Hi,

here’s an analysis:
http://hijackthis.de/logfiles/9ae94c8bb850288aac2347283df47ff0.html

(CAUTION! false alarms are quite possible)

First disable system Restore & reboot to safeMode, then:

  • fix all entries marked as red in above link
  • also fix:

All R0&R1 entries

O4 - HKLM..\Run: [hwuvquisu] C:\WINDOWS\zspn.exe
O4 - HKLM..\Run: [uyypamuwy] C:\WINDOWS\avfku.exe
O4 - HKLM..\Run: [rghwenjd] C:\WINDOWS\fwrnyzhv.exe
O4 - HKLM..\Run: [wuunhosgy] C:\WINDOWS\osib.exe
O4 - HKLM..\Run: [deogfbled] C:\WINDOWS\tubxjb.exe
O4 - HKLM..\Run: [hoskecos] C:\WINDOWS\kvvrp.exe
O4 - HKLM..\Run: [xozvlsltz] C:\WINDOWS\yjtil.exe
O4 - HKLM..\Run: [bltg] C:\WINDOWS\ieokwmf.exe

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.pattayalivecam.com/AxisCamControl.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/download.opistat.com/opistat/activex/opinstall_en_4.1.10.0.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) - http://198.143.27.18/dialer_loader/UK.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn298.exe

(fixing means: put a checkmark to the respective line and then click “fix checked”)
reboot, and post new log

Also please email the respective files in a password-protected Archive to
virus (at) avast.com
IF they are not detected in a thorough+archive scan by UPTODATE avast

:wink: