+1 on the Sandboxie. I like the concept, surprised OS developers never conceptualized it.
I'm actually boning up on rootkits and tooling, after a sweet attack by a "Toolbar". What a bear that thing was... or should I say, IS... Its an unsolicited installer too, weeee.... Good times indeed.
As it turns out the newest variant of the "Babylon Toolbar" entrenches itself in your NTUSER.DAT. Little ******* wouldn't stay dead, came back at each reboot, and just as strong as ever. Don't bother trying to restore registry backups while your OS is online, it'll eventually eat up all your good backups...
I had to drop my NTUSER.DAT cold, and bring in a fresh copy. Meaning all done via live disk, and with the OS "Completely offline". At the same time, I did a thorough cleaning of my system files. And walla, here I am... I haven't even brought my raid storage back online yet... lol...
While I'm thinking of it, ERUNT
. Get it, and let it run every boot! You should even forget about it like I did. In all seriousness, this application was compiled back in 05, in our world of IT that's practically an antique. But what a life saver. And yes its happy as a clam on x64 systems. My current being a heavily modded Server 08 R2 package, x64 of coursee, and ERUNT just save my ass! Oh, and did I mention how I had just wiped my restore points prior to my infection. I was so glad I did that, wow... Good job fella!
Like I said "weeeeee...."