WGA Error? 0x80070426

[Yurikano]

Hi,

I swapped from Vista to Windows 7 Professional x64 (bought years ago) for just over half of a year with little issue until yesterday, i have been hit with what appears to be a WGA issue with the related error code 0x80070426.

So far, audio is disabled and antivirus (Avast) can't be accessed. I have checked services and found that Software Protection service on started & automatic(delayed start). I also tried system restore from the OS but have been getting a 0x80070005 error upon restarting (I was able to complete a successful system restore from the installation CD, but the WGA issue was not resolved).

Below is the MGADiag Log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-KHMBJ-22VV8-HCTDB
Windows Product Key Hash: 5Z2Eiw5r4ORe4b0ARKaLXGosE6U=
Windows Product ID: 00371-177-5852125-85367
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {7E7E05EF-2696-4198-B3E9-5DE73752445D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.170209-0600
TTS Error: T:20170331225903358-
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7E7E05EF-2696-4198-B3E9-5DE73752445D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HCTDB</PKey><PID>00371-177-5852125-85367</PID><PIDType>5</PIDType><SID>S-1-5-21-2327459826-4146730084-1065609460</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>P5Q3 DELUXE</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1901   </Version><SMBIOSVersion major="2" minor="5"/><Date>20090212000000.000000+000</Date></BIOS><HWID>D1570200010000F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Tokyo Standard Time(GMT+09:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: U1BMRwEAAAAAAQAACAAAAEQnAAAAAAAAYWECAAAAAACp03H0JqrSAROJf9ybj7SsIEe8hMh9DOHTVRYFEZvcgD6hPTi9WnlqnOaWt7qsTElWJCqm3SL1PCs5tPW7DjeVJytY37WzvmMzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHtMVcRWjvyN7/62/+PwsOJgB6C4oGKHMOFPDCdbNLe/UzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
C:\Windows\system32\slmgr.vbs(1333, 5) (null): The service has not been started. 

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C4A8
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:31:2017 23:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
N/A, hr = 0x8007000d

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			A_M_I_		OEMAPIC 
  FACP			A_M_I_		OEMFACP 
  HPET			A_M_I_		OEMHPET 
  MCFG			A_M_I_		OEMMCFG 
  OEMB			A_M_I_		AMI_OEM 
  OSFR			A_M_I_		OEMOSFR 
  SSDT			DpgPmm		CpuPm

Any help is appreciated

 

[torchwood]

Hi Yuri,

First glance its pointing towards Malware.

The Spsys.log should ONLY be showing 0x80070002, not that long string thats there.
Plus the fact you cant start Avast.

Can you boot into safe mode and try Avast, schedule a pre-boot scan.

Roy

 

[Yurikano]

Hi Roy,

Booted into safe mode and try to access Avast, but it is giving the same error as normal (UI failed load).

 

[torchwood]

Hi Yuri,
Thats unfortunate,
have you tried Malwarebytes if not give it a shot
and then try ESET on line.

I've also spotted another problem,
You have a blank HardwareID field somethings definately removed that, and its essential for activation..


Roy

 

[Yurikano]

Downloading Malwarebytes right now.

Also, now that you mentioned something being removed, a disk consistency check ran through (i was restarting the PC) right before the issue occurred. I didn't pay attention to the result.

 

[torchwood]

Thats interesting wonder if some of your hardwares on it way out.
(motherboard YIKES)
Roy

 

[Yurikano]

Well that took a while.

Here is the Malwarebyte result (completely forgot to save the ESET result but there was 16 of something if i remembered correctly):

-Log Details-
Scan Date: 4/1/17
Scan Time: 1:46 AM
Logfile: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1638
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Howard-PC\Howard

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390795
Time Elapsed: 5 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.ChinAd, C:\ProgramData\Thunder Network\DownloadLib, No Action By User, [1418], [374745],1.0.1638
Adware.ChinAd, C:\PROGRAMDATA\THUNDER NETWORK, No Action By User, [1418], [374745],1.0.1638

File: 1
Adware.ChinAd, C:\PROGRAMDATA\THUNDER NETWORK\DOWNLOADLIB\PUB_STORE.DAT, No Action By User, [1418], [374745],1.0.1638

Physical Sector: 0
(No malicious items detected)


(end)

 

[torchwood]

Hi Howard,
Hopefully ESET left a log

C >> Program files >> Eset >> logs.

can you copy/paste it

Have you had any BSOD's

Roy