dan:here's the rooter log
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2
C:\ [Fixed] - NTFS - (Total:57137 Mo/Free:217 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Sun 03/22/2009| 0:10
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\rpcnet.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\Program Files\SpyNoMore\SNM.exe
---------- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\internet explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\ABCSTU~1\Local Settings\Temporary Internet Files\Content.IE5\H58NJ3GU\Q109_KMCCrackers_728x90[1].swf
1 - "C:\Rooter$\Rooter_1.txt" - Sun 03/22/2009| 0:10
----------------------\\ Scan completed at 0:10
here's the hosts log
89.149.227.223 google.ae
89.149.227.223 google.as
89.149.227.223 google.at
89.149.227.223 google.az
89.149.227.223 google.ba
89.149.227.223 google.be
89.149.227.223 google.bg
89.149.227.223 google.bs
89.149.227.223 google.ca
89.149.227.223 google.cd
89.149.227.223 google.com.gh
89.149.227.223 google.com.gi
89.149.227.223 google.com.hk
89.149.227.223 google.com.jm
89.149.227.223 google.com.ly
89.149.227.223 google.com.mx
89.149.227.223 google.com.my
89.149.227.223 google.com.na
89.149.227.223 google.com.nf
89.149.227.223 google.com.ng
89.149.227.223 google.ch
89.149.227.223 google.com.np
89.149.227.223 google.com.om
89.149.227.223 google.com.pa
89.149.227.223 google.com.pr
89.149.227.223 google.com.qa
89.149.227.223 google.com.sg
89.149.227.223 google.com.tj
89.149.227.223 google.com.tr
89.149.227.223 google.com.tw
89.149.227.223 google.com.ua
89.149.227.223 google.dj
89.149.227.223 google.com.vc
89.149.227.223 google.it.ao
89.149.227.223 google.de
89.149.227.223 google.dk
89.149.227.223 google.dm
89.149.227.223 google.dz
89.149.227.223 google.ee
89.149.227.223 google.fi
89.149.227.223 google.fm
89.149.227.223 google.fr
89.149.227.223 google.ge
89.149.227.223 google.gg
89.149.227.223 google.gm
89.149.227.223 google.gr
89.149.227.223 google.gy
89.149.227.223 google.ht
89.149.227.223 google.ie
89.149.227.223 google.im
89.149.227.223 google.in
89.149.227.223 google.it
89.149.227.223 google.ki
89.149.227.223 google.kz
89.149.227.223 google.la
89.149.227.223 google.li
89.149.227.223 google.lk
89.149.227.223 google.lv
89.149.227.223 google.ma
89.149.227.223 google.md
89.149.227.223 google.ms
89.149.227.223 google.mu
89.149.227.223 google.mv
89.149.227.223 google.mw
89.149.227.223 google.nl
89.149.227.223 google.no
89.149.227.223 google.nr
89.149.227.223 google.nu
89.149.227.223 google.pl
89.149.227.223 google.pn
89.149.227.223 google.pt
89.149.227.223 google.ro
89.149.227.223 google.ru
89.149.227.223 google.rw
89.149.227.223 google.sc
89.149.227.223 google.se
89.149.227.223 google.sh
89.149.227.223 google.si
89.149.227.223 google.sm
89.149.227.223 google.sn
89.149.227.223 google.st
89.149.227.223 google.tl
89.149.227.223 google.tm
89.149.227.223 google.tt
89.149.227.223 google.us
89.149.227.223 google.vg
89.149.227.223 google.vu
89.149.227.223 google.ws
89.149.227.223 google.co.bw
89.149.227.223 google.co.ck
89.149.227.223 google.co.id
89.149.227.223 google.co.il
89.149.227.223 google.co.in
89.149.227.223 google.co.jp
89.149.227.223 google.co.ke
89.149.227.223 google.co.kr
89.149.227.223 google.co.ls
89.149.227.223 google.co.ma
89.149.227.223 google.co.mz
89.149.227.223 google.co.nz
89.149.227.223 google.co.th
89.149.227.223 google.co.tz
89.149.227.223 google.co.ug
89.149.227.223 google.co.uk
89.149.227.223 google.co.za
89.149.227.223 google.co.zm
89.149.227.223 google.co.zw
89.149.227.223 google.com
89.149.227.223 google.com.af
89.149.227.223 google.com.ag
89.149.227.223 google.com.ai
89.149.227.223 google.com.ar
89.149.227.223 google.com.au
89.149.227.223 google.com.bn
89.149.227.223 google.com.br
89.149.227.223 google.com.by
89.149.227.223 google.com.bz
89.149.227.223 google.com.co
89.149.227.223 google.com.cu
89.149.227.223 google.com.ec
89.149.227.223 google.com.et
89.149.227.223 google.com.fj
89.149.227.223
www.google.ae89.149.227.223
www.google.as89.149.227.223
www.google.at89.149.227.223
www.google.az89.149.227.223
www.google.ba89.149.227.223
www.google.be89.149.227.223
www.google.bg89.149.227.223
www.google.bs89.149.227.223
www.google.ca89.149.227.223
www.google.cd89.149.227.223
www.google.com.gh89.149.227.223
www.google.com.gi89.149.227.223
www.google.com.hk89.149.227.223
www.google.com.jm89.149.227.223
www.google.com.ly89.149.227.223
www.google.com.mx89.149.227.223
www.google.com.my89.149.227.223
www.google.com.na89.149.227.223
www.google.com.nf89.149.227.223
www.google.com.ng89.149.227.223
www.google.ch89.149.227.223
www.google.com.np89.149.227.223
www.google.com.om89.149.227.223
www.google.com.pa89.149.227.223
www.google.com.pr89.149.227.223
www.google.com.qa89.149.227.223
www.google.com.sg89.149.227.223
www.google.com.tj89.149.227.223
www.google.com.tr89.149.227.223
www.google.com.tw89.149.227.223
www.google.com.ua89.149.227.223
www.google.dj89.149.227.223
www.google.com.vc89.149.227.223
www.google.it.ao89.149.227.223
www.google.de89.149.227.223
www.google.dk89.149.227.223
www.google.dm89.149.227.223
www.google.dz89.149.227.223
www.google.ee89.149.227.223
www.google.fi89.149.227.223
www.google.fm89.149.227.223
www.google.fr89.149.227.223
www.google.ge89.149.227.223
www.google.gg89.149.227.223
www.google.gm89.149.227.223
www.google.gr89.149.227.223
www.google.gy89.149.227.223
www.google.ht89.149.227.223
www.google.ie89.149.227.223
www.google.im89.149.227.223
www.google.in89.149.227.223
www.google.it89.149.227.223
www.google.ki89.149.227.223
www.google.kz89.149.227.223
www.google.la89.149.227.223
www.google.li89.149.227.223
www.google.lk89.149.227.223
www.google.lv89.149.227.223
www.google.ma89.149.227.223
www.google.md89.149.227.223
www.google.ms89.149.227.223
www.google.mu89.149.227.223
www.google.mv89.149.227.223
www.google.mw89.149.227.223
www.google.nl89.149.227.223
www.google.no89.149.227.223
www.google.nr89.149.227.223
www.google.nu89.149.227.223
www.google.pl89.149.227.223
www.google.pn89.149.227.223
www.google.pt89.149.227.223
www.google.ro89.149.227.223
www.google.ru89.149.227.223
www.google.rw89.149.227.223
www.google.sc89.149.227.223
www.google.se89.149.227.223
www.google.sh89.149.227.223
www.google.si89.149.227.223
www.google.sm89.149.227.223
www.google.sn89.149.227.223
www.google.st89.149.227.223
www.google.tl89.149.227.223
www.google.tm89.149.227.223
www.google.tt89.149.227.223
www.google.us89.149.227.223
www.google.vg89.149.227.223
www.google.vu89.149.227.223
www.google.ws89.149.227.223
www.google.co.bw89.149.227.223
www.google.co.ck89.149.227.223
www.google.co.id89.149.227.223
www.google.co.il89.149.227.223
www.google.co.in89.149.227.223
www.google.co.jp89.149.227.223
www.google.co.ke89.149.227.223
www.google.co.kr89.149.227.223
www.google.co.ls89.149.227.223
www.google.co.ma89.149.227.223
www.google.co.mz89.149.227.223
www.google.co.nz89.149.227.223
www.google.co.th89.149.227.223
www.google.co.tz89.149.227.223
www.google.co.ug89.149.227.223
www.google.co.uk89.149.227.223
www.google.co.za89.149.227.223
www.google.co.zm89.149.227.223
www.google.co.zw89.149.227.223
www.google.com89.149.227.223
www.google.com.af89.149.227.223
www.google.com.ag89.149.227.223
www.google.com.ai89.149.227.223
www.google.com.ar89.149.227.223
www.google.com.au89.149.227.223
www.google.com.bn89.149.227.223
www.google.com.br89.149.227.223
www.google.com.by89.149.227.223
www.google.com.bz89.149.227.223
www.google.com.co89.149.227.223
www.google.com.cu89.149.227.223
www.google.com.ec89.149.227.223
www.google.com.et89.149.227.223
www.google.com.fj89.149.227.223 search.yahoo.com
89.149.227.223
www.search.yahoo.com89.149.227.223 search.live.com
89.149.227.223 search.msn.com
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
here's the system look log:
SystemLook v1.0 by jpshortstuff (02.03.09)
Log created at 00:21 on 22/03/2009 by ABC STUDENT (Administrator - Elevation successful)
========== reg ==========
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wave"="wdmaud.drv"
"wavemapper"="msacm32.drv"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]
-=End Of File=-