xp unusual behavior; SPTD.sys, awsMBR results

HI all, experienced a couple of strange crashes, a momentary lag in the system,
a blue screen with text which appeared for about 1/4 second, not enough time to read it,
and upon rebooting a message in Event viewer corresponding to the time of the crash :
“An error was detected on device \Device\Harddisk0\D during a paging operation.”

I decided to run awsMBR,
since I’d seen it mentioned many times recently (I just ran the scan I didn’t fix anything),
and the log mentions sptd.sys which it says is a rootkit, also nvata was highlighted in
red on the summary screen.

I have Deamon tools lite installed, that is where sptd.sys comes from, also nvata is the Nvidia
sata driver. Is it a false positive or possibly something is going on…

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-04 11:42:56

11:42:56.140 OS Version: Windows 5.1.2600 Service Pack 3
11:42:56.140 Number of processors: 2 586 0x2302
11:42:56.140 ComputerName: AMD12ME UserName:
11:42:56.671 Initialize success
11:42:58.890 Disk 0 \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-3
11:42:58.890 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
11:42:58.890 Disk 1 (boot) \Device\Harddisk1\DR1 → \Device\00000073
11:42:58.890 Disk 1 Vendor: ST3250310AS 3.AAC Size: 238475MB BusType: 3
11:42:58.890 Device \Driver\nvata → MajorFunction 8a5cc1e8
11:43:00.890 Disk 1 MBR read successfully
11:43:00.890 Disk 1 MBR scan
11:43:00.890 Disk 1 unknown MBR code
11:43:02.890 Disk 1 scanning sectors +488392065
11:43:02.906 Disk 1 scanning C:\WINDOWS\system32\drivers
11:43:06.750 File C:\WINDOWS\system32\drivers\sptd.sys TDL3 ROOTKIT
11:43:06.750 Disk 1 trace - called modules:
11:43:06.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a5cc1e8]<<
11:43:06.765 1 nt!IofCallDriver → \Device\Harddisk1\DR1[0x8a5baab8]
11:43:06.765 3 CLASSPNP.SYS[b80e8fd7] → nt!IofCallDriver → \Device\00000074[0x8a4cff18]
11:43:06.765 5 ACPI.sys[b7e57620] → nt!IofCallDriver → \Device\00000073[0x8a4f4030]
11:43:06.765 \Driver\nvata[0x8a46ca08] → IRP_MJ_CREATE → 0x8a5cc1e8
11:43:06.765 Scan finished successfully
11:45:19.796 Disk 1 MBR has been saved successfully to “C:\Documents and Settings\Dave New\Desktop\MBR.dat”
11:45:19.796 The log file has been saved successfully to “C:\Documents and Settings\Dave New\Desktop\aswMBR.txt”

EDIT - I uninstalled SPTD/Daemon tools and the scan looks a bit cleaner now. Is the scanning tool
making a mistake on sptd.sys? I scanned it with MSE and Avast - neither of them report anything.
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-04 13:33:47

13:33:47.531 OS Version: Windows 5.1.2600 Service Pack 3
13:33:47.531 Number of processors: 2 586 0x2302
13:33:47.531 ComputerName: AMD12ME UserName:
13:33:47.750 Initialize success
13:33:51.093 Disk 0 \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-3
13:33:51.093 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
13:33:51.093 Disk 1 (boot) \Device\Harddisk1\DR1 → \Device\00000071
13:33:51.093 Disk 1 Vendor: ST3250310AS 3.AAC Size: 238475MB BusType: 3
13:33:53.109 Disk 1 MBR read successfully
13:33:53.109 Disk 1 MBR scan
13:33:53.109 Disk 1 unknown MBR code
13:33:55.109 Disk 1 scanning sectors +488392065
13:33:55.140 Disk 1 scanning C:\WINDOWS\system32\drivers
13:33:58.859 Service scanning
13:34:00.062 Disk 1 trace - called modules:
13:34:00.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
13:34:00.062 1 nt!IofCallDriver → \Device\Harddisk1\DR1[0x8a500ab8]
13:34:00.062 3 CLASSPNP.SYS[b80e8fd7] → nt!IofCallDriver → \Device\00000072[0x8a4bdf18]
13:34:00.062 5 ACPI.sys[b7f7f620] → nt!IofCallDriver → \Device\00000071[0x8a4e3030]
13:34:00.062 Scan finished successfully
13:34:10.531 Disk 1 MBR has been saved successfully to “C:\Documents and Settings\Dave New\Desktop\MBR.dat”
13:34:10.546 The log file has been saved successfully to “C:\Documents and Settings\Dave New\Desktop\aswMBR.txt”

I scanned it with MSE and Avast - neither of them report anything.
does that mean you have MSE and avast installed ? running multiple AV programs can create all kind of mysterious windows errors and false positive detections

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

Hi Pondus, I’ve got two installs of XP on the same box. Avast 6 on one, and MSE on the other.
Separate partitions, but they can access each others files (good for troubleshooting).
This issue occurred on the system with MSE and Daemon tools installed. Scanning with MSE revealed
nothing; likewise, booting up the other XP and using Avast to scan the former partition also
showed nothing.

The sptd is not a false alarm - trust me I am working on one now on another forum