[draya]

Recently I put a question up about lag and was told this by Phantom010: "Well, perhaps if you had a legitimate copy of Windows XP, you wouldn't be having this problem..." and This log entry says it all. O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll Antiwpa.dll is a prohibited software crack which is used to avoid the Windows’ copy protection. This file to start automatically makes use of the Winlogon Notify key. I DO own a legitimate copy of windows. I bought and still have everything and have even had my copy validated like everyone else in order to get updates from Microsoft. I have owned it for years! Had it validated multiple times, never ever had a problem. I am beyond freaked out by this! Is this a virus? It's old and only came with Service pack 1, which means I have had to download 2, and now 3, from Microsoft every time I have reformatted my comp over the years. I don't have a clue how to crack anything or where I would even get it from. Help??

I just ran, for my own piece of mind, the MGAdiag tool and I do have a genuine copy. I can and will post the transcript if I needed.

[techkid]

You would probably be best to provide the proof at this point.

Doing a search shows that the file, while being a Windows crack, is also classified as part of a rootkit. If you can provide that transcript, it might cast a different light on your situation.

[draya]

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-MJVXG-2YR27-MKG9J
Windows Product Key Hash: MtxulD+GwD5ePqPzpNixPWLZ5xE=
Windows Product ID: 76487-OEM-2242693-51319
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {E66EF059-0689-493C-8D14-8FDA03067D0E}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E66EF059-0689-493C-8D14-8FDA03067D0E}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MKG9J</PKey><PID>76487-OEM-2242693-51319</PID><PIDType>3</PIDType><SID>S-1-5-21-1957994488-1004336348-839522115</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0212 </Version><SMBIOSVersion major="2" minor="5"/><Date>20090116000000.000000+000</Date></BIOS><HWID>3C9E33FF01848078</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B4731799DF39D00</Val><Hash>TE2IkmLeZINNu18+rAJgSV4jzMk=</Hash><Pid>73931-640-1790864-57900</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13D60:ASUSTeK Computer Inc
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

[Lance1]

Of course, the crack fools the WGA test just as it does when accessing the Windows update validation. That diagnostic means nothing.

[flavallee]

techkid/Lance1:

This is the previous thread that draya is referring to:

http://forums.techguy.org/windows-xp...g-startup.html

----------------------------------------------------------------

[JSntgRvr]

Hi, draya

I am very sorry but all indicates your copy of Windows is not legitimate.

While I understand that you may not have been aware of it, I am unable to help you any further on this site. We have a strict policy and adhere to in only helping people who have legitmate copies of Windows. If you feel your copy is legitimate, you will need to contact Microsoft for assistance. Until your system appears legitimate, there is nothing I can do for you at this time.

Thank you for understanding.