Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop Sluggish and Mouse is Erratic


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,963 posts
  • MVP

Apparently Windows Search is tricky.  Go back into services.msc and right click on Windows Search and select Properties then change the Startup Type: to Disabled.  Then stop the service.

 

Then we will try the fixlist one more time.  This one won't reboot.

 

Attached File  fixlist.txt   476bytes   3 downloads


  • 0

Advertisements


#32
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 440 posts

fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by Robert (26-10-2021 19:09:07) Run:6
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert
Boot Mode: Normal
==============================================

fixlist content:
*****************
Unlock: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
CMD: esentutl /p C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
CMD: SC start WSearch
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

*****************

"C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log" => was unlocked

========================= File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log ========================

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
File not signed
MD5: CE5417D1E0D5BB4DC1254147AF1E022B
Creation and modification date: 2021-10-15 15:32 - 2021-10-26 19:07
Size: 001048576
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========= esentutl /p C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log =========


Extensible Storage Engine Utilities for Microsoft® Windows®
Version 6.3
Copyright © Microsoft Corporation. All Rights Reserved.

Initiating REPAIR mode...
        Database: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
  Temp. Database: TEMPREPAIR23884.EDB


Checking database integrity.





Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non database file or corrupted db) after 0.109 seconds.




========= End of CMD: =========


========================= File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log ========================

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
File not signed
MD5: E8F1D3850D16499E705DDD78AC2CF44B
Creation and modification date: 2021-10-15 15:32 - 2021-10-26 19:09
Size: 001048576
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========= SC start WSearch =========

[SC] StartService FAILED 1058:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


========= End of CMD: =========


========================= File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log ========================

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log
File not signed
MD5: E8F1D3850D16499E705DDD78AC2CF44B
Creation and modification date: 2021-10-15 15:32 - 2021-10-26 19:09
Size: 001048576
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


==== End of Fixlog 19:10:14 ====


  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,963 posts
  • MVP

Go back into Services.msc and change Windows Search startup type: back to Automatic (Delayed Start)

then START the service.

 

Copy the next line:

msdt.exe -ep SystemSettings_Troubleshoot_L2 -id SearchDiagnostic

(Highlight the line then Ctrl + c)

 

 

 

Search for

cmd

It should find Command Prompt

Right click on Command Prompt and Run As Admin.

Right click inside the Command Prompt widow and select Paste (or Edit then Paste).  The copied line should appear.


Hit Enter

 

A new Search & Indexing window should appear.  Hit Next

 

Check all but the last box (My problem isn't listed.) Hit Next

If you get a screen that asks you to describe your problem just hit Next.

 

Does it claim it fixed anything?

 

If it says it can't fix it then see:

 

https://www.winhelpo...x-fix-problems/

 

Scroll down to where it says:

 

Manually Reset Windows Search and Rebuild the Index

and follow the instructions.


  • 0

#34
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 440 posts

I did the first part, and it said that nothing was fixed.

 

I haven't done the second part yet.  Where is the Registry Editor?  Also the steps for Manually Reset Windows Search and Rebuild say at the end to restart the Windows Search Service.  However, I restarted it at the end of the first part.  When do I stop the service?


  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,963 posts
  • MVP

Search for

 

regedit

 

That should find the Registry Editor

 

If not the file is at: C:\Windows\regedit.exe so you can just type that into a Command Prompt - Run As Admin.

 

Note the instructions say to RESTART the service.  Restart actually stops the service then starts it up again so there is no need to Stop the service.


  • 0

#36
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 440 posts

OK, I completed the step in post 35.


  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,963 posts
  • MVP

OK.  If you haven't rebooted since the registry change, reboot then run VEW again as before and let's see if we see the same error.

 

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System

* Application
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button and wait.
Notepad will open with the output log.


Please copy and paste the Output log into your next reply

 


  • 0

#38
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 440 posts

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 26/10/2021 11:23:39 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)


Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.

Context: Windows Application

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)


Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)


Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)


Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 3057 Source: Microsoft-Windows-Search
The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application

Details:
    (HRESULT : 0x8e5e01f5) (0x8e5e01f5)


Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 1
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)


Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 1
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
     0x8e5e01f5 (0x8e5e01f5)


Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 454 Source: ESENT
SearchIndexer (14872) Windows: Database recovery/restore failed with unexpected error -501.

Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 465 Source: ESENT
SearchIndexer (14872) Windows: Corruption was detected during soft recovery in logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 1 (0x00000001). This logfile has been damaged and is unusable.

Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 477 Source: ESENT
SearchIndexer (14872) Windows: The log range read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log" at offset 4096 (0x0000000000001000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch.  The expected checksum was 782629228953728487 (0xadc75231e9ff5e7) and the actual checksum was 782629228953728484 (0xadc75231e9ff5e4). The read operation will fail with error -501 (0xfffffe0b).  If this condition persists then please restore the logfile from a previous backup.

Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 465 Source: ESENT
SearchIndexer (14872) Windows: Corruption was detected during soft recovery in logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 1 (0x00000001). This logfile has been damaged and is unusable.

Log: 'Application' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 3
Event: 477 Source: ESENT
SearchIndexer (14872) Windows: The log range read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log" at offset 4096 (0x0000000000001000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch.  The expected checksum was 782629228953728487 (0xadc75231e9ff5e7) and the actual checksum was 782629228953728484 (0xadc75231e9ff5e4). The read operation will fail with error -501 (0xfffffe0b).  If this condition persists then please restore the logfile from a previous backup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/10/2021 2:26:05 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-3511957844-2261570385-1743981658-1005}/>.

Context: Windows Application, SystemIndex Catalog

Details:
    The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)


Log: 'Application' Date/Time: 27/10/2021 1:26:04 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-3511957844-2261570385-1743981658-1005}/>.

Context: Windows Application, SystemIndex Catalog

Details:
    The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)


Log: 'Application' Date/Time: 27/10/2021 1:25:59 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.


Log: 'Application' Date/Time: 27/10/2021 12:46:09 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-3511957844-2261570385-1743981658-1005}/>.

Context: Windows Application, SystemIndex Catalog

Details:
    The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)


Log: 'Application' Date/Time: 27/10/2021 12:46:03 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/10/2021 1:30:23 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Log: 'System' Date/Time: 27/10/2021 1:30:22 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Log: 'System' Date/Time: 27/10/2021 1:30:22 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Log: 'System' Date/Time: 27/10/2021 1:30:22 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Log: 'System' Date/Time: 27/10/2021 1:30:22 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Log: 'System' Date/Time: 27/10/2021 1:30:22 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Log: 'System' Date/Time: 27/10/2021 1:30:22 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Log: 'System' Date/Time: 27/10/2021 1:30:22 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Log: 'System' Date/Time: 27/10/2021 12:46:14 AM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.

Log: 'System' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 27/10/2021 12:45:44 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 26/10/2021 11:27:40 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 26/10/2021 11:16:17 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/10/2021 3:14:05 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 27/10/2021 3:14:00 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 54-35-30-60-21-E3 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 27/10/2021 3:14:00 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 54-35-30-60-21-E3 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 27/10/2021 3:13:52 AM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 26/10/2021 11:23:20 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 26/10/2021 11:23:16 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 54-35-30-60-21-E3 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/10/2021 11:23:16 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 54-35-30-60-21-E3 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/10/2021 11:23:06 PM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 26/10/2021 11:12:17 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 26/10/2021 11:12:14 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 54-35-30-60-21-E3 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 26/10/2021 11:12:14 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 54-35-30-60-21-E3 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 26/10/2021 11:12:03 PM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.


 


  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,963 posts
  • MVP

I think it worked.  There are some older edb errors but the newest error of any kind is 27/10/2021 3:14:05 AM so that's probably the last reboot.  Let it run overnight and then run VEW again.


  • 0






Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP