AdwCleaner after Patch Tuesday, Windows Update, updated to 16299.192, from 16299.125.

# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 09 19:26:36 2018 # Updated on 2017/21/12 by Malwarebytes  # Database: 01-08-2018.1 # Running on Windows 10 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support

***** [ Files ] *****

PUP.Optional.NetFilter, C:\Windows\SysNative\drivers\mrxsmb22.sys

Rebooted to delete. Ran adw again, above mrxsmb22.sys remains.

Open Source Portable Search Programs, Everything & CSearcher also located.

Re: PUP \SysNative\drivers\mrxsmb22.sys

Greetings,

Thanks for the feedback. We’ll investigate and I will get back to you as soon as possible.

Regards.

Re: PUP \SysNative\drivers\mrxsmb22.sys

SysNative, means System32.

I found it here:

C>Windows>System32>drivers

Name                     Size

mrxsmb.22.sys       57 KB

And

C\AdwCleaner\Quarantine\

I then tracked it thru Manic Time to the exact time in seconds and found what happened at that time as confirmed adw, installer wnd.

What this was is a fake Cedrick Collomb Portable. Unlocker is only an Install.

Would not delete manually.

ThisIsMyFile Portable would not get rid of.

Had to use Cedrick Collomb Unlocker. When installing you must do the Custom Install to avoid the Delta Toolbar. Delete & Restart did not remove. Used Unlocker again with command to move to Desktop, Delete and Restart, from desktop. Deleted from Quarantine. Restart mrxsmb22.sys rebuilds back to, C/Windows/System32/drivers. Attempt same process renaming file, did not work.

No Blue Screen of Death on a couple of restarts.

Ran adw again, file rebuilds.

mrxsmb.22.sys       57 KB

NetFilter SDKWFPDriver (WPP)

Windows (R) Win 7DDK Provider

Rebuilds with todays date & restart time.

 

Running Nirsoft regscanner, Search criteria, mrxsmb22, I find 13 items. All matching the correct date. Running as Admin deleted 7 of 13, leaving 6 unable to delete. Then moving to desktop, was able to Delete 6 more leaving one. Ran as Admin again, all gone. Restart mrxsmb22 remains on Desktop & back in System32/drivers. Regscanner ran again locating one, the desktop icon. Ran adw, now the System32/drivers & desktop mrxsmb22 are gone. Ran regscanner, one stubborn located: HCKU\Software\Microsoft\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$$windows.data.taskflow.shellactivities\Current ;                              Apppears with todays date & keeps building new times. Ran regscanner deleted. Ran adw, no unwanted elements found. Regscanner still reveals the above entry.                                                                                                                                                                                                                             Am I OK? Is there any way to get rid of it? Why does it keep building new times?                                                                                                     Regscanner made 5 BAK files how long do I need to save them?

Can't create a system restore past 2 weeks. Is there a way? I believe no.                                                                                                                                  I like running JRT weekly because it likes making Restore Points. It would be nice if adw, could do the same.

Are there any other Paid or Free Programs to handle any of the processes?

Would reset this PC, with files; delete unwanted elements?                                                                                                                                                      Or complete wipe? If so will a program to make an image, bypass the problem, which program would you recomend?

Re: PUP \SysNative\drivers\mrxsmb22.sys

Hello,

First of all sorry for the late answer.

So, "SysNative" is in fact redirecting to System32. This meens that "mrxsmb22.sys" is reappearing after the clean process.

Can you try with Malwarebytes as well?

Let me know if you need some more details.

Regards.

Re: PUP \SysNative\drivers\mrxsmb22.sys

Just did another search, the last trace of it is no longer found. All gone. Did completly nothing, the last one went away on its own. 

I don't use Malwarebytes after the huge changes. Count on Adw, JRT,  & MBAE. I hope you live long, so Corporate won't take control.

 

My other questions, which can help other Users:

System Restore Point. Was taking up to much space for Microsoft, so they cut its abilities. Appears you have to use 3rd Party, Restore Point Creator. You must make it ahead of time before your future problems. If you made one the 1st of every month, delete the old, could be an alternative? Would be nice if their was away to save JRT's Restore Point manually. Who are the people on this team? Could you ask them about saving a Restore Point?

Reset This PC with files. Will all traces of unwanted elements be gone? Or do you need a complete wipe? If so will a program to make an image, bypass the problem? Which program would you recomend?

I used some wondeful programs to asssit me in my handling. What other Paid and Free Programs do you know of to handle any of the processes?

Re: PUP \SysNative\drivers\mrxsmb22.sys

Hello,

I don't use Malwarebytes after the huge changes. Count on Adw, JRT,  & MBAE. I hope you live long, so Corporate won't take control.


Honest1, 2018-01-28 21:29:17 (UTC)

What "huge changes" are you referring to?

System Restore Point. Was taking up to much space for Microsoft, so they cut its abilities. Appears you have to use 3rd Party, Restore Point Creator. You must make it ahead of time before your future problems. If you made one the 1st of every month, delete the old, could be an alternative? Would be nice if their was away to save JRT's Restore Point manually. Who are the people on this team? Could you ask them about saving a Restore Point?


Honest1, 2018-01-28 21:29:17 (UTC)

System restore points are still available, take a look at the "How to create a system restore point" page => https://support.microsoft.com/en-us/help/4027538/windows-create-a-system-restore-point

If you're using an SSD, Windows won't automatically create restore points though.

JRT has been discontinued (the end of its maintenance-updates only state was scheduled on Oct. 2017) - https://www.malwarebytes.com/junkwareremovaltool/

Reset This PC with files. Will all traces of unwanted elements be gone? Or do you need a complete wipe? If so will a program to make an image, bypass the problem? Which program would you recomend?

I used some wondeful programs to asssit me in my handling. What other Paid and Free Programs do you know of to handle any of the processes?


Honest1, 2018-01-28 21:29:17 (UTC)

The Reset This PC feature, when used with the Keep My Files options will essentially perform a fresh install of Windows 10 while keeping all your data intact - except for the desktop applications that you may have installed yourself.

Regards.

Re: PUP \SysNative\drivers\mrxsmb22.sys

The decison in Version 3, Malwarebytes became to bloaty & buggy. I see people running Version 2 on Windows 7.

Now the decsion to end JRT with no more updates. Running JRT 8.14, everytime it manually creates a restore point for you. I have a HD/SSD, works fine for Restore Point. Create a restore point right now, is for right now.

Reset This PC with Keep My Files, Applications needing reinstalling. The ammount of time & labor for me is esentialy the same. The time to get WIndows Updated, could be faster keeping all your data. Other options would be testing 3rd Part Backup Image Restore Software.