151 replies to this topic

[jeffce]

Were you able to restore those backups

Was it you on your own that had deleted those photos? I need to understand what you were trying to tell Lee at the Windows forum here.

[PattiChati]

Yes, I deleted just one set of pictures, so I thought. Then I quick wrote Lee since he was going to help me back things up correctly after xspybot was gone. I am so panicky, I just wanted to make sure they could be found again. I told him I was still working with you. But knowing your expertise was spyware and not backup or lost files.

[jeffce]

Hi Patti,

Press your Start button >> go to Computer >> C drive >> Qoobox >> ComboFix-quarantined-files.txt <<========= Does this file exist?

[PattiChati]

yes, it doesn't have the .txt behind it but it is a txt file. I opened it and there are only about 6 lines in it

[jeffce]

Copy and paste those lines into your next reply so I can see what they are.

[PattiChati]

2012-09-01 18:43:00 . 2012-09-01 18:43:00 192 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AddressBookReminderApp.reg.dat 2012-09-01 18:41:12 . 2012-09-03 20:33:05 4,350 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-09-01 18:35:29 . 2012-09-03 20:28:57 237 ----a-w- C:\Qoobox\Quarantine\catchme.log

[PattiChati]

I have to go out for about 2 hours, will then be right back here. Sorry about putting you through this by deleting the files, I didn't think of deleting pics like deleting a program.

[jeffce]

Sorry about putting you through this by deleting the files

No need to apologize to me Patti.

I have been looking over the logs that you have provided and I am not seeing where anything that we have done together has removed those pictures? I can't say for what it is that you did on your own unfortunately.

Go ahead and run a new scan with ESET and post the fresh log that is created when you get back.

Also....are you able to access your USB drive (thumb drive)?

[PattiChati]

That is the scan that took over 8 hours to run because it was working on the backup files for so long. Also, by usb drive, I am not sure where it is, I have the ports. Now when I run the eset report, can I still use my computer? Because otherwise I will run it over night. Thanks.

[PattiChati]

In my pictures folder I have 6 backups - access denied. Now how in blue blazes did they get there? What do I do with them. See, by removing stuff like that is probably where I get in trouble, put what and how and why are they there? So frustrating/

[PattiChati]

A screen just popped up and said "recycle bin for this drive is corrupted, do you want to empty it". There isn't anything in it. You know, I am looking around the computer and I am finding pictures all over the place. A lot of the same, but a lot different. I don't understand this.

Edited by PattiChati, 04 September 2012 - 03:02 PM.

[jeffce]

Hi Patti, Right now I don't want you to worry about anything but saving your pictures that you can find. Forget about ESET...we can come back to that. I want you to scour your system (since you seem to be finding pictures everywhere) and save them to a CD/DVD. That is a very stable way to store your pictures and we know that they won't accidentally be removed. I want you to make a couple of copies so that you have more than just one. Once you have that finished let me know....there is no time line for us to finish so take your time and find all of them that you can.

[PattiChati]

I do have a 16 gb flash drive, but so many of the pictures I am finding all over are the same pics. Once I get all the pics figured out then I will put them a a new flash drive. I also have a couple of other flash drives, but when I put them in the computer, isn't something supposed to pop up on my screen? I have to go into "computer" and click on the disposable storage. I backed up with Macrium reflect and I don't know if I even know how to see what is on there correctly, or if I backed up correctly. Because if I backed up before I lost my pictures, they should be there if other stuff is. But I am not recognizing what is there and access is denied to everything. My documents and finances and everything should be on the backup, shouldn't it? But here is the ESET report. It looks like it is the same threats, can we not remove them? C:\Users\Patty\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application J:\Feb 8 12\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 3.zip probably a variant of Win32/TrojanDownloader.Whizelown.I trojan J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-12-04 121605\Backup files 1.zip multiple threats J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-12-11 113721\Backup files 1.zip multiple threats J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 2.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 3.zip multiple threats J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2012-01-08 082247\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 3.zip multiple threats J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 6.zip Win32/TuneUp360 application J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 3.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 3.zip multiple threats J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 2.zip HTML/ScrInject.B.Gen virus J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 4.zip HTML/ScrInject.B.Gen virus J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 6.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 10.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 11.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 9.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 2.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 6.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 7.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-08-12 092826\Backup files 1.zip a variant of Win32/InstallCore.D application J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 2.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 6.zip multiple threats J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 7.zip multiple threats J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-19 094208\Backup files 1.zip a variant of Win32/InstallCore.AG application J:\PATTY-PC\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 3.zip multiple threats J:\PATTY-PC\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 5.zip multiple threats J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 3.zip probably a variant of Win32/TrojanDownloader.Whizelown.I trojan J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 4.zip multiple threats J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 5.zip Win32/RegistryBooster application J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 6.zip Win32/TuneUp360 application

[jeffce]

I do have a 16 gb flash drive, but so many of the pictures I am finding all over are the same pics. Once I get all the pics figured out then I will put them a a new flash drive. I also have a couple of other flash drives,

That is fine but I would suggest putting them on CD/DVD as well as that is a more stable way to save data. For now though a flash drive will be fine.
----------

when I put them in the computer, isn't something supposed to pop up on my screen? I have to go into "computer" and click on the disposable storage.

What you are experiencing is a result of running ComboFix. The autorun feature is disabled as a security function so that any infection that may be on a flash drive or CD/DVD won't be automatically run. Disabling the autorun feature is now a suggestion of Microsoft as well. It is much safer to open the flash drive or CD/DVD manually so that you know what is running.
----------

access is denied to everything.

What do you mean by this?
----------

My documents and finances and everything should be on the backup, shouldn't it?

If you used Macrium Reflect correctly then I would say yes, but I am not sure what it is that you have done on your own since we started.
---------

It looks like it is the same threats, can we not remove them?

We tried to earlier but somehow the script was not run how I wrote it. We can come back to those and remove them later after you are able to get as many pictures found as you can.

[PattiChati]

When I go to Macrium reflecct and try to open a file that is on a backup there is says access is denied. Ihave not changed macrium or tried to backup or anything since we started. If you are familliar with macrium, could you walk me through EXACTLY how to get to pictures, because maybe I am not doing it th4e correct way. So what do you want me to do now? Go through my whole computer and backup all the pics? How do I do that? Put the flash drive in the computer and then how do I get pics on flash drive? I also just realized I have several flash drives in my drawer that are all full of pictures, so between everything, I might have all pics. If you fix the log problems, would I then go to someone else, or can you help me with the pics too?

Edited by PattiChati, 05 September 2012 - 08:38 AM.