Member Avatar for polopb6799

I noticed about 3 weeks ago that a bunch (not all) of my picture and video files are gone!! The folders I had them arranged in are still there, but there is nothing in them. I have been loosing my mind trying to figure out the problem. I have requested the assistance of 3 of my good computer buddies and nothing. I recently purchased DiskInternals Uneraser and it seems it found my old pictures from one folder, but not from the new path I had been using for about 3 months. I am extremely upset. Can anyone please help me to recover my files???? I already ran the please read before posting section and followed all directions. PLEASE, PLEASE can anyone help me?????

Is it possible to extract the files from the thumbs.db file???


Here are my requested logs:


Malwarebytes' Anti-Malware 1.28
Database version: 1155
Windows 5.1.2600 Service Pack 3

9/15/2008 2:23:25 PM
mbam-log-2008-09-15 (14-23-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 195651
Time elapsed: 1 hour(s), 18 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{5269d0c0-572b-445a-88ac-8c8843b6d42b} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69c1ef64-a396-4490-8849-52af7f7ec6e5} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{95e554e1-04f3-4d9b-a4e9-881dc420882b} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f5f40e25-cf4d-434e-a6ae-ed625ae87cab} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mpfanvqg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Janusware\ThumbsDb\ijl15.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP39\A0023575.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sherrie Metz\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sherrie Metz\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sherrie Metz\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.


ESET ONLINE SCANNER LOG:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3443 (20080915)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=5a27d035f3b9a94aa9f09cbe57e0d31f
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-09-15 08:12:51
# local_time=2008-09-15 04:12:51 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=352456
# found=0
# scan_time=5993

UNINSTALL LOG:

The only programs I did not recognize were the following:
Answer Works
Bonjour
Learn 2 Player

THANK YOU SO MUCH!!!

  • 3 Contributors
  • 2 Replies
  • 103 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by caperjack

Recommended Answers

All 2 Replies

Member Avatar for gerbil

Is it possible to extract the files from the thumbs.db file??? Thumbs.db contains only the low resolution thumbnails of your pictures that are displayed in explorer if you select that option in View.

Member Avatar for caperjack

The only programs I did not recognize were the following:
Answer Works=== has something to do corel or another program ,maybe
Bonjour===== is releated to I-Tunes
Learn 2 Player,= is a player installed with AOL or some other software maybe !

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.