Restore a deleted files after ComboFix removal

Hey all,
i hope this is the right forum to post in.

i've used combofix in a computer, and after that removed it through "combofix /uninstall" command.

i noticed, too late of course, that a folder located in appdata\roaming was deleted, and i need it bad.

i tried searching through "previous versions" of the roaming folder,
and also search the folder with Recuva and couldn't find the files.

I tried the CFDQ-UsrPrf.exe program, and got a message regarding a log
file that doesn't exist ( i guess was removed in the combofix uninstall process) and nothing was restored.

I then ticked "show hidden files" and the option to show system protected filed, and the QooBox folder is present in C: drive
but when i try to run the program above the 2nd time, i get :

Error 0x00007766 - aborting !

( all antivirus is disabled and i used "Run As admin" option )

any way to restore the files? i'm on win 7 64 bit

any help will be appreciated

thanks

 

Thank you for your reply my friend

as i can see - the qoobox folder is intact and contains a "BackEnv" folder
inside and a file called "Profiles.Folder.dat" and that's it.

heres a link to a rar file which contains combofix log and also dds logs
https://www.dropbox.com/s/9xa4nyiyx6fpcek/Desktop.rar?dl=0

the folder i need is "C:\users\arik\appdata\roaming\Tazrim"

thank you

 

Hey,
there is nothing in the qoobox folder besides the file i mentioned =\

i guess when uninstalling combofix the content is being erased?

any good data restoration program you recommend?

thanks

 

Hey friend
i've managed to restore QooBox original folder but couldn't find the folder "Tazrim" =\
(BTW, used getdataback, recuva didn't help)

you can see the files in the restored folder in the attachment

maybe there something to be done now? i just need 2 xml files that were in this folder :|

many thanks!

 

What do you mean by
" See if you give the full filepath in the Qoobox directory "
?
i didn't understood what should i be doing

thanks

 

Please forgive me for my ignorance - maybe its because english is not my native language -
i still didn't understand what to do.

Should i copy the restored qoobox folder back to C:\ drive?
Should i check to see if there's an xml files inside the Quarantine folder?

about the last one - i've checked, no xml files. only the ones in the image i posted -
catchme.log
RegistryBackup (folder)
MBR_Harddisk0.mbr

those are the files found in the folder.

on the other hand, in the "BackEnv" folder i see a file called "AppData.folder.dat"
maybe this could be helpful? because the files, as mentioned, were deleted from "appdata\roaming\tazrim" folder

thanks again !

 

Sorry for my ignorance but i still didn't understand what to do, i'm sorry english is not my native language.

Should i copy the recovered qoobox folder back to c: drive?

i checked the quarantine folder - no xml files is present. you can see all the files in that folder in the image i've posted two comments ago.

but i see backenv folder containing appdata.folder.dat - maybe that is helpful?
because the original files were under appdata\roaming folder.

thanks again!