I'm posting in part to alert others to the possibility of a(nother) false positive for rootkit, as well as to try to confirm what I suspect and allay my fears. Forgive me if this is redundant, but in researching this forum, I could not find any FP instances relating to this time frame (mid-Feb '12).
I have been using the free version on my desktop and lappy for some time, with nary an untoward peep. I run daily full scans on both machines, the lappy running Windows Vista Home, and the PC running Windows 7. In casually looking at the logs for the lappy's scans last night (22 Feb), I just happened to notice a report of a virus detection (in red) from 16 Feb. It was reported as a rootkit, threat level High. I tried to move the instances to Chest and delete, but access was denied in the Avast tool. Sadly, I had to delete Avast from the lappy in order to run other detection software (Kaspersky TDSSKiller, Windows Malicious Software Removal Tool, Windows Defender, all of which reported negative for infections), but there were about 15-20 files, win32k.sys and afd.sys as I recall, all in the Windows/winsxs folder. There was no obvious malfunction of the lappy.
Out of curiosity, I thought it might be useful to check the logs of the PC for similar indications. Lo and behold, a 15 Feb (one day before the lappy's log entry!) reported a rootkit in the same folder... just on a different machine this time. There are eight files in this case, half of which are win32k.sys, while the rest are afd.sys, again in the Windows/winsxs folder. All are similarly inaccessible when Action options are tried, though I can open the winsxs folder... just can't do anything with the "infected" files in Avast. (It is critical to note that these two machines share the same router to connect to the internet, but that they do not talk to each other.) Similarly, all scans with several utilities are negative for infections. No infections were found by Avast or any other scan utility after these isolated instances.
I find it highly unlikely that two machines that are inaccessible by/to one another and are used for entirely different tasks/roles/browsing would contract a rootkit within 24 hours of one another. When I came back from vacation on the 15th, I booted the PC first, and then the lappy a bit later, so I'm wondering whether the virus definitions (which the machines updated within hours of one another) in a particular update might have caused Avast to somehow flag the referenced files on each computer as rootkit-related.
I would feel more secure if others could possibly corroborate my theory, or otherwise suggest a cause/solution for this. I don't want to take any extreme action on either machine if there is a reasonable chance that there is no problem to solve.
Thank you in advance.