Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014 Ran by tds at 2014-02-17 18:44:14 Run:3 Running from F:\05,12 Boot Mode: Normal ============================================== Content of fixlist: ***************** Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Schedule /s Reg: reg query "HKCU\Software\Microsoft\Windows Script" /s Reg: reg query "HKCU\Software\Microsoft\Windows Script Host" /s ***************** ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Schedule /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule AtTaskMaxHours REG_DWORD 0x48 DisplayName REG_SZ @%SystemRoot%\system32\schedsvc.dll,-100 Group REG_SZ SchedulerGroup ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs Description REG_SZ @%SystemRoot%\system32\schedsvc.dll,-101 ObjectName REG_SZ LocalSystem ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ RPCSS\0EventLog ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeIncreaseQuotaPrivilege\0SeChangeNotifyPrivilege\0SeAuditPrivilege\0SeImpersonatePrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeRestorePrivilege FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\schedsvc.dll ServiceDllUnloadOnStop REG_DWORD 0x1 ServiceMain REG_SZ ServiceMain HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Security Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D00020001010000000000050B00000000001800DD010E000102000000000005200000002002000000001400FF010F00010100000000000512000000000018008D00020001020000000000052000000021020000010100000000000512000000010100000000000512000000 ========= End of Reg: ========= ========= reg query "HKCU\Software\Microsoft\Windows Script" /s ========= HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings JITDebug REG_DWORD 0x0 ========= End of Reg: ========= ========= reg query "HKCU\Software\Microsoft\Windows Script Host" /s ========= HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings ========= End of Reg: ========= ==== End of Fixlog ====