Feeling a little suspicious

You now have a Virtumundo infection! Note the same rules always apply about running the READ ME FIRST and not posting HJT logs unless they are requested!

Try following the steps in this Generic guide for fixing Virtumundo:

Virtumonde aka Trojan Vundo Fix w/ Tool

If you have any problems following it, let me know.

 

Try reading the Vundo Fix thread again and see if you can identify your O2 and O20 lines now. The thread was modified a little while ago (we are trying to refine it so people like you can follow it. So this is useful feedback.) If you cannot ID the two important lines now, just tell me what is confusing you.

Also when you get into safe mode with the empty Desktop, try the below.

Press CTRL-SHIFT-ESC at the same time to bring up Task Manager. If that works, do the below.
Click File, New Task (Run...) and enter explorer.exe in the box and click okay. See if either your Desktop appears or a Windows Explorer window opens up. If either of these occur, you should now be able to navigate your way to the KillVundo.bat file to run it.

Let me know what happens.

 

The two lines of concern are:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\awvvu.dll
O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll

If you cannot follow the procedure now please let me know and I will post a full procedure for you.

 

Okay! When finished post the HJT log as an attachment and we will make sure you are clean.

 

Virtumundo is gone but you did not follow one of the first steps in that thread where it says:

I believe you may still have a trojan! Do you recognize the below:

O4 - Global Startup: palstart.exe

 

I would uninstall the program and see if that line goes away. Some people seem to think it could be malware.

One of the problems is that you never ran the online scanners. Reading & even downlaoding the tools on the page is not the same thing as following the instructions given on it.