This virus has been plaguing me for some time now.
Now, I've searched the interwebs (and this site) and I know you have already confirmed that the Avast4 folder in C:\Windows\Temp is used by Avast for decompression, however there's one issue: I uninstalled Avast, a week ago actually. I recently upgraded to GDATA. The folder, no matter how many times I deleted it, reappeared. I went into safe made, opened registry editor, and used my common sense to determine which Avast! registry keys were unneccessary. I deleted them. All of them. Back on the full system, it has made an effect. All components of my computer are now working, however the _Avast4_ folder shows random pop up messages telling me that I, "Have insufficient rights to delete this folder". I hit OK, and then the folder gets deleted.
If that isn't enough proof, both Avast! and G-DATA denied registry changes, as well as port attacks, yet were unable to find the source of the problem.
Malware-Bytes' Anti Malware was clean
Spybot Search and Destroy was clean
Ad-Aware was clean
GData was clean
Avast! was clean
After I uninstalled Avast though, I kept getting these, "Access to registry denied" messages from my AV.
Also, I did a scan with Avast! that lasted 4 hours, and it came up with a few results, most of which were false positives. One interesting thing that did pop up, however, was Win32.WinSpy (Trj). I don't know if it could have falsely misidentified a file. However, Avast was "conveniently" bugging and the "Send to chest!" button was not working. Now, I don't know if I'm crazy, but that seems like intentional tampering to me.
"When closing file "C:\Windows\Temp\_avast5_\unp197631899.tmp" the virus "Gen:Trojan.Heur.GM.0004808D18 (Engine A)" has been detected. Access denied."
I attached a HJT log, so anything you guys can provide would be great.