New
#11
Appears links have been removed
Note : MGADIAG from another SP3 issue. Installation does NOT appear to be counterfeit.
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: 0x0 Windows Product Key: *****-*****-CRJWY-4VKBY-DRPDQ Windows Product Key Hash: I4OtA6g1oxH6n5Ijec+vjJDAWh0= Windows Product ID: 00359-OEM-8802145-58989 Windows Product ID Type: 3 Windows License Type: OEM System Builder Windows OS version: 6.1.7601.2.00010300.3.0.003Code:OS Name: Microsoft Windows 7 Home Premium OS Version: 6.1.7601 Service Pack 3 Build 7601 OS Manufacturer: Microsoft Corporation OS Configuration: Standalone Workstation OS Build Type: Multiprocessor Free
My win7 was installed >2 years ago. It never has pagefile problem until now. The recent recovery point is the nvidia experience update on 24 Dec.
With the SP3 thing, I scan my whole system with AVG and found that there is IRP hooks in ...system32\drivers\viaide.sys. AVG is not able to remove it. I checked the file with dir but it was not found. I checked again with attrib and found that the file has hidden and system attrib set, which is different from my other health win7 SP1. Further check other files in the folder, there are 2 more files with same attrib: cmdide.sys and auudaeam.sys. I am not able to replace them even using safe mode, it always said file not found. So I use win7 installation DVD's repair command prompt and successfully replace viaide.sys and cmdide.sys with the ones from health system. But auudaeam.sys is not in my health system so I just rename it to something else.
With these I am able to get my pagefile back. But still my system is "SP3". How can I get rid of this "SP3" thing and what is auudaeam.sys? Please help.
Last edited by senderj; 30 Dec 2013 at 21:00. Reason: wordings
Upload auudaeam.sys to these two sites for scanning, then post back the reports please:
https://www.metascan-online.com/
https://www.virustotal.com/
Once you have done the above, I would suggest running this rootkit scanner (IRP hooks are usually associated with rootkit activity):
http://www.bleepingcomputer.com/download/tdsskiller/
If you have a valid Windows 7 activation key, I would download the proper iso for your key, and re install windows.
As everyone has stated, there is no such thing as Windows 7 with service pack 3.
And please fill in your system specs.
Thank you for all the replies.
@Golden, I've uploaded auudaeam.sys and other .sys to the two sites and scanned without any findings. tdsskiller didn't find anything also. But this is after my replacement fix.
My pagefile is back and I can use my system as usual now. But then I found that there are some other .sys file became "hidden" and "system". This time it is atapi.sys and dgacblxd.sys. I repeated what I had done before, replace atapi.sys from health system. But I couldn't find dgacblxd.sys. Renaming it causing system unable to reboot. Finally I have to boot my expired win8 vhd to rename it back (luckly it won't take an hour). So my problem is still there. I found a rootkit scanner called GMER. I scan my health system without any finding as expected. I then scan my problem system which has the atapi.sys replaced with the one from health system. Surprisingly, it alerted at atapi.sys with IRP! So I don't know what I can do next. Please help.
@Britten30, on the "SP3", I didn't download anything from Softonic or other unofficial sites. If I did, I should have a file in my download folder as I always did for tracing. But anyway, I was hit and I still didn't find any info regarding its removal.
@AddRAM, don't understand why an iso with the activation code would help.
One more question, I assume the sysinfo software in #2 can upload my sys info to this site. But it said SP3 when I run it. So if I upload now, will it says SP3 instead of SP1?
My thoughts.
I don't want to see downloads from Facebook. Any thing can be altered.
I know this would work better.
By Brink?
Windows Genuine and Activation Issue Posting Instructions
Anything that could change SP-1 to SP-3 could of changed anything in the MGADiag report or any place else in the system.
ADDRAM suggestion in post # 17 is a excellent idea and then another MGADiag report.
The first report would give are experts a chance to maybe learn what is going on and the second report would let senderj know that their is a nice new clean and legal system to work with.
I've run the MGADIAG and the report is pretty much same as #13, with the "3". So even MS software couldn't tell the SP3 problem. What can I do about it? Is it the cause of the modified sys files of my system?
Regarding #17, I am not sure if I should disclose my activation key. Is it supposed to be kept confidential? I have the dvd and the key, so I don't need another one for re-installation. I know re-installing can eliminate the problem, but thinking of re-installing all the software I would put it as last resort, unless you tell me that I am hopeless now and re-installing is the only way. Otherwise I would continue to hunt for removal of the rootkit. Thanks.