[BrianDrab]

Excellent! Now let's cripple this malware. Before we do, please confirm that everything is as before. Meaning Malwarebytes doesn't open, AVG doesn't run, etc.

 

Thanks.

[Advertisements]

Excellent! Now let's cripple this malware. Before we do, please confirm that everything is as before. Meaning Malwarebytes doesn't open, AVG doesn't run, etc.

 

Thanks.

Brian,

 

Programs like Malwarebytes were removed during this process.

 

Though, I tried RKill and it wouldn't startup again.

 

It may not matter, but come to think of it, all this junk happened on or about the day I finally downloaded an Adobe update (Flash Player 18 Active X) that popped on my start up screen every day...

Edited by carolinachris, 09 September 2015 - 09:29 AM.

[carolinachris]

Excellent! Now let's cripple this malware. Before we do, please confirm that everything is as before. Meaning Malwarebytes doesn't open, AVG doesn't run, etc.

 

Thanks.

Brian,

 

Programs like Malwarebytes were removed during this process.

 

Though, I tried RKill and it wouldn't startup again.

 

It may not matter, but come to think of it, all this junk happened on or about the day I finally downloaded an Adobe update (Flash Player 18 Active X) that popped on my start up screen every day...

Edited by carolinachris, 09 September 2015 - 09:29 AM.

[BrianDrab]

Thanks for the info. I wouldn't be surprised if it came from a fake Adobe update. Please do the following.

 

Retrieve Disk/Partition Info

1. Click your Start button and then Right-Click on Computer and select Manage
2. Select Storage -> Disk management.

3. On the bottom half of the screen can you tell me what each partition shows? If you know how to take a screen shot, you can do this as well and attach which will be helpful. As an example, a VM I have shows the following.

Disk 0

System Reserved

100 MB NTFS

Health (System, Active, Primary Partition)

 

(C:)

59.90 GB NTFS

Healthy (Boot, Page File, Crash Dump, Primary Partition)

 

Thank you so much.

 

[carolinachris]

Brian,

 

Retrieve Disk/Partition Info:

 

Attached is the screenshot...

Attached Thumbnails

• 

[BrianDrab]

Next Step...

 

Prepare for New System Partition

1. Go back to Disk Management.

2. Right-click on the (D:) partition and select Shrink Volume...

3. In the Enter the amount of space to shrink in MB box, type 450 and click the Shrink button.

 

Let me know if this is successful.

[carolinachris]

Brian,

 

I have no idea if it was successful, but I have attached a screenshot for you:

Attached Thumbnails

• 

[BrianDrab]

Yes, it was successful. Now, please proceed with the following. If you have any issues with any step, please stop and ask.

 

Move Boot Files to the bigger Volume

1. Click your Start button and type cmd in the search box. Right-click on cmd that comes up in the results and select Run as administrator. Answer Yes to the UAC prompt if it appears.

2. Type or copy/paste the following lines one at a time and hit enter after each. If you get an error or anything unexpected when doing any one of the lines please stop and let me know.

diskpart

select disk 0                            << there is a space after the word select and after the word disk

create partition primary           << there is a space after the word create and after the word partition

format FS=NTFS LABEL="SYSTEM" QUICK      << there is a space after the word format and before the word quick

assign letter z     << there is a space after the word assign and after the word letter

active

exit

BCDBOOT C:\WINDOWS /S Z:       <<there is a space after the word BCDBOOT, before the /S and before the letter Z

 

3. After you do the last line from above it should say the following in the command prompt window.

Boot files successfully created.

 

4. Also, in Disk Management, the Z: partition should show Healthy (Active, Primary Partition).

 

5. If all this is correct, please reboot your machine. Let me know when this is complete. Things should begin to work once this is complete.

[carolinachris]

Brian,

 

Move Boot Files to the bigger Volume

 

1.  C:\windows\system32\diskpart

     Microsoft DiskPart version 6.1.7601

     Copyright © 1999-2008 Microsoft Corporation.

     On computer: ADAMS-PC

2.  DISKPART> select disk 0

     Disc 0 is now the selected disk

3.  DISKPART> create partition primary   

     No usable free extent could be found. It may be that there is insufficient

     free space to create a partition at the specified size and offset. Specify

     different size and offset values or don't specify either to create the

     maximum sized partition. It may be that the disc is partitioned using the MBR di

     sk

     partitioning format and the disc contains either 4 primary partitions, (no 

     more partitions may be created), or 3 primary partitions and one extended

     partition, (only logical drives may be created).

     DISKPART>

 

Should I continue at this point or was that output not correct?

Edited by carolinachris, 10 September 2015 - 09:34 AM.

[BrianDrab]

Don't continue with the steps. That's not expected.

 

Please type the following instead and let me know what the output is.

 

list disk

[BrianDrab]

Looks like you already have four primary partitions which is the limit in Windows. So this will be a little tricky. I see that you have a D:\ drive but it doesn't appear that anything is on this drive. Is that correct?

[carolinachris]

Don't continue with the steps. That's not expected.

 

Please type the following instead and let me know what the output is.

 

list disk

Brian,

 

Here is the output from "list disk":

 

Disk ###           Status         Size             Free          Dyn          Gpt

------------             --------         ------            -------         ------         -----

* Disk 0             Online       465 GB           0B

 

DISKPART>

Edited by carolinachris, 10 September 2015 - 10:01 AM.

[carolinachris]

Looks like you already have four primary partitions which is the limit in Windows. So this will be a little tricky. I see that you have a D:\ drive but it doesn't appear that anything is on this drive. Is that correct?

Brian,

 

I am not qualified to answer that with certainty and refer you to my previous post, "Retrieve Disk/Partition Info:...with screenshot...

Edited by carolinachris, 10 September 2015 - 10:03 AM.

[BrianDrab]

No problem. Let's find out.

 

1. Type exit and hit enter to get out of the DiskPart utility.

2. Type d: and hit enter.   <---that's the letter d and a colon

3. Copy/Paste the following into the command-prompt window and hit enter.

ATTRIB > 1 && DIR >>1 && NOTEPAD 1

4. Notepad will open with some information in it. Please paste this into your next reply.

[carolinachris]

Brian,

 

Attached is the output text from:

ATTRIB > 1 && DIR >>1 && NOTEPAD 1 

Attached Files

•  Attrib1.txt   2.31KB   259 downloads

[BrianDrab]

Confirmed. There's nothing necessary on the D: drive. Please do the following.

 

Delete D: Partition

1. Go back to Disk Management.

2. Right-click on the (D:) partition and select Delete Volume...Go ahead and delete.

3. Provide a screen shot of what Disk Management now looks like after this is complete.

 

Let me know if this is successful.