I need help please, I've tried to search it through out the Internet and couldn't find any answer

I ran into a Mal ware named Fuvirus.exe I ran comboFix and it fixed the issue.

The problem is I am unable to see my folders nor browse through them, I checked and ensured that the folders are not hidden.

Strange, even though all the folders disappeared Windows XP still boot up, but I am unable to open my old files

Hope someone can point me to the right direction on how to fix this.

Below is the Combo fix Log.


ComboFix 08-11-30.01 - Rai 2008-12-01 15:18:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.216 [GMT 8:00]
Running from: d:\documents and settings\Rai\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\RECYCLER.exe
C:\WinRar.exe
D:\Program Files.exe
D:\RECYCLER.exe
d:\recycler\RECYCLER.exe
D:\WINDOWS.exe
d:\windows\windows.exe
f:\recycler\RECYCLER.exe

----- File Replicators -----
(REMOVED)
.
.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-12-01 14:42 . 2008-06-21 21:48 2,959 -rahs---- d:\windows\sowar.vbs
2008-12-01 12:01 . 2008-12-01 12:01 <DIR> d-------- d:\program files\RealVNC
2008-11-30 10:13 . 2008-11-30 11:36 <DIR> d-------- d:\documents and settings\Rai\Application Data\Wizards of the Coast
2008-11-30 10:12 . 2008-11-30 10:12 <DIR> d-------- d:\program files\Wizards of the Coast
2008-11-08 20:35 . 2008-11-08 20:35 <DIR> d-------- d:\program files\VanDyke Software
2008-11-08 20:18 . 2008-11-08 20:18 <DIR> d-------- d:\documents and settings\Rai\Application Data\VanDyke

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 07:23 5,152,800 --sha-w d:\windows\system32\drivers\fidbox.dat
2008-12-01 07:02 --------- d-----w d:\documents and settings\Rai\Application Data\AVG7
2008-12-01 06:55 --------- d-----w d:\documents and settings\All Users\Application Data\avg7
2008-12-01 06:49 61,508 --sha-w d:\windows\system32\drivers\fidbox.idx
2008-12-01 02:43 2,335,232 ----a-w d:\windows\Internet Logs\xDBC.tmp
2008-11-30 02:12 --------- d--h--w d:\program files\InstallShield Installation Information
2008-11-27 11:46 2,322,432 ----a-w d:\windows\Internet Logs\xDBB.tmp
2008-11-15 12:55 --------- d-----w d:\program files\GNS3
2008-11-10 09:42 --------- d-----w d:\documents and settings\Rai\Application Data\Teleca
2008-11-06 15:20 --------- d-----w d:\program files\Common Files\Adobe
2008-05-08 16:47 27,976 ----a-w d:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-05-08 16:47 125,848 ----a-w d:\program files\mozilla firefox\plugins\atgpcext.dll
2008-11-15 09:55 46,408 ----a-w d:\program files\mozilla firefox\plugins\atmccli.dll
2008-05-08 16:48 98,712 ----a-w d:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-06-21 13:48 2,959 --sha-r d:\windows\sowar.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"MSConfig"="d:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="d:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-30 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= d:\windows\system32\ctmp3.acm
"msacm.divxa32"= msaud32_divx.acm
"msacm.ac3filter"= ac3filter.acm
"VIDC.D263"= xl_x263dec.dll
"VIDC.XJPG"= camfc.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=d:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-04-17 21:59 579584 d:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-02 15:21 289088 d:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 20:00 15360 d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 05:22 3739648 d:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 d:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2006-10-22 12:22 86016 d:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-06-13 08:16 528384 d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 d:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2006-10-22 12:22 1622016 d:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RawOs]
--a--c--- 2004-08-04 20:00 114688 d:\windows\system32\wscript.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"AVGEMS"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WSearch"=2 (0x2)
"wscsvc"=2 (0x2)
"Spooler"=2 (0x2)
"SharedAccess"=2 (0x2)
"ALG"=3 (0x3)
"Avg7Alrt"=2 (0x2)
"rpcapd"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"d:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"d:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"d:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;d:\windows\system32\Drivers\ubVeo532.sys [2002-07-01 95232]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\Rai\LOCALS~1\Temp\GPE51.tmp []
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\DRIVERS\ggflt.sys [2008-02-18 13352]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2007-11-07 34064]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);d:\windows\system32\DRIVERS\s125bus.sys [2008-03-02 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;d:\windows\system32\DRIVERS\s125mdfl.sys [2008-03-02 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;d:\windows\system32\DRIVERS\s125mdm.sys [2008-03-02 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\s125mgmt.sys [2008-07-06 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\s125obex.sys [2008-07-06 98696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{315cb526-a46e-11dd-ba9c-0013d366d294}]
\Shell\AutoRun\command - wscript.exe sowar.vbs
\Shell\Open\Command - wscript.exe sowar.vbs

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-02 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-FU - c:\windows\system32\FUvirus.exe
MSConfigStartUp-FU - c:\windows\system32\FUvirus.exe
MSConfigStartUp-UpdReg - d:\windows\UpdReg.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - d:\documents and settings\Rai\Application Data\Mozilla\Firefox\Profiles\9u9cmz5q.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nba.com/
FF -: plugin - d:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF -: plugin - d:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 15:23:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\Rai\LOCALS~1\Temp\GPE51.tmp"
.
Completion time: 2008-12-01 15:24:16
ComboFix-quarantined-files.txt 2008-12-01 07:24:06

Pre-Run: 11,005,788,160 bytes free
Post-Run: 11,441,377,280 bytes free

301 --- E O F --- 2008-08-15 18:30:53

OS Platform: Windows XP SP2 version 2000

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff