Using OSForensics again,
I found it here:
mrxsmb.22.sys 57 KB
I then tracked it thru Manic Time to the exact time in seconds and found what happened at that time as confirmed adw, installer wnd.
What this was is a fake Cedrick Collomb Portable. Unlocker is only an Install.
Would not delete manually.
ThisIsMyFile Portable would not get rid of.
Had to use Cedrick Collomb Unlocker. When installing you must do the Custom Install to avoid the Delta Toolbar. Delete & Restart did not remove. Used Unlocker again with command to move to Desktop, Delete and Restart, from desktop. Deleted from Quarantine. Restart mrxsmb22.sys rebuilds back to, C/Windows/System32/drivers. Attempt same process renaming file, did not work.
No Blue Screen of Death on a couple of restarts.
Ran adw again, file rebuilds.
mrxsmb.22.sys 57 KB
NetFilter SDKWFPDriver (WPP)
Windows (R) Win 7DDK Provider
Rebuilds with todays date & restart time.
Running Nirsoft regscanner, Search criteria, mrxsmb22, I find 13 items. All matching the correct date. Running as Admin deleted 7 of 13, leaving 6 unable to delete. Then moving to desktop, was able to Delete 6 more leaving one. Ran as Admin again, all gone. Restart mrxsmb22 remains on Desktop & back in System32/drivers. Regscanner ran again locating one, the desktop icon. Ran adw, now the System32/drivers & desktop mrxsmb22 are gone. Ran regscanner, one stubborn located: HCKU\Software\Microsoft\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$$windows.data.taskflow.shellactivities\Current ; Apppears with todays date & keeps building new times. Ran regscanner deleted. Ran adw, no unwanted elements found. Regscanner still reveals the above entry. Am I OK? Is there any way to get rid of it? Why does it keep building new times? Regscanner made 5 BAK files how long do I need to save them?
Can't create a system restore past 2 weeks. Is there a way? I believe no. I like running JRT weekly because it likes making Restore Points. It would be nice if adw, could do the same.
Are there any other Paid or Free Programs to handle any of the processes?
Would reset this PC, with files; delete unwanted elements? Or complete wipe? If so will a program to make an image, bypass the problem, which program would you recomend?