Interesting,    it couyld have been that Combofix was removing the driver that caused the BSOD, But combofix still wasn't finished

Have the error messages still gone the globalroot ones??

Quads

Not a single one since this boot. Norton 360 still won’t scan remember though and it detected Packed.Generic.238 before I managed to turn the Firewall and Anti-Virus on. Oh and I have the browser hijacks too.

OK  

I had someone on the forum who couldn't Run Norton Until we managed to remove the Rootkits registry entries, but that's further down the track.

Here is the Creators website should have the most up to date copy of Combofix to use with the script. http://www.combofix.org/

Delete the old copy first.

Quads 

*sigh*

I re-booted and was plagued by randomletters.dll again, and in the bottom right Norton alerted me that it had detected Trojan Horse again. After literally clicking through dozens of them I got the new Combofix download and dropped the script onto it only to be plagued again. This time it didn't crash but told me it couldn't find the file. I left the room to go to the toilet and came back to find the PC rebooting...

Should I be doing Combofix in safe mode?

Message moved to a new thread for better exposure

I would attach but it isn't doing anything for me. I spam through hundreds of, 'globalroot\systemroot\system32\geyekrxaevbvtm.dll is either not designed to run on Windows or it contains an error....' only for Combofix to not find the specified file and then for me to bluescreen.

What's most annoying is that I thought we were getting somewhere but seemingly I'm back at square one again.

No

go to the run feature and type this  Combofix /u doing  combofix in safe mode could cause more problems.

Quads 

Sorry. Can you reexplain what you want me to do?

In the Run box like when you type msconfig.

BUT this time type combofix /u

I will keep looking into this 

Quads 

OK. Combofix uninstalled. Gave me this message in command prompt:

"grep: conflicting matchers specified

Killing '*.cf.exe'

Killing 'NIRCMD.exe'

1 files(s) copied."

---

Any insight into what is going wrong?

Hi

been searching the web, can't find stuff all (nothing) on these files anywhere.

Try http://homepages.slingshot.co.nz/~crutches/SysProt/  you have to disable auto protect before starting the program and scanning 

When starting the program, go to the "Report" tab and with boxes selected for areas,  scan 

Quads 

Seems like I’ve managed to get my computer infected with a relatively new rootkit?

Yeah you are not kidding, it's just a matter of trying to find the way to start pulling it apart.

there are 3 of you on this forum and one other on Bleeping PC (only 2 messages) that I have found so far.

Quads 

Well here is the latest log you requested:

Yay, sort of that has at least given me the likes of the service name, files etc.,  Now I just have to figure the correct order to disable remove blah blah

Quads

Did any process show up in RED in the processes tab??

Quads 

In the processes tab - no, but in the Kernal Modules the randomletters.dll shows up in red and as hidden there i.e. the one that keeps spamming me.

---

Just FYI I did another MalwareBytes scan and it didn't find anything.

Ok

1. Click on the RED  "\systemroot\system32\drivers\geyekrerbtrckm.sys" 

2. Click  the "Disable" button

3. The PC will have to be restarted for the changes to be made

When you scan again it will show again due to the 2 .dll files not just 1 .dll

So do step 1 - 3 again.

Quads 

OK done. No randomletters.dll spam on either of these boots. Browser seems to be unhijacked also.

More importantly however is Norton's behaviour. I attempted a scan and it appeared to work. After pausing on the asterisk for a minute, the number of scanned files increased, however instead of it doing its usual logical workthrough of the C: drive followed by the E: drive, it just attempted to check for common malware. The file names were all the names of common worms and viruses I recognised. VBS.Runauto, Backdoor.Tidserv, Backdoor.Rustock.A etc. Is this the correct behaviour?

Have we more to do or should I attempt to run a full Norton and MalwareBytes scan?

Hang on Not finished yet.

1. Create a new folder on your desktop,

then

2. Go into "My Computer" and change the folder options to "show hidden files and folder" and " Show protected System Files". Click Apply.

3.   Look for these files

C:\Windows\System32\drivers\geyekrerbtrckm.sys

C:\Windows\System32\geyekrjmubuyps.dat

C:\Windows\System32\geyekrovpvkrie.dat

C:\Windows\System32\geyekrxaevbvtm.dll

C:\Windows\System32\geyekrypnciyfw.dll

C:\Windows\Temp\geyekrdnbmvtxnvs.tmp

C:\Windows\Temp\geyekreuqqjkcins.tmp

Move those files into the new folder. 

Quads