Scan saved at 15:15:48, on 18/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Xqsye.exe
C:\WINDOWS\System32\Xqsye.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\RegProt\rpadmin.exe
C:\RegProt\regprot.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Niall\Desktop\RegClean\hijackthis\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [2ZQLKP#2WLSCTL] C:\WINDOWS\System32\Qcm02Z2H.exe
Hijackthis acts like it removes O4 above; nonetheless, when I scan again, it returns bold as brass. I know it's something sinister. Please help!