After reviewing Process Explorer I have located an unsigned sys file loaded under System qlhc.sys. I cannot find the file through explorer or through gmer(thinking it might be hidden via rootkit).
Process explorer says its being run from system32\drivers\ -- And Autoruns doesnt show it at all.
I googled the file name but could not come up with anything...which made me think it might be malicious.
If the file is not being masked by a rootkit and is not found through explorer under that folder where is it loading from? And is it legit?
I've run TDSSKiller and that came up clean. Malwarebyes full scan came up clean. Hijackthis does not show anything out of the ordinary.
This windows XP Home SP3
Thanks in advance for the help.
Edited by hamluis, 11 December 2010 - 04:29 PM.
Moved from XP to AII ~ Hamluis.