By pure stupidity like the guy in this thread (https://www.bleepingcomputer.com/forums/t/647549/ucbrowser-and-uefochubsrv-suddenly-appeared-on-my-pc/)
I also downloaded some sort of malware called UCBrowser. I first noticed BSODs so I tried restoring my system to an earlier state but I got a BSOD while doing that. The result is all my old restore points getting deleted. So I then attempted to get ride of the BSOD which I pinpointed to Sandboxie, a program I regularly use. Uninstalling SandBoxie got ride of the BSOD.
I then cleaned my computer as much as possible with multiple tools (rkill, jrt, malwarebytes, tdss, adw, emsissoft etc) but
there was this other problem..... some sort of registry write access problem that would happen 5-10 min after boot up. I suddenly couldn't open folders from my desktop. I'd get a message error saying "the parameters is incorrect" and opening or trying to install programs would give me a message saying it couldn't write to registry, some stuffs werent getting saved etc...
To fix this I tried sfc /scannow, dism onlineimage thing, Windows Repair from tweaking.com, ResetPermission tool, multiple subinacl
scripts and manually changing permission in C:/ properties to no avail.
I then noticed that most of the antimalware tools I ran werent deleting the malware because of the registry thing so I had to run them as soon as I booted up my computer (when the registry thing wasn't happening, first 5-10min). Two or three adwcleaner scan later, the registry thing is gone but......
I still have a threat that adwcleaner can't delete
-> C:\WINDOWS\SysNative\drivers\Uefochubsrv.sys but it's not able to delete it .
I tried running this script
Start U2 Uefochubsrv; C:\WINDOWS\system32\drivers\Uefochubsrv.sys [196640 2017-05-21] () C:\Windows\system32\drivers\Uefochubsrv.sys
results are in the files I've uploaded.
 I couldn't find Uefochubsrv.sys in Windows\system32\drivers\... so I thought it could be a false positive but to be sure I've checked the corresponding registry key and the ImagePath is
Could the "??" be some other language characters and the reason why adw/fbr can't delete it. Also, trying to manually delete the registry key from regedit gets me a "Cannot delete Uefochubsrv. Error while deleting key."
Any help is appreciated.
Edited by UnderPL, 25 May 2017 - 02:28 AM.