C:\Windows\Temp\geyekreuqqjkcins.tmp isn’t there. I have the other six moved into the new folder on my desktop but this one isn’t there, despite showing hidden files and not hiding protected operating system files.

That's OK

Now right click the folder with the files and .zip it (compress)

then Upload it to http://rapidshare.com/index.html

Then Personal Message (yellow envelope) me the Link so I can download the folder.

Now run a Full scan with Malwarebytes

Quads 

OK, message sent and now beginning the scan. I’ll run N360 too.

Ok, Now as to Norton and your query.

Even with a Full Scan it starts off with looking for the common infections I suppose you would call it, then go through the HD

Another program we use and is hand is "SuperAntispyware Free.

Now I know the name if the service that the rootkit was under I will create a script for Avenger to get any left over Controlset registry entries if you like.

Quads 

Sorry - I fell asleep :D

----

If you could create the Avenger script for me when you get an opportuinity that would be awsome. I'll check out Super Antispyware Free also.

But other than that is my computer free from the rootkit now? At a first glance it seems to be 'OK'. At least it has no abnormal behaviour anymore, but whether anything is lingering is another matter. The 360 scan was clean apart from a few tarcing cookies and I'm running the MalwareBytes now.

Is it likely the rootkit and trojan have done any lasting damage to my system or any files?

Hi TMdaines:

As long as things are working normally, you should be fine.  The symptoms have been pretty severe and usually lead to a reformatting when the system is damaged during a rootkit removal.  We have seen a couple, where the user used somebody else's script to do their own repair, or followed other advice, that was more damaging to the system.  

Quads hasn't lost a user's operating system yet.  That's why we leave these to him.

Thanks for going through it all.  It will help those coming behind you.

It should be me who is thankful. Without the likes of yourself and Quads I would have had no clue about how to clear this problem. I’m extremely grateful towards the pair of you, and especially towards Quads who spent literally a dozen hours with me trying to sort this. Hopefully now he has solved the problem with this newer rootkit once, it should now be easier to cure other users of this same rootkit. Just need the Avenger script for the registry then I’m all tidied up it seems.

Hi

The Avenger script

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\geyekrqvfdpxii

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\geyekrqvfdpxii

OK I've ran it and attached the log just to check that it worked as intended.

Is that everything I need to do then? Presumably I have little use for most of these apps I have downloaded to help with the rootkit removal so I can either happily remove them or just archive them for a later time?

No, it got the 2 registry entries, I intended it to.

I suggest using SuperAntispyware Free, Malwarebytes and Norton for scans over the next week or so to make sure nothing else tries to get in. Due to the rootkit being there.

You can reemove / delete sysprot, Avenger, GMER, Rootrepeal.  etc though

Good luck.

Quads