AdwCleaner after Patch Tuesday, Windows Update, updated to 16299.192, from 16299.125.

# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 09 19:26:36 2018 # Updated on 2017/21/12 by Malwarebytes  # Database: 01-08-2018.1 # Running on Windows 10 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support

***** [ Files ] *****

PUP.Optional.NetFilter, C:\Windows\SysNative\drivers\mrxsmb22.sys

Rebooted to delete. Ran adw again, above mrxsmb22.sys remains. So location is wrong. Checked location, does not exist.

Ran Copernic Desktop Search & OSForensics, neither found, both claiming file does not exist anywhere in my entire computer?

Re: PUP \SysNative\drivers\mrxsmb22.sys

Greetings,

Thanks for the feedback. We’ll investigate and I will get back to you as soon as possible.

Regards.

Re: PUP \SysNative\drivers\mrxsmb22.sys

Using OSForensics again,

I found it here:

C>Windows>System32>drivers

Name                     Size

mrxsmb.22.sys       57 KB

And

C\AdwCleaner\Quarantine\

I then tracked it thru Manic Time to the exact time in seconds and found what happened at that time as confirmed adw, installer wnd.

What this was is a fake Cedrick Collomb Portable. Unlocker is only an Install.

Would not delete manually.

ThisIsMyFile Portable would not get rid of.

Had to use Cedrick Collomb Unlocker. When installing you must do the Custom Install to avoid the Delta Toolbar. Delete & Restart did not remove. Used Unlocker again with command to move to Desktop, Delete and Restart, from desktop. Deleted from Quarantine. Restart mrxsmb22.sys rebuilds back to, C/Windows/System32/drivers. Attempt same process renaming file, did not work.

No Blue Screen of Death on a couple of restarts.

Ran adw again, file rebuilds.

mrxsmb.22.sys       57 KB

NetFilter SDKWFPDriver (WPP)

Windows (R) Win 7DDK Provider

Rebuilds with todays date & restart time.

 

Running Nirsoft regscanner, Search criteria, mrxsmb22, I find 13 items. All matching the correct date. Running as Admin deleted 7 of 13, leaving 6 unable to delete. Then moving to desktop, was able to Delete 6 more leaving one. Ran as Admin again, all gone. Restart mrxsmb22 remains on Desktop & back in System32/drivers. Regscanner ran again locating one, the desktop icon. Ran adw, now the System32/drivers & desktop mrxsmb22 are gone. Ran regscanner, one stubborn located: HCKU\Software\Microsoft\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$$windows.data.taskflow.shellactivities\Current ;                              Apppears with todays date & keeps building new times. Ran regscanner deleted. Ran adw, no unwanted elements found. Regscanner still reveals the above entry.                                                                                                                                                                                                                             Am I OK? Is there any way to get rid of it? Why does it keep building new times?                                                                                                     Regscanner made 5 BAK files how long do I need to save them?

Can't create a system restore past 2 weeks. Is there a way? I believe no.                                                                                                                                  I like running JRT weekly because it likes making Restore Points. It would be nice if adw, could do the same.

Are there any other Paid or Free Programs to handle any of the processes?

Would reset this PC, with files; delete unwanted elements?                                                                                                                                                      Or complete wipe? If so will a program to make an image, bypass the problem, which program would you recomend?