Adlice forum

Software feedback => RogueKiller PREMIUM => Topic started by: zutjpc1 on December 21, 2015, 06:17:06 PM

Title: killer do not erase a file
Post by: zutjpc1 on December 21, 2015, 06:17:06 PM

Hi Curson
It's 15 days that roguekiller could'nt erase the file, my win7 64 bits is not virtualized but I have a multiboot and a virtual drive.

Sincerely JP Claudel

Title: Re: killer do not erase a file
Post by: Curson on December 21, 2015, 07:56:23 PM

Hi JP Claudel,

Please download Farbar Recovery Scan Tool (x64) (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save it to your Desktop.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please attach log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
  

Regards.

Title: Re: killer do not erase a file
Post by: zutjpc1 on December 22, 2015, 08:42:14 AM

Hi Curson, file executed, here are both files done.
Sincerely JP Claudel

Title: Re: killer do not erase a file
Post by: Curson on December 22, 2015, 09:01:36 PM

Hi JP Claudel,

Your system seems damaged.

Quote

Error: (12/22/2015 07:29:17 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: CLAUDEL-PC)
Description: Windows ne peut pas vous ouvrir une session car votre profil ne peut pas être chargé. Vérifiez que vous êtes connecté au réseau et que le réseau fonctionne correctement.

 DÉTAIL - Seule une partie d’une requête ReadProcessMemory ou WriteProcessMemory a été effectuée.

Error: (12/22/2015 07:29:17 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: L’appel LoadUserProfile a échoué avec l’erreur :
%%299

Error: (12/22/2015 07:26:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
fwdrv
khips

Please keep in mind that the repair process described below won't solve this

Uninstall the following software using Add/Remove programs :

Quote

SpyHunter

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Regards.

Title: Re: killer do not erase a file
Post by: zutjpc1 on December 23, 2015, 04:07:07 PM

Hello Curson,

My system is not damaged, I use Eset Smart security and make a fake name in case somebody still the computer and when the computer is log on the net, it  can be see with IP adress and give the geographic position.

I am connected by Lan on my job! and this file still there 852B5DBA012429CE.ads!?!

I will be out the net until monday 28th.

Happy Christmas
JPC

Title: Re: killer do not erase a file
Post by: Curson on December 23, 2015, 08:59:23 PM

Hi JP Claudel,

I need the fixlog.txt file. Could you please attach it in your next reply ?
Happy Christmas to you.

Regards.

Title: Re: killer do not erase a file
Post by: zutjpc1 on December 24, 2015, 12:52:22 AM

Hi Curson,

I had to go back on my saveguard from yesterday because about I had *.Bak file in the register (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList)that i modify, mistake from my part, so I have 3 files to propose you.

Happy Christmas
JPC

Title: Re: killer do not erase a file
Post by: Curson on December 28, 2015, 12:20:10 PM

Hi JP Claudel,

What happened ?
Please generate a new RogueKiller report and attach it wih your next reply.

Regards.

Title: Re: killer do not erase a file
Post by: zutjpc1 on December 28, 2015, 06:09:12 PM

Hi Curson!

tell me if you need more!
Regards
JPC

Title: Re: killer do not erase a file
Post by: Curson on December 30, 2015, 03:43:55 PM

Hi JP Claudel,

These ADS are legit.
It's difficult to determine their function but the source must be a security software.
You can now safetly remove FRST and the files related.

Regards.

Title: Re: killer do not erase a file
Post by: zutjpc1 on December 30, 2015, 04:23:15 PM

Hi Curson,

Pb Resolved, I download ADSspy.exe on "assiste.com" restart the computer in "Safe Mode without network" and start ADSspy and removed It without Pb, because in admin mode I coul'nt erase it bescause it was Used by the system!?!
I don't know.

Sincerely, I Thank you for your help! and have a good year 2016.
JP Claudel

Title: Re: killer do not erase a file
Post by: Curson on December 30, 2015, 06:55:13 PM

Hi JP Claudel,

You are welcome.
I'm glad to hear your problem is now solved.

Good year 2016 to you. :)
Regards.