most likely your rootkit killer will put a standard MBR back on the disk, which means you'll get a "missing operating system" on next boot, and will have to do a restore SafeBoot MBR (v5), or decrypt (v6).
I expect the restore MBR feature will make it into a release of EETech in the near future though.
I was thinking but not had a chance to test yet- if i could use a utility to run (while the user was logged into windows) to backup the EEPC MBR and save this on the network, then if i could get this util into something like BartPE along with EETech, would it just be as simple as restoring the appropriate saved MBR back to the machine and hopefully it would recognise everything and boot OK?
Or if i did this - would this cause issues if i had to decrypt anyway- where is the crypt list info stored?
wintech / eetech will capture the MBR for you - it never changes, well, not unless you repartition, or install some new boot code.
The crypt list is somewhere on the drive - the MBR knows where it is though. There's no fixed location.