OK. I certainly wouldn't recommend anyone else run combofix unsupervised, just saying that I have....
Latest Combofix log here for your viewing pleasure - this was from the last run through to clear the autorun.inf file from my 2 internal harddrives (c and m) and the attached external drive (k). After this I added a folder "autorun.inf" to each drive to stop the "autorun.inf" file from being able to be created again and then rebooted to safe mode and deleted the file "lky.exe" from each drive. This has seemed to work very well with my hidden files and folders again viewable and remaining so after re-booting numerous times. I can see that the "kamsoft.exe" thingy appears to be the culprit.
Combofix moved the following files to it's quarantine folder when running:
inst.exe.vir
autorun.inf.vir
About the only drama I have currently (that I am aware of) is that my NAV (Internet Security 2005) won't start in 'auto-protect mode' even though it is checked to do just that.
Thanks for checking for me - appreciated.
____
ComboFix 08-11-11.01 - Varis 2008-11-14 10:19:42.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.549 [GMT 9:00]
Running from: c:\documents and settings\Varis\Desktop\
081113 Varis Comp Fix\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
K:\Autorun.inf
M:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.
2008-11-14 10:05 . 2008-11-14 10:05 2,584 --a------ C:\autorun.PNF
2008-11-14 02:42 . 2008-11-13 17:35 99,461 -r-hs---- C:\lky.exe
2008-11-13 14:12 . 2008-11-13 14:12 105 --a------ c:\windows\mapiuid.ini
2008-11-13 09:45 . 2008-11-14 10:00 85,504 -r-hs---- c:\windows\system32\gasretyw0.dll
2008-11-11 08:22 . 2008-11-13 17:35 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll
2008-11-10 09:03 . 2008-11-13 17:35 99,461 -r-hs---- c:\windows\system32\kamsoft.exe
2008-11-03 11:23 . 2008-11-03 11:23 <DIR> d-------- c:\program files\MSECache
2008-10-27 12:13 . 2008-10-27 12:13 <DIR> d-------- c:\program files\Common Files\supportsoft
2008-10-27 12:13 . 2006-07-21 13:40 1,933,312 --a------ c:\windows\system32\cdintf251.dll
2008-10-27 12:10 . 2008-10-27 12:10 <DIR> d-------- c:\windows\Intuit
2008-10-27 12:10 . 2008-10-27 12:10 <DIR> d-------- c:\program files\Common Files\AnswerWorks 4.0
2008-10-27 12:09 . 2008-10-27 12:09 <DIR> d-------- c:\program files\Intuit
2008-10-27 12:09 . 2008-10-27 12:11 <DIR> d-------- c:\program files\Common Files\Intuit
2008-10-27 12:09 . 2008-10-27 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intuit
2008-10-27 12:09 . 2008-10-27 12:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\COMMON FILES
2008-10-27 12:07 . 2008-10-27 12:07 <DIR> d-------- c:\temp\ThirdParty
2008-10-27 12:07 . 2008-10-27 12:07 <DIR> d-------- c:\temp\Support
2008-10-27 12:07 . 2008-10-27 12:07 <DIR> d-------- c:\temp\RTL
2008-10-27 12:07 . 2008-10-27 12:07 <DIR> d-------- c:\temp\resources
2008-10-27 12:07 . 2008-10-27 12:07 <DIR> d-------- c:\temp\QBTimer
2008-10-27 12:06 . 2008-10-27 12:07 <DIR> d-------- c:\temp\QBooks
2008-10-27 12:06 . 2008-10-27 12:06 <DIR> d-------- c:\temp\nz_prod
2008-10-27 12:06 . 2008-10-27 12:06 <DIR> d-------- c:\temp\nz
2008-10-27 12:06 . 2008-10-27 12:06 <DIR> d-------- c:\temp\images
2008-10-27 12:06 . 2008-10-27 12:06 <DIR> d-------- c:\temp\flash_images
2008-10-27 12:06 . 2008-10-27 12:06 <DIR> d-------- c:\temp\aus_prod
2008-10-27 12:06 . 2008-10-27 12:06 <DIR> d-------- c:\temp\aus
2008-10-27 12:06 . 2008-10-27 12:06 <DIR> d-------- c:\temp\asia
2008-10-27 12:06 . 2008-10-27 12:07 <DIR> d-------- C:\TEMP
2008-10-24 10:54 . 2008-10-24 10:54 <DIR> d-------- c:\documents and settings\Varis\Application Data\ImgBurn
2008-10-24 10:53 . 2008-10-24 10:53 <DIR> d-------- c:\program files\ImgBurn
2008-10-22 09:35 . 2008-10-22 09:35 <DIR> d-------- c:\windows\system32\scripting
2008-10-22 09:35 . 2008-10-22 09:35 <DIR> d-------- c:\windows\system32\en
2008-10-22 09:35 . 2008-10-22 09:35 <DIR> d-------- c:\windows\system32\bits
2008-10-22 09:35 . 2008-10-22 09:35 <DIR> d-------- c:\windows\l2schemas
2008-10-22 09:32 . 2008-10-22 09:32 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-15 11:33 . 2008-10-15 11:33 <DIR> d-------- c:\windows\Crystal
2008-10-15 11:33 . 2008-11-07 14:29 <DIR> d-------- C:\MYOBAM2
2008-10-15 11:33 . 1999-06-21 19:00 5,797,888 --a------ c:\windows\system32\crpe32.dll
2008-10-15 11:33 . 2000-01-28 16:16 5,550,080 --a------ c:\windows\system32\craxdrt.dll
2008-10-15 11:33 . 2000-01-28 09:19 509,328 --a------ c:\windows\system32\crviewer.dll
2008-10-15 11:33 . 2000-06-10 08:33 270,336 --a------ c:\windows\system32\p2sodbc.dll
2008-10-15 11:33 . 2000-01-21 15:14 229,888 --a------ c:\windows\system32\crpaig32.dll
2008-10-15 11:33 . 2000-01-03 11:05 131,072 --a------ c:\windows\system32\dzip32.dll
2008-10-15 11:33 . 2001-03-21 14:26 128,512 --a------ c:\windows\system32\p2smon.dll
2008-10-15 11:33 . 2000-01-03 11:05 110,592 --a------ c:\windows\system32\dunzip32.dll
2008-10-15 11:33 . 2000-01-06 16:09 32,768 --a------ c:\windows\system32\DZPROG32.exe
2008-10-15 11:33 . 2000-01-21 15:14 17,920 --a------ c:\windows\system32\implode.dll
2008-10-15 04:27 . 2008-09-08 19:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 04:26 . 2008-08-14 19:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 04:26 . 2008-08-14 19:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 04:26 . 2008-08-14 18:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 04:26 . 2008-08-14 18:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 04:26 . 2008-09-15 21:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-14 16:10 . 2008-10-14 16:10 <DIR> d-------- c:\program files\SuperFlexible
2008-10-14 16:10 . 2008-10-14 16:10 <DIR> d-------- c:\documents and settings\Varis\Application Data\SuperFlexibleSynchronizer
2008-10-14 16:10 . 2008-10-14 16:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\SuperFlexibleSynchronizer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 04:42 --------- d-----w c:\program files\ECIClientV5
2008-11-13 03:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-13 03:14 --------- d-----w c:\program files\Accountants Office
2008-11-13 02:51 --------- d-----w c:\program files\Belkin Automatic Power Management Software
2008-11-12 07:50 --------- d-----w c:\program files\Norton Internet Security
2008-11-11 06:23 --------- d-----w c:\documents and settings\Varis\Application Data\foobar2000
2008-11-07 02:03 --------- d-----w c:\program files\foobar2000
2008-11-03 04:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-22 04:30 --------- d-----w c:\documents and settings\Varis\Application Data\Azureus
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 04:33 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-10-01 04:32 --------- d--h--w c:\program files\CanonBJ
2008-09-26 06:05 --------- d-----w c:\documents and settings\Varis\Application Data\CyberLink
2008-09-26 05:55 --------- d-----w c:\program files\DVD Decrypter
2008-09-19 06:54 --------- d-----w c:\documents and settings\Varis\Application Data\Canon
2008-09-19 04:55 --------- d-----w c:\program files\Canon
2008-09-17 09:23 --------- d-----w c:\documents and settings\Varis\Application Data\Sonic
2008-09-17 09:22 --------- d-----w c:\documents and settings\Varis\Application Data\Leadertech
2008-09-17 07:48 --------- d-----w c:\documents and settings\Varis\Application Data\Vso
2008-09-17 05:23 --------- d-----w c:\program files\DivX
2008-09-17 03:29 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-09-17 03:29 47,360 ----a-w c:\documents and settings\Varis\Application Data\pcouffin.sys
2008-09-17 03:29 --------- d-----w c:\program files\VSO
2008-09-16 04:38 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-09-16 04:37 --------- d-----w c:\program files\Vuze
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 01:53 --------- d-----w c:\program files\Common Files\Wintertree
2008-09-08 06:21 60,156 ----a-w c:\windows\system32\jspWinNm.DLL
2008-09-08 06:21 56,320 ----a-w c:\windows\system32\smemory.dll
2008-09-08 06:21 53,248 ----a-w c:\windows\system32\jspWinRni.DLL
2008-09-08 06:21 51,200 ----a-w c:\windows\system32\TrayIcon12.dll
2008-09-08 06:21 45,056 ----a-w c:\windows\system32\jspWin.dll
2008-09-08 06:21 35,992 ----a-w c:\windows\system32\jspWinRnia.DLL
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 49512]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-09-08 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-08 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"BelkinAPM"="c:\program files\Belkin Automatic Power Management Software\BelkinAPM.exe" [2008-09-08 112640]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - c:\program files\AOL 7.0\aoltray.exe [11/16/2005 3:10:29 PM 32842]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [11/16/2005 3:09:58 PM 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2/18/1999 5:05:56 AM 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [4/29/2008 10:44:54 PM 969792]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [9/9/2008 11:13:02 AM 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008-09\\QBDBMgrN.exe"=
R2 BelkinAPM;BelkinAPM;c:\progra~1\BELKIN~1\BELKIN~1.EXE [2008-09-08 112640]
R3 BelkinAPMmonitor;BelkinAPMmonitor;c:\progra~1\BELKIN~1\BELKIN~4.EXE [2008-09-08 112640]
R3 BelkinAPMRMI;BelkinAPMRMI;c:\progra~1\BELKIN~1\BELKIN~3.EXE [2008-09-08 112640]
S3 BelkinAPMmanager;BelkinAPMmanager;c:\progra~1\BELKIN~1\BE8806~1.EXE [2008-09-08 112640]
.
Contents of the 'Scheduled Tasks' folder
2008-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Varis.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 13:47]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Varis\Application Data\Mozilla\Firefox\Profiles\1w8yqy95.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au/
FF -: plugin - c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-14 10:22:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
c:\windows\explorer.exe [3816] 0x85C04518
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-14 10:22:45
ComboFix-quarantined-files.txt 2008-11-14 01:22:42
ComboFix2.txt 2008-11-13 16:15:27
ComboFix3.txt 2008-11-13 13:07:53
ComboFix4.txt 2008-11-13 12:51:52
ComboFix5.txt 2008-11-14 01:19:13
Pre-Run: 97,089,028,096 bytes free
Post-Run: 97,070,116,864 bytes free
199 --- E O F --- 2008-10-22 00:41:49