BSOD while in sleep mode

Uplands666 · Jul 14, 2014

My computer is 3 years old and I've never had a BSOD. But I've had 3 or 4 in the past week, always while the computer is in sleep mode or otherwise unattended at time of crash.

DM Log Collector files are attached.
Additional information from the event logger is:

two instances with identical text:
BCCode: d1
BCP1: 000000000011C60E
BCP2: 0000000000000002
BCP3: 0000000000000008
BCP4: 000000000011C60E

single instance:
BCCode: 1000007e
BCP1: FFFFFFFFC0000005
BCP2: FFFFF88001EF2EA3
BCP3: FFFFF8800DE3B668
BCP4: FFFFF8800DE3AEC0

koolkat77 · Jul 15, 2014

Welcome to the forum Uplands666,

It seems that the BSOD's were caused due to Kaspersky.

This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: 0000000000000000, address which referenced memory

Debugging Details:
------------------

Kaspersky Lab Intermediate Network Driver

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {0, 2, 8, 0}

*** WARNING: Unable to verify timestamp for klim6.sys
*** ERROR: Module load completed but symbols could not be loaded for klim6.sys
Probably caused by : vwififlt.sys ( vwififlt!FilterCancelSendNetBufferLists+53 )

Followup: MachineOwner
---------

As a test, please uninstall it. Use Microsoft Security Essentials instead.

Microsoft Security Essentials is recommended from a strict BSOD perspective, compatibility & stability
compared to other antivirus or internet security software. It is free and lightweight:-

Warning

Do not start the free trial of Malware Bytes; remember to deselect that option when prompted.

Check for updates on these drivers:

Sometimes drivers remain, not completely uninstalled. Follow this tutorial for complete removal of drivers of the particular program: How to Clean Left Over Driver Files with Driver Sweeper

http://www.sevenforums.com/tutorials/83814-drivers-clean-left-over-files-after-uninstalling.html

Use Revo Uninstaller to uninstall stubborn software. Opt for Advance Mode while uninstalling which allows you to remove leftover registry:-

Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

Run the System File Checker that scans the of all protected Windows 7 system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible:

Click on the rb:
Type CMD on Search
Left click and Run as Administrator
Type SFC /scannow

Full tutorial here:

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Run Disk Check on your Hard Drive for file system errors and bad sectors on it:

How to Run Disk Check in Windows 7

Upload a screenshot of your hard disk using Crystal Disk Info:

Make a hard drive test from the hard drive manufacturers website:

Hard Drive Diagnostic Procedure

Test your Hard Drive with SeaTools:

How to Use SeaTools for DOS and Windows Disk Check Utility

Keep us updated.

Uplands666 · Jul 15, 2014

Great stuff, koolkat77. Thanks for all that. Sounds reasonable that it's related to Kaspersky. The event viewer shows BSOD events starting on 5 July, which was the day I replaced McAfee with Kaspersky. (See attached "event viewer BSOD.jpg", which shows critical system errors.)

I uninstalled Kaspersky using Control Panel, and again had a BSOD - the first time this occurred while the system was active rather than asleep. I completed the removal using Revo Uninstaller and installed Microsoft Security Essentials in its place. Malwarebytes Premium has already been installed since 16 June.

I wish it were as simple as just discontinuing Kaspersky, but there seem to be problems with the system files too. I have run SFC /scannow several times. Each time it reaches 23% and reports that it "could not perform the requested operation". (See attached "SFC error.jpg") Note: your instructions say left click to run as administrator but they should read right click and make it clear that you click on the "cmd.exe" program line in the Start menu. That slowed me down for a while!

I have also run SFC /verifyonly and it confirms that there are integrity violations with the system files. Details from the CBS.log are shown in attached "sfcdetails.txt". At this point I need further help to confirm that I'm on the right track.

To simplify your review, I have pasted into "sfcdetails2.txt" the points at which the problem arises each time. Evidently the problem lies with the "t2embed.dll" file. Am I reading this correctly, and if so, do I now extract it from the Windows installation disk following the links included in your instructions under "Extract Files from Windows 7 Installation DVD"?

Thanks heaps for your help. I wouldn't have had a hope in hell without it. Even now, it seems it might just be easier to move to Windows 8.1, but after all you've done for me I wouldn't dare!

koolkat77 · Jul 15, 2014

I can't see the attachments.

Thanks for the post

Uplands666 · Jul 15, 2014

Sorry. Files attached here.
View attachment 325693

View attachment 325694

View attachment 325695

View attachment 325696

NoelDP · Jul 16, 2014

The SFCDetails file isn't much use here - this will give us a lot more to work with...

Please follow the Windows Update Posting Instructions and post the requested data
If the file is too large (8MB compressed), remove the older CBSPersist cab files until the final file is below the limit - you can always post them separately after zipping them. (the forum doesn't allow the upload of bare CAB files, for a number of reasons)

Uplands666 · Jul 16, 2014

OK, NoelDP, done that. And thanks for joining in.

The SURT tool was downloaded and, as anticipated, appeared to hang for a quite a while before completing the installation. I had expected from the instructions to have installed it first and then run the tool separately, but there appears to be no tool as such that is run other than the installation itself. For now I assume that's as it should be.

The CBS.log is attached, as well as the two most recent CBSPersist files (July 7 & 9) that were removed to bring this zip file under the size limit. Three other CBSPersist files remain from earlier in June and May that I will send if needed.

Incidentally, I've had no further BSODs since uninstalling Kaspersky. I hope to be able to reinstall it later, since everything I've read about Microsoft Security Essentials suggests that its value lies mainly in showing how much better the other tools are. But perhaps we can revisit that after fixing the apparent issues with the system files.

Windows Update tells me that everything is up to date. Windows Update History shows a number of updates that failed originally, but I gather they have been fixed on a cumulative basis since then or Windows Update would be warning of available updates.

Also, further to my earlier response to koolkat77, I run DiskChk regularly and it reports no bad file records and no bad sectors.

Thanks to both of you for your continued assistance.

NoelDP · Jul 17, 2014

The SFC scan crashed with th e following message...

Code:

2014-07-17 09:45:43, Info                  CSI    000000d4 [SR] Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2014-07-17 09:45:45, Error                 CSI    000000d5 (F) STATUS_ACCESS_DENIED #1870157# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = (AllowFileNotFound), handle = {provider=NULL, handle=0}, da = (FILE_GENERIC_READ), oa = @0xc2cae0->OBJECT_ATTRIBUTES {s:48; rd:NULL; on:[123]"\SystemRoot\WinSxS\amd64_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244\t2embed.dll"; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0xc2cb90, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT), eab = NULL, eal = 0, disp = Invalid)
[gle=0xd0000022]
2014-07-17 09:45:45, Error                 CSI    [EMAIL="000000d6@2014/7/16:23:45:45.821"]000000d6@2014/7/16:23:45:45.821[/EMAIL] (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2057): Error STATUS_ACCESS_DENIED originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)
[gle=0x80004005]
2014-07-17 09:45:47, Error                 CSI    000000d7 (F) STATUS_ACCESS_DENIED #1870156# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingFile(...)[gle=0xd0000022]
2014-07-17 09:45:47, Error                 CSI    000000d8 (F) STATUS_ACCESS_DENIED #1870155# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingFile(flags = (MissingFileIsOk), da = (FILE_GENERIC_READ), oa = @0xc2d110->SIL_OBJECT_ATTRIBUTES {s:40; on:"t2embed.dll"; a:(OBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE), file = NULL, disp = Invalid)
[gle=0xd0000022]

This could be either a permissions issue, or a hard drive problem.

Let's check the HD first...

Please run a full CHKDSK and SFC scan....
Click on Start > All Programs > Accessories
Right-click on the Command Prompt entry
Select Run as Administrator and accept the UAC prompt - the Elevated Command Prompt window should pop up.
At the Command prompt, type
CHKDSK C: /R
and hit the Enter key.
You will be told that the drive is locked, and the CHKDSK will run at the next boot - hit the Y key, and then reboot.
The CHKDSK will take a few hours depending on the size of the drive, so be patient!
After the CHKDSK has run, Windows should boot normally (possibly after a second auto-reboot) - then run the SFC again, and post the new CBS.log file (only)

Uplands666 · Jul 17, 2014

OK, did that. Results attached.

NoelDP · Jul 17, 2014

Crashed at the same point, with the same error

Please open an Elevated Command Prompt, and run the following commands.

DIR C:\Windows\t2embed.dll /S
ICACLS C:\Windows\System32\t2embed.dll
ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /T

post the results

Uplands666 · Jul 17, 2014

Judging from the two "failed" responses shown in the attached image, nothing has changed.
The sfc /scannow command stopped at the same point (23%).
Updated CBS log attached.

NoelDP · Jul 17, 2014

No that's exactly the response I expected - but hoped not to get.
Let's see if there's anything we can do about it

Open an elevated Command Prompt and run the following commands

TAKEOWN /F C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /A /R
ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /T
DIR C:\Windows /AL

post the results...
To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Uplands666 · Jul 17, 2014

OK, here 'tis:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>TAKEOWN /F C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Em
bedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /A /R

SUCCESS: The file (or folder): "C:\Windows\winsxs\amd64_Microsoft-Windows-Font-E
mbedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244" now owned by the
administrators group.

SUCCESS: The file (or folder): "C:\Windows\winsxs\amd64_Microsoft-Windows-Font-E
mbedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244\t2embed.dll" now
owned by the administrators group.

C:\Windows\system32>ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedd
ing_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /T
C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.76
01.17514_none_13e628b635935244 NT SERVICE\TrustedInstaller

I)(OI)(CI)(F)

BUILTIN\Administrators

I)(OI)(CI)(RX)

NT AUTHORITY\SYSTEM

I)(OI)(CI)(RX)

BUILTIN\Users

I)(OI)(CI)(RX)

C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.76
01.17514_none_13e628b635935244\t2embed.dll Everyone

N)

NT SERVICE\TrustedInstaller

F)

BUILTIN\Administrators

RX)

NT AUTHORITY\SYSTEM

RX)

BUILTIN\Users

RX)

Successfully processed 2 files; Failed processing 0 files

C:\Windows\system32>DIR C:\Windows /AL
Volume in drive C is OS
Volume Serial Number is B845-7168

Directory of C:\Windows

File Not Found

C:\Windows\system32>

NoelDP · Jul 17, 2014

GOTCHA!

Code:

C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.76
01.17514_none_13e628b635935244\t2embed.dll Everyone:(N)

All access to the file has been denied to all users!

Please open an Elevated Command Prompt, and run the following commands.

Code:

ICACLS C:\Windows\winsxs /remove:d Everyone /T
ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /T 
 
.

post the results, then reboot and run SFC /SCANNOW again and post the new CBS.log file

Uplands666 · Jul 17, 2014

Not quite there, yet, I think. First operation seems to have failed, and sfc /scannow still stops at 23% after reboot.

Here's the cmd.exe text:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ICACLS C:\Windows\winsxs /remove:d Everyone /T
C:\Windows\winsxs: Access is denied.
Successfully processed 0 files; Failed processing 1 files

C:\Windows\system32>ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedd
ing_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /T
C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.76
01.17514_none_13e628b635935244 NT SERVICE\TrustedInstaller

I)(OI)(CI)(F)

BUILTIN\Administrators

I)(OI)(CI)(RX)

NT AUTHORITY\SYSTEM

I)(OI)(CI)(RX)

BUILTIN\Users

I)(OI)(CI)(RX)

C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.76
01.17514_none_13e628b635935244\t2embed.dll Everyone

N)

NT SERVICE\TrustedInstaller

F)

BUILTIN\Administrators

RX)

NT AUTHORITY\SYSTEM

RX)

BUILTIN\Users

RX)

Successfully processed 2 files; Failed processing 0 files

C:\Windows\system32>

NoelDP · Jul 18, 2014

OK - we'll try it a slightly different way. ( I was hoping to catch any other files with the same problem - but it seems we'll have to do them one by one).

Open an Elevated Command Prompt, and run the following commands

Code:

 ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /remove:d Everyone /T
ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /T 

 
.

post the results - if they indicate success, reboot and run another SFC scan and post the log file.

Uplands666 · Jul 18, 2014

O sweetness and joy! Both operations succeeded and sfc got to 80% before stumbling. We're close.

Here are the results:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedd
ing_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /remove:d Everyone /T
processed file: C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf385
6ad364e35_6.1.7601.17514_none_13e628b635935244
processed file: C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf385
6ad364e35_6.1.7601.17514_none_13e628b635935244\t2embed.dll
Successfully processed 2 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedd
ing_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244 /T
C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.76
01.17514_none_13e628b635935244 NT SERVICE\TrustedInstaller

I)(OI)(CI)(F)

BUILTIN\Administrators

I)(OI)(CI)(RX)

NT AUTHORITY\SYSTEM

I)(OI)(CI)(RX)

BUILTIN\Users

I)(OI)(CI)(RX)

C:\Windows\winsxs\amd64_Microsoft-Windows-Font-Embedding_31bf3856ad364e35_6.1.76
01.17514_none_13e628b635935244\t2embed.dll NT SERVICE\TrustedInstaller

F)

BUILTIN\Administrators

RX)

NT AUTHORITY\SYSTEM

RX)

BUILTIN\Users

RX)

Successfully processed 2 files; Failed processing 0 files

C:\Windows\system32>

NoelDP · Jul 18, 2014

Interesting - the new error is on the 'other' version of the same file!

Code:

2014-07-18 16:46:36, Info                  CSI    00000284 [SR] Beginning Verify and Repair transaction
2014-07-18 16:46:37, Info                  CSI    00000285 [SR] Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2014-07-18 16:46:40, Error                 CSI    00000286 (F) STATUS_ACCESS_DENIED #5547437# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = (AllowFileNotFound), handle = {provider=NULL, handle=0}, da = (FILE_GENERIC_READ), oa = @0xebc930->OBJECT_ATTRIBUTES {s:48; rd:NULL; on:[121]"\SystemRoot\WinSxS\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e\t2embed.dll"; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0xebc9e0, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT), eab = NULL, eal = 0, disp = Invalid)
[gle=0xd0000022]
2014-07-18 16:46:40, Error                 CSI    00000287@2014/7/18:06:46:40.839 (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2057): Error STATUS_ACCESS_DENIED originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)
[gle=0x80004005]
2014-07-18 16:46:42, Error                 CSI    00000288 (F) STATUS_ACCESS_DENIED #5547436# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingFile(...)[gle=0xd0000022]
2014-07-18 16:46:42, Error                 CSI    00000289 (F) STATUS_ACCESS_DENIED #5547435# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingFile(flags = (MissingFileIsOk), da = (FILE_GENERIC_READ), oa = @0xebcf60->SIL_OBJECT_ATTRIBUTES {s:40; on:"t2embed.dll"; a:(OBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE), file = NULL, disp = Invalid)
[gle=0xd0000022]
2014-07-18 16:46:42, Error                 CSI    0000028a (F) STATUS_ACCESS_DENIED #5547415# from PrimitiveInstaller::CCoordinator::RepairComponent(Component = Microsoft-Windows-Font-Embedding, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral)[gle=0xd0000022]

I'm suspecting malware at work

Please open an Elevated Command Prompt, and run the following commands:

Code:

TAKEOWN /F C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e /A /R
ICACLS C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e /T
ICACLS C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e /remove:d Everyone /T
ICACLS C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e /T
  
.

post the results, then reboot and try SFC /SCANNOW again.

While you're waiting for me after that (work calls

) please run a full system MBAM scan...

Please download and install Malwarebytes Anti-malware (free version) from http://www.malwarebytes.org/products/malwarebytes_free/ - UNtick 'Enable free trial of MBAM PRO' at the end of the installation - and update it, then run a full scan in your main account, and Quick scans in any other user accounts.

Delete everything it finds

Uplands666 · Jul 18, 2014

Looks like everything worked. Here are the results.
I'll reboot now, then rerun SFC, post the log file, and do the Malware full scan.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>TAKEOWN /F C:\Windows\winsxs\x86_microsoft-windows-font-embe
dding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e /A /R

SUCCESS: The file (or folder): "C:\Windows\winsxs\x86_microsoft-windows-font-emb
edding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e" now owned by the a
dministrators group.

SUCCESS: The file (or folder): "C:\Windows\winsxs\x86_microsoft-windows-font-emb
edding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e\t2embed.dll" now ow
ned by the administrators group.

C:\Windows\system32>ICACLS C:\Windows\winsxs\x86_microsoft-windows-font-embeddin
g_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e /T
C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601
.17514_none_b7c78d327d35e10e NT SERVICE\TrustedInstaller

I)(OI)(CI)(F)

BUILTIN\Administrators

I)(OI)(CI)(RX)

NT AUTHORITY\SYSTEM

I)(OI)(CI)(RX)

BUILTIN\Users

I)(OI)(CI)(RX)

C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601
.17514_none_b7c78d327d35e10e\t2embed.dll Everyone

N)

NT SERVICE\TrustedInstaller

F)

BUILTIN\Administrators

RX)

NT AUTHORITY\SYSTEM

RX)

BUILTIN\Users

RX)

Successfully processed 2 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\winsxs\x86_microsoft-windows-font-embeddin
g_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e /remove:d Everyone /T
processed file: C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856a
d364e35_6.1.7601.17514_none_b7c78d327d35e10e
processed file: C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856a
d364e35_6.1.7601.17514_none_b7c78d327d35e10e\t2embed.dll
Successfully processed 2 files; Failed processing 0 files

C:\Windows\system32>ICACLS C:\Windows\winsxs\x86_microsoft-windows-font-embeddin
g_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e /T
C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601
.17514_none_b7c78d327d35e10e NT SERVICE\TrustedInstaller

I)(OI)(CI)(F)

BUILTIN\Administrators

I)(OI)(CI)(RX)

NT AUTHORITY\SYSTEM

I)(OI)(CI)(RX)

BUILTIN\Users

I)(OI)(CI)(RX)

C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601
.17514_none_b7c78d327d35e10e\t2embed.dll NT SERVICE\TrustedInstaller

F)

BUILTIN\Administrators

RX)

NT AUTHORITY\SYSTEM

RX)

BUILTIN\Users

RX)

Successfully processed 2 files; Failed processing 0 files

C:\Windows\system32>

Uplands666 · Jul 18, 2014

Bewdy! SFC went to 100%, which I guess is near enough, hey?

Log file attached. Starting scan now.

BSOD while in sleep mode

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

Three-Toed Sloth

My Computer

New member

My Computer

Three-Toed Sloth

My Computer

New member

My Computer

Three-Toed Sloth

My Computer

New member

My Computer

Three-Toed Sloth

My Computer

New member

My Computer

Three-Toed Sloth

My Computer

New member

My Computer

Three-Toed Sloth

My Computer

New member

My Computer

Three-Toed Sloth

My Computer

New member

My Computer

New member

My Computer

Similar threads