I'm not sure if these four persistant viruses are connected or not, but I've been having some issues with them. I installed Spybot: Search and Destrory, along with Malwarebytes recently, and they both temporarily fix the issue. Everything started when I got a UAC prompt yesterday for some odd .exe file I had never heard of (I didn't think much of it at the time, so I didn't write it down), so I chose no. It constantly kept looping, asking for permission, and I couldn't find a way to even select another window to search for information on it (Alt+tab, and even task manager wasn't working). Pretty much the only thing I could do was to do a hard restart on the computer, and everything seemed fine after that, no viruses detected by Avast. Shortly after that, I noticed that my web browser was running alot slower than normal, so I installed Spybot and Malwarebytes to look for anything else. They both found some minor malware and removed it, but that didn't seem to help any. Now, I will occasionally hear an audio advertisement for some random product playing in the background, even with all programs closed. Also, my network connections are sometimes disabled, until I restart the computer. Also, for some reason, the window I'm working on will randomly become inactive, like if I selected another one. It's been rather annoying while typing this post.
Anyways, now I keep getting a notification about every 5 minutes from avast about these three malware files being removed:
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\800000cb.@
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\80000000.@
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\80000004.@
These same files now show up in an avast scan, here's a copy of the result log:
MBR: \\.\PHYSICALDRIVE0\Partition4 - High - Threat: MBR:SST [Rtk] - Error: The handle is invalid
C:\ProgramData\AVAST Software\Avast\log\unp211368238.tmp.mdmp - High - Threat: MBR:SST [Rtk] - Action Successful
C:\Windows\assembly\GAC_32\Desktop.ini - High - Threat: Win32:Sirefef-PL [Rtk] - Error: Access is denied (5)
C:\Windows\assembly\GAC_64\Desktop.ini - High - Threat: Win32:Sirefef-PL [Rtk] - Error: Access is denied (5)
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\00000004.@ - High - Threat: Win32:Malware-gen - Error: The system cannot find the file specified (2)
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\000000cb.@ - High - Threat: Win32:Malware-gen - Action Successful
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\80000000.@ - High - Threat: Win32:Malware-gen - Action Successful
C:\Windows\assembly\GAC_32\Desktop.ini - High - Threat: Win32:Sirefef-PL [Rtk] - Error: Access is denied (5)
Also, here's the Malwarebytes log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.orgDatabase version: v2012.08.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zak :: 361990-PC [limited]
8/12/2012 12:23:04 AM
mbam-log-2012-08-12 (00-23-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238889
Time elapsed: 4 minute(s), 3 second(s)
Memory Processes Detected: 1
C:\ProgramData\cDVshTcDKAQCOy.exe (Rogue.FakeHDD) -> 4368 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cDVshTcDKAQCOy.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\cDVshTcDKAQCOy.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\ProgramData\cDVshTcDKAQCOy.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\Users\Zak\AppData\Roaming\.minecraft\cartograph g\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Quarantined and deleted successfully.
C:\Users\Zak\AppData\Local\Temp\update10.b.exe (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\Zak\AppData\Local\Temp\wEkPvkcP0vtEUO.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{17355d44-1279-9319-ebde-458fc3196648}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Zak\AppData\Local\Temp\wuauclt.exe (Trojan.Agent) -> Delete on reboot.
(end)