Download aswMBR to your desktop.
Double Right click the aswMBR.exe icon and select "run as Admin"
For the question: Would you like to download latest Avast! virus definitions?" Click YES to download the additional files..then
Click the "Scan" button to start scan.
Once the scan is done click the"Save log", save it to your desktop and post it in your next reply.
Right click on TDSSKiller.exe and chose "run as admin" , then click on Change parameters.
Put a checkmark beside loaded modules box.
A reboot will be needed to apply the changes. Please reboot at the prompt to apply the change.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.
okay, I've pasted the two log files below. It did get stuck when rebooting after the Tdsskiller scan. It just kept saying "shutting down" for about 10 minutes, so I just forced the shut down and then rebooted.
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-13 10:28:20
-----------------------------
10:28:20.181 OS Version: Windows x64 6.1.7601 Service Pack 1
10:28:20.181 Number of processors: 4 586 0x2A07
10:28:20.181 ComputerName: DEC-PC UserName: Dec
10:28:43.159 Initialize success
10:35:13.395 AVAST engine defs: 13071300
10:36:05.311 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:36:05.311 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
10:36:05.327 Device \Driver\iaStor -> MajorFunction fffffa8007de35e8
10:36:05.327 Disk 0 MBR read successfully
10:36:05.327 Disk 0 MBR scan
10:36:05.343 Disk 0 Windows 7 default MBR code
10:36:05.358 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
10:36:05.358 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
10:36:05.389 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
10:36:05.452 Disk 0 scanning C:\windows\system32\drivers
10:36:19.897 Service scanning
10:36:46.620 Modules scanning
10:36:46.636 Disk 0 trace - called modules:
10:36:46.651 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007de35e8]<<
10:36:46.651 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005bce060]
10:36:46.651 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8005906e40]
10:36:46.651 5 ACPI.sys[fffff88000f7b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800590a050]
10:36:46.667 \Driver\iaStor[0xfffffa8005ad9e70] -> IRP_MJ_CREATE -> 0xfffffa8007de35e8
10:36:48.789 AVAST engine scan C:\windows
10:36:53.469 AVAST engine scan C:\windows\system32
10:40:13.461 AVAST engine scan C:\windows\system32\drivers
10:40:29.326 AVAST engine scan C:\Users\Dec
10:42:19.416 Disk 0 MBR has been saved successfully to "C:\Users\Dec\Desktop\MBR.dat"
10:42:19.431 The log file has been saved successfully to "C:\Users\Dec\Desktop\aswMBR.txt"
okay, I re-ran and when it finished it only showed two of three files you noted above, so I told it delete the TDSS File System and Cure the Rootkit.boot.phar.c. It then asked me to reboot and I did and tdsskiller started to run again on re-start, so I did and this time there was one more TDSS File System, so I told it to delete.
I've attached both logs.
Also on reboot right now it keeps prompt me to allow Microsoft Windows Mailicious Software Removal to run, should I allow this?
Go ahead and run it. you can also start it by Start>Run> mrt.exe
Now for the bad news. You had a rootkit. Really, you can assume somebody has been all over the machine. Passwords, personal data, financial data could have been compromised. Tdsskiller has removed it. You should also consider reformatting the HD and reinstalling Windows.
Just for good measure run Tdsskiller once more like you did. The references should be gone. You can also update and run your AV and Malwarebytes.