A good friend told me yesterday that he's been trying to get BT out to fix his router. Unfortunately he was phoned on the weekend by some scammers who claimed they were from BT and he allowed them remote access to his laptop and they downloaded some software. At the point that they asked him to log on to his internet banking he hung up and uninstalled the software.
I urged him to update and run Malwarebytes and SuperAntiSpyware as well as his Avast antivirus.
He's told me that he ran the MalwareBytes scan and it didn't find anything but it then asked him to update it. He did, then it asked him to reboot. He did and upon restart it is asked him for the admin password, he put it in but now can't get it to safe mode or to progress in to windows at all.
So sorry for the delay...but I'm keen to do this today, if anyone can help?
I'm not having any luck with following the advice but I see this on the laptop, there shouldn't be more than one Windows installations, right?
C: is windows as normal
D: recovery windows sets up a small recovery drive when you install, I'm guessing that win 10 was an upgrade from a windows 8 or 8.1 originally on the machine hence the two recovery drives, these are normally hidden.
E: is the DVD drive
Vol 3 is likely to be the system reserve partition where all the boot files are located for win 8 or 10
Vol 4 win RE is where windows puts its tools so you can boot to the recover environment and do things like start up repair, system restore or reset the computer.
Surprised both showing as D: with one hidden but looking again 14GB is too big for the normal win recovery so must be a recovery partition set up for the laptop containing a disk image.
Untill he can get back in windows its hard to tell
I would be tempted to connect laptop to another machine extracted any data required (photos docs emails etc.) then use diskpart to completley wipe the drive and do a freh install from the boot media. That way he can be certain there is no lingering malware, trojans, keyloggers, etc.