Backup the combofix folder before doing anything

CFDQ-UsrPrf.exe

Running CFDQ-UsrPrf.exe restored all the missing files.

1. The cfscrpit method starts combofix again.
2. I did not let it run to the end to see if it completed the de-quaratining as per instructions. This needs looking at.
3. The combofix said stage1 and stage 2 when i cancelled it because i thought it was going to run again. It could of been this that restored the files because a text file appeared showing de-quaratine success.

I need to check this on a vmmachine with the clients hdd on it. and really play

ComboFix Notes

• when it deletes a file it puts it in the quaratine. this should be renamed to quaratining the file not delteing.
• when you run combo fix a secondtime there is a possibility it appends to the quaratine

Links

• Restore files from ComboFix quarantine - General Security