Jump to content

Recommended Posts

  • Staff

What is Advanced System Protector?

Advanced System Protector is a system optimizer that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.

How do I know if I am affected by Advanced System Protector?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this type of windows during install:

warning1.png

warning2.png

and this type of screens during operations:

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

and these tasks in your list of Scheduled Tasks:

warning3.png

How did Advanced System Protector get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website.

website.png

How do I remove Advanced System Protector?

Our program Malwarebytes can detect and remove this PUP. For a more complete removal it is better to run the built-in uninstaller first.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Advanced System Protector?

  • No, Malwarebytes removes Advanced System Protector completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

What if I want to keep Advanced System Protector?

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.

If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you in dealing with this system optimizer.

As you can see below the full version of Malwarebytes would have warned you against the Advanced System Protector installer.
 

protection1.png

 

Technical details for experts

You may see these entries in FRST logs:


 

(SYSTWEAK SOFTWARE -> Systweak Software) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
Task: {1DBAD206-30B0-4BCB-B8E1-17C1EEC3BAEE} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\Advanced System Protector\AspManager.exe [1007864 2020-12-16] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {D2AE2E3D-3A88-482F-B743-D48140E07ECD} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [8983288 2020-12-16] (SYSTWEAK SOFTWARE -> Systweak Software)
C:\Windows\system32\Tasks\Advanced System Protector
C:\Windows\system32\Tasks\Advanced System Protector_startup
C:\ProgramData\Desktop\Advanced System Protector.lnk
C:\Users\{username}\AppData\Roaming\Systweak
C:\Users\{username}\AppData\Local\Systweak
C:\ProgramData\Systweak
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
C:\Program Files (x86)\Advanced System Protector
(Systweak Software) C:\Windows\system32\sasnative64.exe

Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.3.1001.27010 - Systweak Software) <==== ATTENTION
ContextMenuHandlers1: [Advanced System Protector] -> {00212D92-C5D8-4ff4-AE50-B20F0F85C40A} => C:\Users\{username}\AppData\Local\Systweak\Advanced System Protector\aspcontexthelper64.dll [2020-12-16] (SYSTWEAK SOFTWARE -> Systweak Software)

Significant alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\Advanced System Protector
       Adds the file AdvancedSystemProtector.exe"="12/16/2020 11:02 AM, 8983288 bytes, A
       Adds the file AdvancedSystemProtector.exe.config"="12/8/2020 4:35 PM, 8316 bytes, A
       Adds the file AppResource.dll"="12/16/2020 11:02 AM, 5140216 bytes, A
       Adds the file asp.ico"="12/8/2020 4:35 PM, 17542 bytes, A
       Adds the file AspManager.exe"="12/16/2020 11:02 AM, 1007864 bytes, A
       Adds the file aspsys.dll"="12/16/2020 11:02 AM, 984824 bytes, A
       Adds the file categories.ini"="12/8/2020 4:35 PM, 44596 bytes, A
       Adds the file Chinese_asp_ZH-CN.ini"="12/8/2020 4:35 PM, 68320 bytes, A
       Adds the file Communication.dll"="12/16/2020 11:02 AM, 362232 bytes, A
       Adds the file danish_asp_DA.ini"="12/8/2020 4:35 PM, 119390 bytes, A
       Adds the file dutch_asp_NL.ini"="12/8/2020 4:35 PM, 120766 bytes, A
       Adds the file eng_asp_en.ini"="12/8/2020 4:35 PM, 131796 bytes, A
       Adds the file Finnish_asp_FI.ini"="12/8/2020 4:35 PM, 120236 bytes, A
       Adds the file french_asp_FR.ini"="12/8/2020 4:35 PM, 135418 bytes, A
       Adds the file german_asp_DE.ini"="12/8/2020 4:35 PM, 133458 bytes, A
       Adds the file Interop.IWshRuntimeLibrary.dll"="12/16/2020 11:02 AM, 55032 bytes, A
       Adds the file italian_asp_IT.ini"="12/8/2020 4:35 PM, 125334 bytes, A
       Adds the file japanese_asp_JA.ini"="12/8/2020 4:35 PM, 83742 bytes, A
       Adds the file libyara.NET.dll"="12/16/2020 11:02 AM, 1165560 bytes, A
       Adds the file loading_withWhiteBG.avi"="12/8/2020 4:35 PM, 103936 bytes, A
       Adds the file Microsoft.Win32.TaskScheduler.DLL"="12/16/2020 11:02 AM, 121080 bytes, A
       Adds the file norwegian_asp_NO.ini"="12/8/2020 4:35 PM, 114688 bytes, A
       Adds the file portuguese_asp_PT-BR.ini"="12/8/2020 4:35 PM, 122654 bytes, A
       Adds the file Restartexp.exe"="12/16/2020 11:02 AM, 14072 bytes, A
       Adds the file russian_asp_ru.ini"="12/8/2020 4:35 PM, 122402 bytes, A
       Adds the file scandll.dll"="12/16/2020 11:02 AM, 127736 bytes, A
       Adds the file spanish_asp_ES.ini"="12/8/2020 4:35 PM, 128178 bytes, A
       Adds the file SQLite.Interop.dll"="12/16/2020 11:02 AM, 1126136 bytes, A
       Adds the file swedish_asp_SV.ini"="12/8/2020 4:35 PM, 116524 bytes, A
       Adds the file System.Core.dll"="12/16/2020 11:02 AM, 673528 bytes, A
       Adds the file System.Data.SQLite.dll"="12/16/2020 11:02 AM, 369400 bytes, A
       Adds the file unins000.dat"="3/9/2021 10:35 AM, 166533 bytes, A
       Adds the file unins000.exe"="3/9/2021 10:34 AM, 1198328 bytes, A
       Adds the file unins000.msg"="3/9/2021 10:35 AM, 22701 bytes, A
       Adds the file unrar.dll"="12/16/2020 11:02 AM, 260344 bytes, A
       Adds the file Xceed.Compression.dll"="12/16/2020 11:02 AM, 108280 bytes, A
       Adds the file Xceed.Compression.Formats.dll"="12/16/2020 11:02 AM, 71416 bytes, A
       Adds the file Xceed.FileSystem.dll"="12/16/2020 11:02 AM, 128760 bytes, A
       Adds the file Xceed.Zip.dll"="12/16/2020 11:02 AM, 202488 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
       Adds the file Advanced System Protector.lnk"="3/9/2021 10:35 AM, 1219 bytes, A
       Adds the file Register Advanced System Protector.lnk"="3/9/2021 10:35 AM, 1245 bytes, A
       Adds the file Uninstall Advanced System Protector.lnk"="3/9/2021 10:35 AM, 1168 bytes, A
    Adds the folder C:\ProgramData\Systweak\Advanced System Protector\signatures
       Adds the file completedatabase.db"="3/9/2021 10:38 AM, 263494656 bytes, A
       Adds the file Cookies.bin"="3/9/2021 10:38 AM, 233960 bytes, A
       Adds the file DigSign.bin"="3/9/2021 10:39 AM, 132248 bytes, A
       Adds the file FilePathFIX.bin"="3/9/2021 10:39 AM, 597664 bytes, A
       Adds the file FilePaths.bin"="3/9/2021 10:38 AM, 5840928 bytes, A
       Adds the file FileSignature.bin"="3/9/2021 10:38 AM, 39753240 bytes, A
       Adds the file Folders.bin"="3/9/2021 10:38 AM, 1688256 bytes, A
       Adds the file Md5.bin"="3/9/2021 10:39 AM, 129766720 bytes, A
       Adds the file Registry.bin"="3/9/2021 10:39 AM, 39293320 bytes, A
       Adds the file SetupSign.bin"="3/9/2021 10:39 AM, 13504 bytes, A
       Adds the file StrSetupSign.bin"="3/9/2021 10:39 AM, 1824 bytes, A
    Adds the folder C:\ProgramData\Systweak\Advanced System Protector\updates
       Adds the file 100oupdate.zip"="3/9/2021 10:37 AM, 67519 bytes, A
       Adds the file 3262completedatabase.zip"="3/9/2021 10:37 AM, 36169813 bytes, A
       Adds the file 4221mupdate.zip"="3/9/2021 10:37 AM, 108841406 bytes, A
       Adds the file 4222update.zip"="3/9/2021 10:37 AM, 413832 bytes, A
       Adds the file 4223update.zip"="3/9/2021 10:37 AM, 671671 bytes, A
    Adds the folder C:\ProgramData\Systweak\Advanced System Protector\yr
       Adds the file yrnp.txt"="3/9/2021 10:37 AM, 1283672 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Systweak\Advanced System Protector
       Adds the file aspcontexthelper64.dll"="12/16/2020 11:02 AM, 86776 bytes, A
       Adds the file ScanEngineErrorLog.txt"="3/9/2021 10:42 AM, 4898 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Systweak\Advanced System Protector
       Adds the file ASPLog.txt"="3/9/2021 10:42 AM, 4071 bytes, A
       Adds the file ASPStartupManagerErrorLog.txt"="3/9/2021 10:42 AM, 238 bytes, A
       Adds the file QDetail.db"="3/9/2021 10:36 AM, 16384 bytes, A
       Adds the file Settings.db"="3/9/2021 10:42 AM, 45056 bytes, A
       Adds the file Update.ini"="3/9/2021 10:36 AM, 3686 bytes, A
       Adds the file Utility_kit.ini"="3/9/2021 10:36 AM, 12408 bytes, A
       Adds the file yrscnloc.ini"="3/9/2021 10:39 AM, 748 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Systweak\Advanced System Protector\Logs
       Adds the file log_09-03-21_10-42-38.xml"="3/9/2021 10:42 AM, 92305 bytes, A
       Adds the file SMLog.xml"="3/9/2021 10:42 AM, 3046 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file Advanced System Protector.lnk"="3/9/2021 10:35 AM, 1201 bytes, A
    In the existing folder C:\Windows\System32
       Adds the file sasnative64.exe"="12/16/2020 11:02 AM, 37112 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file Advanced System Protector"="3/9/2021 10:36 AM, 3740 bytes, A
       Adds the file Advanced System Protector_startup"="3/9/2021 10:36 AM, 3120 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced System Protector]
       "(Default)"="REG_SZ", "{00212D92-C5D8-4ff4-AE50-B20F0F85C40A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00212D92-C5D8-4ff4-AE50-B20F0F85C40A}\InProcServer32]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\Systweak\Advanced System Protector\aspcontexthelper64.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Advanced System Protector]
       "(Default)"="REG_SZ", "{00212D92-C5D8-4ff4-AE50-B20F0F85C40A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
       "{00212D92-C5D8-4ff4-AE50-B20F0F85C40A}"="REG_SZ", "Scan with Advanced System Protector"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LogMeInRescueCallingCard]
       "CID"="REG_SZ", "1366989322"
       "CompanyID"="REG_DWORD", 1963947
       "ProductCode"="REG_SZ", "{A22B8513-EA8C-46A1-9735-F5BE971C368D}"
       "referralid"="REG_SZ", "mzjv3r"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe"
       "DisplayName"="REG_SZ", "Advanced System Protector"
       "DisplayVersion"="REG_SZ", "2.3.1001.27010"
       "EstimatedSize"="REG_DWORD", 24004
       "HelpLink"="REG_SZ", "http://www.systweak.com/antispyware/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Advanced System Protector"
       "Inno Setup: Icon Group"="REG_SZ", "Advanced System Protector"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20210309"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Advanced System Protector\"
       "MajorVersion"="REG_DWORD", 2
       "MinorVersion"="REG_DWORD", 3
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Systweak Software"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Advanced System Protector\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Advanced System Protector\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://www.systweak.com/antispyware/"
       "VersionMajor"="REG_DWORD", 2
       "VersionMinor"="REG_DWORD", 3
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector]
       "affiliateid"="REG_SZ", ""
       "afterInstallUrl"="REG_SZ", "http://powerbundle.systweak.com/ASP/firstinstall/?newasp=1&utm_content=AfterInstall&utm_term=Setup&page=install&"
       "BuyNowURL"="REG_SZ", "http://www.systweak.com/antispyware/price.asp?"
       "BuyNowURLADU"="REG_SZ", "http://powerbundle.systweak.com/pb/price/?pname=adu&"
       "BuyNowURLASP"="REG_SZ", "http://powerbundle.systweak.com/pb/price/?pname=asp&"
       "BuyNowURLPB"="REG_SZ", "http://powerbundle.systweak.com/PB/purchase/?pname=asp&"
       "BuyNowURLRCP"="REG_SZ", "http://powerbundle.systweak.com/pb/price/?pname=rcp&"
       "Expired"="REG_DWORD", 0
       "InstalledPath"="REG_SZ", "C:\Program Files (x86)\Advanced System Protector"
       "isphone"="REG_SZ", "0"
       "IsScanOptional"="REG_DWORD", 1
       "IsShowcaseDepOnUpdIni"="REG_DWORD", 0
       "issilent"="REG_DWORD", 0
       "Key"="REG_SZ", ""
       "MaxFixLimit"="REG_DWORD", 0
       "NoLPHIconNeeded"="REG_DWORD", 1
       "REGVER"="REG_DWORD", 0
       "REGVER-UNINSTALL"="REG_DWORD", 0
       "RenewNowURL"="REG_SZ", "http://www.systweak.com/antispyware/price.asp?renew=1&"
       "RenewNowURLADU"="REG_SZ", "http://powerbundle.systweak.com/pb/renewal/?pname=adu&"
       "RenewNowURLASP"="REG_SZ", "http://powerbundle.systweak.com/pb/renewal/?pname=asp&"
       "RenewNowURLPB"="REG_SZ", "http://powerbundle.systweak.com/PB/pbrenewal/?pname=asp&"
       "RenewNowURLRCP"="REG_SZ", "http://powerbundle.systweak.com/pb/renewal/?pname=rcp&"
       "showbc"="REG_DWORD", 0
       "showfth"="REG_DWORD", 1
       "showfthsetting"="REG_DWORD", 1
       "showpb"="REG_DWORD", 0
       "showsadtab"="REG_DWORD", 1
       "showsm"="REG_DWORD", 1
       "showutk"="REG_DWORD", 1
       "support_email"="REG_SZ", "support@systweak.com"
       "TELNO"="REG_SZ", ""
       "TELNOFR"="REG_SZ", ""
       "utm_campaign"="REG_SZ", "default"
       "utm_cid"="REG_SZ", "default"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "systweak"
       "x-at"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector\LANG]
       "LangCode"="REG_SZ", "en"
       "LangID"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\aso3]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Params]
       "ASPInstalledPath"="REG_SZ", "C:\Program Files (x86)\Advanced System Protector"
       "TELNO"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\LogMeInRescueCallingCard]
       "CID"="REG_SZ", "1366989322"
       "CompanyID"="REG_DWORD", 1963947
       "ProductCode"="REG_SZ", "{A22B8513-EA8C-46A1-9735-F5BE971C368D}"
       "referralid"="REG_SZ", "mzjv3r"
    [HKEY_CURRENT_USER\Software\Systweak\Advanced System Protector]
       "affiliateid"="REG_SZ", ""
       "CurrentScanTime"="REG_BINARY, ........
       "Expired"="REG_DWORD", 0
       "FirstInstallDate"="REG_SZ", "09-03-2021"
       "InstalledPath"="REG_SZ", "C:\Program Files (x86)\Advanced System Protector"
       "IsFreeCleanDone"="REG_DWORD", 0
       "IsPN"="REG_DWORD", 1
       "Key"="REG_SZ", ""
       "MaxFixLimit"="REG_DWORD", 0
       "REGVER"="REG_DWORD", 0
       "REGVER-UNINSTALL"="REG_DWORD", 0
       "StrLastErrorsFixed"="REG_SZ", "0"
       "StrLastScanResults"="REG_SZ", "120"
       "TELNO"="REG_SZ", ""
       "TELNOFR"="REG_SZ", ""
       "utm_campaign"="REG_SZ", "default"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "systweak"
       "x-at"="REG_SZ", ""
       "YrVer"="REG_SZ", "9"
    [HKEY_CURRENT_USER\Software\Systweak\Advanced System Protector\2.3.1001.27010]
    [HKEY_CURRENT_USER\Software\Systweak\Advanced System Protector\LANG]
       "LangCode"="REG_SZ", "en"
       "LangID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\Systweak\params]
       "ASPInstalledPath"="REG_SZ", "C:\Program Files (x86)\Advanced System Protector"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/9/21
Scan Time: 11:00 AM
Log File: 4e028238-80be-11eb-ac31-080027235d76.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37897
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 233731
Threats Detected: 73
Threats Quarantined: 73
Time Elapsed: 3 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe, Quarantined, 865, 235325, , , , , 6301DFF73EF84A4EB5F692DA1B1E71FA, F329AD8522CF53F9F54E645DE78F81E34D83AB3E459BA5108981F28960F6CABF

Module: 6
PUP.Optional.AdvancedSystemProtector, C:\Users\{username}\AppData\Local\Systweak\Advanced System Protector\aspcontexthelper64.dll, Quarantined, 865, 180843, , , , , 5F10F8DDBAC1A9EE80E8D3220C734694, 5256B0448B24096FE9E9BCBA836D29DCFE150CE2FC8ADEC3BA80FA87EBE59F23
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe, Quarantined, 865, 235325, , , , , 6301DFF73EF84A4EB5F692DA1B1E71FA, F329AD8522CF53F9F54E645DE78F81E34D83AB3E459BA5108981F28960F6CABF
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\aspsys.dll, Quarantined, 865, 235325, , , , , A434AFF6DB455ABD89716A06AE943EF4, DCD19100E6FC0B15C8F329616A39BBEBA057886D22F6F849DC4079B987F8F086
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\libyara.NET.dll, Quarantined, 865, 235325, , , , , 1EA4074FFD052CD036B448EB0CD24951, AE5B261FB477DE62960435933258F31E75942709447B0083F537D834AA05A731
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\SQLite.Interop.dll, Quarantined, 865, 235325, , , , , 410EF665AD9D5D5FC9F4F26294CD250C, 79C6B707652656FF61AE6256B95165ECB93B172C5CBF4DF1D0B7AECD0FBC4189
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\unrar.dll, Quarantined, 865, 235325, , , , , FB9C090B1BCE9AD6A5E4A560DDD70AB9, 88D76D52423FC7F18CB5B3B87D3576540BBF4D8BD3A90A144AF3244FC6F09128

Registry Key: 12
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced System Protector_startup, Quarantined, 865, 190115, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2AE2E3D-3A88-482F-B743-D48140E07ECD}, Quarantined, 865, 190115, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D2AE2E3D-3A88-482F-B743-D48140E07ECD}, Quarantined, 865, 190115, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\CLASSES\CLSID\{00212D92-C5D8-4ff4-AE50-B20F0F85C40A}, Quarantined, 865, 180843, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\CLASSES\CLSID\{00212D92-C5D8-4ff4-AE50-B20F0F85C40A}\InprocServer32, Quarantined, 865, 180843, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\CLASSES\FOLDER\SHELLEX\CONTEXTMENUHANDLERS\Advanced System Protector, Quarantined, 865, 326803, 1.0.37897, , ame, , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced System Protector, Quarantined, 865, 235325, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1DBAD206-30B0-4BCB-B8E1-17C1EEC3BAEE}, Quarantined, 865, 235325, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{1DBAD206-30B0-4BCB-B8E1-17C1EEC3BAEE}, Quarantined, 865, 235325, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1, Quarantined, 865, 235325, , , , , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASAPI32, Quarantined, 865, 246262, 1.0.37897, , ame, , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASMANCS, Quarantined, 865, 246262, 1.0.37897, , ame, , , 

Registry Value: 3
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\CLASSES\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{00212D92-C5D8-4FF4-AE50-B20F0F85C40A}, Quarantined, 865, 326804, 1.0.37897, , ame, , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1DBAD206-30B0-4BCB-B8E1-17C1EEC3BAEE}|PATH, Quarantined, 865, 348601, 1.0.37897, , ame, , , 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2AE2E3D-3A88-482F-B743-D48140E07ECD}|PATH, Quarantined, 865, 259033, 1.0.37897, , ame, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.AdvancedSystemProtector, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Advanced System Protector, Quarantined, 865, 175380, 1.0.37897, , ame, , , 
PUP.Optional.AdvancedSystemProtector, C:\USERS\{username}\APPDATA\LOCAL\SYSTWEAK\ADVANCED SYSTEM PROTECTOR, Quarantined, 865, 180843, 1.0.37897, , ame, , , 
PUP.Optional.SysTweak, C:\USERS\{username}\APPDATA\LOCAL\SYSTWEAK, Quarantined, 857, 335041, 1.0.37897, , ame, , , 

File: 48
PUP.Optional.AdvancedSystemProtector, C:\USERS\PUBLIC\DESKTOP\ADVANCED SYSTEM PROTECTOR.LNK, Quarantined, 865, 190775, 1.0.37897, , ame, , 4039FB5EAB9ADEC34DEE932BC4F0A283, B5595C5120146A12EFC8B9EC1AED2E7951AA545B1F751208B8DFD85A7F0EB498
PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector.lnk, Quarantined, 865, 175380, , , , , 0AD9A3DE222AE2CD46253501372F78F8, 663F98858937B75C6E55ECE076FFFA71649DAF3B29CA3E604F37F643780C2521
PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Register Advanced System Protector.lnk, Quarantined, 865, 175380, , , , , EDCB1CEF7A61844CA017DF0F97D2E95E, 14434DDFCF681DFAAB65708CC19C8967E04251D668553337E906BA248E5EDCF0
PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Uninstall Advanced System Protector.lnk, Quarantined, 865, 175380, , , , , 60153BC9AFA94AE695D08AB9EA32DCF5, 31077607DE7A3D2EB9AF066F3C3B46AF9EDDB4BD7B923F6CA958E3B88669F2EF
PUP.Optional.AdvancedSystemProtector, C:\WINDOWS\SYSTEM32\TASKS\ADVANCED SYSTEM PROTECTOR_STARTUP, Quarantined, 865, 190115, 1.0.37897, , ame, , F843AB34A2F48133B0F0DBB27D9F66BF, 2981E7653E90C5E42E131FF949051BBBF642DCF669AE5B7BEFF3E8854F755327
PUP.Optional.AdvancedSystemProtector, C:\Users\{username}\AppData\Local\Systweak\Advanced System Protector\aspcontexthelper64.dll, Quarantined, 865, 180843, , , , , 5F10F8DDBAC1A9EE80E8D3220C734694, 5256B0448B24096FE9E9BCBA836D29DCFE150CE2FC8ADEC3BA80FA87EBE59F23
PUP.Optional.AdvancedSystemProtector, C:\Users\{username}\AppData\Local\Systweak\Advanced System Protector\ScanEngineErrorLog.txt, Quarantined, 865, 180843, , , , , CC6DF19650DA1E36A23AC92E185BEB5F, 77A7DA26A664866C487495EC852301B0F52100C7E7039DB0A15887579384CB25
PUP.Optional.AdvancedSystemProtector, C:\PROGRAM FILES (X86)\ADVANCED SYSTEM PROTECTOR\LOADING_WITHWHITEBG.AVI, Quarantined, 865, 235325, 1.0.37897, , ame, , 583B036CE812CD9DF8A6BBB8B7B3116C, 60F4505028DD26E3FF5BBD86F6B3AD7B43A76616BD91D39AB95DA5535436FFA2
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe, Quarantined, 865, 235325, , , , , 6301DFF73EF84A4EB5F692DA1B1E71FA, F329AD8522CF53F9F54E645DE78F81E34D83AB3E459BA5108981F28960F6CABF
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.config, Quarantined, 865, 235325, , , , , BF0D2D9EF29EFB894B942640850C07D7, 253E70FDD35C79D2F6932810E08095C6CEFCEADE365FFFE5726FAF25B49C588B
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\AppResource.dll, Quarantined, 865, 235325, , , , , 4E05AEBFD005900ECDB803C1C9419929, 83953D25F3CE3B47173E5010D073E990D5CFAE15B4A0F12B1941E4174917CDF7
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\asp.ico, Quarantined, 865, 235325, , , , , B901782363304EF68B5C6FB9919CD57A, 20A80FE27C1ECE224A476A81219442D9F2AC8CD6FF5A385858CDD78527E27CFC
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\AspManager.exe, Quarantined, 865, 235325, , , , , A34DCBA0A249CF482A9EB460EB8F4DAD, 9585328862E63F417692B85CEB76AC215F396F8EB955A86954379EC83B361C9C
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\aspsys.dll, Quarantined, 865, 235325, , , , , A434AFF6DB455ABD89716A06AE943EF4, DCD19100E6FC0B15C8F329616A39BBEBA057886D22F6F849DC4079B987F8F086
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\categories.ini, Quarantined, 865, 235325, , , , , F209C342E0373D5D28E7FF2D7FB5485B, 8CEDDEB44227B9A52B18A4461CDFCE5A51F9D680762163674B2F18764F312B5A
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Chinese_asp_ZH-CN.ini, Quarantined, 865, 235325, , , , , CAC354DA87D8A34384D36BA2FB43CE6D, 35E5F6480AB921A0D5232D7B61DC9F563CBA05507F1385374777B9D664433A07
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Communication.dll, Quarantined, 865, 235325, , , , , 145586B31AAB29222A10561FB0623A54, D11716FB0A173A2E304C902EF0B0F5E5CEB558A13AC0EAD6A248C36C79BD9F97
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\danish_asp_DA.ini, Quarantined, 865, 235325, , , , , BEC591D5B7AB929A285ED7412A595927, 8FECD4F0CC44378D7ACD734A0EEE60428E3AF4B32C9987E328202866BADC1A88
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\dutch_asp_NL.ini, Quarantined, 865, 235325, , , , , AE9D7A8FEB40CEA24C9F8AC1705995BF, 697B7BD93184E970C95030DE462C848DED1204DB94797B14377324D0999B0B6F
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\eng_asp_en.ini, Quarantined, 865, 235325, , , , , B2CBE6E3164E32ABE1272014E8F34969, 4BEE5F6FC0AE67118CCA1C066553FA707F84AE8A9B7C698F00C39978E6394B39
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Finnish_asp_FI.ini, Quarantined, 865, 235325, , , , , 62D1BE766EFD03899EFC3A355DC6C3EE, 0CF059E0256575D9A603F15A8350521D354C6D443937A757F84B0B657AD70864
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\french_asp_FR.ini, Quarantined, 865, 235325, , , , , CA67769FA2F5662650F3C526569C2909, 2179257C7849175ECAB2E1FF68902975A21EA2A8E134788BCCCF97EA4E3F8C04
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\german_asp_DE.ini, Quarantined, 865, 235325, , , , , 800EB123017C0CB84C1694213A82E376, 6F00FF2FB1B9818500A9833E9AACC5A16A81DDDB3BF336C147009E1972B96024
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Interop.IWshRuntimeLibrary.dll, Quarantined, 865, 235325, , , , , 11B908E39457E4F19FF4EEB89DB51BE2, 9A117FD7CF104DD5C9B1EC0A8DD2BF11BA22DA24D5641CDEA3247A37A8FD50A7
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\italian_asp_IT.ini, Quarantined, 865, 235325, , , , , D004BB33606E09706D25CA0FE2701200, 4A24D0DD69042A7EEC4F58CB6D8B27F47F0F7B0B94517E37E553507728A21BC0
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\japanese_asp_JA.ini, Quarantined, 865, 235325, , , , , 65AA587AF45D39CA8C378119F003789C, 92C9132309B756E5DBD482FAB9FE90FC5B317449F844FAF1D37734577C07D2FE
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\libyara.NET.dll, Quarantined, 865, 235325, , , , , 1EA4074FFD052CD036B448EB0CD24951, AE5B261FB477DE62960435933258F31E75942709447B0083F537D834AA05A731
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL, Quarantined, 865, 235325, , , , , 18F74320E012DB698B6D0FF12DB96C41, E3172941D24CFFEF645CFA4E0FB5D853BD021D0D78FC0DC36736D2D60E21CA35
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\norwegian_asp_NO.ini, Quarantined, 865, 235325, , , , , 47D122D60187ED6EFF26CC882DEB32B2, CB9EE77640518DC11C3DE89DEDE66C2189E0514BE4C5B297338D79C2543977C0
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\portuguese_asp_PT-BR.ini, Quarantined, 865, 235325, , , , , 59BE960D7D81EA4BA8B8E57DF24AB009, F8DFEC2E48D2D28D0C3CE70EA420FBD3D5B73B38EE570AC987ACF30A9BB99660
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Restartexp.exe, Quarantined, 865, 235325, , , , , DD403EB0F9E81FF7AD8BB787EA11EB8E, BC92F67C3CB5580D8D522A65F55FE05289091E8E87953ED92D8FE5E0567283E3
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\russian_asp_ru.ini, Quarantined, 865, 235325, , , , , B5F3B789A17BD1D9E6E6715FD97D10FC, 62BC0B0400AF3080D4A0C558F741C82E668149FEBB4AAF9B2E30E0EEA179AD4A
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\scandll.dll, Quarantined, 865, 235325, , , , , 1CDA43B5860D5FC397DAD63057184235, 1DCCD26F968E6B7E98F1EDAC2644C6E22E02EAEEF943E888073E19DD04D941E1
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\spanish_asp_ES.ini, Quarantined, 865, 235325, , , , , D5A8640DD83F9A9D39C2C205BD225B6C, 6D301A4081B44BA66632448A02E2467DF40F9EDAC23A887086F82240848A9DE5
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\SQLite.Interop.dll, Quarantined, 865, 235325, , , , , 410EF665AD9D5D5FC9F4F26294CD250C, 79C6B707652656FF61AE6256B95165ECB93B172C5CBF4DF1D0B7AECD0FBC4189
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\swedish_asp_SV.ini, Quarantined, 865, 235325, , , , , 5D2699E30E1D8CD5E89BFA2994C2BF7B, 171599D8C968FB5FFA8A7FBA754DBBAB8D1D4C62C0B622CE16BB384D6FCFF959
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll, Quarantined, 865, 235325, , , , , 4F41CA179DBFA86BD4F69AC884D4FE53, BA7821C8BE881793B63A0BBE2B7E557EA0CC26ECACC1A307F92785BC0D6A7666
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\unins000.dat, Quarantined, 865, 235325, , , , , 4BD7EC1601FDD47F30A363320A3A12B5, 2E6B82F244E7DF0B04A03CF0E8202E3D5219331C99720560993DA101BEA0AC57
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\unins000.exe, Quarantined, 865, 235325, , , , , 8F6AEAB86B9741C15A39CBBDDE3387CF, DA05C7762C04FF6A5F7EBC3EB6BAF0647F33AD9731E2416239BD8C690DA9F379
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\unins000.msg, Quarantined, 865, 235325, , , , , 5F38274FC51EC35B61E925153E26EF1C, 946195C199C2F798ED0AB3DC8AE4511BE30AD70E5FB994D677BEEE0AE249DEC8
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\unrar.dll, Quarantined, 865, 235325, , , , , FB9C090B1BCE9AD6A5E4A560DDD70AB9, 88D76D52423FC7F18CB5B3B87D3576540BBF4D8BD3A90A144AF3244FC6F09128
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll, Quarantined, 865, 235325, , , , , 2EC3E039C7E6BF0BB6B61C07B73E53B5, 18B5DAD4147D10688297DB79E886039F848AAA01DC6EF9215EE826653C947953
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.Formats.dll, Quarantined, 865, 235325, , , , , B241BCF74E2CD9728B9E17323A2646BA, FC96BEACBA9E4677C794C8B97CBABBAC6F4E54C0D08E14DC43E06F77E129F49F
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll, Quarantined, 865, 235325, , , , , 5AD9E53D3F71B34678FD9AE3C950A23E, 213FAFAE548A0CBE74CBC2ACA6706C7724FF42BA327627C59800D92606A4FD15
PUP.Optional.AdvancedSystemProtector, C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll, Quarantined, 865, 235325, , , , , 7DF3B1E40FBE285D3E4BD99F904DD337, F1544A24C4F6134D38C2801411D67FED6C7EF21D7606D5406EEEC387E08C1216
PUP.Optional.AdvancedSystemProtector, C:\WINDOWS\SYSTEM32\TASKS\Advanced System Protector, Quarantined, 865, 235325, , , , , 219120A1C11FBF47D91141BC68AF05EC, 4DAE5E5B07BD2ED31B2C6098C3C7A12FFF5D12D2856A943D965BE327EB8D441D
PUP.Optional.AdvancedSystemProtector, C:\WINDOWS\SYSTEM32\SASNATIVE64.EXE, Quarantined, 865, 364690, 1.0.37897, , ame, , 37A084D01376937989821A79174FEAC4, 4C77F19E08E13A3D4C0856F7139CF029B5EF65559111CBC18917B7D493769E83
PUP.Optional.AdvancedSystemProtector, C:\USERS\{username}\DESKTOP\ASPSETUP_SYSTWEAK-DEFAULT.EXE, Quarantined, 865, 326624, 1.0.37897, , ame, , 45D8F4B77FED6E930DEAE0BE48308EFE, 4C3FD3D5DDF24240AD6CE214F2FE779B76BC6B36858B8390F69B99DD3461C91D

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this potentially unwanted program.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

  • Thanks 1
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.