R
RobertBantele
Guest
Hello Everyone,
This is my System:
HP ProBook 470 G5
Intel Core i7-8550U CPU
16 GB RAM
Windows 10 Pro Version 1903 (OS Build 18362.836)
Windows Defender (Security intelligence version 1.317.1305.0)
Intel UHD Graphics 620 (Version 27.20.100.8280)
I have been experiencing Issues with my Windows 10 Laptop for the last week or two:
One observation was that video playback (e.g. from Amazon Prime) was pixelated sometimes, getting worse the longer I watched.
Another thing was that a newly installed Game (Command & Conquer Remastered Edition) kept crashing with an Error Message.
Also, Browser Tabs (Chrome & Firefox) started to crash. I noticed spiking in GPU usage from 5-20% to 100% and back down in the Task Manager Performance Tab.
I found an article from Intel Support saying that GPU Spikes could be fixed by installing the newest Driver Version (Intel® HD Graphics Poor Performance Causes Lags, Sloppy Video...), which I did (see Version above). That made it a little better, but did not fix it completely. I will follow up with a Request to Intel about this aswell, this is just for context.
Another Issue is that the Windows Defender Icon is shown with a red X in the Taskbar sometimes and when I click it, the Overview sais that the Threat Service has stopped. Restarting it did not work, as it produced an "Unexpected Error".
An Internet search revealed that this may be a bug in the Windows Defender. I have looked through the Windows Defender Logs in the EventViewer and found ERROR entries like:
Windows Defender Antivirus Engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception Code: 0xc0000005
Resource: file:E\Develop\VisualStudio\50_Done\EMS Wizard\Angular NgRx Material Starter\node_modules\marked\marked.min.js
OR
Resource: file:C\Users\Me\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
There are also a lot of INFO Entries like:
Windows Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old Value: Default\ServiceStartStates = 0x0
New Value: HKLM\SOFTWARE\Microsoft\Windows Defender\ServiceStartStates = 0x1
OR
Old Value: Default\IsServiceRunning = 0x0
New Value: HKLM\SOFTWARE\Microsoft\Windows Defender\IsServiceRunning= 0x1
I have run several Quick Scans and a Full Scan last week with no results. I updated the Security Intelligence version yesterday and ran a Quick Scan again with no results. I tried running a Windows Defender Offline Scan, but it got stuck at 2% and I had to reboot the Laptop manually. I also downloaded the Microsoft Support Emergency Response Tool MSERT.exe to try and remove Malware, but the Tool sometimes didn't start at all and just produced an Error Message or the Tool crashed while scanning. I wanted to run a Full Scan again last night with the newest Update, but when I came to the Computer this morning, the Scan was stuck and the EventLog said at 1.30 in the night:
Windows Defender Antivirus Engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception Code: 0xc0000005
Resource: (empty)
So I got worried and started to search the other EventViewer Logs and found more troubling messages:
In Windows Logs\System:
ERROR:
Source: WindowsUpdateClient
Event ID: 20
Task Category: Windows Update Agent
Installation Failure: Windows failed to install the following update with error 0xC80003FA: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.317.1232.0)
ERROR:
Source: Service Control Manager
Event ID: 7023
Task Category: None
The Windows Defender Antivirus Service service terminated with the following error: General access denied error.
ERROR:
Source: Service Control Manager
Event ID: 7031
Task Category: None
The Windows Search service terminated unexcpectedly. It has done this 4 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
OR
The Windows Search service terminated unexcpectedly. It has done this 30 time(s).
ERROR:
Source: DistributedCOM
Event ID: 10010
Task Category: None
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. (These Messages appear a LOT!)
In Windows Logs\Application:
ERROR:
Source: ESENT
Event ID: 474
Task Category: Database Page Cache
svchost (5960,D,22) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 32100352 (0x0000000001e9d000)(database page 7836 (0x 1E9C)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [41fe3dfe2596392f] and the computed checksum was [75fe75fe2596392f]. The read operation will failed with error -1019 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
WARNING:
Source: ESENT
Event ID: 399
Task Category: Database Page Cache
SearchIndexer (5628,D,0) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.ebd" at offset 8421376 (0x0000000000808000) (database page 256 (0x100)) for 32768 (0x00008000) bytes failed verification. Bit 187113 was corrupted and has been corrected. This problem is likely due to faulty hardware and may continue. Transient failures such as these can be a precursor to a catastrophic failure in the storage subsystem containing this file. Please contact your hardware vendor for further assistance diagnosing the problem.
Is this a result of a Malware Infection? Or is the RAM and/or HDD failing? Or both? Many of these Messages indicate that my System is infected with some sort of Malware! I disconnected the Laptop from the Internet for now. I ran the default scan with the Windows Memory Diagnostic App and I will start a more thorough Scan now and contact HP support about this aswell, but I would really like to have a Solution for those Windows Defender Problems!
More...
This is my System:
HP ProBook 470 G5
Intel Core i7-8550U CPU
16 GB RAM
Windows 10 Pro Version 1903 (OS Build 18362.836)
Windows Defender (Security intelligence version 1.317.1305.0)
Intel UHD Graphics 620 (Version 27.20.100.8280)
I have been experiencing Issues with my Windows 10 Laptop for the last week or two:
One observation was that video playback (e.g. from Amazon Prime) was pixelated sometimes, getting worse the longer I watched.
Another thing was that a newly installed Game (Command & Conquer Remastered Edition) kept crashing with an Error Message.
Also, Browser Tabs (Chrome & Firefox) started to crash. I noticed spiking in GPU usage from 5-20% to 100% and back down in the Task Manager Performance Tab.
I found an article from Intel Support saying that GPU Spikes could be fixed by installing the newest Driver Version (Intel® HD Graphics Poor Performance Causes Lags, Sloppy Video...), which I did (see Version above). That made it a little better, but did not fix it completely. I will follow up with a Request to Intel about this aswell, this is just for context.
Another Issue is that the Windows Defender Icon is shown with a red X in the Taskbar sometimes and when I click it, the Overview sais that the Threat Service has stopped. Restarting it did not work, as it produced an "Unexpected Error".
An Internet search revealed that this may be a bug in the Windows Defender. I have looked through the Windows Defender Logs in the EventViewer and found ERROR entries like:
Windows Defender Antivirus Engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception Code: 0xc0000005
Resource: file:E\Develop\VisualStudio\50_Done\EMS Wizard\Angular NgRx Material Starter\node_modules\marked\marked.min.js
OR
Resource: file:C\Users\Me\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
There are also a lot of INFO Entries like:
Windows Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old Value: Default\ServiceStartStates = 0x0
New Value: HKLM\SOFTWARE\Microsoft\Windows Defender\ServiceStartStates = 0x1
OR
Old Value: Default\IsServiceRunning = 0x0
New Value: HKLM\SOFTWARE\Microsoft\Windows Defender\IsServiceRunning= 0x1
I have run several Quick Scans and a Full Scan last week with no results. I updated the Security Intelligence version yesterday and ran a Quick Scan again with no results. I tried running a Windows Defender Offline Scan, but it got stuck at 2% and I had to reboot the Laptop manually. I also downloaded the Microsoft Support Emergency Response Tool MSERT.exe to try and remove Malware, but the Tool sometimes didn't start at all and just produced an Error Message or the Tool crashed while scanning. I wanted to run a Full Scan again last night with the newest Update, but when I came to the Computer this morning, the Scan was stuck and the EventLog said at 1.30 in the night:
Windows Defender Antivirus Engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception Code: 0xc0000005
Resource: (empty)
So I got worried and started to search the other EventViewer Logs and found more troubling messages:
In Windows Logs\System:
ERROR:
Source: WindowsUpdateClient
Event ID: 20
Task Category: Windows Update Agent
Installation Failure: Windows failed to install the following update with error 0xC80003FA: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.317.1232.0)
ERROR:
Source: Service Control Manager
Event ID: 7023
Task Category: None
The Windows Defender Antivirus Service service terminated with the following error: General access denied error.
ERROR:
Source: Service Control Manager
Event ID: 7031
Task Category: None
The Windows Search service terminated unexcpectedly. It has done this 4 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
OR
The Windows Search service terminated unexcpectedly. It has done this 30 time(s).
ERROR:
Source: DistributedCOM
Event ID: 10010
Task Category: None
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. (These Messages appear a LOT!)
In Windows Logs\Application:
ERROR:
Source: ESENT
Event ID: 474
Task Category: Database Page Cache
svchost (5960,D,22) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 32100352 (0x0000000001e9d000)(database page 7836 (0x 1E9C)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [41fe3dfe2596392f] and the computed checksum was [75fe75fe2596392f]. The read operation will failed with error -1019 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
WARNING:
Source: ESENT
Event ID: 399
Task Category: Database Page Cache
SearchIndexer (5628,D,0) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.ebd" at offset 8421376 (0x0000000000808000) (database page 256 (0x100)) for 32768 (0x00008000) bytes failed verification. Bit 187113 was corrupted and has been corrected. This problem is likely due to faulty hardware and may continue. Transient failures such as these can be a precursor to a catastrophic failure in the storage subsystem containing this file. Please contact your hardware vendor for further assistance diagnosing the problem.
Is this a result of a Malware Infection? Or is the RAM and/or HDD failing? Or both? Many of these Messages indicate that my System is infected with some sort of Malware! I disconnected the Laptop from the Internet for now. I ran the default scan with the Windows Memory Diagnostic App and I will start a more thorough Scan now and contact HP support about this aswell, but I would really like to have a Solution for those Windows Defender Problems!
More...