UCGUARD service

user_avatar****

Sir,

1st of all thax a loat for such a great tool. It helped me a loat in removing may adwares from systems. 2 -3 days back i was downloading somthing and hit with some malwares and adwares. after that i scanned pc with adaware removel tool but after clicking clean it was getting stucked again and again in notrmal mode and safe mood. then i scanned my pc with malwarebyt it cleand most of things. so again i scanned pc with adaware cleaner tool. it showed me UCGUard service I unchecked it and cleaned the pc and it worked. now ad-aware cleaner showing only that service as infected. how to clean it? because if i try to clean it tool shows not responding and i have to re boot system manyally.

following are logs

 

1) When UCGUARD was ticked

# AdwCleaner v5.201 - Logfile created 25/07/2016 at 15:11:14
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-24.1 [Local]
# Operating system : Windows 10 Pro  (X64)
# Username : Sutech - SUTECH
# Running from : C:\Users\Sutech\Downloads\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : UCGuard
Service Found : dowidoly
Service Found : rijufoze
Service Found : torecijizbt

***** [ Folders ] *****

Folder Found : C:\ProgramData\WindowsMsg
Folder Found : C:\ProgramData\Application Data\WindowsMsg
Folder Found : C:\Program Files (x86)\Max Driver Updater
Folder Found : C:\Users\Sutech\AppData\Roaming\ASPackage
Folder Found : C:\Users\Sutech\AppData\Roaming\Mozilla\Firefox\Profiles\jw9lh2dl.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f}
Folder Found : C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\YourGSearchFinder_br
Folder Found : C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f}
Folder Found : C:\Users\Public\Documents\dmp

***** [ Files ] *****

File Found : C:\END
File Found : C:\WINDOWS\SysNative\drivers\TAOKernelEx64.sys
File Found : C:\WINDOWS\SysNative\drivers\ucguard.sys

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( "hxxp://safesurfs.net/?ssid=1469431571&a=1045478&src=sh&uuid=3764b62f-38a5-420c-bb76-8c798fd19221" )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( "hxxp://safesurfs.net/?ssid=1469431571&a=1045478&src=sh&uuid=3764b62f-38a5-420c-bb76-8c798fd19221" )
Shortcut Infected : C:\Users\Sutech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( "hxxp://safesurfs.net/?ssid=1469431571&a=1045478&src=sh&uuid=3764b62f-38a5-420c-bb76-8c798fd19221" )
Shortcut Infected : C:\Users\Sutech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( "hxxp://safesurfs.net/?ssid=1469431571&a=1045478&src=sh&uuid=3764b62f-38a5-420c-bb76-8c798fd19221" )

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Key Found : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe]
Key Found : HKLM\SOFTWARE\Classes\.qbox Key Found : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
Key Found : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
Key Found : HKEY_CLASSES_ROOT\.qmgc Key Found : HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Key Found : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found : HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\osTip
Key Found : HKCU\Software\Wizzlabs
Key Found : HKCU\Software\MICROSOFT\IDSC
Key Found : HKCU\Software\INSTALLPATH\STATUS
Key Found : HKCU\Software\UCBrowserPID
Key Found : HKLM\SOFTWARE\SrpnFiles
Key Found : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Key Found : HKLM\SOFTWARE\UCBrowserPID
Key Found : HKLM\SOFTWARE\trotuxSoftware
Key Found : [x64] HKLM\SOFTWARE\imalcom
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\IM
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\osTip
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Wizzlabs
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\MICROSOFT\IDSC
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\INSTALLPATH\STATUS
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\UCBrowserPID
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\2345.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.2345.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\2345.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.2345.com
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [apphide]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SpaceSoundPro]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SpaceSoundPro]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [conhost.exe -start]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [conhost.exe -start]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Caster]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Run [Caster]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Caster]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [taskhost]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpSvc
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService

***** [ Web browsers ] *****

[C:\Users\Sutech\AppData\Roaming\Mozilla\Firefox\Profiles\jw9lh2dl.default\prefs.js] Found : user_pref("browser.newtab.url", "C:\\ProgramData\\Lamzaps\\ff.NT"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.newtab.url", "hxxp://www.trotux.com/?z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w&from=epf1&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&type=hp"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.defaultenginename", "trotux"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=trotux"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.searchengine.hp", "hxxp://www.trotux.com/?z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w&from=epf1&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&type=hp"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.searchengine.sp", "hxxp://www.trotux.com/search/?from=epf1&q={searchTerms}&type=sp&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.searchengine.uid", "ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.searchengine.url", "hxxp://www.trotux.com/search/?from=epf1&q={searchTerms}&type=sp&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.selectedEngine", "trotux"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...] [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "48.0"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782ad341"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016072513"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1469434204288"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLo[...] [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.shownUninstall", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.startupTasks", "{\"clearPrefs\":[\"extensions.toolbar.mindspark._brMembers_.shownUninstall\"],\"undoDisableHPGuard\":[\"true\"]}"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "hxxp://www.trotux.com/search/?&z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w&from=epf1&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&type=sp&q=[...] [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Sutech\\\\AppData\\\[...] [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("keyword.URL", "hxxp://www.trotux.com/search/?z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w&from=epf1&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&type=sp&q=");

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [14253 bytes] - [13/05/2016 11:35:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [4603 bytes] - [13/05/2016 12:08:01]
C:\AdwCleaner\AdwCleaner[C3].txt - [1448 bytes] - [13/05/2016 12:18:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [1594 bytes] - [13/05/2016 12:37:43]
C:\AdwCleaner\AdwCleaner[C5].txt - [353 bytes] - [25/07/2016 13:50:39]
C:\AdwCleaner\AdwCleaner[C6].txt - [353 bytes] - [25/07/2016 14:53:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [13847 bytes] - [13/05/2016 11:07:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [7679 bytes] - [13/05/2016 11:50:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [1337 bytes] - [13/05/2016 12:11:45]
C:\AdwCleaner\AdwCleaner[S4].txt - [1483 bytes] - [13/05/2016 12:33:26]
C:\AdwCleaner\AdwCleaner[S5].txt - [14646 bytes] - [25/07/2016 13:47:38]
C:\AdwCleaner\AdwCleaner[S6].txt - [14389 bytes] - [25/07/2016 14:46:48]
C:\AdwCleaner\AdwCleaner[S7].txt - [14360 bytes] - [25/07/2016 15:11:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [14434 bytes] ##########

after unchecking ucguard from list it cleaned all other things...

Re: UCGUARD service

Hello,

Try to boot system in Safe Mode and then clean in AdwCleaner.

  1. Home
  2. Forum
  3. AdwCleaner
  4. UCGUARD service

Protect Your PC from Malware

Get Malwarebytes for powerful protection against adware and threats.

Get Malwarebytes Now