locked
Another "You may be a victim of Software Counterfeiting" issue RRS feed

  • Question

  • My father-in-law's computer is reporting that his copy of Windows 7 is invalid and will expire in 26 days. The copy he's using is an upgrade disk provided by his computer manufacturer (HP). He believes he may be suffering from a virus, but nothing shows up on virus scan. Unfortunately, he only has a Systems Restore point from 1 day ago (after the problems began).

    Here are the results of the MGADiag tool:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-6RX9B-6M238-CK6VT
    Windows Product Key Hash: iG8rOjWGRZJwi2bxQHNqihrzfJ4=
    Windows Product ID: 00359-029-0138896-85705
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {828399A9-37FD-4559-81CE-1D6160DC0E50}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[Hr = 0x800b0003]
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{828399A9-37FD-4559-81CE-1D6160DC0E50}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-CK6VT</PKey><PID>00359-029-0138896-85705</PID><PIDType>5</PIDType><SID>S-1-5-21-2776131347-1151690524-2309727604</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>RJ181AA-ABA a1600n</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.07</Version><SMBIOSVersion major="2" minor="4"/><Date>20060802000000.000000+000</Date></BIOS><HWID>1CE03807018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
    Spsys.log Content: 0x80070002
    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012 
    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000010
    Event Time Stamp: 6:25:2012 06:37
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    HWID Data-->
    HWID Hash Current: MAAAAAEAAgABAAEAAgABAAAAAQABAAEAJJQ6bMJe4jtIJN7IODS0EIC6Nhe4Bo62
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HP-CPC AWRDACPI
      FACP HP-CPC AWRDACPI
      SSDT HP-CPC POWERNOW
      MCFG HP-CPC AWRDACPI

    Sunday, August 26, 2012 4:35 PM

Answers

  • It worked fine :)

    The problem looks fairly simple - something has corrupted both the working copy and the backup copy of the sppobjs.dll file. Luckily that appears to be the only problem that SFC found, so it's relatively simple to fix.

    They must be replaced.

    Do you have another Win7 machine from which you can copy them?

    I've put a file sppobjs.zip up on my SkyDrive at https://skydrive.live.com/#cid=936736BB8FCEB92F&id=936736BB8FCEB92F%21485 - please download it, and extract the contents to C:\sprepair

    Then use the following method to put the files where they need to be

    1) reboot, and use F8 to access the advanced boot menu - pick Repair your Computer.

    Once you've logged in open the option for a Command Prompt.

    at the prompt type DIR C:\sprepair - if it finds the files, then great, if, not then try DIR D:\sprepair (and so on until you find it).

    Now use the following command

    COPY <drive>:\sprepair\sppobjs.dll <drive>:\Windows\winsxs\x86_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_c5183d28e49f7955

    Change the <drive> to the proper drive letter you found above. - there is only command - it will wrap so be careful!

    note that you MUST get those commands exactly right, or they simply will not work.

    You will be asked to confirm the replacement of any existing files - answer 'Y'

    Once you have both files in place, reboot to Windows normally

    Now run the following commands

    SFC /SCANFILE=C:\Windows\System32\sppobjs.dll

    Hopefully, you'll get a 'fixed' message

    now reboot again, and run another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Wednesday, August 29, 2012 9:05 AM
    Moderator

All replies

  • You have a Tampered system file  - which is probably the root of the other errors in the report.

     

    Please run a full CHKDSK and SFC scan....

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     

     At the Command prompt, type

     CHKDSK C: /R

     and hit the Enter key.

     

     You will be told that the drive is locked,

     and the CHKDSK will run at he next boot - hit the Y key, and then reboot.

     The chkdsk will take a few hours depending on the size  of the drive, so be patient!

     After the CHKDSK has run, Windows should boot normally  (possibly after a second auto-reboot) - then run the SFC.

     

     SFC -System File Checker - Instructions

    Click on Start > All Programs > Accessories

    Right-click on the Command Prompt entry

    Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.

     At the Command prompt, type

     SFC /SCANNOW

     and hit the Enter key

     

     Wait for the scan to finish - make a note of any error messages - and then reboot.

     Post an MGADiag report with details of any error messages encountered.     


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, August 26, 2012 4:50 PM
    Moderator
  • Ran CHKDSK and SFC. SFC Reported the following error: "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.LogWindows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log"

    I have the CBS.log file, but it's quite large. I can post all or part of it if necessary.

    Here is the new MGADiag report:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-6RX9B-6M238-CK6VT
    Windows Product Key Hash: iG8rOjWGRZJwi2bxQHNqihrzfJ4=
    Windows Product ID: 00359-029-0138896-85705
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {828399A9-37FD-4559-81CE-1D6160DC0E50}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\sppobjs.dll[Hr = 0x80004005]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{828399A9-37FD-4559-81CE-1D6160DC0E50}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-CK6VT</PKey><PID>00359-029-0138896-85705</PID><PIDType>5</PIDType><SID>S-1-5-21-2776131347-1151690524-2309727604</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>RJ181AA-ABA a1600n</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.07</Version><SMBIOSVersion major="2" minor="4"/><Date>20060802000000.000000+000</Date></BIOS><HWID>1CE03807018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F012' to display the error text.
    Error: 0xC004F012 

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x0000000000000010
    Event Time Stamp: 6:25:2012 06:37
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll


    HWID Data-->
    HWID Hash Current: MAAAAAEAAgABAAEAAgABAAAAAQABAAEAJJQ6bMJe4jtIJN7IODS0EIC6Nhe4Bo62

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HP-CPC AWRDACPI
      FACP HP-CPC AWRDACPI
      SSDT HP-CPC POWERNOW
      MCFG HP-CPC AWRDACPI

    Tuesday, August 28, 2012 9:18 PM
  • The report hasn't changed

    Please zip teh CBS.log file, and upload the zip to your SkyDrive - post a link in your reply.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Tuesday, August 28, 2012 9:57 PM
    Moderator
  • https://skydrive.live.com/redir?resid=9B30E9C07ED37F98!171&authkey=!AOeIbwc6N-qMcZ0

    Let me know if it does/doesn't work.

    Wednesday, August 29, 2012 12:31 AM
  • It worked fine :)

    The problem looks fairly simple - something has corrupted both the working copy and the backup copy of the sppobjs.dll file. Luckily that appears to be the only problem that SFC found, so it's relatively simple to fix.

    They must be replaced.

    Do you have another Win7 machine from which you can copy them?

    I've put a file sppobjs.zip up on my SkyDrive at https://skydrive.live.com/#cid=936736BB8FCEB92F&id=936736BB8FCEB92F%21485 - please download it, and extract the contents to C:\sprepair

    Then use the following method to put the files where they need to be

    1) reboot, and use F8 to access the advanced boot menu - pick Repair your Computer.

    Once you've logged in open the option for a Command Prompt.

    at the prompt type DIR C:\sprepair - if it finds the files, then great, if, not then try DIR D:\sprepair (and so on until you find it).

    Now use the following command

    COPY <drive>:\sprepair\sppobjs.dll <drive>:\Windows\winsxs\x86_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_c5183d28e49f7955

    Change the <drive> to the proper drive letter you found above. - there is only command - it will wrap so be careful!

    note that you MUST get those commands exactly right, or they simply will not work.

    You will be asked to confirm the replacement of any existing files - answer 'Y'

    Once you have both files in place, reboot to Windows normally

    Now run the following commands

    SFC /SCANFILE=C:\Windows\System32\sppobjs.dll

    Hopefully, you'll get a 'fixed' message

    now reboot again, and run another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth


    Wednesday, August 29, 2012 9:05 AM
    Moderator
  • That worked! Problem resolved. Thanks so much, Noel!
    Wednesday, August 29, 2012 11:27 PM
  • Glad to hear it - please post a new MGADiag report so we can confirm that it's properly fixed.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Wednesday, August 29, 2012 11:44 PM
    Moderator
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-6RX9B-6M238-CK6VT
    Windows Product Key Hash: iG8rOjWGRZJwi2bxQHNqihrzfJ4=
    Windows Product ID: 00359-029-0138896-85705
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {828399A9-37FD-4559-81CE-1D6160DC0E50}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120330-1504
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{828399A9-37FD-4559-81CE-1D6160DC0E50}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-CK6VT</PKey><PID>00359-029-0138896-85705</PID><PIDType>5</PIDType><SID>S-1-5-21-2776131347-1151690524-2309727604</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>RJ181AA-ABA a1600n</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.07</Version><SMBIOSVersion major="2" minor="4"/><Date>20060802000000.000000+000</Date></BIOS><HWID>1CE03807018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00170-029-013889-01-1033-7600.0000-3602011
    Installation ID: 012646059005638353198006097271079094702575006433111416
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: CK6VT
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 8/30/2012 10:13:37 AM
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 8:30:2012 03:04
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    HWID Data-->
    HWID Hash Current: MAAAAAEAAgABAAEAAgABAAAAAQABAAEAJJQ6bMJe4jtIJN7IODS0EIC6Nhe4Bo62
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HP-CPC AWRDACPI
      FACP HP-CPC AWRDACPI
      SSDT HP-CPC POWERNOW
      MCFG HP-CPC AWRDACPI
    Thursday, August 30, 2012 3:15 PM
  • That looks fine.

    Well done - and good luck!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Thursday, August 30, 2012 3:28 PM
    Moderator
  • Thank you. Troubleshooting this issue remotely (my father-in-law lives 1000+ miles away) was a bit challenging, but with your help and some remote desktop access, getting things fixed went quite smoothly. I appreciate all the help.
    Sunday, September 2, 2012 12:16 PM
  • You're lucky you have a stable connection - my 3G one drops out too often, most days,  to allow me to offer anything but forum or email assistance.

    Glad it's all sorted - and good luck to you and your father-in-law!


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, September 2, 2012 12:34 PM
    Moderator