What type of virus would randomly rename a file or folder?

July 18, 2016 at 12:12:27
Specs: Windows 7
What type of virus would rename a picture file from something like picture01.jpg to something like this:

5B53F30FCB098D9255D5914DC62CE592.E5DB1

and how do I recover the file back to it's original name and file type?


See More: What type of virus would randomly rename a file or folder?

Report •

#1
July 18, 2016 at 13:33:37
Might not be a virus but some sort of corruption.

Have you tried copying it somewhere then manually renaming the copy to something like picture.jpg to see if it then opens normally?

Always pop back and let us know the outcome - thanks


Report •

#2
July 18, 2016 at 13:49:16
Not yet I haven't. There are a lot of files that suddenly got renamed and we have no idea why. They include picture files, MS Office files, videos etc. Just about every file has been renamed by something. There are a few critical ones that we want to find and recover the latest version. Many of the pictures we can probably recover from backup files.

Report •

#3
July 18, 2016 at 14:39:19
If you want to do a virus check these three free programs are a good start. Run them in the order given:

AdwCleaner:
https://toolslib.net/downloads/view...
(blue "Download Now" button on right).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

Junkware Removal Tool (JRT)
https://www.malwarebytes.org/junkwa...
(blue Download button).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
https://www.malwarebytes.org/
(use the "download" button rather than the "buy" button).
Install and Run the program but before running the Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Please copy/paste the logs on here.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
July 18, 2016 at 15:29:37
I've run AV scan on the whole computer plus a rootkit scan. The rootkit scan returned nothing. The whole computer scan only returned two hits. One was a corrupted executable file and the other was the Luhe.Fiha.A virus.

I also tried renaming one of the files to try to open it with a couple of programs that might have worked and neither one was able to read the file.

I really want to figure out what happened and be able to recover the files. At this point it's looking like I may have to take it in to someone who can do it for me.


Report •

#5
July 18, 2016 at 15:48:04
It's also possible (akin to what Derek mentioned), that the hard drive itself is failing. The corruption may be due to disk errors caused by a failing drive. If there are any files/folders you need to maintain (that can still be read), then back them up immediately.

"Channeling the spirit of jboy..."


Report •

#6
July 18, 2016 at 16:48:33
I guess you could try this on it (although the files are obviously not deletions):
https://www.piriform.com/recuva

Also someone did very well with this one (against all odds):
http://www.z-a-recovery.com/downloa...

As an aside, just for info, the programs in my #3 were specifically chosen because they often unearth what anti-virus programs miss (whichever ones folk happen to use).

Always pop back and let us know the outcome - thanks


Report •

#7
July 18, 2016 at 17:01:43
To me it looks like they have been encrypted, you may eventually receive an ransom note.

Go back to a previous restore point.

How To Start System Restore From the Command Prompt
http://www.tech-recipes.com/rx/2022...
http://www.wikihow.com/Do-a-System-...
http://windows.microsoft.com/en-au/...
http://pcsupport.about.com/od/fixth...
Applies To: The System Restore command is the same in all versions of Windows so these instructions apply equally to Windows 8, Windows 7, Windows Vista, and Windows XP.

Lazesoft Recovery Suite Home Edition
http://www.softpedia.com/get/System...
http://www.lazesoft.com/lazesoft-re...
Screenshot ( SS )
http://i.imgur.com/c9viJO4.gif
http://fs5.directupload.net/images/...
Lazesoft Recovery Suite Home Edition video tutorial
https://vimeo.com/106789683

Go into the bios & change the boot order to the usb stick.

When it boots to the Recovery screen, go to the far right tab > Repair tools.
Select Command Prompt.
How to Use Windows System Restore from Command Prompt
http://windows.microsoft.com/en-au/...

ShadowExplorer is another tool to try.
http://www.bleepingcomputer.com/vir...


Report •

#8
July 18, 2016 at 17:40:53
I'm working my way through the list. Here's the log for ADWCleaner


# AdwCleaner v5.201 - Logfile created 18/07/2016 at 17:29:26
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-18.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ashley - ASHLEY-PC
# Running from : C:\Users\Ashley\Downloads\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\Partner
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[-] Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
[-] Folder Deleted : C:\Users\Ashley\AppData\LocalLow\Inbox Toolbar

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****

[!] Shortcut Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk
[!] Shortcut Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk
[!] Shortcut Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
[-] Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
[-] Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer
[-] Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Inbox Toolbar
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\Inbox Toolbar
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3397 bytes] - [18/07/2016 17:29:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [3724 bytes] - [18/07/2016 17:24:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3543 bytes] ##########


Report •

#9
July 18, 2016 at 17:51:31
"I'm working my way through the list"
Very good, you do have adware issues, before doing my post #7, finish post #3 & then do this.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#10
July 18, 2016 at 17:58:01
Here's the log from the JRT from Malwarebytes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Ashley (Administrator) on Mon 07/18/2016 at 17:43:55.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 90

Successfully deleted: C:\Users\Ashley\AppData\Local\{01581DA7-7904-4D51-991B-260B8F194B34} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{04F841B9-E279-4519-96F8-C8321BF77A92} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{066F8FCF-9BF0-43C8-9A86-6E17CA676575} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{0727D5A6-9769-4CBC-9EFB-0455037CC01F} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{0925A73A-714A-4203-9887-D73B059D8795} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{0D790C3D-16AE-49E1-976E-473792AD6B61} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{14F67DA5-2FF4-457C-B330-F6F3D6AA8F4B} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{1639017C-C234-400B-9D7C-89DEEE6E1167} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{199E9AE2-A160-4187-8795-D4E0DDFCD06F} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{22A8DC7C-CF79-4BD7-97E1-A818EA923E64} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{231D8597-5C42-4E44-B0D6-D8F378CC7A9E} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{250FC6AA-2F6A-4F3A-920B-7CA1E60ED65E} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{25515328-5D4E-44C0-912D-1E1B58A26FDB} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{27B02BF4-F337-4011-9646-7BBD165A0F26} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{28CBCAC6-E019-4E7F-AE11-2088E8DB476D} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{2AD6E584-DF82-4753-8629-C92B76499BB6} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{2D2938FE-B354-4634-87C9-02A804929864} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{30926989-45B7-4CBA-B0F7-620F4F15199A} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{37B6F9BF-7100-4666-B7D5-36983464084B} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{3A05D629-AD50-44A2-9B50-957620E32D8E} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{3EC96651-23AF-4B28-BF3F-0E768E44BB3B} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{4536691F-761E-47BA-B03B-3B377D417487} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{45E2DB03-4390-4EFD-B7B7-D87643CBA6CD} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{46064262-54A0-4925-9FE0-1CBA5DB8EEC2} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{4A803334-F386-4C34-A238-472CE8DAD170} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{4C1468A3-8EB7-4C87-98A8-2DA7DD0E6892} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{54772F65-428A-4039-9DE3-68B02E90D014} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{54971C74-E995-4BAB-95E5-701DAF60CF0D} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{5DA07EDA-9A48-4309-BFA4-BEB2015A7697} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{5EECE6EE-F806-4BAE-9CBA-181FF7E2E788} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{62E20EF6-A27D-46C6-80D3-F545BF2777B4} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{64656A7B-B9C0-42DF-B984-0E7A4C5768E2} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{64EA9470-3316-4541-A312-C946CC6FFF98} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{678F9B5F-92E4-4AD7-BB68-9D362E12AF09} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{68701C54-278D-48FA-9E4A-7FB8DD0B8FB0} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{6BBD80E1-0CF4-4F56-88CF-16934803168B} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{6DCE9F88-2E47-4ED3-976A-94D5F9738993} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{6F1463CC-1AF5-4E1D-BDE2-37432172705D} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{773014AE-0237-4129-BB03-44B4BBEA5542} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{89984EFA-B365-4272-9D56-82FE5C961AC2} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{8EF83F9B-16BA-4312-A4C9-4D6F0D8EA484} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{90A37279-361D-4169-A815-9403CE4AD0E2} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{920E5726-AAA8-4EBC-9D79-5A3B139A1FA5} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{94F251E6-8879-4CA0-A574-5E6A05F604E9} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{95BFA7D9-D3C3-4D1C-98C6-67B0C6AE705B} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{A0441E3C-0BB0-4772-BECF-6E5DD47DB078} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{A2EE213B-EF7B-4D2E-8F28-D2E2C3919231} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{A5B07BDD-0741-47BB-9B59-9EDC7989ED5A} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{A64E7EA6-4A94-4DA2-8724-E4526C62B405} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{B564F305-A445-4F62-A8BA-CDB8276C4BF3} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{BCFB2D98-FECD-4001-ACCF-D693903C9DD9} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{C0C2E2B8-BC6D-4B6F-BCA4-D7338587D003} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{C410A0FD-E6BE-42B6-94AF-4D3E89E76CBC} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{C49ED7F9-2835-4B7E-84C7-A578346BF4E1} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{C516C230-7884-4A2A-A0F2-C4B5B1CD928C} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{CAEBE124-830E-440A-9A37-87FF25BFB2AC} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{CC395F17-07BF-48E2-A4F8-41244970DF2D} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{CCF654AB-36D9-436A-8E82-489D63D637EC} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{CF8A58E0-A5EA-4826-BDCC-84FB425C1EEC} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{D0E7C046-EE81-4943-BA69-C2DFA7EB7819} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{D4020C93-A114-4245-97C9-15301654D69B} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{D4986FFD-3038-4A3F-BF04-2AF1EB08C21F} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{DAC081AA-3470-4E4D-A5F0-71686344149D} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{DF84DBA0-D1B4-42C0-80C2-A59C5A7D1127} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{DFFBE4DC-7F2F-46F3-BBD8-51347444EC7D} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{E32C4F2D-C766-4B9E-9C98-93FE6FC2FDB1} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{E502A897-E4C4-4F3D-960D-F6EDFF6435A3} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{E70F9D70-E1CD-44DC-8E56-0AB212E73AF3} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{E76DCA6F-EA39-47C2-B58D-0D9FEDCA480F} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{EA315B77-D3A6-4058-B956-14B8C180D3C5} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{ED6770F1-0CC7-48F4-BB9F-58AA8BECBDA9} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{F6B64574-F59F-4020-97F0-280BF960442B} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{F8E4CCCA-4F6B-4264-8487-C76222205F14} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\{FFCDAAF0-A1C7-4F11-9126-20BDCD4953B0} (Empty Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Y7P93ZT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35Q3J7AQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GN8DYZOD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4HLA3ZA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Y7P93ZT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35Q3J7AQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GN8DYZOD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4HLA3ZA (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/18/2016 at 17:54:20.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#11
July 19, 2016 at 04:54:20
Fine, awaiting the others when you are ready.

Always pop back and let us know the outcome - thanks


Report •

#12
July 19, 2016 at 16:37:36
I ran the malwarebytes AV and it found and deleted three files. I couldn't find the log it produced.

I moved on and tried the Zar recovery, but it didn't do anything but make a copy of the files in a new folder. It did show that only one sector on the hard drive was bad. Everything else was good.

I'm now running the recuva software to see what it can do.


Report •

#13
July 19, 2016 at 16:51:53
"I couldn't find the log it produced"
Paste the contents of the clipboard into your reply.
http://fs5.directupload.net/images/...

You are not clean yet.
Refer my post #9


Report •

#14
July 19, 2016 at 18:02:12
The Recuva software managed to locate some of the files we were looking for and I had it recover them to another drive. Unfortunately, MS Word was not able to open any of the files saying that they were all corrupted.

I'm moving on to try a system recovery.


Report •

#15
July 19, 2016 at 18:12:12
"I'm moving on to try a system recovery".
Do you mean System Restore (Windows)?

Anything more risks your file recovery.

Always pop back and let us know the outcome - thanks


Report •

Ask Question