C Windows Prefetch Readyboot Readyboot Etl

4/22/2019
  1. Disable Readyboot

Occaisonaly windows freezes and then the machine won't boot. Be lost (not logged) to file 'C: Windows Prefetch ReadyBoot ReadyBoot.etl'. ReadyBoot C: WINDOWS Prefetch ReadyBoot ReadyBoot.etl. I've disabled both Readyboost and Superfetch, but I'm still seeing the Windows Prefetch files being accessed, specifically readyboot.etl.

Hi,
PrefetchOn March 28 I was infected by the System Check virus. With the help of Gringo in the malware removal forum my computer is now clean.
Prior to the System Check infection, all the computers on my network used to be able to access the shared files/printers on the infected computer. After the infection, the other computers could no longer access the files/printers on the infected computer. Right now, the other computers cannot even 'see' the infected computer and cannot print to the shared printer. Gringo suggested that someone in the Networking forum might be able to help me restore access.
When I look at the event log of one of these 'other' computers I see some potentially relevant entries:
Error 4/14/2012 10:05:38 AM Server 2505 None The server could not bind to the transport DeviceNetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA} because another computer on the network has the same name. The server could not start.
Error 4/14/2012 7:34:36 PM bowser 8003 None The master browser has received a server announcement from the computer CNA0187798A that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA}. The master browser is stopping or an election is being forced.
I includes the event logs for both this 'other' computer and the infected (CNA0187798A) computer below in case they are relevant.
Any help would be much appreciated.
Regards,
Paul
----------------------------------------------------------------------------------------------------------------------------------
Here's the Administrative event log on the 'other' computer that cannot access the files/printers of the infected (CNA0187798A) computer:
Level Date and Time Source Event ID Task Category
Error 4/14/2012 7:34:36 PM bowser 8003 None The master browser has received a server announcement from the computer CNA0187798A that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA}. The master browser is stopping or an election is being forced.
Error 4/14/2012 3:29:56 PM Microsoft-Windows-PrintService 372 Printing a document 'The document Flash, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.Prefetch
Data type: NT EMF 1.008. Size of the spool file in bytes: 81180. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
'
Error 4/14/2012 3:29:46 PM Microsoft-Windows-PrintService 372 Printing a document 'The document https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 720896. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
'
Error 4/14/2012 1:40:02 PM Microsoft-Windows-PrintService 372 Printing a document 'The document https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 720896. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
'
Error 4/14/2012 1:15:27 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:Windowssystem32spoolDRIVERSx643UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:15:27 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:Windowssystem32spoolDRIVERSx643UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:15:07 PM Microsoft-Windows-PrintService 372 Printing a document 'The document Microsoft Word - Confirmation&Payment2012, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
'
Error 4/14/2012 1:14:23 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:Windowssystem32spoolDRIVERSx643UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:23 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:Windowssystem32spoolDRIVERSx643UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:16 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:Windowssystem32spoolDRIVERSx643UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:16 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:Windowssystem32spoolDRIVERSx643UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 10:05:38 AM Server 2505 None The server could not bind to the transport DeviceNetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA} because another computer on the network has the same name. The server could not start.
PrefetchError 4/14/2012 1:25:21 AM SideBySide 80 None 'Activation context generation failed for 'C:Program Files (x86)Cozi ExpressCoziExpress.exe'.Error in manifest or policy file '' on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.'
----------------------------------------------------------------------------------------------------------------------------------
Here's the Administrative event log on the infected (CNA0187798A) computer:
Level Date and Time Source Event ID Task Category
Error 4/14/2012 8:58:37 PM Service Control Manager 7011 None A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error 4/14/2012 8:58:15 PM Microsoft-Windows-Kernel-EventTracing 2 Session 'Session 'Homegroup Log' failed to start with the following error: 0xC0000035'
Warning 4/14/2012 7:44:43 PM .NET Runtime Optimization Service 1130 None .NET Runtime Optimization Service (4.0.30319.261) - Version or flavor did not match with repository: Microsoft.VisualBasic.Compatibility.Data
Error 4/14/2012 7:37:38 PM Microsoft-Windows-Dhcp-Client 1001 Address Configuration State Event Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x9439E5589FE9. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 7:37:13 PM Microsoft-Windows-WMI 10 None 'Event filter with query 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_Processor' AND TargetInstance.LoadPercentage > 99' could not be reactivated in namespace '//./root/CIMV2' because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.'
Error 4/14/2012 7:35:36 PM NetBT 4311 None 'Initialization failed because the driver device could not be created. Use the string '9439E5589FE9' to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. '
Error 4/14/2012 7:35:36 PM NetBT 4311 None 'Initialization failed because the driver device could not be created. Use the string '9439E5589FE9' to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. '
Warning 4/14/2012 7:34:51 PM Microsoft-Windows-WLAN-AutoConfig 4001 None 'WLAN AutoConfig service has successfully stopped.
'
Warning 4/14/2012 7:34:51 PM Microsoft-Windows-WLAN-AutoConfig 10002 None 'WLAN Extensibility Module has stopped.
Module Path: C:WindowsSystem32bcmihvsrv64.dll
'
Error 4/14/2012 7:34:37 PM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 4/14/2012 11:39:48 AM Microsoft-Windows-PrintService 372 Printing a document 'The document Study Plan.xls, owned by a0187798, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 49008. Total number of pages in the document: 6. Number of pages printed: 2. Client computer: CNA0187798A. Win32 error code returned by the print processor: 2147500037. Unspecified error
'
Error 4/14/2012 1:31:46 AM SideBySide 80 None 'Activation context generation failed for 'c:Program Files (x86)Cozi ExpressCoziExpress.exe'.Error in manifest or policy file '' on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.'
Warning 4/14/2012 12:36:01 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Warning 4/14/2012 12:35:19 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Error 4/14/2012 12:21:05 AM Microsoft-Windows-Dhcp-Client 1001 Address Configuration State Event Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x9439E5589FE9. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Disable Readyboot

Error 4/14/2012 12:20:43 AM Microsoft-Windows-WMI 10 None 'Event filter with query 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_Processor' AND TargetInstance.LoadPercentage > 99' could not be reactivated in namespace '//./root/CIMV2' because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.'
Warning 4/14/2012 12:20:25 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Error 4/14/2012 12:20:14 AM Microsoft-Windows-Kernel-EventTracing 2 Session 'Session 'Homegroup Log' failed to start with the following error: 0xC0000035'
Warning 4/14/2012 12:20:04 AM Microsoft-Windows-Kernel-EventTracing 4 Logging 'The maximum file size for session 'ReadyBoot' has been reached. As a result, events might be lost (not logged) to file 'C:WindowsPrefetchReadyBootReadyBoot.etl'. The maximum files size is currently set to 20971520 bytes.'
Error 4/14/2012 12:19:50 AM Service Control Manager 7011 None A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Warning 4/14/2012 12:19:05 AM Microsoft-Windows-Dhcp-Client 1003 Address Configuration State Event Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0x180373D21DAC. The following error occurred: 0x490. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 12:19:05 AM Microsoft-Windows-Dhcp-Client 50034 Address Configuration State Event An error has occurred in initializing the adapter 11. Error Code is 0x490
Error 4/14/2012 12:19:03 AM Service Control Manager 7023 None 'The Windows Defender service terminated with the following error:
The specified module could not be found.'
Error 4/14/2012 12:19:01 AM NetBT 4311 None 'Initialization failed because the driver device could not be created. Use the string '9439E5589FE9' to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. '
Error 4/14/2012 12:19:01 AM NetBT 4311 None 'Initialization failed because the driver device could not be created. Use the string '9439E5589FE9' to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. '
Warning 4/14/2012 12:18:21 AM Microsoft-Windows-WLAN-AutoConfig 4001 None 'WLAN AutoConfig service has successfully stopped.
'
Warning 4/14/2012 12:18:21 AM Microsoft-Windows-WLAN-AutoConfig 10002 None 'WLAN Extensibility Module has stopped.
Module Path: C:WindowsSystem32bcmihvsrv64.dll
'
Error 4/14/2012 12:18:17 AM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 4/14/2012 12:18:16 AM Service Control Manager 7030 None The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error 4/14/2012 12:16:40 AM Service Control Manager 7030 None The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error 4/14/2012 12:13:06 AM Windows Backup 4104 None The backup was not successful. The error is: Windows Backup encountered an error when accessing the remote shared folder. (0x81000039).
Comments are closed.