Hi lets see if this will help (courtesy LiquidTension )
Previous Versions- Right-click the file/folder and click Properties.
- Click Previous Versions.
- This tab will list all copies of the file and the date they were backed up.
- To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
- If you wish to restore the selected file and replace the existing one, click Restore
- If you wish to view the contents of the file before restoring, click Open.
ShadowExplorer- Please download ShadowExplorer and save the file to your Desktop
- Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract
- Right-Click ShadowExplorer.exe and select http://Run as administrator to run the programme.
- You will see a drop-down menu with the shadow copies of all partitions and disks present.
- Click C:\ from the drop-down menu.
- To the right, pick a date prior to the infection from the drop-down menu.
- To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.
File Recovery SoftwareFile Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.
Then we can start cleaning however dependant on the version of the malware will determine if you can recover any data
Please download
Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Select additions at the bottom
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please attach both logs generated.