As soon as I start Internet Explorer Avast detects rundll32.exe as a threat. And then the message keeps popping up periodically.

I’ve ran an Avast boot time scan, AvastMBR, Malware Bytes, and OTL and the probelm still persists.

Please help me remove this. Thanks.

malwarebytes was not updated when you did the scan. Database version: 7477 latest is 7791…well maybe it was…i see the scan is dated yesterday

have you tested the rundll32.exe file at www.virustotal.com

OK nothing jumps out at me there so lets look at the drivers

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I’ll try the methods out this evening…part 2 of the OTL log is attached to this post so everything is now under one post

Here is the combofix log.

Also, attached is a screenshot of the Avast warning I get.

OK I think I have found it now - something new

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL MOD - [2011/07/07 15:08:50 | 000,135,168 | ---- | M] () -- C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll O4 - HKU\S-1-5-21-2076991497-3898917214-2073273038-1000..\Run: [DesktopCommsUsb] C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll ()

:Files
ipconfig /flushdns /c
C:\Users\Matt\AppData\Local\SyncHelpWan

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Part 1 of the log is attached

Part 2 of the log is attached

Any further alerts ?

I have gotten the alerts since going through your procedures!! I think its fixed. Thank you so much for your help.

Could you upload the following file to Avast please via the virus chest as undetected malware - before I remove my tools

c:_OTL\moved files\C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll