try this
The fix for this problem requires a registry edit to remove a reference to the consrv.dll file that was a virus and was removed. edit registry offline.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems
Under theses keys, edit the data in the Value Name Windows, changing the text consrv to winsrv. This is a long string so just parse through it and make the one change, here is what a good entry looks like:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=
winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
I have bolded the entry that previously said consrv
this was a fix a few years ago for a fake av trojan
source a couple weeks ago:
http://blog.crosbydrive.com/?p=245