Hi! Well, Since yesterday the 'so famous' Power Scan application has been executing by itself on every startup. I really need some help with that one. I ran already CWShredder and Ad-aware, the remove most of the trash but Power scan still remains there. Here is the Log I got with Hijack This:

Logfile of HijackThis v1.97.7
Scan saved at 04:22:56 p.m., on 23/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\ELCONG~1\DATOSD~1\ieoolygl.exe
C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
C:\ARCHIV~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\jpmdvj.exe
C:\Archivos de programa\Power Scan\powerscan.exe
C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\ARCHIV~1\ARCHIV~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\DOCUME~1\ELCONG~1\CONFIG~1\Temp\Wqw1.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\dvx.exe
C:\program files\GlobalDialer\tonex00207\svchost.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\rnathchk.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\ARCHIV~1\WINZIP\winzip32.exe
C:\Documents and Settings\El Conglomerado\Configuración local\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://qwertysearch123.biz/?id=1017
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwertysearch123.biz/?id=1017
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qwertysearch123.biz/?id=1017
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\ARCHIV~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [qushoak] C:\DOCUME~1\ELCONG~1\DATOSD~1\ieoolygl.exe -QuieT
O4 - HKLM\..\Run: [qdyrhif] rundll32 C:\WINDOWS\System32\qdyrhif.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [41698855.exe] C:\WINDOWS\System32\41698855.exe
O4 - HKLM\..\Run: [ffqccebc] C:\WINDOWS\jpmdvj.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [Power Scan] C:\Archivos de programa\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\ARCHIV~1\ARCHIV~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Archivos de programa\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ieupdate] C:\WINDOWS\system32\dvx.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00207\svchost.exe -remove
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [*qdyrhif] rundll32 C:\WINDOWS\System32\qdyrhif.dll,Init 1
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Archivos de programa\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Archivos de programa\GetRight\getright.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: AOL - Mensajero Instantáneo® (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.6015740741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6E0597-4FC1-44CE-91A0-1532808C0168}: NameServer = 200.33.146.201 200.33.146.193

Thanks for your concern!. Oh!!! And my main webpage has changed from Google.com to: http://qwertysearch123.biz/?id=1017 .

Is this related to Power scan? I really hope the logfile will help me out with that one as well.

Hi Mega-Maniac - Close Ie and all open windows and run Hijack This again. Select the below entries and click on Fix Selected;

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://qwertysearch123.biz/?id=1017

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qwertysearch123.biz/?id=1017

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://qwertysearch123.biz/?id=1017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwertysearch123.biz/?id=1017

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qwertysearch123.biz/?id=1017

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)

O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll

O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - (no file)

O4 - HKLM\..\Run: [qushoak] C:\DOCUME~1\ELCONG~1\DATOSD~1\ieoolygl.exe -QuieT

O4 - HKLM\..\Run: [qdyrhif] rundll32 C:\WINDOWS\System32\qdyrhif.dll,Init 1

O4 - HKLM\..\Run: [41698855.exe] C:\WINDOWS\System32\41698855.exe

O4 - HKLM\..\Run: [ffqccebc] C:\WINDOWS\jpmdvj.exe

O4 - HKLM\..\Run: [Power Scan] C:\Archivos de programa\Power Scan\powerscan.exe

O4 - HKCU\..\Run: [ieupdate] C:\WINDOWS\system32\dvx.exe

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00207\svchost.exe -remove

O4 - HKLM\..\RunOnce: [*qdyrhif] rundll32 C:\WINDOWS\System32\qdyrhif.dll,Init 1 Class)

O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple - http://www.dialerzona.com/cuadruple.cab

When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts), make sure that you can view hidden files and folders and delete the files in bold below:

C:\DOCUME~1\ELCONG~1\DATOSD~1\ieoolygl.exe -QuieT
C:\WINDOWS\System32\qdyrhif.dll
C:\WINDOWS\System32\41698855.exe
C:\WINDOWS\jpmdvj.exe
C:\Archivos de programa\Power Scan\powerscan.exe (delete this folder)
C:\WINDOWS\system32\dvx.exe
c:\program files\GlobalDialer\tonex00207\svchost.exe -remove (delete the folder)

Reboot and post back a new Hijack This log.