[neataznyam]

when I tried to start application virtualizaion it was on manual and it said windows could not start the application virtualization service agent service on local computer. error 1053: the service did not respond to the start of control request in a timely fashion

[neataznyam]

interesting I tried net start bfe again and I got this message

the base filtering engine service is starting.
the base filtering engine service could not be started
a systerm arror has occured
system error 5 occured
access is denied

[neataznyam]

i got into regedit but saw no + sign

[neataznyam]

okay i got it to say the requested service has already been started more help is available by typing net helpmsg 2182

[neataznyam]

Is it possible to reformat without a cd?

[RKinner]

Reformatting without a CD is only possible if this is something like a Dell where they have a hidden partition. You can of course try a System Restore to the oldest time you have.


IF you are now able to get into regedit we are making progress.

If you find
HKEY_LOCAL_MACHINE

there should be a + in the front which you can press and then you will see several entries below it which should include System which should also have a +. If there is no + then there should be a - which will close it up if you click on it and change it to a +.

Were you able to uninstall

Microsoft Application Virtualization ?

Can you try OTL again?

[RKinner]

Just saw that you got BFE started.

I'm thinking this is probably a zeroaccess infection which is sort of hard to cure without combofix or aswMBR but we can try. Let's first check the partitions:

Do the following:
Open a command prompt (elevated if you still have UAC turned on (right click and Run As Admin)
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

From the same Command Prompt:

cd  \

dir  /a  /s  consrv.dll

(It will search your PC for the file consrv.dll
Does it find it? Where?)

dir  /a  \windows\assembly\tmp\U

(Does it find anything?)

[neataznyam]

heres the screenshot

Attached thumbnail(s)

• 

[neataznyam]

it says volume in drive c has no label volume serial number is 7073-a108 the second one said file not found

[RKinner]

See if you can delete the folder C:\Windows\system64

This is part of your ZeroAccess infection.
Were you able to uninstall

Microsoft Application Virtualization ?

Can you try OTL again?

If it still doesn't work, right click on it and select Properties (Have you tried UNBLOCK?) then Security then Click on Administrators and look in the bottom. Is the Full Control checked under Allow?

If not you need to take ownership of the file http://technet.micro...y/cc753659.aspx and edit ti so that it has Full Control checked under Allow. Then try to run it.

[neataznyam]

o yes i did unsinstall the visualization thing and system 64 is locked

[neataznyam]

o nvm i didn't get rid of it

[RKinner]

Can you take ownership of system64?

I'm going to have to go to bed now. Got to catch the early ferry tomorrow. Maliprop should be around for a while.

[neataznyam]

says i need admin how do I contact maliprop?

[neataznyam]

k system 64 deleted