Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by asus (27-07-2022 20:01:45) Run:6
Running from C:\Users\asus\Desktop
Loaded Profiles: asus
Boot Mode: Normal
==============================================
fixlist content:
*****************
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
S3 rpmcdriver; \??\D:\ASUS_WTP_MAIN\ThirdPartyTool\Amd\RPMC\rpmcdriver.sys [X]
D:\ASUS_WTP_MAIN\ThirdPartyTool\Amd\RPMC\rpmcdriver.sys
IE trusted site: HKU\S-1-5-21-118308293-610972259-2242679070-1001\...\sharepoint.com -> hxxps://ptwaskita-files.sharepoint.com
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
Hosts:
EmptyTemp:
*****************
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\System\CurrentControlSet\Services\rpmcdriver => removed successfully
rpmcdriver => service removed successfully
"D:\ASUS_WTP_MAIN\ThirdPartyTool\Amd\RPMC\rpmcdriver.sys" => not found
HKU\S-1-5-21-118308293-610972259-2242679070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 257953270 B
Java, Discord, Steam htmlcache => 576872479 B
Windows/system/drivers => 264825293 B
Edge => 0 B
Chrome => 476876752 B
Firefox => 2083295157 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 492290638 B
systemprofile32 => 492291954 B
LocalService => 492291954 B
NetworkService => 517435572 B
asus => 791298256 B
RecycleBin => 7534357472 B
EmptyTemp: => 13 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:27:52 ====
The search log is attached.
By the way, I should let you know that i followed registry instruction from here:
How to permanently disable Windows Defender Antivirus on Windows 10
to try to deactivate Windows Defender just to see if it gives a notification that it's being turned off and let me open the setting but nothing happened.
Here's the fixlog number 2
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by asus (27-07-2022 22:40:46) Run:7
Running from C:\Users\asus\Desktop
Loaded Profiles: asus
Boot Mode: Normal
==============================================
fixlist content:
*****************
ExportKey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
ExportKey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
ExportKey:HKEY_LOCAL_MACHINE\Software\Policies\microsoft\windows defender\real-time protection
*****************
================== ExportKey: ===================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"DependOnService"="RpcSs"
"Description"="@%systemroot%\system32\SecurityHealthAgent.dll,-1001"
"DisplayName"="@%systemroot%\system32\SecurityHealthAgent.dll,-1002"
"ErrorControl"="1"
"FailureActions"="80510100000000000000000003000000140000000100000060ea00000100000060ea00000000000000000000"
"ImagePath"="%SystemRoot%\system32\SecurityHealthService.exe"
"LaunchProtected"="2"
"ObjectName"="LocalSystem"
"RequiredPrivileges"="SeImpersonatePrivilege*SeBackupPrivilege*SeRestorePrivilege*SeDebugPrivilege*SeChangeNotifyPrivilege*SeSecurityPrivilege*SeAssignPrimaryTokenPrivilege*SeTcbPrivilege*SeSystemEnvironmentPrivilege*SeShu (the data entry has 14 more characters)."
"ServiceSidType"="1"
"Start"="3"
"Type"="16"
[HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Security]
"Security"="010014801c01000028010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200ec0008000000000018009d00020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 416 more characters)."
=== End of ExportKey ===
================== ExportKey: ===================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DelayedAutoStart"="1"
"DependOnService"="RpcSs"
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"="1"
"FailureActions"="805101000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p"
"LaunchProtected"="2"
"ObjectName"="NT AUTHORITY\LocalService"
"RequiredPrivileges"="SeChangeNotifyPrivilege*SeImpersonatePrivilege"
"ServiceSidType"="1"
"Start"="2"
"Type"="32"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"="010014801c01000028010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200ec0008000000000018009d00020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 416 more characters)."
=== End of ExportKey ===
================== ExportKey: ===================
[HKEY_LOCAL_MACHINE\Software\Policies\microsoft\windows defender\real-time protection]
=== End of ExportKey ===
==== End of Fixlog 22:40:46 ====