Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't open any programs except photoshop not even OTL


  • Please log in to reply

#166
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
when I tried to start application virtualizaion it was on manual and it said windows could not start the application virtualization service agent service on local computer. error 1053: the service did not respond to the start of control request in a timely fashion
  • 0

Advertisements


#167
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
interesting I tried net start bfe again and I got this message

the base filtering engine service is starting.
the base filtering engine service could not be started
a systerm arror has occured
system error 5 occured
access is denied
  • 0

#168
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
i got into regedit but saw no + sign
  • 0

#169
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
okay i got it to say the requested service has already been started more help is available by typing net helpmsg 2182
  • 0

#170
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
Is it possible to reformat without a cd?
  • 0

#171
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Reformatting without a CD is only possible if this is something like a Dell where they have a hidden partition. You can of course try a System Restore to the oldest time you have.


IF you are now able to get into regedit we are making progress.

If you find
HKEY_LOCAL_MACHINE

there should be a + in the front which you can press and then you will see several entries below it which should include System which should also have a +. If there is no + then there should be a - which will close it up if you click on it and change it to a +.

Were you able to uninstall

Microsoft Application Virtualization ?

Can you try OTL again?
  • 0

#172
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Just saw that you got BFE started.

I'm thinking this is probably a zeroaccess infection which is sort of hard to cure without combofix or aswMBR but we can try. Let's first check the partitions:

Do the following:
Open a command prompt (elevated if you still have UAC turned on (right click and Run As Admin)
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

From the same Command Prompt:
cd  \

dir  /a  /s  consrv.dll

(It will search your PC for the file consrv.dll
Does it find it? Where?)

dir  /a  \windows\assembly\tmp\U

(Does it find anything?)
  • 0

#173
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
heres the screenshot

Attached Thumbnails

  • sdfsdf.jpg

  • 0

#174
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
it says volume in drive c has no label volume serial number is 7073-a108 the second one said file not found
  • 0

#175
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
See if you can delete the folder C:\Windows\system64

This is part of your ZeroAccess infection.
Were you able to uninstall

Microsoft Application Virtualization ?

Can you try OTL again?

If it still doesn't work, right click on it and select Properties (Have you tried UNBLOCK?) then Security then Click on Administrators and look in the bottom. Is the Full Control checked under Allow?

If not you need to take ownership of the file http://technet.micro...y/cc753659.aspx and edit ti so that it has Full Control checked under Allow. Then try to run it.
  • 0

Advertisements


#176
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
o yes i did unsinstall the visualization thing and system 64 is locked
  • 0

#177
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
o nvm i didn't get rid of it
  • 0

#178
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Can you take ownership of system64?

I'm going to have to go to bed now. Got to catch the early ferry tomorrow. Maliprop should be around for a while.
  • 0

#179
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
says i need admin how do I contact maliprop?
  • 0

#180
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
k system 64 deleted
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP