Remove Windows Proprietary Advisor

Windows Proprietary Advisor is a fake antivirus program that tricks the user to purchase the full version of Windows Proprietary Advisor by showing fake detection of the computer. When Windows Proprietary Advisor is installed in the computer, it will start automatically when Windows boot. Then, Windows Proprietary Advisor will scan the computer and will surely state that there are many files in the computer are infected by malwares. Windows Proprietary Advisor will urge the user to purchase the full version of Windows Proprietary Advisor in order to remove all the malwares. However, Windows Proprietary Advisor cannot detect and remove any malware from the computer. All the detection is a lie. Windows Proprietary Advisor pretends to be affiliated with Microsoft by using the Windows icon and a comprehensive and user-friendly interface.

Windows Proprietary Advisor can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified must be cleared by using Windows Registry Editor.

Windows Proprietary Advisor provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware

Windows Proprietary Advisor should be removed immediately!

Windows Proprietary Advisor Removal Guide
Kill Process
ScanDisk_.exe
SP98c.exe
[random].exe


Delete Registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\"Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\"Debugger" = "svchost.exe"

Remove Folders and Files
%AppData%\Windows Proprietary Advisor
%AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Proprietary Advisor.lnk
%Desktop%\Windows Proprietary Advisor.lnk
%StartMenu%\Windows Proprietary Advisor.lnk
%Programs%\Windows Proprietary Advisor.lnk
%CommonAppData%\58ef5
%CommonAppData%\SPUPCZPDET

Remove Windows Privacy Extension

Windows Privacy Extension is a fake antivirus program that shows the user that the computer is infected by malwares repeatedly so that to urge the user to purchase the full version of Windows Privacy Extension. Windows Privacy Extension is downloaded into computer when the user downloads video files from untrusted website. The video file downloaded cannot be viewed but is the Windows Privacy Extension which cannot detect and remove any malware. Windows Privacy Extension installs into the computer and will scan the computer when Windows boot. Then Windows Privacy Extension will surely states that the computer have been infected by malwares. Then, the computer will start slowing down and behave strangely.

Windows Privacy Extension can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Privacy Extension shown in the removal guide below. All files related to Windows Privacy Extension must be deleted.

Windows Privacy Extension provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Privacy Extension should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
Protector-[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-28_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "xgvvgofutd"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\result.db
%AppData%\1st$0l3th1s.cnf

Remove Windows Custom Management

Windows Custom Management is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Custom Management WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Custom Management will display this types of fake alert to urge the user to purchase the full version of Windows Custom Management which cannot detect and remove any kind malware, trojan or virus.

Windows Custom Management can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Custom Management provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Custom Management should be removed immediately!

Windows Custom Management Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-26_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "gkvemjqeha"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Windows Custom Management.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows Custom Management.lnk

Remove Windows Premium Console

Windows Premium Console is a fake antivirus program created to urge the user to buy the full version of Windows Premium Console in order to earn some profit. Don't ever buy it as it is a cheat! Windows Premium Console install itself into the computer without confirmation of the users and it start automatically when the windows boot. Windows Premium Console produce fake virus warning alert consistently to force the user to purchase the full version so that to remove the malwares. Windows Premium Console is nothing more than a scam and plagiarized antispyware program

Windows Premium Console provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Premium Console can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Premium Console. Finally, all the file related to Windows Premium Console must be deleted from the hard drive. All of them has been shown in the removal guide below.

Windows Premium Console should be removed immediately!
Windows Premium Console Removal Guide
Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-25_5"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "dwnydbbihd"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\Protector-[random].exe
%AppData%\result.db
%AppData%\1st$0l3th1s.cnf

Remove Windows Pro Defence

Windows Pro Defence is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Windows Pro Defence can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Windows Pro Defence. Windows Pro Defence infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Windows Pro Defence to remove them. Windows Pro Defence will start automatically when Windows boot. Then Windows Pro Defence will do a fake scan on the computer and then it will show the fake report. Do not purchase Windows Pro Defence as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Windows Pro Defence and remove Windows Pro Defence with anti-malware applications that are designed to handle such threats.

Windows Pro Defence provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Pro Defence can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Pro Defence. Finally, all the file related to Windows Pro Defence must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Windows Pro Defence on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

Windows Pro Defence should be removed immediately!

Windows Pro Defence Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-24_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "wmlkovyjad"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\Protector-[random].exe
%AppData%\result.db
%AppData%\1st$0l3th1s.cnf

Remove Live Essential Platinum

Live Essential Platinum is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Live Essential Platinum WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Live Essential Platinum will display this types of fake alert to urge the user to purchase the full version of Live Essential Platinum which cannot detect and remove any kind malware, trojan or virus.

Live Essential Platinum can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Live Essential Platinum provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Live Essential Platinum should be removed immediately!

Live Essential Platinum Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-25_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Live Essential Platinum.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Live Essential Platinum.lnk

Remove Windows Control Series

Windows Control Series is a fake antivirus program which try to make money from the users of infected computers. Windows Control Series display fake warnings and scans the computers that return false results only to urge the users to buy the full version of Windows Control Series. Windows Control Series claims that it can remove computer viruses, spyware or other types of malware if the users buy the full version of Windows Control Series. Don't be cheated by what it has claimed as all of them is a lie! Windows Control Series blocks the running of other programs to intimidate targeted computer users into thinking that their systems are corrupted with malware.

Windows Control Series provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Control Series can be removed first by stopping its processes and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by Windows Control Series (Read the removal guide below to remove Windows Control Series successfully).

Windows Control Series should be removed immediately!

Windows Control Series Removal Guide
Read How to remove virus effectively before following the guide below.

Kill Process
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-3-1_2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "fneqtdmtpi"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-[random].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Control Series.lnk
%Desktop%\Windows Control Series.lnk

Remove Windows Advanced Toolkit

Windows Advanced Toolkit is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Windows Advanced Toolkit can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Windows Advanced Toolkit. Windows Advanced Toolkit infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Windows Advanced Toolkit to remove them. Windows Advanced Toolkit will start automatically when Windows boot. Then Windows Advanced Toolkit will do a fake scan on the computer and then it will show the fake report. Do not purchase Windows Advanced Toolkit as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Windows Advanced Toolkit and remove Windows Advanced Toolkit with anti-malware applications that are designed to handle such threats.

Windows Advanced Toolkit provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Advanced Toolkit can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Advanced Toolkit. Finally, all the file related to Windows Advanced Toolkit must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Windows Advanced Toolkit on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

Windows Advanced Toolkit should be removed immediately!

Windows Advanced Toolkit Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-3-1_2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "fneqtdmtpi"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Advanced Toolkit.lnk
%Desktop%\Windows Advanced Toolkit.lnk

Remove Windows Proactive Safety

Windows Proactive Safety is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Proactive Safety WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Proactive Safety will display this types of fake alert to urge the user to purchase the full version of Windows Proactive Safety which cannot detect and remove any kind malware, trojan or virus.

Windows Proactive Safety can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Proactive Safety provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Proactive Safety should be removed immediately!

Windows Proactive Safety Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-25_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Windows Proactive Safety.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows Proactive Safety.lnk

Remove Windows Maintenance Guard

Windows Maintenance Guard is a fake antivirus that disguises itself to cheat the user that it can detect and remove trojans, viruses, malwares and so on. In fact, Windows Maintenance Guard WILL SURELY state that there are many malwares, trojans and viruses are detected in the system. All of them are lies! Windows Maintenance Guard will display this types of fake alert to urge the user to purchase the full version of Windows Maintenance Guard which cannot detect and remove any kind malware, trojan or virus.

Windows Maintenance Guard can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Windows Maintenance Guard provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one suite, Quick Scan, Deep Scan, Custom Scan, History, etc. None of them can help to protect the computer from any kind of malware.

Windows Maintenance Guard should be removed immediately!

Windows Maintenance Guard Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-25_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%StartMenu%\Programs\Windows Maintenance Guard.lnk
%AppData%\[random].exe
%AppData%\result.db
%Desktop%\Windows Maintenance Guard.lnk

Remove Windows Secure Web Patch

Windows Secure Web Patch is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. Windows Secure Web Patch can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of Windows Secure Web Patch. Windows Secure Web Patch infections are known to spread by means of fake online system alerts that warn the user about infections that require the user to download Windows Secure Web Patch to remove them. Windows Secure Web Patch will start automatically when Windows boot. Then Windows Secure Web Patch will do a fake scan on the computer and then it will show the fake report. Do not purchase Windows Secure Web Patch as it can do nothing.The user should switch to Safe Mode to make sure any scans detect Windows Secure Web Patch and remove Windows Secure Web Patch with anti-malware applications that are designed to handle such threats.

Windows Secure Web Patch provide fake features such as provide fake features such as Firewall, Automatic Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and etc. All of them cannot protect the computer from any kind of malware.

Windows Secure Web Patch can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Secure Web Patch. Finally, all the file related to Windows Secure Web Patch must be deleted from the hard drive. All of them has been shown in the removal guide below.

The computer users should remember that any time when they encounter a web page that states that the computer is infected, they should not believe them as the majority of these pages are scams trying to get them to install the actual infection. The second method that can be used to install this fake antivirus is through hacked web sites that install Windows Secure Web Patch on to the computer without their knowledge by exploiting vulnerabilities in the outdated programs.

Windows Secure Web Patch should be removed immediately!

Windows Secure Web Patch Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-15_4"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "prrdetmjne"
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe
... and many more Image File Execution Options entries.

Remove Folders and Files
%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Secure Web Patch.lnk
%Desktop%\Windows Malware Sleuth.lnk