Hello UpgradeMe and thanks for the detailed replies.
My OS is Windows XP, SP3.
As I have said in my original post, I have adjusted some registry values and this is why I can see hidden/superhidden folders like Recycler etc. Also, after noticing I had been infected, I deactivated System Restore in order to perform a proper disinfection and it is still deactivated.
These are the results of the search:
WPFFontCache_v0400-S-1-5-21-583907252-764733703-682003330-1005-0 - C:\Documents and Settings\LocalService\Local Settings\Application Data
S-1-5-21-583907252-764733703-682003330-500 - C:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials
S-1-5-21-583907252-764733703-682003330-1005 - C:\Documents and Settings\pq\Application Data\Microsoft\Credentials
S-1-5-21-583907252-764733703-682003330-1005 - C:\Documents and Settings\pq\Application Data\Microsoft\Protect
S-1-5-21-583907252-764733703-682003330-500 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials
S-1-5-21-583907252-764733703-682003330-1005 - C:\Documents and Settings\pq\Application Data\Microsoft\Crypto\RSA
S-1-5-21-583907252-764733703-682003330-1005 - C:\Documents and Settings\pq\Local Settings\Application Data\Microsoft\Credentials
So, they are quite similar with yours; or, in any case, there are some S-1-5 etc. folders in various places of my laptop. (Of course, if you see something unusual about these results, you may notify me.)
I also searched for folders starting with S-1-5-21 in all my external hard drives but I found none. (However, if I delete any file from any of these hard drives, a folder with the name S-1-5-21.....-1005 will appear in their Recycler, as I have mentioned in a previous post.) So, I suppose S-1-5 etc. is a Windows folder.
There is something more I noticed just today; If I delete any file using "shift+delete" then the S-1-5 etc folder does not appear inside the Recycler. Moreover, as I have said, I could not delete the S-1-5 etc. folder from the Recycler by simply pressing delete, so I had to use a program called "WinDirStat" in order to do so. However, if I use "shift+delete" I can delete it and all its contents, permanently of course.
I also found this post somewhere:
However, my S-1-5 etc. folder contains files only when I delete one and it is possible for me to delete both those and the S-1-5 folder. So, I suppose, this post is another story about another beast.
Anyway, after reading your posts, and also seeing that my laptop still behaves perfectly normal after more than a week + none of the 3 antiviruses I have used can detect any virus/worm/trojan etc., I started to think that it is normal for a folder with that name to exist in various places inside a Windows OS pc, including the Recycler. And that Rotinom creates a folder with that same name inside the infected drives, for its own malicious reasons. Otherwise, why do you also have a folder with a very, very similar name in your pc too? What do you think?
P.S. In order to get sure about my hypothesis, you can try if you want the following experiment:
Delete any file. Then, go inside your Recycler folder. I suppose you will find your S-1-5 etc. there. Check if it contains the file you have deleted; I suppose it will be there. Then, permanently delete the S-1-5 etc. folder by pressing "shift+delete"; get sure that it is deleted. Then, delete any other file and go check again Recycler to see if it re-appeared there, containing the newly deleted file. If it has re-appered, then it is almost sure that this is a normal Windows OS procedure and that it is normal for a folder with the name S-1-5 etc. to exist inside Recycler.
(I am not a technician but judging from my experiences with the S-1-5 etc. folder, I am almost sure that this is a safe experiment; I specially refer to the part where you permanently delete the S-1-5 etc. folder. However, seeing that you are more experienced in techncal matters, if you have any doubt about its safety, you can at least perform the previous steps just to see whether the deleted files will appear inside the S-1-5 etc. folder. Maybe, any technician that reads this can give us his/her own opinion.)