Runddl32.exe detected as threat - Logs attached - PART 1

[mfish]

As soon as I start Internet Explorer Avast detects rundll32.exe as a threat.  And then the message keeps popping up periodically.

I've ran an Avast boot time scan, AvastMBR, Malware Bytes, and OTL and the probelm still persists.

Please help me remove this.  Thanks.

[Pondus]

malwarebytes was not updated when you did the scan. Database version: 7477  latest is 7791.....well maybe it was....i see the scan is dated yesterday


have you tested the rundll32.exe file at www.virustotal.com

[essexboy]

OK nothing jumps out at me there so lets look at the drivers

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[mfish]

I'll try the methods out this evening.....part 2 of the OTL log is attached to this post so everything is now under one post

[mfish]

Here is the combofix log.

Also, attached is a screenshot of the Avast warning I get.

[essexboy]

OK I think I have found it now - something new

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  MOD - [2011/07/07 15:08:50 | 000,135,168 | ---- | M] () -- C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll
  O4 - HKU\S-1-5-21-2076991497-3898917214-2073273038-1000..\Run: [DesktopCommsUsb] C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll ()
  
  
  :Files
  ipconfig /flushdns /c
  C:\Users\Matt\AppData\Local\SyncHelpWan
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[mfish]

Part 1 of the log is attached

[mfish]

Part 2 of the log is attached

[essexboy]

Any further alerts ?

[mfish]

I have gotten the alerts since going through your procedures!!  I think its fixed.  Thank you so much for your help.

[essexboy]

Could you upload the following file to Avast please via the virus chest as undetected malware - before I remove my tools

c:\_OTL\moved files\C:\Users\Matt\AppData\Local\SyncHelpWan\DesktopCommsUsb.dll