Start:: CloseProcesses: CreateRestorePoint: ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-02-28] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-02-28] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-02-28] (Glarysoft LTD -> Glarysoft Ltd) HKU\S-1-5-21-976858337-835815652-199551154-1001\...\Run: [GUDelayStartup] C:\Windows\System32\drivers\GUBootStartup.sys C:\Users\Genjiru\Downloads\gu5setup(53).exe FirewallRules: [{312A9984-4006-4DD9-81EE-EA90DE4995C5}] => (Allow) c:\program files (x86)\glary utilities 5\autoupdate.exe (Glarysoft LTD -> Glarysoft Ltd) FirewallRules: [{F0CA60E2-776F-4DBC-9A59-67ABB1ADA740}] => (Allow) c:\program files (x86)\glary utilities 5\autoupdate.exe (Glarysoft LTD -> Glarysoft Ltd) FirewallRules: [{6EA25405-034C-451F-B6A3-99EA9E8B7C41}] => (Allow) c:\program files (x86)\glary utilities 5\upgrade.exe (Glarysoft LTD -> Glarysoft Ltd) FirewallRules: [{833D0B11-1BE2-4CCF-ADA1-6C360057B5D4}] => (Allow) c:\program files (x86)\glary utilities 5\upgrade.exe (Glarysoft LTD -> Glarysoft Ltd) FirewallRules: [{26A67786-73D4-42D2-AC64-E2700161F4C0}] => (Allow) c:\program files (x86)\glary utilities 5\integrator.exe (Glarysoft LTD -> Glarysoft Ltd) FirewallRules: [{139F688F-7A75-4A5F-9A40-271A4F703083}] => (Allow) c:\program files (x86)\glary utilities 5\integrator.exe (Glarysoft LTD -> Glarysoft Ltd) FirewallRules: [{A05D2A41-609F-4902-A1BA-623ADAB27447}] => (Allow) c:\program files (x86)\glary utilities 5\softwareupdate.exe (Glarysoft LTD -> Glarysoft Ltd) FirewallRules: [{CD100C2F-274C-47A0-BEC6-25C6200725E9}] => (Allow) c:\program files (x86)\glary utilities 5\softwareupdate.exe (Glarysoft LTD -> Glarysoft Ltd) c:\program files (x86)\glary utilities 5 FirewallRules: [{BFECBB99-FF7E-4CE1-A396-3BDDE8B53A7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GlassWire\GWLauncher.exe (GlassWire -> SecureMix LLC) FirewallRules: [{4CDFCDB4-3DA0-4E56-8A5C-006D78D3D341}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GlassWire\GWLauncher.exe (GlassWire -> SecureMix LLC) FirewallRules: [{92958378-B137-41DC-B6BC-C37DDC80DC0B}] => (Allow) c:\program files (x86)\steam\steamapps\common\glasswire\app\gwctlsrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{ECCDAF23-1B71-43D3-9F22-EBF5A3E1DB22}] => (Allow) c:\program files (x86)\steam\steamapps\common\glasswire\app\gwctlsrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{B723FDC4-23A0-4486-99AA-82AFF16CA488}] => (Allow) c:\program files (x86)\steam\steamapps\common\glasswire\app\glasswire.exe (GlassWire -> SecureMix LLC) FirewallRules: [{71198180-AD26-4938-9D81-9D0068F93F80}] => (Allow) c:\program files (x86)\steam\steamapps\common\glasswire\app\glasswire.exe (GlassWire -> SecureMix LLC) FirewallRules: [{179A6202-9E59-4490-9596-ADFA8252B8D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GlassWire\app\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{BD5D9C97-AA4E-4DE4-9D20-B3A5030872E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GlassWire\app\GWCtlSrv.exe (GlassWire -> SecureMix LLC) HKU\S-1-5-21-976858337-835815652-199551154-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [45488 2020-09-18] (Glarysoft LTD -> Glarysoft Ltd) HKU\S-1-5-21-976858337-835815652-199551154-1001\...\Run: [GlassWire] C:\Program Files (x86)\Steam FF Notifications: Mozilla\Firefox\Profiles\h92wwip7.default-release -> hxxps://web.whatsapp.com C:\Users\Genjiru\AppData\Roaming\WhatsApp C:\Users\Genjiru\AppData\Local\WhatsApp HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe StartRegEdit: Windows Registry Editor Version 5.00 [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\*.update] "http"=dword:00000002 "https"=dword:00000002 EndRegEdit: cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on cmd: netsh winsock reset Emptytemp: End::