Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by zb2 (11-11-2016 13:18:44)
Running from D:\download\frst
Windows 10 Home Version 1511 (X64) (2016-11-05 02:25:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1119942896-2128772143-2972570867-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1119942896-2128772143-2972570867-503 - Limited - Disabled)
Guest (S-1-5-21-1119942896-2128772143-2972570867-501 - Limited - Disabled)
zb2 (S-1-5-21-1119942896-2128772143-2972570867-1001 - Administrator - Enabled) => C:\Users\zb2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{46f42e59-8bc8-4144-9c41-869ad2fdb65d}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 pl)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2 - Mozilla)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1119942896-2128772143-2972570867-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1119942896-2128772143-2972570867-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\zb2\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-07 06:34 - 2016-05-07 06:34 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-01 16:32 - 2015-12-19 01:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-05-07 06:34 - 2016-05-07 06:34 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-11-10 18:22 - 2016-11-10 18:22 - 01864384 _____ () C:\Users\zb2\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-07 06:34 - 2016-05-07 06:34 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-07 06:34 - 2016-05-07 06:34 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-07 06:34 - 2016-05-07 06:34 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-07 06:34 - 2016-05-07 06:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-07 06:34 - 2016-05-07 06:34 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-10 19:17 - 2016-11-10 19:17 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-11-11 13:07 - 2016-09-02 02:09 - 00431892 _____ () D:\far\lua51.dll
2016-11-11 13:07 - 2016-09-02 02:09 - 00064000 _____ () D:\far\lpeg.dll
2016-11-10 18:22 - 2016-11-10 18:22 - 01383616 _____ () C:\Users\zb2\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-11-10 18:22 - 2016-11-10 18:22 - 00118976 _____ () C:\Users\zb2\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-11-10 19:17 - 2016-11-10 19:17 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-11-10 19:17 - 2016-11-10 19:18 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1119942896-2128772143-2972570867-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zb2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.17.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DF78D8E1-6FAC-4349-8C79-CFDD048588D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D02104FB-3E33-4F4C-8316-A302E40A713D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2016 11:46:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e
Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e
Exception code: 0xc0000409
Fault offset: 0x0000000000015953
Faulting process id: 0xc68
Faulting application start time: 0x01d23c08ed56df4e
Faulting application path: C:\WINDOWS\system32\igfxHK.exe
Faulting module path: C:\WINDOWS\system32\igfxHK.exe
Report Id: 8da69af2-e901-49b0-b22b-9baa41240ef9
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/11/2016 11:46:50 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 17009 ms

DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 111
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply controls...
Participant:  TCPU [2]
Policy:  DBPT Policy [2]

Error: (11/11/2016 11:46:50 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 16988 ms

DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]

Error: (11/11/2016 11:46:50 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 16927 ms

DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\LpmPolicy\LpmPolicy.cpp @ line 1086
Executing Function:  LpmPolicy::getLpmModeFromPowerSettingsValue
Message:  Invalid version in validateLpm
Policy:  LPM Policy [3]

Error: (11/11/2016 11:46:50 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 16924 ms

DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]

Error: (11/11/2016 11:46:50 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 16917 ms

DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]

Error: (11/11/2016 11:46:50 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 16628 ms

DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\LpmPolicy\LpmConfigurationProxy.cpp @ line 161
Executing Function:  LpmConfigurationProxy::createLpmConfiguration
Message:  
DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 457
Executing Function:  EsifServices::primitiveExecuteGet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  GET_LPM_TABLE [237]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_ACPI_OBJECT_NOT_FOUND [1106]


Policy:  LPM Policy [3]

Error: (11/11/2016 09:26:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e
Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e
Exception code: 0xc0000409
Fault offset: 0x0000000000015953
Faulting process id: 0xc10
Faulting application start time: 0x01d23bf55b43bb3d
Faulting application path: C:\WINDOWS\system32\igfxHK.exe
Faulting module path: C:\WINDOWS\system32\igfxHK.exe
Report Id: 2c2960a7-c5cc-4434-bd40-39e51f3d612d
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/11/2016 09:26:33 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 18131 ms

DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 111
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply controls...
Participant:  TCPU [2]
Policy:  DBPT Policy [2]

Error: (11/11/2016 09:26:33 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 18107 ms

DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]


System errors:
=============
Error: (11/11/2016 11:52:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Security Update for Windows (KB3198586).

Error: (11/11/2016 11:43:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_438b3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/11/2016 11:43:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/11/2016 10:38:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Security Update for Windows (KB3198586).

Error: (11/11/2016 10:09:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Update for Windows 10 Version 1511 for x64-based Systems (KB3161102).

Error: (11/11/2016 10:09:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Security Update for Adobe Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3135782).

Error: (11/11/2016 10:04:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Update for Windows 10 Version 1511 for x64-based Systems (KB3161102).

Error: (11/11/2016 10:04:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Security Update for Adobe Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3135782).

Error: (11/11/2016 09:57:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Update for Windows 10 Version 1511 for x64-based Systems (KB3161102).

Error: (11/11/2016 09:57:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Security Update for Adobe Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3135782).


CodeIntegrity:
===================================
  Date: 2016-11-10 19:24:08.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-10 18:27:02.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-10 18:18:17.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-05 03:26:03.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 21:57:20.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-01 17:58:19.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-01 17:26:27.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-01 17:15:35.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz
Percentage of memory in use: 69%
Total physical RAM: 1977.25 MB
Available physical RAM: 599.45 MB
Total Virtual: 3129.25 MB
Available Virtual: 1583.54 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:40 GB) (Free:23.73 GB) NTFS
Drive d: (UserData) (Fixed) (Total:17.55 GB) (Free:16.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 09CD21D2)

Partition: GPT.

==================== End of Addition.txt ============================