Maybe relating my adventure yesterday which wasted the whole day will help someone save some time. I have a teenage family member who brought me a laptop to diagnose. All the desktop icons, all documents, everything on the start menu had disappeared, and instead various errors kept popping up on the screen about hardware failure. As described to me previously on the phone, I thought I was going to be attempting to retrieve data from a dying hard drive for transfer to a new computer, when I got it in my hands and read the actual "error" messages I realized it was instead a nasty malware wanting to sell a "repair" application that would "fix" the "hardware problem." I researched what it was, I forget the exact one, google found it and gave good advice how to get rid of it. Everything was fine. Three days later I get a call, guess what. He brought me the machine, I cleaned it up again and provided a lecture about not clicking on suspicious links. This time it lasted less than 24 hours. It was obvious that something else was going on, he can't be this stupid to keep going to the same infected sites over and over can he? I brought the machine to my office and plugged it in. As soon as it was connected to the network, the phone in my pocket started buzzing. It was receiving notification emails from the router (a Netgear UTM with malware detection) that something was attempting to download malware, specifically configuration instructions for a TDSS rootkit. I spent the day downloading and trying different tools to eliminate this. MalwareBytes found stuff and got rid of it, tdsskiller and aswMBR would not run at all, SuperAntiSpyware got stuck, the other tools I tried pronounced the machine "clean" yet when connected to the network it was still trying to download malware. Obviously not clean. I got to a command prompt and ran netstat -b which revealed that explorer.exe was trying to connect to a bunch of Internet sites. So obviously something is infecting explorer which would be what kept tdsskiller and aswMBR from launching. No matter what I tried, nothing could find or eliminate it, so it must be getting its hooks in very deep in the OS to hide itself. Finally in desperation, I removed the hard drive from the machine, attached a USB to SATA bridge adapter, and plugged it into my Windows 8 machine on my desk. Instantly Defender found a problem in the MBR and eliminated it (it also told me I needed to reboot for it to be clean, a warning that could be safely ignored since this is not the boot device for that machine). Putting the drive back in the laptop, I found it would not boot. This was resolved by booting a Win7 DVD, selecting repair, going to the command prompt, and using diskpart to mark the Windows partiton as active. I then was able to boot the machine and run the various AV tools I had been using to clean up what was left. tdsskiller found the filesystem left over by the rootkit; MalwareBytes found that in tdsskiller's quarantine; SuperAntiSpyware found nothing. Total time to remove and clean up after the rootkit: 20 minutes. Total time spent fighting with it before finding a method that worked: 12 hours. Mental note for next time I have one of these to work on: attaching the drive to another (fully protected and updated) machine is the first thing to try, before any of this trying to fix it natively on the infected system which is actively fighting back.