Advanced system protector help removal

Status
Not open for further replies.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]

20/12/2013 2:40:33 AM
mbam-log-2013-12-20 (02-40-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293516
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Its bizarrely still loading up.
 
When we ran Rogue Killer before we may have run the wrong version, this one is for the 64 bit version and what you need, give it another shot

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
 
Plug this into SystemLook

:regfind
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_CURRENT_USER\SOFTWARE
 
SystemLook 30.07.11 by jpshortstuff
Log created at 03:52 on 20/12/2013 by Thor
Administrator - Elevation successful

========== regfind ==========

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_LOCAL_MACHINE\SOFTWARE\ACD Systems\Inventory\ACDSee Pro\6.0]
"RegRoot"="HKEY_LOCAL_MACHINE\SOFTWARE\ACD Systems\ACDSee Pro\60"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"FrameworkSDKRoot"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK40ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx40Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK35ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx35Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"MSBuildToolsPath32"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0@MSBuildToolsPath)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"FrameworkSDKRoot"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK40ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx40Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK35ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx35Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"MSBuildToolsPath32"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0@MSBuildToolsPath)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Speech\AudioInput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Speech\AudioOutput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2468871]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2473228]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2478663]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2518870]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2533523]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2539636]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2572078]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2600217]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2604121]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2633870]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656351]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656368]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656405]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2416472]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2468871]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2487367]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2533523]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2600217]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2656351]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Movie Maker\Post]
"WindowsDVDMaker"="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\dvdmaker.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"

Searching for "HKEY_CURRENT_USER\SOFTWARE"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Access\Microsoft Access 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Access"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Excel\Microsoft Excel 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Excel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Outlook\Microsoft Outlook 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft PowerPoint\Microsoft PowerPoint 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Publisher\Microsoft Publisher 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Word\Microsoft Word 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Word"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Visual Basic for Applications IDE\6.0]
@="HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"

-= EOF =-
 
No sign of Advanced System Protector

But lets do this


Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
TCRB-1.jpg


  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
TBRB-2.jpg


  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed here.[/QUOTE]




Then go into Task Manager by pressing Ctrl ...Alt...delete. Look under the process tab and if you see Advanced System Protector running highlight it and end process



Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector]
[-HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup]
[-HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]
[-HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector]

:Files
C:\ProgramData\Systweak\Advanced System Protector
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector
C:\Program Files(x86)\Advanced System Protector
C:\Program Files\Advanced System Protector


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector\ not found.
Registry key HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector\ not found.
========== FILES ==========
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
File\Folder C:\Program Files(x86)\Advanced System Protector not found.
File\Folder C:\Program Files\Advanced System Protector not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Thor
->Temp folder emptied: 2246893 bytes
->Temporary Internet Files folder emptied: 3357704 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 49946707 bytes
->Flash cache emptied: 709 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Thor-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Thor-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 593217 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12202013_113003

Files\Folders moved on Reboot...
C:\Users\Thor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP0000002A6DF2D536D47A6609 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...







Its still happily loading up. One thing I feel the urge to mention is the other day my ISP sent me an email that they detected something from my computer trying to connect to theirs and said I had a virus on it. Kaspersky and all these other programs dont show anything. I dont know if its related to this though.
 
My pc is starting to act different since that last thing. Any USB device I put in will be picked up but it'll hang for a few minutes before opening. Also opening my browser keeps asking to restore my tabs instead of just open normally, though I'm guessing thats to do with the thing I just did. I'm starting to feel like I should just reformat :)
 
Well, what we just did should have no effect on your system, as the registry keys where not found and about 3 files where removed that where removed before.

Some times with Malware a good solution is to reformat and reinstall windows as this will guarantee a nice clean and smooth running system.. Lets run a free virus scanner first, also when Advanced System Protector loads can you take a screenshot of it and post in this thread.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Sca
 
After a gruelling 4 hour scan lol EST didnt find anything. And Revo I had played previously too. It doesnt list the program sadly. It seems the only 2 programs that can find it are malwarebytes and spybot, and both cant do anything useful.
 
Hi,

Try running CCLeaner
https://www.piriform.com/ccleaner

I haven't used this program in awhile and dont have it on my system but if I remember correctly it has an option to clean left over entries from uninstalls and it may find ASP. It also has a registry cleaner, you may want to try running that , read the help files because if it causes issues cleaning your registry there is a restore option.

In the meantime I am going to look deeper into this, its really challenging, something on your system is restoring the entries we are removing. I am going to ask someone else to take a peak and see what where or I am missing
 
Cleaned through and also did the registry option as well. It still keeps coming back. I'm in the middle of grabbing a bunch of programs in readiness of a system format lol. I'll wait to see if you can figure out the issue just so this can be used as helpful information next time a problem like mine pops up.
 
Look in Programs and Features in your Control Panel, do you see RegCleanPro ?


Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Users\Thor\AppData\Roaming\Systweak
C:\ProgramData\Systweak


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Registry Optimizer folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Registry Cleaner folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Partial Backups folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Driver Updater\Download folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Driver Updater\Backup folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Driver Updater folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Checking for Updates\AppUpdates folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Checking for Updates folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3 folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak folder moved successfully.
C:\ProgramData\Systweak\ASO3 folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
C:\ProgramData\Systweak folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Thor
->Temp folder emptied: 8882180 bytes
->Temporary Internet Files folder emptied: 1580216 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 172422872 bytes
->Flash cache emptied: 709 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Thor-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Thor-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2360073 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 177.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12202013_203717

Files\Folders moved on Reboot...
C:\Users\Thor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\687B4KWG\ADSAdClient31[1].htm moved successfully.
C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\687B4KWG\ADSAdClient31[3].htm moved successfully.
C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\687B4KWG\ADSAdClient31[4].htm moved successfully.
C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\687B4KWG\ADSAdClient31[5].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






I dont see regcleanPro in my programs. System reboot, protector still loads up.
 
Click on Start > Right Click on All Programs > Click on Open or Open All Users > Click on Programs > Startup ....do you see Advanced System Protector in there, if so delete it
 
Status
Not open for further replies.
Back
Top