this is a mess.
I’d think active scanning would stop this before it was allowed in.
Hi,
WARNINGUnfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. 
Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:Files
C:\Windows\Installer\{6f17c38f-690a-058e-09e0-3cc98c00d8ff}\
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
Thanks guys- avast intercepted the rebirth constantly.
The root kit issue was obvious.
Malware bytes found the results yet the root could never be wiped clean.
After I ran your initial instructions I continued and it seems that the DK DOWNLOAD found and truly quarantined the source- deleted reg keys- and attacked the entire problem.
The DK was what looked like a French or european site.
After that ran I whacked anything it found and then ran avast full with a boot level scan also.
I forget the name but D Killer was the key.
It’s my Mothers laptop and I kept it for another two days after cleaning.
Nothing further triggered.
It seems avast intercepted the birth and shut it Down but it couldn’t clean it up.
Perhaps it’s something to consider for a future release.
I may get her laptop back and copy her data off to reload anyway… Just to be sure.
So you do not need help any longer?
I need avast to clean this up and/or intercept it in the first place.
Is that a goal for the product?
Hi mrmichael11,
No a/v is 100%. Malware writers are always updating/upgrading malware code, good guys play catch up. Avast! cannot see, nor can any a/v see, what is not known.
If possible submit the malware sample to virus total dot com and scan with 40 + virus scanners. A/V companies go there 24/7 to look for new malware variants and update definitions as a community. So scanning there will help everyone.