New Folder Virus

Hello,

First of all, thank you for your site. I was able to remove many viruses that I had by reading your forums and downloading suggested programs. Worked when nothing else did! Great forum.

I have one last issue, what I believe is "new folder" virus. Whenever I boot up the computer I get folder after folder popping up. Once the computer finishes booting they stop popping up. I can then close them all and they won't return until the next reboot. There are some programs that are online that claim they remove this virus but I am worried that they are simply more viruses as the file is on different sites and different sizes (ie. 7.7 mb and 8.3 mb).

I have also downloaded and installed Microsoft Security Essentials, is this the best one? Do you recommend this or another one to protect my system?

Any help will be very much appreciated!

Thanks again,
Geoff

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

ComboFix 10-01-14.06 - HP_Administrator 15/01/2010 5:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1470.984 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
c:\documents and settings\HP_Administrator\Application Data\0200000064419859C.manifest
c:\documents and settings\HP_Administrator\Application Data\0200000064419859O.manifest
c:\documents and settings\HP_Administrator\Application Data\0200000064419859P.manifest
c:\documents and settings\HP_Administrator\Application Data\0200000064419859R.manifest
c:\documents and settings\HP_Administrator\Application Data\0200000064419859S.manifest
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\INSTALL.LOG
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1690789621-1034817131-943216132-1008
c:\windows\afecuhuh.dll
c:\windows\agaceris.dll
c:\windows\ahugugavopiwam.dll
c:\windows\apijehokonipuc.dll
c:\windows\apuzorijegozu.dll
c:\windows\asawepewapa.dll
c:\windows\awuliyojoqo.dll
c:\windows\axesiqaq.dll
c:\windows\ebisohunirum.dll
c:\windows\eduvugiy.dll
c:\windows\efufizosowuwule.dll
c:\windows\ehutozofan.dll
c:\windows\ejabuzix.dll
c:\windows\elorehegu.dll
c:\windows\eniwihepa.dll
c:\windows\exezaqawi.dll
c:\windows\ibabicitaqun.dll
c:\windows\icijebuqagetey.dll
c:\windows\ifexizuxawodafuv.dll
c:\windows\ifofaquz.dll
c:\windows\ipisaxogapoga.dll
c:\windows\iqojimonobap.dll
c:\windows\iwiwobeyitame.dll
c:\windows\iyodilakiz.dll
c:\windows\izojekumibol.dll
c:\windows\kb913800.exe
c:\windows\obuhabuc.dll
c:\windows\ocuvadazader.dll
c:\windows\omizuduqiyaloqe.dll
c:\windows\oqetapim.dll
c:\windows\oyenevozujitif.dll
c:\windows\system32\driVERs\vejlwom.sys
c:\windows\system32\ps2.bat
c:\windows\system32\warning.html
c:\windows\ubimanit.dll
c:\windows\ubunaduqiruhakuc.dll
c:\windows\udiganidesu.dll
c:\windows\ujimecusuramujo.dll
c:\windows\ukehujoj.dll
c:\windows\umerojewujo.dll
c:\windows\umeruburuyaxu.dll
c:\windows\uxuyajas.dll
c:\windows\uzuxawodaf.dll
c:\windows\WBDEK44I.DLL
C:\xcrashdump.dat
E:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_vejlwom
-------\Service_vejlwom


((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 10:45 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-15 01:52 . 2010-01-15 01:52 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-01-15 01:30 . 2010-01-15 01:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-01-15 00:45 . 2010-01-15 00:45 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IECompatCache
2010-01-15 00:44 . 2010-01-15 00:44 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE
2010-01-15 00:17 . 2010-01-15 00:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-15 00:12 . 2010-01-15 00:12 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
2010-01-14 23:46 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-14 23:46 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-14 23:46 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-14 20:38 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 20:37 . 2010-01-14 20:37 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-14 13:47 . 2010-01-14 13:47 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
2010-01-14 07:05 . 2010-01-14 06:43 10038728 ----a-w- c:\documents and settings\windows-kb890830-v3.3.exe
2010-01-14 06:16 . 2010-01-14 06:16 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Comodo
2010-01-14 06:16 . 2010-01-14 06:16 -------- d-----w- c:\program files\Comodo
2010-01-14 06:16 . 2010-01-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-01-14 05:03 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 05:03 . 2010-01-14 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-14 05:03 . 2010-01-14 05:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 05:03 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 23:50 . 2010-01-13 23:50 398696 ----a-w- c:\windows\WBDEG44I.DLL
2010-01-13 23:50 . 2010-01-13 23:50 151802 ----a-w- c:\windows\wwwnt34i.dll
2010-01-13 23:47 . 2010-01-13 23:47 -------- d-----w- c:\program files\Panda Security
2010-01-13 00:57 . 2010-01-13 15:45 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\QuickScan
2010-01-11 22:06 . 2010-01-12 22:06 27911 ----a-w- c:\windows\system32\49900LU80R.dat
2010-01-11 22:06 . 2010-01-12 22:06 1860 ----a-w- c:\windows\system32\KV9Y0L0ZJ.dat
2010-01-06 14:22 . 2010-01-06 14:22 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\{E425937E-6549-41D3-9187-3E3FA50701A4}
2010-01-03 23:33 . 2010-01-15 10:43 120 ----a-w- c:\windows\Tsogadagakus.dat
2010-01-03 23:33 . 2010-01-15 08:22 0 ----a-w- c:\windows\Pxewivamebopevub.bin
2009-12-16 15:52 . 2009-12-16 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 10:48 . 2009-11-05 05:59 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\uTorrent
2010-01-15 03:49 . 2008-06-06 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-15 02:13 . 2005-12-02 23:40 89512 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-14 21:07 . 2009-02-03 23:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-09 13:09 . 2005-12-03 00:09 -------- d-----w- c:\program files\Symantec
2010-01-09 03:24 . 2005-12-03 00:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-09 03:22 . 2005-12-03 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-29 20:25 . 2010-01-14 06:16 1143056 ----a-w- c:\documents and settings\All Users\Application Data\Comodo\AVScanner\DB\mach32.dll
2009-11-27 22:17 . 2009-11-13 19:38 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HpUpdate
2009-11-27 22:16 . 2005-01-25 01:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-11-25 15:25 . 2010-01-14 06:16 295184 ----a-w- c:\documents and settings\All Users\Application Data\Comodo\AVScanner\DB\pkann.dll
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 14:28 . 2009-11-21 14:28 79488 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-16 01:36 . 2005-08-31 12:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-16 01:36 . 2009-11-16 01:36 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-11-16 01:36 . 2009-11-16 01:36 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-11-16 01:36 . 2009-11-16 01:36 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-11-16 01:36 . 2009-11-16 01:36 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-11-16 01:36 . 2009-11-16 01:36 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-11-16 01:36 . 2009-11-16 01:36 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-11-16 01:36 . 2009-11-16 01:36 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-11-16 01:36 . 2009-11-16 01:36 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-11-15 23:13 . 2009-11-15 23:12 17217008 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
2009-11-15 23:12 . 2009-11-15 23:12 8406648 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-15 23:12 . 2009-11-15 23:12 10309448 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-11-15 23:12 . 2009-11-15 23:12 64000 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-11-15 23:12 . 2009-11-15 23:12 52288 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-11-15 23:12 . 2009-11-15 23:12 50688 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-11-15 23:12 . 2009-11-15 23:12 114688 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-11-15 23:11 . 2009-11-15 23:11 488968 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\setup.exe
2009-11-05 05:54 . 2009-11-05 05:53 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
2009-11-05 01:51 . 2009-11-05 01:51 242 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\rdaz.vbs
2009-10-29 07:45 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-22 04:02 . 2006-02-28 03:00 75 ----a-w- c:\windows\popcinfo.dat
2009-10-21 05:38 . 2004-08-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-08-16 20:38 . 2009-08-16 20:38 5516800 --sha-w- c:\program files\ehthumbs.db
2006-02-20 22:11 . 2006-02-20 20:11 22 --sha-w- c:\windows\SMINST\HPCD.sys

How much of the log do you need? It is very very long, the part above is just a small portion.

Please post all the log, use as many posts as it takes.