@micky77
i did have a Rootkit ... i thought i had gotten them all in some prior scans prior to this issue
After my restart and bootscan avast located & advised was infected
C:Documents and Setting\ Guest \Local\Setting\Temp\TFR8.tmp
Infected By win32:Rootkit - Gen [rtx]
i wrote that down from the boot scan options and advised it to delete.
I will try Drweb & post the results .... finished up a few of the other scans after a few hrs and boot scans and all so came back clear for a bit .... but my avast latent sensor did go off right before i wrote this reply for 3 diff tmp files
Here is a recent avast log list
Task 'Resident protection' used
* Started on Wednesday, July 08, 2009 2:41:40 PM
* VPS: 090708-0, 07/08/2009
*
C:\WINDOWS\system32\iehelper.dll [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest...
C:\DOCUME~1\TARRIC~1.WAL\LOCALS~1\Temp\installb[1].exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\wfcdqr[1].htm [L] Win32:Tiny-II [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\flvjj[1].htm [L] Win32:Tiny-II [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\fcdzd[1].htm [L] Win32:Tiny-II [Trj] (0)
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\ccznrrs[1].txt\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\vfcggulym[1].htm [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\kpepb.exe\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\egtau.exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\TPMRSLHZ\ccznrrs[1].txt\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\TPMRSLHZ\vfcggulym[1].htm [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\kpepb.exe\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\egtau.exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
*
* Task stopped: Saturday, July 11, 2009 6:18:20 PM
* Run-time was 3 day(s), 3 hour(s), 36 minute(s), 40 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 6:41:08 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:07:29 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:12:26 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:16:00 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:21:16 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:28:29 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:33:42 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:40:18 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:56:10 PM
* VPS: 090710-0, 07/10/2009
*
C:\WINDOWS\SYSTEM32\WBEM\proquota.exe [L] Win32:Trojan-gen {Other} (0)
File was successfully deleted...
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\MXYS876U\be.15[1].exe\[UPX] [L] Win32:Koobface-P [Wrm] (0)
File was successfully deleted...
C:\DOCUME~1\Guest\LOCALS~1\Temp\vcru_1247360817.exe\[UPX] [L] Win32:Koobface-P [Wrm] (0)
File was successfully deleted...
*
* Task stopped: Sunday, July 12, 2009 10:01:13 PM
* Run-time was 1 day(s), 2 hour(s), 5 minute(s), 3 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:54:49 AM
* VPS: 090712-0, 07/12/2009
*
*
* Task stopped: Monday, July 13, 2009 2:10:26 AM
* Run-time was 15 minute(s), 37 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:12:03 AM
* VPS: 090712-0, 07/12/2009
*
*
* Task stopped: Monday, July 13, 2009 2:12:24 AM
* Run-time was 21 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:06:06 PM
* VPS: 090712-0, 07/12/2009
*
*
* Task stopped: Monday, July 13, 2009 1:23:23 PM
* Run-time was 17 minute(s), 17 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:24:46 PM
* VPS: 090712-0, 07/12/2009
*
*
* Task stopped: Monday, July 13, 2009 2:13:13 PM
* Run-time was 48 minute(s), 27 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:14:35 PM
* VPS: 090713-0, 07/13/2009
*
*
* Task stopped: Monday, July 13, 2009 2:31:42 PM
* Run-time was 17 minute(s), 7 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:33:18 PM
* VPS: 090713-0, 07/13/2009
*
C:\WINDOWS\nbron_1247513665.exe [L] Win32:LdPinch-CYW [Trj] (0)
File was successfully deleted...
*
* Task stopped: Monday, July 13, 2009 4:48:49 PM
* Run-time was 2 hour(s), 15 minute(s), 31 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 4:50:26 PM
* VPS: 090713-0, 07/13/2009
*
*
* Task stopped: Monday, July 13, 2009 5:01:34 PM
* Run-time was 11 minute(s), 8 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 5:02:57 PM
* VPS: 090713-0, 07/13/2009
*
*
* Task stopped: Tuesday, July 14, 2009 3:53:55 PM
* Run-time was 22 hour(s), 50 minute(s), 58 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 3:55:23 PM
* VPS: 090714-0, 07/14/2009
*
*
* Task stopped: Tuesday, July 14, 2009 5:14:34 PM
* Run-time was 1 hour(s), 19 minute(s), 11 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 5:16:04 PM
* VPS: 090714-0, 07/14/2009
*
*
* Task stopped: Tuesday, July 14, 2009 5:22:26 PM
* Run-time was 6 minute(s), 22 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 9:01:12 PM
* VPS: 090714-0, 07/14/2009
*
*
* Task stopped: Wednesday, July 15, 2009 5:54:05 AM
* Run-time was 8 hour(s), 52 minute(s), 53 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, July 15, 2009 5:55:35 AM
* VPS: 090714-0, 07/14/2009
*
*
* Task stopped: Wednesday, July 15, 2009 7:03:58 PM
* Run-time was 13 hour(s), 8 minute(s), 23 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, July 15, 2009 10:47:05 PM
* VPS: 090715-0, 07/15/2009