Log from RootRepeal scan below:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/22 11:09
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF1896000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B7A000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE508000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7375000 Size: 323584 File Visible: No Signed: -
Status: -
Stealth Objects
-------------------
Object: Hidden Module [Name: System.Drawing.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x05200000 Size: 634880
Object: Hidden Module [Name: System.Transactions.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x04260000 Size: 270336
Object: Hidden Module [Name: Intuit.Spc.Esd.Client.BusinessLogic.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x03e10000 Size: 143360
Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateService.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x00a00000 Size: 36864
Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x00c40000 Size: 28672
Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x00e00000 Size: 61440
Object: Hidden Module [Name: Intuit.Spc.Esd.Client.Common.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x00e40000 Size: 86016
Object: Hidden Module [Name: Intuit.Spc.Esd.Core.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x00ea0000 Size: 258048
Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x00ef0000 Size: 36864
Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.Logging.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x00f10000 Size: 53248
Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.ExceptionHandling.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x00fd0000 Size: 77824
Object: Hidden Module [Name: Intuit.Spc.Foundations.Portability.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x03020000 Size: 471040
Object: Hidden Module [Name: System.configuration.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x03240000 Size: 438272
Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.Config.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x031a0000 Size: 86016
Object: Hidden Module [Name: System.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x034e0000 Size: 3158016
Object: Hidden Module [Name: System.XML.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x032b0000 Size: 2060288
Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Api.Net.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x03c10000 Size: 421888
Object: Hidden Module [Name: Intuit.Spc.Esd.Client.DataAccess.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x03db0000 Size: 135168
Object: Hidden Module [Name: System.Data.SQLite.DLL]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x03e70000 Size: 778240
Object: Hidden Module [Name: System.Data.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x03f30000 Size: 2961408
Object: Hidden Module [Name: Intuit.Spc.Map.Reporter.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x04350000 Size: 479232
Object: Hidden Module [Name: System.EnterpriseServices.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x04510000 Size: 266240
Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x04a60000 Size: 307200
Object: Hidden Module [Name: System.Windows.Forms.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x04cc0000 Size: 5033984
Object: Hidden Module [Name: Intuit.Spc.Map.WindowsFirewallUtilities.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x054f0000 Size: 1077248
Object: Hidden Module [Name: System.ServiceProcess.dll]
Process: IntuitUpdateService.exe (PID: 1896) Address: 0x05480000 Size: 126976
==EOF==