote(") in Textbox form, Get into the

Administrator Mode.
Enables quick CHECK/UNCHECK All of checkboxes.
For Example 1: "00on 01on 02off 04off 06off
For Example 2: "03off 04off

Finally, Make sure all items are CHECKED/UNCHECKED


STATE correctly, Click the button on the top to save the
current setting and delete the UNCHECKED items.

When you run it later, there will be no window/no


prompt/no confirm, the data will be deleted based on the
configuration text file.(WindowexeAllkiller.txt)
If you want to see the management window again, delete
the WindowexeAllkiller.txt file and run this program.
Deleted Data Backup
Deleted startup program and service items will be backed
up in the Backup folder. BHO, Toolbar, TaskScheduler and
Some Sections are not backed up.
You need to reboot when recovering deleted service.
(servicename.reg)
Remove this Registry key (No confirm)
HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstall
ForceList (Remove All Chrome extension labeled 'Installed
by enterprise policy')
Others..
Do right-click on the list, you can browse selected item,
copy list to clipboard, disable selected item service,
extension tools.
Extension Tools
Installed Software, Drivers, LoadedDLL, SharedDLLs,
FirewallRules, hosts file, TaskBar Toolbar, Event Log,
ZoneMap, Desktop NameSpace, the items in msconfig,
AllowPopup, ActiveX, Send to, NIC Info

- LoadedDLL(by processes)
- Event Log (sort by date, limit 300)
- FirewallRules
- TaskBar Toolbar. Watch this video. How to remove Pokki
TaskBar Toolbar(Desk Band Class) introdution video
- NIC Info (Display Network Interface Cards Information)
- and so on...
Select One and Right Click, You can remove selected
item.
Installed Software popup menu

Event Log popup menu

Etc.. Info

A user has written a detailed guide, in clear

English, to using WindowexeAllkiller. (To Spainsh)


When you get a new computer you are at the mercy of
both the manufacturer and microsoft. A lot of adware is
loaded into the initial vesions. For the most part you
can uninstall these, but some are very pernicious and
hard to find. WindowexeAllkiller can help you.
01 Download the WindowexeAllkiller utility. Before you
. start messing with this program, do a "Create
Restore Point." That way you can get back to where
you started if you make an error. DOWNLOAD
HERE
02 Move zipped file to any directory you like;
. "programs" is one possibility.
03 Unzip the folder. When you unzip the folder, a
. second, unzipped folder should appear in the same
directory.
04 In the unzipped folder, right click on
. WindowexeAllkiller and make sure you choose "run
as administrator."
05 You will see a bewildering array of file names.
. Remember that most of these are USEFUL and that
you want to LEAVE THEM CHECKED.
06 It is likely the case that if you are using the
. WindowexeAllkiller utility you have tried very
conventional removal tools like uninstall and they

haven't worked.
You may have tried going to your C directory and
using "search" tried to identify the malware that
you can't get rid of. Although many malware files
can be deleted manually, a few, such as
toolbarupdater, have a defensive trick.
When you highlight them they activate and show up
in your taskmanager as active programs. That
means they are protected from conventional
deletion.
So, at any rate, you can use your C directory search
to find the various names used by the malware
(toolbarupdater is from AVG).
The general point is that you have to be familiar
enough with the enemy malware to identify it in this
list, so you have to do a bit of homework on your
own machine and also possibly on the
Internet/google.
As we have said, by the time you decide to use the
WindowexeAllkiller utility, you have likely exhausted
conventional uninstall alternatives such as the
Windows Uninstall utility in the control panel.
Even CCleaner does not get some of the junk that
WindowexeAllkiller will find.
07 So, you've opened the file in "run as administrator"
. and you know what filenames are associated with
your malware. In the open WindowexeAllkiller, you
will see highlighted items. Many are friendly, but

your foe is likely lurking here.


You have to go through them one by one. To be
conservative, check anything that you don't
understand or have not identified: many of these
highlighted items are useful, such as motherboard
software and windows utilities.
To understand what you are seeing, run the file
names on a google search and see what you learn.
You can delete many items (BY LEAVING THEM
UNCHECKED) that you identify as useless in this
way if you prefer. Nonetheless, the *safest* thing to
do is target directly the specific malware you know
is causing a problem, and leave everything else
checked.
So, for example, with AVG the known issue is
toolbarupdater and anything with AVG in the file
name. So the conservative choice is to LEAVE
UNCHECKED *ONLY* THOSE ITEMS with AVG or
toolbarupdater in the file name.
That said, there is a lot of garbageware that comes
with factory installed computers, which you cannot
fail to miss because they will be annoying you with
pop ups. So you may wish to remove more than one
at once.
08 There are a whole bunch of files that have been
. checked by default (to preserve them). You might
delete some of these some day but don't do it your

first time around.


09 There are a bunch of files at the bottom of the
. WindowexeAllkiller display that are not highlighted,
and not checked. Verify that your enemy file is not
there, and just leave them alone.
10 You most likely have spotted your malware in the
. long list of files identified by WindowexeAllkiller.
Make sure the malware is UNCHECKED. That
everything else is checked, except the files at the
bottom. Use the philosophy, "Innocent until proven
guilty."
11 So now you're ready to kill the malware. There's a
. long bar at the top of WindowexeAllkiller's display of
files. Click it, verify you want to run it in the popup
that asks you if you really want to do this.
12 That's it, there are no bells and whistles to tell you
. that you're done. A brief note appears in the
notepad file in your directory. If you want a good
detailed view of what's going on do a "before"
screen shot of your Task Bar programs--that is,
before you run WindowexeAllkiller the first time-and compare with the output in notepad.
13
Now it's time to reboot.
.
14 Go back to your C directory and again search for

the evil file(s). If it is there, don't despair. It may be


that it shows up but has been deactivated. You can
click on it and delete it (whereas before it would
turn itself on and prevent deletion). If this has not
worked, make sure:
A. That you ran the utility from an UNZIPPED folder.
B. That you RAN AS ADMINISTRATOR
...so repeat procedure if you were nervous and
forgot those things.

15 Empty your trash. Get that thing out of the entire


. system. Reboot again. At this point the evil file
should be gone.
16 Create a system restore point and continue with
. your life.
17 Once you know what you are doing,
. WindowexeAllkiller can be a convenient uninstall
tool, especially if there are many software removals
that you wish to make. However, most people will
likely prefer to use WindowexeAllkiller "when all
else fails."
18 As a pointer, there are some malware files that
. appear to be able to generate from previously
installed windows versions that are stored in your
new windows. These old version show up as
"windows.old" and "windows.old.000" and are

created when you install a new windows operating


system where there is an existing windows
operating system. There are many easily used
instructions for deleting these on the web, but
deleting these old versions does not guarantee
removal of active malware from your current
system.
- From A user.

WindowexeAllkiller Introduction Video

WindowexeAllkiller Kill the fake System Processes


[svchost.exe , csrss.exe , spoolsv.exe ]
Introduction Video

Donations

Download WindowexeAllKiller
WindowexeAllkiller.zip (from Local) (from
Download.Cnet.com. This is Old version.)
If there is an execution error with Windows XP, Download
and Install .Net framework 2.0
http://www.microsoft.com/en-us/download/details.aspx?
id=16614
If you don't have administrator rights, Right click on
WindowexeAllkiller and make sure you choose "Run as
Administrator" in Windows vista/7/8

Release notes
23/11/2014
- Improved shell/shellex Context Menu. [20-SHELLOP] and
[21-SHELLEX]
- Changed Section. [70-LASTRUN] to [98-LASTRUN]
04/11/2014
- bug fix.
03/10/2014
- Improved MainForm Layout.
01/10/2014
- Added Turkish Resource file.
- bug fix. (Chrome extension)
09/09/2014
- Added Opera web browser extensions. read only. 13-

OTHPLUG Section.
- bug fix.
24/08/2014
- Display loading bar.
- Bug fix.
21/08/2014
- Bug fix. (06-TASKLST Section)
17/08/2014
- Changed Disable bho and toolbar background color.
- Bug fix. (05-SERVICE Section)
10/08/2014
- Moved [38-HANDLER] Section to Extension.
- Improved messagebox interface.
08/08/2014
- bug fix. [19-EXTPLUG] Section.
- Display [19-EXTPLUG] Section icon.
05/08/2014
- Improved [50-TYPEURL] Section.
- bug fix. (Extension tool)
WindowexeAllkiller can help you remove these
files, and many others
ID:62204 [19-EXTPLUG] - SPOTS - A better way to start C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er
Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebce
kelc\0.4.7_0
ID:62203 [19-EXTPLUG] - PPOMPPU Helper C:\Users\Administrator\AppData\Local\Google\Chrome\Us

er
Data\Default\Extensions\cnhdehgcbfmcmdaiadnoionefmb
apdgc\0.2.1_0
ID:62202 [19-EXTPLUG] - Media file downloader C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er
Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdl
haab\2.0_0
ID:62201 [19-EXTPLUG] - Coupon Cutter C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er
Data\Default\Extensions\anbfhidldjknonaihbalghlebaijealk
\181
ID:62200 [19-EXTPLUG] - \uC804\uCCB4 \uAC80\uC0C9 C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er
Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnf
k\2.2.25_0
ID:62199 [19-EXTPLUG] - \uC2A4\uD06C\uB9B0\uC0F7 Webpage Screenshot C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er
Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcdd
pki\14.2.3_0
ID:62198 [19-EXTPLUG] - \uB2E4\uC6B4\uB85C\uB4DC C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er
Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcad
i\2.5_0

ID:62197 [19-EXTPLUG] - \uB124\uC774\uBC84


\uAC80\uC0C9 / Naver Quick Search C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er
Data\Default\Extensions\gobamlfhmmmpbeiolmgeoebfcio
gcpoa\1.0.1.3_0
ID:62196 [19-EXTPLUG] - \uB0B4 IP \uC8FC\uC18C C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er
Data\Default\Extensions\pfhoeoiodcebkkigjiooibeccnfmmk
oe\1.0.0.4_0
ID:62195 [03-BHOCLSD] - {d1d2908b-9aba-4a78-818f9e4aee880df0} - C:\Program
Files\YoutubeAdBlocke\f26mHjiuZsST4m.x64.dll
ID:62194 [01-HKCUREG] - DA8694B4 C:\WINDOWS\DA8694B4\svchsot.exe
ID:62193 [01-HKCUREG] - boanscanS - C:\Program
Files\boanscan\boanscanu.exe
ID:62192 [06-TASKLST] - DoctorPC_Start - C:\Program
Files\Doctor PC\DoctorPC.exe true
ID:62191 [06-TASKLST] - DoctorPC_Popup - C:\Program
Files\Doctor PC\Splash.exe true
ID:62190 [19-EXTPLUG] - 1399990622000 C:\Windows\system32\nPFWFlt.dll
ID:62189 [19-EXTPLUG] - 1378701919650 C:\Windows\system32\nPFWU.dll
ID:62188 [19-EXTPLUG] - 1378701914721 C:\Windows\system32\npkpdb.dll
ID:62187 [01-HKCUREG] - Onboard - C:\Program

Files\Western Digital\WD SmartWare\BackupTask.exe


ID:62186 [05-SERVICE] - EapHost C:\WINDOWS\System32\svchost.exe -k eapsvcs C:\WINDOWS\system32\meayln.dll
ID:62185 [06-TASKLST] - tsstqwsros - C:\Program
Files\TargetService\targetservices.exe /sch
WindowexeAllkiller is No Adware, No Spyware, No
Viruses.
Result of virustotal.com (Did not find malware.)
More Products
System Information Viewer - WindowexeAllViewer
Copy list filename and directory name WindowexeCopyPath
Running Processes ScreenSaver - WindowexeAllkillerSCR
WindowexeAllkiller log analyzer - WindowexeAllkillerMDB
WindowexeRegexT - Regular expression Tester WindowexeRegexT

If you have some idea how to improve our services please


write us windowexe[at]windowexe.com