SVChost.exe

I can find nothing that could cause a problem.. Logs look clean..

What problems do you have now and what's it doing?


Let's check for a rootkit:

Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
• Your machine may appear very slow and unusable after that - it's normal.
• TDSSKiller will run automaticaly. Click on Change parameters and click OK.
• Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  If Cure is not available, please choose Skip instead.
• Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

 

I have to apologize. I had not removed MBAM when I did that scan. I am scanning again. So sorry to have wasted your time with that.

 

Results after MBAM removal.

 

It's still showing my windows as not genuine. What may have happened there?

 

???? You had a ton of malware and I reset your browsers to default. If, and I say, IF your windows was not genuine and had a bypass in the MBR to skip the Genuine check, it may have been removed. That's all I can think of
I see you removed AVG, you need to install a AV.. I'll get some sleep and maybe I can come up with something. Heather had the same problem last year, what did she do???

 

I don't know. I'll check with her in the morning. I looked down and MBAM was still on my task bar. I went in and checked, it was still there, so I deleted it (uninstalled). These are after I made sure it was gone. Am I supposed to re-install it, or no?

 

Here they are. Forgot to attatch.

 

How to Make Windows 7 Genuine Using Command Prompt : Steps to Follow

• • First of all You need to Open Cmd ( Command Prompt ) as an Administrator. To Open it as an Administrator Type cmd in Start-menu Search box and then Right Click on the Cmd.exe at the top of Start-menu page and Select Run as Administrator.

• Now Type the Command SLMGR -REARM in cmd as Shown below in the Image
• note: a space is before the " -"(dash)
  
  

Press <Enter> and Wait For Few Seconds.

• Next a Message Dialog Box Will open Specifying Command ‘ Completed Successfully.Please Restart the system for the Changes to Take effect ‘ as Shown below in the Image

• Restart Your Computer and You are all done.Now You are Free of the Error ‘Windows 7 is Not Genuine’

Note - You Must Run Command Prompt as an Administrator Else this Method Will Not Work....

 

Ran as Administrator and got this message:

Windows Script Host
On a computer running Microsoft Windows non-core edition, run 'slui.exe
0xC004FE00' to display the error text.
Error: 0xC004FE00

 

Strange.....

Press the + R on your keyboard at the same time. Type slui.exe in the run box and click OK.

This is Windows Activation and should verify that your copy of Windows is Genuine...

Let me know.

2oG

 

This is what I get. The same notice I get when it takes my themes away. It changes my background color to black and has the "Windows is not genuine" in the lower right corner. I see, on top, where it says "A change occured to your Windows license file". Does this mean, something I did has corrupted my file? If so, I'm sunk. I have no idea where the disk is for this. It was 5 years ago and I moved since the comp build. My boys helped me build this and have no idea what happened to the disk, either.

 

Alryss, don't do anything drastic just yet, I'm doing some research and hopefully can come up with a plan..... Don't get your hopes too high but we'll see what can be done...

After cleaning your computer on Sept 2 everything was looking good with the exception of the MBAM program you had that concerned me because it had all the ear marks of being a cracked program..
Then a week later you said this:

Alryss, I have no doubt that your Windows was a legal version and this cracked mbam removed your product key...

After cleaning, I had you run DelFix and it removed the old restore points and set a new one. It also used ERUNT to make a registry backup at that moment, before the product key had been removed.. My fingers are crossed in hopes that one of these backups will be able to restore the product key....

First -
The latest FRST Log only shows 3 restore points, it sometimes does not show all of them, so please check the System Restore points to see if you have one dated 02-09-2014 or 03-09-2014, depending on our time zone difference, and let me know??? You may need to check the 'Show more restore points' option..

This is all I show:

Second -
Please goto - C:\Windows\ERUNT\DelFix and locate the file ERDNT.exe
Don't do anything with it, just let me know if it's there?????


hang in there
2oG

 

Ok. I looked in system restore and only see a 09/2014. Is this where I am supposed be looking? If not, where do I find the information needed?

 

And what is the other option???

 

Yes, EDENT.exe is in the folder under the JRT folder.

 

There should also be a DelFix folder. That's the one I'm looking for.

 

Sorry, Alryss, I think I misunderstood. There is most likely a JRT folder with a ERDNT.exe in it... But I am looking for a DelFix folder with a ERDNT.exe file in it....... You got one?????

 

Sorry, ERDENT.exe. I hit the wrong key. lol

 

I don't see a DelFix file in there, at all.