no pagefile problem

Golden · 30 Dec 2013

Appears links have been removed

Britton30 · 30 Dec 2013

Softonic has been seen in other scams too.

Golden · 30 Dec 2013

Note : MGADIAG from another SP3 issue. Installation does NOT appear to be counterfeit.

Code:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-CRJWY-4VKBY-DRPDQ
Windows Product Key Hash: I4OtA6g1oxH6n5Ijec+vjJDAWh0=
Windows Product ID: 00359-OEM-8802145-58989
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.3.0.003

Code:

OS Name:                   Microsoft Windows 7 Home Premium 
OS Version:                6.1.7601 Service Pack 3 Build 7601
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free

Britton30 · 30 Dec 2013

The build number is 7601 as mine is for SP1.

senderj · 30 Dec 2013

My win7 was installed >2 years ago. It never has pagefile problem until now. The recent recovery point is the nvidia experience update on 24 Dec.

With the SP3 thing, I scan my whole system with AVG and found that there is IRP hooks in ...system32\drivers\viaide.sys. AVG is not able to remove it. I checked the file with dir but it was not found. I checked again with attrib and found that the file has hidden and system attrib set, which is different from my other health win7 SP1. Further check other files in the folder, there are 2 more files with same attrib: cmdide.sys and auudaeam.sys. I am not able to replace them even using safe mode, it always said file not found. So I use win7 installation DVD's repair command prompt and successfully replace viaide.sys and cmdide.sys with the ones from health system. But auudaeam.sys is not in my health system so I just rename it to something else.

With these I am able to get my pagefile back. But still my system is "SP3". How can I get rid of this "SP3" thing and what is auudaeam.sys? Please help.

Golden · 30 Dec 2013

Upload auudaeam.sys to these two sites for scanning, then post back the reports please:

https://www.metascan-online.com/
https://www.virustotal.com/

Once you have done the above, I would suggest running this rootkit scanner (IRP hooks are usually associated with rootkit activity):

http://www.bleepingcomputer.com/download/tdsskiller/

AddRAM · 30 Dec 2013

If you have a valid Windows 7 activation key, I would download the proper iso for your key, and re install windows.

As everyone has stated, there is no such thing as Windows 7 with service pack 3.

And please fill in your system specs.

senderj · 01 Jan 2014

Thank you for all the replies.

@Golden, I've uploaded auudaeam.sys and other .sys to the two sites and scanned without any findings. tdsskiller didn't find anything also. But this is after my replacement fix.

My pagefile is back and I can use my system as usual now. But then I found that there are some other .sys file became "hidden" and "system". This time it is atapi.sys and dgacblxd.sys. I repeated what I had done before, replace atapi.sys from health system. But I couldn't find dgacblxd.sys. Renaming it causing system unable to reboot. Finally I have to boot my expired win8 vhd to rename it back (luckly it won't take an hour). So my problem is still there. I found a rootkit scanner called GMER. I scan my health system without any finding as expected. I then scan my problem system which has the atapi.sys replaced with the one from health system. Surprisingly, it alerted at atapi.sys with IRP! So I don't know what I can do next. Please help.

@Britten30, on the "SP3", I didn't download anything from Softonic or other unofficial sites. If I did, I should have a file in my download folder as I always did for tracing. But anyway, I was hit and I still didn't find any info regarding its removal.

@AddRAM, don't understand why an iso with the activation code would help.

One more question, I assume the sysinfo software in #2 can upload my sys info to this site. But it said SP3 when I run it. So if I upload now, will it says SP3 instead of SP1?

Layback Bear · 01 Jan 2014

My thoughts.
I don't want to see downloads from Facebook. Any thing can be altered.
I know this would work better.
By Brink?

Windows Genuine and Activation Issue Posting Instructions

Anything that could change SP-1 to SP-3 could of changed anything in the MGADiag report or any place else in the system.

ADDRAM suggestion in post # 17 is a excellent idea and then another MGADiag report.

The first report would give are experts a chance to maybe learn what is going on and the second report would let senderj know that their is a nice new clean and legal system to work with.

senderj · 02 Jan 2014

I've run the MGADIAG and the report is pretty much same as #13, with the "3". So even MS software couldn't tell the SP3 problem. What can I do about it? Is it the cause of the modified sys files of my system?

Regarding #17, I am not sure if I should disclose my activation key. Is it supposed to be kept confidential? I have the dvd and the key, so I don't need another one for re-installation. I know re-installing can eliminate the problem, but thinking of re-installing all the software I would put it as last resort, unless you tell me that I am hopeless now and re-installing is the only way. Otherwise I would continue to hunt for removal of the rootkit. Thanks.