Hello, i'm having the same problem as pedromatt here: https://toolslib.net/forum/viewthread/8700-cant-delete-ucguard/

Problem with UC guard, can't delete it, adwcleaner crashes, other cleaners don't detect it. Can somebody help me please? Thank you!

Re: Can't delete UC Guard

Hello,

Can you share AdwCleaner logfile? (Usually from C;\AdwCleaner\AdwCleaner[Sxx].txt)

Then, use MBAM:

  • Please download MBAM: https://www.malwarebytes.com/mwb-download/thankyou/
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more. 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export >Copy to Clipboard - paste the content in your next message.

Best regards,

Re: Can't delete UC Guard

Hi!

AdwCleaner logfile: https://up2sha.re/file?f=C7ej9R6xGG9z

MBAM Scanlog:

Protection, 25-Nov-16 09:13, SYSTEM, DESKTOP-KCS8S2N, Protection, Malware Protection, Starting,  Protection, 25-Nov-16 09:13, SYSTEM, DESKTOP-KCS8S2N, Protection, Malware Protection, Started,  Protection, 25-Nov-16 09:13, SYSTEM, DESKTOP-KCS8S2N, Protection, Malicious Website Protection, Starting,  Protection, 25-Nov-16 09:13, SYSTEM, DESKTOP-KCS8S2N, Protection, Malicious Website Protection, Started,  Update, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Manual, Remediation Database, 2016.2.12.1, 2016.9.21.1,  Update, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Manual, Rootkit Database, 2016.2.8.1, 2016.11.20.1,  Update, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Manual, IP Database, 2016.2.8.1, 2016.11.24.4,  Update, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Manual, Domain Database, 2016.2.16.8, 2016.11.24.9,  Update, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Manual, Malware Database, 2016.2.16.6, 2016.11.25.2,  Protection, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Protection, Refresh, Starting,  Protection, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Protection, Malicious Website Protection, Stopping,  Protection, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Protection, Malicious Website Protection, Stopped,  Protection, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Protection, Refresh, Success,  Protection, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Protection, Malicious Website Protection, Starting,  Protection, 25-Nov-16 09:14, SYSTEM, DESKTOP-KCS8S2N, Protection, Malicious Website Protection, Started, 

(end)

Thanks.

Re: Can't delete UC Guard

Sorry, MBAM Scanlog (after restart)

Malwarebytes Anti-Malware www.malwarebytes.org

Scan Date: 25-Nov-16 Scan Time: 09:14 Logfile:  Administrator: Yes

Version: 2.2.1.1043 Malware Database: v2016.11.25.02 Rootkit Database: v2016.11.20.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled

OS: Windows 10 CPU: x64 File System: NTFS User: M2-1900

Scan Type: Threat Scan Result: Completed Objects Scanned: 285772 Time Elapsed: 11 min, 27 sec

Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled

Processes: 1 PUP.Optional.Elex.Generic, C:\Users\M2-1900\AppData\Roaming\jcfjc\UvConverter.exe, 2372, Delete-on-Reboot, [79fddfe5603a0531a115458e15ee5fa1]

Modules: 1 Adware.Elex, C:\Program Files (x86)\Common Files\Services\iThemes.dll, Delete-on-Reboot, [d6a0e8dcdcbe2412aec1a33a56adbf41], 

Registry Keys: 13 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, Quarantined, [3c3a00c4dac069cd4a121cc115eeae52],  PUP.Optional.Elex.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UvConv, Quarantined, [79fddfe5603a0531a115458e15ee5fa1],  Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iThemes5, Quarantined, [d6a0e8dcdcbe2412aec1a33a56adbf41],  PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D8EB8970-3C31-43DA-A8FD-DFC4304E04A7}, Delete-on-Reboot, [8ee8bd07a6f465d1290f4d37a75c16ea],  PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FC7564A4-F8DE-4C18-A61D-68CE938964CF}, Delete-on-Reboot, [0f67556fa7f3b086c658f96b649fba46],  PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ChelfNotify Task, Delete-on-Reboot, [f38317ad5d3dcc6a23fcafb5c73c20e0],  PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Ckahichshedle Controls, Delete-on-Reboot, [d0a6853f5d3de94d0a2fcbb953b03cc4],  PUP.Optional.Amisites.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\amisitesSoftware, Quarantined, [3145dee6d5c51d196d4804cf3ec50df3],  PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinSAPSvc, Quarantined, [f185e2e27e1c6fc7f5c20db88182d42c],  PUP.Optional.Ghokswa.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FIREFOXU, Quarantined, [f77f368e4e4cc670339a351606fd1ce4],  PUP.Optional.Ludashi, HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\SOFTWARE\LUDASHI, Quarantined, [7501b3111189290da4b25b6de81b45bb],  PUP.Optional.Tuto4PC, HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\SOFTWARE\MICROSOFT\wewewe, Quarantined, [9ed84b795e3cd363fcfe5b69d42f3cc4],  PUP.Optional.Amisites.ShrtCln, HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [3b3b5074fe9ce84e3305d9f7c53e18e8], 

Registry Values: 6 PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D8EB8970-3C31-43DA-A8FD-DFC4304E04A7}|Path, \Ckahichshedle Controls, Delete-on-Reboot, [8ee8bd07a6f465d1290f4d37a75c16ea] PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FC7564A4-F8DE-4C18-A61D-68CE938964CF}|Path, \ChelfNotify Task, Delete-on-Reboot, [0f67556fa7f3b086c658f96b649fba46] PUP.Optional.Ghokswa.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FirefoxU|ImagePath, "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe", Quarantined, [f77f368e4e4cc670339a351606fd1ce4] PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UVCONV|ImagePath, "C:\Users\M2-1900\AppData\Roaming\jcfjc\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577}, Quarantined, [581e22a2a3f78fa702b1efe4d0336d93] PUP.Optional.Ludashi, HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\SOFTWARE\LUDASHI|360lock, 0, Quarantined, [7501b3111189290da4b25b6de81b45bb] PUP.Optional.Amisites.ShrtCln, HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}, Quarantined, [3b3b5074fe9ce84e3305d9f7c53e18e8]

Registry Data: 8 PUP.Optional.Amisites.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.amisites.com/?type=hp&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398, Good: (www.google.com), Bad: (http://www.amisites.com/?type=hp&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398),Replaced,[3b3b1da7ccced46264ce16ba33d0748c] PUP.Optional.Amisites.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}, Good: (www.google.com), Bad: (http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}),Replaced,[33430fb57f1b67cfa29021afc83b9b65] PUP.Optional.Amisites.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}, Good: (www.google.com), Bad: (http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}),Replaced,[babc517346543df90f23be12b64d23dd] PUP.Optional.Amisites.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.amisites.com/?type=hp&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398, Good: (www.google.com), Bad: (http://www.amisites.com/?type=hp&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398),Replaced,[4a2c368e7723fa3cd65c18b89e65ce32] PUP.Optional.Amisites.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}, Good: (www.google.com), Bad: (http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}),Replaced,[88ee487c4753d1656bc7c20e4ab9a15f] PUP.Optional.Amisites.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}, Good: (www.google.com), Bad: (http://www.amisites.com/search/?type=ds&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398&q={searchTerms}),Replaced,[373f764e2575c571e052468af60d5aa6] PUP.Optional.Amisites.ShrtCln, HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.amisites.com/?type=hp&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398, Good: (www.google.com), Bad: (http://www.amisites.com/?type=hp&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398),Replaced,[cbab8f356238270fa194e5ebca39c040] PUP.Optional.Amisites.ShrtCln, HKU\S-1-5-21-1808197995-3367824734-3781666586-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\MICROSOFTEDGE\MAIN|HomeButtonPage, http://www.amisites.com/?type=hp&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398, Good: (http://www.google.com), Bad: (http://www.amisites.com/?type=hp&ts=1479717860&z=bc324e17247365ce133041fgfzamet7m9g6mfb1w3t&from=che0812&uid=BIWINXSSD_154507401398),Replaced,[bbbbedd7ddbdf14525fd696732d1817f]

Folders: 5 PUP.Optional.Amonetize, C:\Users\M2-1900\AppData\Local\Temp\00006188, Quarantined, [b7bf72524456c571cc191bab39ca8d73],  PUP.Optional.Elex.Generic, C:\Users\M2-1900\AppData\Roaming\jcfjc, Delete-on-Reboot, [79fddfe5603a0531a115458e15ee5fa1],  Adware.Elex, C:\Users\M2-1900\AppData\Roaming\Ckerrersh, Quarantined, [f482faca26749b9b9ffd8155c53e11ef],  Trojan.Boaxxe, C:\Users\M2-1900\AppData\Local\Owics, Quarantined, [78fe9b29b3e770c65cebae2ccf34936d],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716, Quarantined, [5224368e6d2de452915fc682cc37f60a], 

Files: 56 PUP.Optional.Tuto4PC, C:\Users\M2-1900\AppData\Local\Temp\diskpower-installer.exe, Quarantined, [3d398a3a4e4c74c2cca38846ab587f81],  Trojan.KorAd, C:\Users\M2-1900\AppData\Local\Temp\KZ7ZData.7z, Quarantined, [b3c37f457822053162777c0147bcf907],  PUP.Optional.NeoBar.Generic, C:\Users\M2-1900\AppData\Local\Temp\yt.exe, Quarantined, [7105c5ffe3b75fd7638228a35ca7ee12],  PUP.Optional.NetSecure, C:\Users\M2-1900\AppData\Local\Temp\setup.exe, Quarantined, [591ddce8bedc63d37478e95f4bb83fc1],  PUP.Optional.ConvertAd, C:\Users\M2-1900\AppData\Local\Temp\nsaABC3.tmp, Quarantined, [4630586ce0bac17563fb38e8877c52ae],  PUP.Optional.Tuto4PC, C:\Users\M2-1900\AppData\Local\Temp\3EFW15RY2A.exe, Quarantined, [e78fe9db6733ff37fb1177f26b988080],  Adware.FileTour, C:\Users\M2-1900\AppData\Local\Temp\ucbrabs.exe, Quarantined, [dd9902c2f0aa1f17557d1c6dcb38d32d],  PUP.Optional.InstallCore, C:\Users\M2-1900\AppData\Local\Temp\341C.tmp.exe, Quarantined, [c9ad448052487abc645d6c58669d51af],  PUP.Optional.Tuto4PC, C:\Users\M2-1900\AppData\Local\Temp\7GD0CBFRV4.exe, Quarantined, [b5c16b5903971b1bb359f376798a3fc1],  PUP.Optional.InstallCore, C:\Users\M2-1900\AppData\Local\Temp\8988.tmp.exe, Quarantined, [fc7ae3e1f6a49f97962bb80c758ec33d],  PUP.Optional.Elex.ClnShrt, C:\Users\M2-1900\AppData\Local\Temp\00006185\hp.exe, Quarantined, [ed8916aefaa01a1c3fddc9d136cde719],  PUP.Optional.Elex, C:\Users\M2-1900\AppData\Local\Temp\00006185\kpzip.exe, Quarantined, [3442d4f06139c0762b1f94e9c3406e92],  Adware.Agent, C:\Users\M2-1900\AppData\Local\Temp\00006188\msiql.exe, Quarantined, [15611aaacad003339b602106b24ed828],  Adware.Agent, C:\Users\M2-1900\AppData\Local\Temp\00006188\newAutoTime_51490.jpg, Quarantined, [87ef92322b6fa69016b5e6a3a0636b95],  PUP.Optional.Elex, C:\Users\M2-1900\AppData\Local\Temp\00006191\service.exe, Quarantined, [b9bd80440892023433ec4963a75c619f],  Adware.Clicker, C:\Users\M2-1900\AppData\Local\Temp\00006279\ruixin.exe, Quarantined, [79fd358f8a105bdbf9d69ce44ab942be],  Adware.Clicker, C:\Users\M2-1900\AppData\Local\Temp\00006328\ruixin.exe, Quarantined, [3b3b43810c8e43f3646b2e52c53e47b9],  Trojan.KorAd, C:\Users\M2-1900\AppData\Local\Temp\00007475\KuaiZip_Setup_-446633494_zzlm_014.exe, Quarantined, [294d873d207a1b1b2bae9ae3c83ba060],  Trojan.ChinAd, C:\Users\M2-1900\AppData\Local\Temp\is-CR9T3.tmp\SetupG.exe, Quarantined, [2a4c3292f0aad6608746d6b3ed16c838],  Adware.Agent, C:\Users\M2-1900\AppData\Local\Temp\is-IFK06.tmp\AutoTime.exe, Quarantined, [c1b513b1900a2a0cd2be503af2110000],  Adware.HPDefender, C:\Users\M2-1900\AppData\Local\Temp\CB911CB0-61A0-4409-953F-370847AF2DFE\wadiagopilesve.ru_World.exe, Quarantined, [42346e56821864d2f8957f55d62d956b],  PUP.Optional.Tuto4PC, C:\Users\M2-1900\AppData\Local\Temp\851N3TTXBY\appsoft.exe, Quarantined, [086e853f92083ff76106f1dd8c77f709],  PUP.Optional.Tuto4PC, C:\Users\M2-1900\AppData\Local\Temp\851N3TTXBY\cas.exe, Quarantined, [443219ab752591a5bcb7e9be8b78639d],  Adware.Elex, C:\Windows\Temp\nsi7955.tmp\yacqq.exe, Quarantined, [5422f1d3663494a231bef1e91de63ec2],  PUP.Optional.Wajam, C:\Windows\606c02be183b925bc025ca6ed8eaa02f.exe, Quarantined, [c5b14a7a653587af6fdd795b1fe45aa6],  PUP.Optional.Komodia, C:\Windows\Temp\zdengine.log, Quarantined, [13632d975347e6504de35976887a7789],  PUP.Optional.Elex, C:\Windows\System32\Tasks\Ckahichshedle Controls, Quarantined, [c4b24f75e0ba82b44feb8004847f26da],  PUP.Optional.SearchInMe, C:\Users\M2-1900\AppData\Roaming\Firefox\Firefox\Profiles\ddpdspdg.default\searchplugins\searchinme.xml, Quarantined, [a9cd0abaf9a16dc99dbe8e277c87fb05],  PUP.Optional.Elex, C:\Users\M2-1900\AppData\Roaming\Firefox\Firefox\Profiles\ddpdspdg.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi, Quarantined, [7105d4f0c4d692a47be3c7ee966d7e82],  PUP.Optional.Amonetize, C:\Users\M2-1900\AppData\Local\Temp\00006188\msiql.exe, Quarantined, [b7bf72524456c571cc191bab39ca8d73],  PUP.Optional.Amonetize, C:\Users\M2-1900\AppData\Local\Temp\00006188\newAutoTime_51490.jpg, Quarantined, [b7bf72524456c571cc191bab39ca8d73],  PUP.Optional.Elex.Generic, C:\Users\M2-1900\AppData\Roaming\jcfjc\UvConverter.exe, Delete-on-Reboot, [79fddfe5603a0531a115458e15ee5fa1],  PUP.Optional.Elex.Generic, C:\Users\M2-1900\AppData\Roaming\jcfjc\main, Quarantined, [79fddfe5603a0531a115458e15ee5fa1],  PUP.Optional.Elex.Generic, C:\Users\M2-1900\AppData\Roaming\jcfjc\UniKeyNT.exe, Quarantined, [79fddfe5603a0531a115458e15ee5fa1],  Adware.Elex, C:\Program Files (x86)\Common Files\Services\iThemes.dll, Delete-on-Reboot, [d6a0e8dcdcbe2412aec1a33a56adbf41],  Trojan.Boaxxe, C:\Users\M2-1900\AppData\Local\Owics\ExCrtMusic8.txt, Quarantined, [78fe9b29b3e770c65cebae2ccf34936d],  Trojan.Boaxxe, C:\Users\M2-1900\AppData\Local\Owics\{B7C46E79-CE69-27B6-39E4-4269E0897AC1}, Quarantined, [78fe9b29b3e770c65cebae2ccf34936d],  PUP.Optional.Youndoo, C:\Users\M2-1900\AppData\Roaming\Profiles\Hojtain.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "youndoo");), Replaced,[a8ce556fc4d60135787148449073cf31] PUP.Optional.Youndoo, C:\Users\M2-1900\AppData\Roaming\Profiles\Hojtain.default\prefs.js, Good: (), Bad: (ke a manual change to preferences, you can visit the URL about:config  */

user_pref("accessibilitse); user_pref("app.update.lastUpdateTime.addon-background), Replaced,[a1d5c202fc9ea88e45a4fe8e3dc642be] PUP.Optional.Youndoo, C:\Users\M2-1900\AppData\Roaming\Profiles\Hojtain.default\prefs.js, Good: (), Bad: (e URL about:config  */

user_pref("accessibilitse); user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1467564763); user_pref("app.update.lastUpdateTime.backgro), Replaced,[e69080442b6f1e18a940246849ba8878] PUP.Optional.Youndoo, C:\Users\M2-1900\AppData\Roaming\Profiles\Hojtain.default\prefs.js, Good: (), Bad: (on-background-update-timer", 1467564763); user_pref("app.update.lastUpdateTime.background-update-timer", 1467564523); user_pref("app.update.lastUpdateTime.blocklist-background-update), Replaced,[f482ad176e2c0a2caa3fd2ba3dc6a858] PUP.Optional.Youndoo, C:\Users\M2-1900\AppData\Roaming\Profiles\Hojtain.default\prefs.js, Good: (), Bad: (

user_pref("accessibilitse); user_pref("app.update), Replaced,[20560bb9a8f2bf77c8219eee46bd33cd] PUP.Optional.Youndoo, C:\Users\M2-1900\AppData\Roaming\Profiles\Hojtain.default\prefs.js, Good: (), Bad: (23); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1467564883); user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnai), Replaced,[c8ae487c2b6f58de7e6b2468a55e52ae] PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\config.txt, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\default.action, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\default.filter, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\Interop.SHDocVw.dll, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\mgwz.dll, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\netsafe.exe, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\netsafe.exe.config, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\oxy.exe, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\oxy.log, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\Trackerbird.Tracker.dll, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\Trackerbird.Tracker.xml, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\Trackerbird.x64.dll, Quarantined, [5224368e6d2de452915fc682cc37f60a],  PUP.Optional.Privoxy, C:\Windows\desktop-kcs8s2n_020716\Trackerbird.x86.dll, Quarantined, [5224368e6d2de452915fc682cc37f60a], 

Physical Sectors: 0 (No malicious items detected)

(end)

Re: Can't delete UC Guard

Hello,

Thank you. Can you confirm it's better now?

Thanks,

Re: Can't delete UC Guard

Hello, Chrome is clean now, but Adwcleaner still detects UCguard and crashes when try to clean...

Re: Can't delete UC Guard

Thanks.

To remove the remaining service, can you do the following?

  • Download FRST
  • Right-click on the file -> "Execute as Administrator"
  • Please also check Shortcut.txt
  • Click on the "Scan" button
  • The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
  • Please host them on Up2Share and share the generated link.

Thanks,

Re: Can't delete UC Guard

Hello,

Thanks. So, you can uninstall:

- McAfee,

- AdAware  

Then, we'll use FRST to remove the UCGuard remaining:

Download fixlist.txt file and save it to the Desktop (with the name "fixlist.txt")

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Best regards,

Re: Can't delete UC Guard

Hello,

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016 Ran by M2-1900 (26-11-2016 08:42:31) Run:1 Running from C:\Users\M2-1900\Downloads Loaded Profiles: M2-1900 (Available Profiles: M2-1900) Boot Mode: Normal ==============================================

fixlist content: ***************** CloseProcesses: R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 2016-08-29] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION EmptyTemp: *****************

Processes closed successfully. UCGuard => Unable to stop service. UCGuard => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51194318 B Java, Flash, Steam htmlcache => 4270 B Windows/system/drivers => 74744337 B Edge => 246399208 B Chrome => 9686178 B Firefox => 280050824 B Opera => 0 B

Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 13942 B NetworkService => 1602924 B M2-1900 => 890376021 B

RecycleBin => 0 B EmptyTemp: => 1.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 08:51:02 ====

pc is clean now. Thank you very much. So helpful, thanks.

Re: Can't delete UC Guard

Hello,

Thanks!

So, we'll remove the tools we've used:

  • Download DelFix from Xplode on your desktop;
  • Launch it with administrator rights;
  • Select all the option except the one proposing to save the registry;
  • Then click on the "Execute" button;
  • When everything is finish, the software will close itself;
  • Then a report appear on the notepad, please copy paste it's content in your answer.

Finally,

  1. Download CCleaner from here, and install it.
  2. Start CCleaner (there should be a shortcut on your Desktop)
  3. Go in Options tab > Advanced, untick Only delete Windows temporary files older than 24 hours.
  4. Then in Options  tab > Surveillance, untick the both boxes.
  5. In the Clean tab, click on "Clean".
  6. When the cleaning is done, go in the "Registry" tab, click on "Find errors" and then "Fix".

Best regards,

Re: Can't delete UC Guard

Delfix.txt: 

# DelFix v1.013 - Logfile created 26/11/2016 at 21:14:24 # Updated 17/04/2016 by Xplode # Username : M2-1900 - DESKTOP-KCS8S2N # Operating System : Windows 10 Pro  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\M2-1900\Downloads\Addition.txt Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.000 (1).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.000.exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.021.exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (1).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (10).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (11).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (12).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (13).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (14).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (15).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (16).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (17).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (18).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (19).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (2).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (3).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (4).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (5).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (6).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (7).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (8).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030 (9).exe Deleted : C:\Users\M2-1900\Downloads\adwcleaner_6.030.exe Deleted : C:\Users\M2-1900\Downloads\Fixlog.txt Deleted : C:\Users\M2-1900\Downloads\FRST.exe Deleted : C:\Users\M2-1900\Downloads\FRST.txt Deleted : C:\Users\M2-1900\Downloads\FRST64.exe Deleted : C:\Users\M2-1900\Downloads\Shortcut.txt

~ Cleaning system restore ...

Deleted : RP #11 [AA11 | 11/24/2016 18:36:41] Deleted : RP #12 [AA11 | 11/26/2016 07:36:33]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Thanks.  

Re: Can't delete UC Guard

Thank you!

Have a nice day,