151 replies to this topic

[PattiChati]

I put in your link above and it said file not found. Was it the pictures were infected? I remember it saying something about backups, which I did screw most of them up and they wouldn't work except one. There has got to be a way to get the pics back without bringing infect4ed files back isn't there. I am finding them all over the placer and in no order, but haven't a clue how to find the rest of them and then get them all in one place. I have always had trouble with duplicates of pictures, like 4 of a kind. They should also be on my flash drives and it is all of the same group of pics/

[jeffce]

Hi Patti,

I put in your link above and it said file not found.

I'm not sure what you mean by this? I don't think that the pictures themselves are infected but there is something in those files that is. We can work around getting those cleaned up but let's get your pictures back onto your system.

Did you find the file C:\Qoobox\Quarantine\ComboFix-quarantined-files.txt? Please copy/paste the information within ComboFix-quarantined-files.txt here so I can restore the files.

[PattiChati]

Was I supposed to put C:\Qoobox\Quarantine\ComboFix-quarantined-files.txt in the URL address box? Because I did and it said no file was found

[PattiChati]

This is all I could find, is this it, I hope? 2012-09-01 18:43:00 . 2012-09-01 18:43:00 192 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AddressBookReminderApp.reg.dat 2012-09-01 18:41:12 . 2012-09-03 20:33:05 4,350 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-09-01 18:35:29 . 2012-09-03 20:28:57 237 ----a-w- C:\Qoobox\Quarantine\catchme.log

[jeffce]

Hi,

Let's do it this way...

SystemLook

• Right-click and Run as Administrator SystemLook.exe to run it.
• Copy the content within the following codebox into the main textfield:
  

  :dir
  C:\Qoobox\Quarantine /s

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[PattiChati]

I am lost at this point. what am I typing where and doing the system lock? I don't even know how I found the info I gave you in post 49

[PattiChati]

SystemLook 30.07.11 by jpshortstuff Log created at 11:51 on 04/09/2012 by Patty Administrator - Elevation successful ========== dir ========== C:\Qoobox\Quarantine - Parameters: "/s" ---Files--- catchme.log --a---- 237 bytes [18:35 01/09/2012] [20:28 03/09/2012] C:\Qoobox\Quarantine\C d------ [18:38 01/09/2012] C:\Qoobox\Quarantine\Registry_backups d------ [18:30 01/09/2012] HKLM-Run-AddressBookReminderApp.reg.dat --a---- 192 bytes [18:43 01/09/2012] [18:43 01/09/2012] tcpip.reg --a---- 4350 bytes [18:41 01/09/2012] [20:33 03/09/2012] -= EOF =-

[jeffce]

Hi,

Ok let's slow down a bit.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
-------

• Once you have saved it to your Desktop right-click and Run as Administrator SystemLook.exe to run it.
• Now copy/paste the content of the following codebox into the main textfield of SystemLook (I have attached a picture of what you should see when it is correctly pasted to SystemLook):
  

  :dir
  C:\Qoobox\Quarantine /s

• Once you see on your system what I showed you in the picture I attached, click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Attached Files

•  syslook.bmp   585.67KB   240 downloads

[PattiChati]

JUST A LITTLE PANICKY LOSING A COUPLE THOUSAND PICTURES!! SystemLook 30.07.11 by jpshortstuff Log created at 12:10 on 04/09/2012 by Patty Administrator - Elevation successful ========== dir ========== C:\Qoobox\Quarantine - Parameters: "/s" ---Files--- catchme.log --a---- 237 bytes [18:35 01/09/2012] [20:28 03/09/2012] C:\Qoobox\Quarantine\C d------ [18:38 01/09/2012] C:\Qoobox\Quarantine\Registry_backups d------ [18:30 01/09/2012] HKLM-Run-AddressBookReminderApp.reg.dat --a---- 192 bytes [18:43 01/09/2012] [18:43 01/09/2012] tcpip.reg --a---- 4350 bytes [18:41 01/09/2012] [20:33 03/09/2012] -= EOF =-

[jeffce]

Hi Patti,

I see you posted this in the Other Software forum >>

I have used shadow explorer to find something before, now today I accidentally deleted my photos and went to my shadow

When exactly did you lose your pictures??

[PattiChati]

I think I noticed it yesterday..I had all the photos in two different places, so I deleted one place and it deleted all of them. I went to my external drive and went to pictures and just one set of "camping" pictures were there.

[jeffce]

I had all the photos in two different places, so I deleted one place and it deleted all of them

Have you looked simply in the Recycle Bin to see if they are there still?
-----------

Please Patti read post #4 again where I wrote

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

[PattiChati]

I looked in the recycle bin immediately and there was nothing there. Are you familiar with the program shadowexplorer

[jeffce]

Are you familiar with the program shadowexplorer

No I am sorry I am not familiar with it.

What malware related problems are you still having?

[PattiChati]

None that I know of. Were you able to restore those backups