MBR:\\.\PHYSICALDRIVE0\Partition4

[BTS]

On the "select your operating system" step, it is blank. There is nothing to select.

[essexboy]

Nickers.. The malware is getting smarter...  OK can you burn a CD and we will do it the old way

I need you to download:
gparted-live-0.10.0-3.iso (115.1 MB) 

Create a bootable CD, for Gparted from the ISO image.

You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.
 
You should be here... Press ENTER



By default, "do not touch keymap" is highlighted.



 Leave this setting alone and just press ENTER.



Choose your language and press ENTER. English is default [33]

At the mode prompt enter 0,  press ENTER 

You will now be taken to the main GUI screen below



According to your logs, the partition that you want to delete is <1MB

Right click this partition and select delete .



The Partition has gone

Now select Apply

Now you should be here:



Select Apply after double checking that the right partition was deleted

Is "boot" next to your OS drive? 
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags 


In the menu that pops up, place a checkmark in boot like the picture below, then close :

 


Under File select Quit


You will see this small Popup




Choose reboot and then press OK.

[BTS]

Ok, just did all those steps

One thing worrying me I, before this virus, I had about 11 free gb's of hard drive space. After, I have about 99 free gigs.
I'm a photographer, so I know pretty much all of those gigs are from my photos, and it appears that they are all still there. Not sure where 90 or so gigs would have gone without losing any pictures.

[essexboy]

Reboot to normal mode please and I will check it out

• Download RogueKiller  and save it on your desktop. 
  
• Quit all programs
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ... 
•     Click on Scan

   
 

• Wait for the end of the scan. 
• The report has been created on the desktop. 
• Click on the Delete button.

     

• The report has been created on the desktop.

• Next click on the ShortcutsFix   
  
  
• The report has been created on the desktop.

Please post:    All RKreport.txt text files located on your desktop.

[BTS]

Here are the logs from RogueKiller

[essexboy]

My pictures: Success 6530 / Fail 0
My music: Success 188 / Fail 0

Are they back now ?

[BTS]

My pictures and music were always still there. That's why I was confused how it was telling me I had an extra 90 gigs. Does it seem I am virus free now? Should I do another avast full system scan?

[essexboy]

Yes run another Avast quick scan.  But, the bad partition is now history 

Once Avast has scanned could you run a quick OTL scan selecting all users please and I will then do a confirmatory analysis

[BTS]

Avast scan came back with no infected files.  Here is my OTL log

Side note...  Since the virus, every time I log in, I get this message now at start up.

Windows Defender:
Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start service, restart your computer or search Help and Support for how to start a service manually.

[essexboy]

Could you retry defender after this reboot

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  IE - HKU\S-1-5-21-3893750031-430444558-3952395772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
  
  :Files
  ipconfig /flushdns /c
  ipconfig /release /c
  ipconfig /renew /c
  sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

[BTS]

Here are the logs

[essexboy]

Is defender working now ?

Any further problems

[BTS]

Still gave me the same error after I restarted.

[essexboy]

OK next trick..... 

First type in the start box services.msc
Click services that appears
Locate windows defender, then stop and start the service

Next:
1. Click Start, type "cmd" (without quotation marks) in the Start Search box. Right-click CMD listed above and click "Run as administrator".
 
2. In Command Prompt, type in the following and press ENTER at each command:
 
regsvr32  atl.dll
regsvr32  wuapi.dll
regsvr32  softpub.dll
regsvr32  mssip32.dll
 

[BTS]

When I go to Windows Defender in Services, the only option is "Start the service". When I click start, I get:

Windows could not start the Windows Defender service on Local Computer. Error 126: The specific module could not be found.