The detected _restore{GUID}\
RP***\
A00*****.xxx file(s) identified by your scan are in the
System Volume Information Folder (SVI) which is a part of
System Restore. The
*** after RP represents a sequential number automatically assigned by the operating system. The
***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:
System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points can be used to "
roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See
What's Restored when using System Restore and What's Not.
System Restore is
enabled by default and will
back up the good as well as malicious files, so when malware is present on the system it gets included in restore points as an
A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probably has been removed. However, when you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (in System Restore points) and moved into quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is
safely held there and no longer a threat. Thereafter, you can
delete it at any time.
If your anti-virus or anti-malware tool cannot move the files to quarantine, they sometimes can reinfect your system if you accidentally use an old restore point. In order to avoid reinfection and remove these file(s) if your security tools cannot remove them, the easiest thing to do
after disinfection is
Create a New Restore Point to enable your computer to "
roll-back" to a clean working state and use
Disk Cleanup to remove all but the most recent restore point.
Vista and
Windows 7 users can refer to these links:
Create a New Restore Point in Vista or Windows 7 and
Disk Cleanup in Vista.
If your anti-virus or anti-malware tool
was able to move the file(s), I still recommend creating a new restore point and using disk cleanup as the last step after removing malware from an infected computer.
The detected files in Qoobox\Quarantine are threats previously removed by ComboFix, copies renamed and sent to its quarantine folder. ComboFix is a specialized tool you should not be using unless instructed to do so by a Malware Removal Expert. Please read the pinned topic
ComboFix usage, Questions, Help? - Look here.
When an anti-virus or security program
quarantines a file by moving it into a virus vault (chest) or a dedicated quarantine folder where it is renamed, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is
safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "
false positive" especially if the scanner uses
heuristic analysis technology. Heuristics is the ability of a scanning program to detect
possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer.
Quarantine is just an added safety measure. When the quarantined file is
known to be malicious, you can
delete it at any time.
Keep in mind, however, that if these files are left in quarantine, other scanning programs and security tools may flag them as a threat while in the quarantined area so don't be alarmed if you see such an alert. Just delete the quarantined items after confirming they are malware and subsequent scans should no longer detect them.
To uninstall ComboFix, press the
Windows Key + R keys on your keyboard or go to

>
Run... and in the Open dialog box, type:
ComboFix /Uninstall
- Press OK.
- This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
--
Vista users, users can refer to these instructions:
How to Enable Run Command in Vista