system
1
As soon as I start Internet Explorer Avast detects rundll32.exe as a threat. And then the message keeps popping up periodically.
I’ve ran an Avast boot time scan, AvastMBR, Malware Bytes, and OTL and the probelm still persists.
Please help me remove this. Thanks.
Pondus
2
malwarebytes was not updated when you did the scan. Database version: 7477 latest is 7791…well maybe it was…i see the scan is dated yesterday
have you tested the rundll32.exe file at www.virustotal.com
OK nothing jumps out at me there so lets look at the drivers
Download and Install CombofixDownload ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
system
4
I’ll try the methods out this evening…part 2 of the OTL log is attached to this post so everything is now under one post
system
5
Here is the combofix log.
Also, attached is a screenshot of the Avast warning I get.
OK I think I have found it now - something new
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
MOD - [2011/07/07 15:08:50 | 000,135,168 | ---- | M] () -- C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll
O4 - HKU\S-1-5-21-2076991497-3898917214-2073273038-1000..\Run: [DesktopCommsUsb] C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll ()
:Files
ipconfig /flushdns /c
C:\Users\Matt\AppData\Local\SyncHelpWan
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.
system
7
Part 1 of the log is attached
system
8
Part 2 of the log is attached
system
10
I have gotten the alerts since going through your procedures!! I think its fixed. Thank you so much for your help.
Could you upload the following file to Avast please via the virus chest as undetected malware - before I remove my tools
c:_OTL\moved files\C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll