1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: WINDOWS\system32\antiwpa.dll how to remove

Discussion in 'Windows XP' started by mila863, Mar 27, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. mila863

    mila863 Thread Starter

    Joined:
    Mar 27, 2010
    Messages:
    11
    malwarebytes log C:\WINDOWS\system32\antiwpa.dll I have a genuine windows , but was serviced two weeks ago , after scanned i found this . I dont know what to do.

    Please excuse my English language, I am better in spanish but i tried. thanks a lot
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,507
    First Name:
    Frank
    Did you update the definition files in Malwarebytes Anti-Malware before you ran a scan with it?

    Once the scan is finished, you should select and remove EVERYTHING it finds. Restart your computer to complete the removal process if you're prompted to.

    Copy-and-paste the scan log here so we can look at it.

    Also post a HijackThis log here so we can look at it.

    ------------------------------------------------------------------

    Some reading about C:\Windows\System32\antiwpa.dll :rolleyes:

    ------------------------------------------------------------------
     
  3. mila863

    mila863 Thread Starter

    Joined:
    Mar 27, 2010
    Messages:
    11
    Malwarebytes' Anti-Malware 1.44
    Versión de la Base de Datos: 3921
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    27/03/2010 05:27:25 p.m.
    mbam-log-2010-03-27 (17-27-25).txt

    Tipo de examen : Examen Completo (C:\|D:\|)
    Objetos examinados: 444395
    Tiempo transcurrido: 4 hour(s), 26 minute(s), 53 second(s)

    Procesos en Memoria Infectados: 0
    Módulos en Memoria Infectados: 1
    Claves del Registro Infectadas: 4
    Valores del Registro Infectados: 0
    Elementos de Datos del Registro Infectados: 0
    Carpetas Infectadas: 0
    Ficheros Infectados: 2

    Procesos en Memoria Infectados:
    (No se han detectado elementos maliciosos)

    Módulos en Memoria Infectados:
    C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

    Claves del Registro Infectadas:
    HKEY_CLASSES_ROOT\TypeLib\{661e32fd-a5f0-49bc-96cc-d872fe10a7dc} (AdWare.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3296405e-e08f-4442-801e-3dcd2c6aa82c} (AdWare.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.

    Valores del Registro Infectados:
    (No se han detectado elementos maliciosos)

    Elementos de Datos del Registro Infectados:
    (No se han detectado elementos maliciosos)

    Carpetas Infectadas:
    (No se han detectado elementos maliciosos)

    Ficheros Infectados:
    C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.



    i dont have hijack this. thanks
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,507
    First Name:
    Frank
    Did you restart your computer to complete the removal process? If you didn't, do so.

    Start Malwarebytes and then run another scan. A quick scan will do. A full scan isn't needed, and it takes too long. After it's done, post that new scan log here.

    ----------------------------------------------------------------

    I previously provided you with a link to download HijackThis. Click the green icon at the site to download and save it. Don't install it yet.

    ---------------------------------------------------------------
     
  5. mila863

    mila863 Thread Starter

    Joined:
    Mar 27, 2010
    Messages:
    11
    i didnt complete the removal process ,only remove some of the threats . i want to know if i complete the process , it will affect the system ? because i read in other page something that said if remove it then i need to use the windows key to validate it when startup .
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,507
    First Name:
    Frank
    I'm curious about what made you run a scan with Malwarebytes Anti-Malware in the first place.

    And I'm getting the impression that you don't have a legal 25-digit product key to validate XP.

    ---------------------------------------------------------------
     
  7. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,854
    First Name:
    Rob
    Please download the Microsoft Genuine Check from Microsoft: http://go.microsoft.com/fwlink/?linkid=52012
    Then run it, click Continue to do the diagnostics, once the result is displayed click Copy to copy it the Clipboard. Then right click and paste the result into your next post.
     
  8. mila863

    mila863 Thread Starter

    Joined:
    Mar 27, 2010
    Messages:
    11
    yes i have my product key if its the windows label that came in the computer case, i have it. I am new in this computer world. My concer its if i need to use the product key it will affect my files?, or i loose everything i have in the pc? its all . my pc was serviced two weeks ago in where they changed the motherboard so i dont know what they really do.
     
  9. mila863

    mila863 Thread Starter

    Joined:
    Mar 27, 2010
    Messages:
    11
    this is the last malwarebytes log that i have. I scan my pc every two weeks.


    Malwarebytes' Anti-Malware 1.44
    Database version: 3921
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    27/03/2010 07:35:36 p.m.
    mbam-log-2010-03-27 (19-35-31).txt

    Scan type: Quick Scan
    Objects scanned: 162856
    Time elapsed: 7 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.
     
  10. mila863

    mila863 Thread Starter

    Joined:
    Mar 27, 2010
    Messages:
    11
    Diagnostic Report (1.9.0019.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0

    Cached Validation Code: N/A
    Windows Product Key: *****-*****-9TCCK-JPCBM-B2FQ8
    Windows Product Key Hash: B/IohRcCzV6LJrex8WpCdnxgTvg=
    Windows Product ID: 76487-OEM-2211906-00803
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.3.0.med
    ID: {C4877AB0-AF02-4F66-B005-325286BCE016}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.8.31.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 101 Not Activated
    Microsoft Office Professional 2007 - 101 Not Activated
    Microsoft Office Home and Student 2007 - 101 Not Activated
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1_672A8F41-307-80004005_672A8F41-349-80004005_672A8F41-244-80004005_672A8F41-307-80004005_672A8F41-349-80004005_672A8F41-244-80004005_672A8F41-307-80004005_672A8F41-349-80004005_672A8F41-244-80004005_672A8F41-307-80004005_672A8F41-349-80004005_672A8F41-244-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{C4877AB0-AF02-4F66-B005-325286BCE016}</UGUID><Version>1.9.0019.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B2FQ8</PKey><PID>76487-OEM-2211906-00803</PID><PIDType>2</PIDType><SID>S-1-5-21-1568377950-1089523247-3862793897</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.10</Version><SMBIOSVersion major="2" minor="5"/><Date>20091019000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>6B96357F0184E06A</HWID><UserLCID>500A</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard Company</name><model>Compaq Presario</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.8.31.0"/><File Name="WgaLogon.dll" Version="1.8.31.0"/></GANotification></MachineData><Software><Office><Result>101</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>101</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>4AECA2B9A4926BA</Val><Hash>5ZHbHR1B0IcOe2uyW+API2wUeE0=</Hash><Pid>81605-861-1041285-65434</Pid><PidType>8</PidType></Product><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>101</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>60EEBE628444712</Val><Hash>38UZ7rXhlGqzlse5tnM17nYq4hc=</Hash><Pid>81602-905-3918275-68878</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="101"/><App Id="16" Version="12" Result="101"/><App Id="18" Version="12" Result="101"/><App Id="19" Version="12" Result="101"/><App Id="1A" Version="12" Result="101"/><App Id="1B" Version="12" Result="101"/><App Id="A1" Version="12" Result="101"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1362B:GENUINE C&C INC
    Marker string from OEMBIOS.DAT: HP PAVILION

    OEM Activation 2.0 Data-->
    N/A
     
  11. mila863

    mila863 Thread Starter

    Joined:
    Mar 27, 2010
    Messages:
    11
    Please help me to know what to do. thanks a lot.
     
  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,507
    First Name:
    Frank
    I'll leave it with Triple6 for now.

    I don't know if a HijackThis log is going to do any good if it's a non-English version of Windows and can't be deciphered.

    -----------------------------------------------------------------
     
  13. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Actually, we are getting quite a few spanish OS HijackThis logs and they work normally.

    C:\WINDOWS\system32\antiwpa.dll will usually show up in the HijackThis O20 entry.
     
  14. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,507
    First Name:
    Frank
    That's good to know. (y)

    Yep.

    ----------------------------------------------------------------
     
  15. mila863

    mila863 Thread Starter

    Joined:
    Mar 27, 2010
    Messages:
    11
    what hijack this do?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/912987

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice