Advanced system protector help removal

**vlahka** · 2013-12-19, 18:16

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]

20/12/2013 2:40:33 AM
mbam-log-2013-12-20 (02-40-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293516
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Its bizarrely still loading up.

**ken545** · 2013-12-19, 18:37

When we ran Rogue Killer before we may have run the wrong version, this one is for the 64 bit version and what you need, give it another shot

Download & SAVE to your Desktop RogueKiller or from here
- Quit all programs that you may have started.
- Please disconnect any USB or external drives from the computer before you run this scan!
- For Vista or Windows 7, right-click and select "Run as Administrator to start"
- For Windows XP, double-click to start.
- Wait until Prescan has finished ...
- Then Click on "Scan" button
- Wait until the Status box shows "Scan Finished"
- Click on "Report" and copy/paste the content of the Notepad into your next reply.
- The log should be found in RKreport[1].txt on your Desktop
- Exit/Close RogueKiller+

**vlahka** · 2013-12-19, 18:45

Unfortunately still crashing 3/4 into the scan. Only manages to pick up 3 entries before it explodes.

**ken545** · 2013-12-19, 18:46

OK, hang on, be right back

**ken545** · 2013-12-19, 19:02

Plug this into SystemLook

:regfind
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_CURRENT_USER\SOFTWARE

**vlahka** · 2013-12-19, 19:24

SystemLook 30.07.11 by jpshortstuff
Log created at 03:52 on 20/12/2013 by Thor
Administrator - Elevation successful

========== regfind ==========

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_LOCAL_MACHINE\SOFTWARE\ACD Systems\Inventory\ACDSee Pro\6.0]
"RegRoot"="HKEY_LOCAL_MACHINE\SOFTWARE\ACD Systems\ACDSee Pro\60"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"FrameworkSDKRoot"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK40ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx40Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK35ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx35Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"MSBuildToolsPath32"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0@MSBuildToolsPath)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"FrameworkSDKRoot"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK40ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx40Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK35ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx35Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"MSBuildToolsPath32"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0@MSBuildToolsPath)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Speech\AudioInput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Speech\AudioOutput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2468871]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2473228]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2478663]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2518870]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2533523]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2539636]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2572078]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2600217]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2604121]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2633870]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656351]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656368]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656405]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2416472]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2468871]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2487367]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2533523]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2600217]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2656351]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Movie Maker\Post]
"WindowsDVDMaker"="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\dvdmaker.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"

Searching for "HKEY_CURRENT_USER\SOFTWARE"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Access\Microsoft Access 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Access"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Excel\Microsoft Excel 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Excel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Outlook\Microsoft Outlook 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft PowerPoint\Microsoft PowerPoint 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Publisher\Microsoft Publisher 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Word\Microsoft Word 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Word"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Visual Basic for Applications IDE\6.0]
@="HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"

-= EOF =-

**ken545** · 2013-12-19, 20:27

No sign of Advanced System Protector

But lets do this

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download the installer for Registry Backup from here or here and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-

Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed here.[/QUOTE]

Then go into Task Manager by pressing Ctrl ...Alt...delete. Look under the process tab and if you see Advanced System Protector running highlight it and end process

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector]
[-HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup]
[-HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]
[-HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector]

:Files
C:\ProgramData\Systweak\Advanced System Protector
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector
C:\Program Files(x86)\Advanced System Protector
C:\Program Files\Advanced System Protector


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

**vlahka** · 2013-12-20, 03:05

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector\ not found.
Registry key HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector\ not found.
========== FILES ==========
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
File\Folder C:\Program Files(x86)\Advanced System Protector not found.
File\Folder C:\Program Files\Advanced System Protector not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Thor
->Temp folder emptied: 2246893 bytes
->Temporary Internet Files folder emptied: 3357704 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 49946707 bytes
->Flash cache emptied: 709 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Thor-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Thor-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 593217 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12202013_113003

Files\Folders moved on Reboot...
C:\Users\Thor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP0000002A6DF2D536D47A6609 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Its still happily loading up. One thing I feel the urge to mention is the other day my ISP sent me an email that they detected something from my computer trying to connect to theirs and said I had a virus on it. Kaspersky and all these other programs dont show anything. I dont know if its related to this though.

**vlahka** · 2013-12-20, 03:45

My pc is starting to act different since that last thing. Any USB device I put in will be picked up but it'll hang for a few minutes before opening. Also opening my browser keeps asking to restore my tabs instead of just open normally, though I'm guessing thats to do with the thing I just did. I'm starting to feel like I should just reformat

**ken545** · 2013-12-20, 03:53

Well, what we just did should have no effect on your system, as the registry keys where not found and about 3 files where removed that where removed before.

Some times with Malware a good solution is to reformat and reinstall windows as this will guarantee a nice clean and smooth running system.. Lets run a free virus scanner first, also when Advanced System Protector loads can you take a screenshot of it and post in this thread.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Sca

Thread: Advanced system protector help removal

Thread Tools

Display

Posting Permissions