user_avatar****

Sir,

1st of all thax a loat for such a great tool. It helped me a loat in removing may adwares from systems. 2 -3 days back i was downloading somthing and hit with some malwares and adwares. after that i scanned pc with adaware removel tool but after clicking clean it was getting stucked again and again in notrmal mode and safe mood. then i scanned my pc with malwarebyt it cleand most of things. so again i scanned pc with adaware cleaner tool. it showed me UCGUard service I unchecked it and cleaned the pc and it worked. now ad-aware cleaner showing only that service as infected. how to clean it? because if i try to clean it tool shows not responding and i have to re boot system manyally.

following are logs

 

1) When UCGUARD was ticked

# AdwCleaner v5.201 - Logfile created 25/07/2016 at 15:11:14
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-24.1 [Local]
# Operating system : Windows 10 Pro  (X64)
# Username : Sutech - SUTECH
# Running from : C:\Users\Sutech\Downloads\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : UCGuard
Service Found : dowidoly
Service Found : rijufoze
Service Found : torecijizbt

***** [ Folders ] *****

Folder Found : C:\ProgramData\WindowsMsg
Folder Found : C:\ProgramData\Application Data\WindowsMsg
Folder Found : C:\Program Files (x86)\Max Driver Updater
Folder Found : C:\Users\Sutech\AppData\Roaming\ASPackage
Folder Found : C:\Users\Sutech\AppData\Roaming\Mozilla\Firefox\Profiles\jw9lh2dl.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f}
Folder Found : C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\YourGSearchFinder_br
Folder Found : C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f}
Folder Found : C:\Users\Public\Documents\dmp

***** [ Files ] *****

File Found : C:\END
File Found : C:\WINDOWS\SysNative\drivers\TAOKernelEx64.sys
File Found : C:\WINDOWS\SysNative\drivers\ucguard.sys

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( "hxxp://safesurfs.net/?ssid=1469431571&a=1045478&src=sh&uuid=3764b62f-38a5-420c-bb76-8c798fd19221" )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( "hxxp://safesurfs.net/?ssid=1469431571&a=1045478&src=sh&uuid=3764b62f-38a5-420c-bb76-8c798fd19221" )
Shortcut Infected : C:\Users\Sutech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( "hxxp://safesurfs.net/?ssid=1469431571&a=1045478&src=sh&uuid=3764b62f-38a5-420c-bb76-8c798fd19221" )
Shortcut Infected : C:\Users\Sutech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( "hxxp://safesurfs.net/?ssid=1469431571&a=1045478&src=sh&uuid=3764b62f-38a5-420c-bb76-8c798fd19221" )

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Key Found : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe]
Key Found : HKLM\SOFTWARE\Classes\.qbox Key Found : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
Key Found : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
Key Found : HKEY_CLASSES_ROOT\.qmgc Key Found : HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Key Found : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found : HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\osTip
Key Found : HKCU\Software\Wizzlabs
Key Found : HKCU\Software\MICROSOFT\IDSC
Key Found : HKCU\Software\INSTALLPATH\STATUS
Key Found : HKCU\Software\UCBrowserPID
Key Found : HKLM\SOFTWARE\SrpnFiles
Key Found : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Key Found : HKLM\SOFTWARE\UCBrowserPID
Key Found : HKLM\SOFTWARE\trotuxSoftware
Key Found : [x64] HKLM\SOFTWARE\imalcom
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\IM
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\osTip
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Wizzlabs
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\MICROSOFT\IDSC
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\INSTALLPATH\STATUS
Key Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\UCBrowserPID
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\2345.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.2345.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\2345.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.2345.com
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [apphide]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SpaceSoundPro]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SpaceSoundPro]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [conhost.exe -start]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [conhost.exe -start]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Caster]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Run [Caster]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Caster]
Value Found : HKU\S-1-5-21-1386693083-6109393-410956811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [taskhost]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpSvc
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService

***** [ Web browsers ] *****

[C:\Users\Sutech\AppData\Roaming\Mozilla\Firefox\Profiles\jw9lh2dl.default\prefs.js] Found : user_pref("browser.newtab.url", "C:\\ProgramData\\Lamzaps\\ff.NT"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.newtab.url", "hxxp://www.trotux.com/?z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w&from=epf1&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&type=hp"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.defaultenginename", "trotux"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=trotux"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.searchengine.hp", "hxxp://www.trotux.com/?z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w&from=epf1&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&type=hp"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.searchengine.sp", "hxxp://www.trotux.com/search/?from=epf1&q={searchTerms}&type=sp&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.searchengine.uid", "ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.searchengine.url", "hxxp://www.trotux.com/search/?from=epf1&q={searchTerms}&type=sp&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("browser.search.selectedEngine", "trotux"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...] [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "48.0"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782ad341"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016072513"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1469434204288"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLo[...] [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.shownUninstall", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.startupTasks", "{\"clearPrefs\":[\"extensions.toolbar.mindspark._brMembers_.shownUninstall\"],\"undoDisableHPGuard\":[\"true\"]}"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "hxxp://www.trotux.com/search/?&z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w&from=epf1&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&type=sp&q=[...] [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Sutech\\\\AppData\\\[...] [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com"); [C:\Users\Sutech\AppData\Roaming\Profiles\me6re9ps.default\prefs.js] Found : user_pref("keyword.URL", "hxxp://www.trotux.com/search/?z=20245021a42ba5550eb1ed6gdz6q0t7z4c4gaq5o0w&from=epf1&uid=ST31000524AS_9VPBSBQ3XXXX9VPBSBQ3&type=sp&q=");

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [14253 bytes] - [13/05/2016 11:35:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [4603 bytes] - [13/05/2016 12:08:01]
C:\AdwCleaner\AdwCleaner[C3].txt - [1448 bytes] - [13/05/2016 12:18:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [1594 bytes] - [13/05/2016 12:37:43]
C:\AdwCleaner\AdwCleaner[C5].txt - [353 bytes] - [25/07/2016 13:50:39]
C:\AdwCleaner\AdwCleaner[C6].txt - [353 bytes] - [25/07/2016 14:53:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [13847 bytes] - [13/05/2016 11:07:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [7679 bytes] - [13/05/2016 11:50:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [1337 bytes] - [13/05/2016 12:11:45]
C:\AdwCleaner\AdwCleaner[S4].txt - [1483 bytes] - [13/05/2016 12:33:26]
C:\AdwCleaner\AdwCleaner[S5].txt - [14646 bytes] - [25/07/2016 13:47:38]
C:\AdwCleaner\AdwCleaner[S6].txt - [14389 bytes] - [25/07/2016 14:46:48]
C:\AdwCleaner\AdwCleaner[S7].txt - [14360 bytes] - [25/07/2016 15:11:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [14434 bytes] ##########

after unchecking ucguard from list it cleaned all other things...

Re: UCGUARD service

Hello,

Try to boot system in Safe Mode and then clean in AdwCleaner.