Strange Brave (the browser) shortcut appeared on desktop

Are you saying you did not install the Brave browser?

If you did have Brave installed, it could simply be a Brave update downloaded in the background when your PC was on and installed in the background upon turning it on again. Sometimes these apps will create a new shortcut on the desktop with an update.

If you want, we can move this to the Security section and get it checked out.

Yes I already did have the brave browser installed. If it’s not too much trouble please move it to the Security section. Thank you for the help!

Please follow these instructions: https://pchelpforum.net/t/prework-pl...posting.11235/

I ran a scan with FRST. I have attached the files that FRST created. I don’t think my PC is infected but better safe than sorry I guess.

Hello and welcome to PCHF Forums.

The Brave shortcut has nothing to do with an infection, and as my colleague said above it could just be a browser’s update.

The logs include some entries related to a particular infection, so please do the following:

[COLOR=rgb(247, 218, 100)]1. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads.

For now, just uninstall Java. If you would like to install it again, please wait to do this at the end of this procedure.

[COLOR=rgb(247, 218, 100)]2. FRST fix[/COLOR][COLOR=rgb(247, 218, 100)]

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
[ul]
[li]Select the entire contents of the code box below, from the “Start::” line to “End::”, including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.[/li][/ul]

[ICODE]Start:: CreateRestorePoint: CloseProcesses: AV: Kaspersky (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} CustomCLSID: HKU\S-1-5-21-2747520710-880075426-1544898997-1001_Classes\CLSID\{087a1a2f-2d93-5505-77df-7b835d6bfccd}\localserver32 -> "C:\Users\dodev\Desktop\FN OG\Release\FortniteLauncher.exe" -ToastActivated => No File AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat4F6BC83AF [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TM.blf:2F060694AD [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000001.regt rans-ms:AD9518691F [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000002.regt rans-ms4AE7C61D7 [5154] AlternateDataStreams: C:\ProgramData\temp_Delete.bat:3AFEC52931 [5154] AlternateDataStreams: C:\ProgramData\temp_runbat.vbs:83E5ECD070 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\HidHide Configuration Client.lnk:B7B9C8BD2D [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk:14E057C8D9 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk689419597 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FahrenLernen.lnk:F0A814A5B9 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnkC8F23BC3A [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orca.lnk:2A8919CA1D [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [5154] AlternateDataStreams: C:\Users\Public\AppData:CSM [458] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470] HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll [2023-01-22] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll [2023-01-22] (Oracle America, Inc. -> Oracle Corporation) FirewallRules: [{5800C117-7662-4F60-A9FF-87323BDBD4C1}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [{94CE1ACF-01A8-405F-B5A8-68956C726F25}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [TCP Query User{FC674DB9-F797-4341-B242-E86CEC434EC3}C:\users\dodev\appdata\roaming\.tlaun cher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre 1.8.0_281\bin\javaw.exe => No File FirewallRules: [UDP Query User{8D57AF87-E2DB-4CA6-A5DA-F7C8DB29ECDF}C:\users\dodev\appdata\roaming\.tlaun cher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre 1.8.0_281\bin\javaw.exe => No File FirewallRules: [TCP Query User{E17CE560-8766-4D16-87EC-B16B2B8F1ACA}C:\users\dodev\appdata\roaming\.tlaun cher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre 1.8.0_281\bin\javaw.exe => No File FirewallRules: [UDP Query User{C0A77587-B71F-4F06-8DE7-3EBC11AC577C}C:\users\dodev\appdata\roaming\.tlaun cher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre 1.8.0_281\bin\javaw.exe => No File FirewallRules: [TCP Query User{965685B1-228C-49AE-8397-68B4B9A9FBB5}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [UDP Query User{0028A279-D0F6-4BB7-AAF8-F32CE86F926A}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [TCP Query User{07FFA4DA-D72F-4C0F-9AEF-6325D5F96BA4}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [UDP Query User{C4ED7FD2-FB46-4AB5-AD96-07EB823C1BC0}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [TCP Query User{D3DEEDC3-B706-4DC1-93E1-9AA72B590D50}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File FirewallRules: [UDP Query User{087698C2-1AEC-4D24-8CE4-58398BB60CC1}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File FirewallRules: [{45E18840-C521-4A07-83DB-E94712E48145}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File FirewallRules: [{1743298E-8CEB-4004-B505-193A16DAB8DB}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File FirewallRules: [{D4D3133F-FE6C-4E9F-8B67-A6EA602B550C}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File FirewallRules: [{885FBEC5-BD6F-4C02-8B16-B0F476A855A3}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File FirewallRules: [TCP Query User{CE28E71D-4CFB-4E49-ACD8-2F1B0FCE75FF}C:\users\dodev\appdata\local\ubisoft\ r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_5049 7889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4. 2.0.1pc_c7361317_d1569606_s50031_50497889\16235377 94\rainbowsix.exe => No File FirewallRules: [UDP Query User{097B497A-E638-44A7-9228-0707BB340359}C:\users\dodev\appdata\local\ubisoft\ r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_5049 7889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4. 2.0.1pc_c7361317_d1569606_s50031_50497889\16235377 94\rainbowsix.exe => No File FirewallRules: [TCP Query User{1908CC71-AF63-473B-BF80-0141F17D6E2A}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_5275 0213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 0.0.1pc_c7441957_d1592481_s50764_52750213\40152917 70\rainbowsix.exe => No File FirewallRules: [UDP Query User{FC92CEBC-820D-448C-B1CF-1D911E457917}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_5275 0213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 0.0.1pc_c7441957_d1592481_s50764_52750213\40152917 70\rainbowsix.exe => No File FirewallRules: [TCP Query User{4FBA5F27-5021-42CF-BBFF-68B49CE2AFDC}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_5358 0025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 1.0.1pc_c7483627_d1598026_s50996_53580025\30757759 09\rainbowsix.exe => No File FirewallRules: [UDP Query User{3297A35A-9B30-43AE-BFA5-7EEA2D3026F7}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_5358 0025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 1.0.1pc_c7483627_d1598026_s50996_53580025\30757759 09\rainbowsix.exe => No File FirewallRules: [TCP Query User{24214128-7AA2-4ECA-B341-88030C3ED971}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File FirewallRules: [UDP Query User{69FB2083-724E-4C7B-8EC7-ABC0D12274AA}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File FirewallRules: [TCP Query User{FDE8269A-90B2-45E5-92D1-FB23801234C8}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_5383 8173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 1.0.2pc_c7495669_d1598026_s50996_53838173\85792534 0\rainbowsix.exe => No File FirewallRules: [UDP Query User{38B9F792-0B48-48CB-82C2-E7257DEDFE76}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_5383 8173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 1.0.2pc_c7495669_d1598026_s50996_53838173\85792534 0\rainbowsix.exe => No File FirewallRules: [TCP Query User{387CBA54-BB1F-4528-B882-E587F7133953}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566 \1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 2.0_c7498104_d1603541_s51115_53918566\1671572565\r ainbowsix.exe => No File FirewallRules: [UDP Query User{5680B3BB-9358-4E9C-A772-7D193A34C289}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566 \1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 2.0_c7498104_d1603541_s51115_53918566\1671572565\r ainbowsix.exe => No File FirewallRules: [TCP Query User{D5DD7347-3869-4948-9875-6B977EAD329B}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File FirewallRules: [UDP Query User{EDEA746D-4918-4BD8-A1C6-23145F410E4A}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File FirewallRules: [TCP Query User{184920EE-4056-496D-9A86-99CEC5E86096}D:\fmod\fortnitegame\binaries\win64\f modclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{EE57B5D6-F32B-4FA6-B2A7-704BABBB7029}D:\fmod\fortnitegame\binaries\win64\f modclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{6966AD0B-5586-4BF6-AB72-CEADC76C58DE}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File FirewallRules: [UDP Query User{CF2CB98B-7E95-4AAB-AC80-FD2898C1EF3E}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File FirewallRules: [TCP Query User{2B95C8EC-CB08-4749-AA39-1CD06C543319}D:\grand theft auto iv - modded\gtaiv.exe] => (Block) D:\grand theft auto iv - modded\gtaiv.exe => No File FirewallRules: [UDP Query User{0ACC2088-DA09-4F8B-8EF9-8D41573C468B}D:\grand theft auto iv - modded\gtaiv.exe] => (Block) D:\grand theft auto iv - modded\gtaiv.exe => No File FirewallRules: [TCP Query User{85FEC107-4170-484F-B019-94AB8B8757C9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File FirewallRules: [UDP Query User{623ECDA9-B3EE-49CF-98CC-6279400634D9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File Edge HKU\S-1-5-21-2747520710-880075426-1544898997-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\E xtension: [jcpgbnbdnakoblgfkbgggankeidkfcdl] Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl] S3 NalDrv; \??\C:\Users\dodev\Desktop\Injector\NalDrv.sys [X] Hosts: EmptyTemp: End:: [/ICODE]
[ul]
[li]Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click “yes” to the disclaimer.[/li][li]Press the Fix button once and wait.[/li][li]FRST will process fixlist.txt[/li][li]When finished, it will produce a log fixlog.txt on your Desktop.[/li][li]Post the log in your next reply.[/li][/ul]

[COLOR=rgb(251, 160, 38)]In your next reply, please post:[/COLOR][COLOR=rgb(251, 160, 38)]
[ol]
[li]If you successfully uninstalled Java[/li][li]The fixlog.txt[/li][/ol][/color][/color][/COLOR]

[COLOR=rgb(247, 218, 100)][COLOR=rgb(247, 218, 100)][COLOR=rgb(251, 160, 38)]
Thanks a lot for taking the time to help me! I downloaded Kaspersky again and I ran scan, the only thing that was flagged was a file that I know for a fact doesn’t harm my PC (I could be used so that’s probably why it got flagged). Before I run the script you sent me, could you elaborate a little bit on what the script is going to do? It creates a system restore point so I can revert the changes it makes but I would still like to know what it’s going to do. Thanks in advance! ???[/color][/color][/color]

I downloaded Kaspersky again and I ran scan,

Please, do not download/install/run/use any program unless you are asked by me, during this cleaning procedure. In the script I included two Kaspersky entries which remained after a bad uninstall. Now you installed it again. Since logs change every time you do something, things are getting complicated and I can’t help you effectively.

As to the fix I gave to you, it removes remnants, unnecessary stuff, as well as the bad entries used to manipulate the Hosts file. And I do not recommend you in any case to revert any changes it does.

I uninstalled Kaspersky again the same way I did it the first time. I ran another scan with FRST and the 2 Kaspersky entries were still there. I compared the logs and the thing that changed was everything in the “Hosts content” section because Kaspersky removed it and reverted the file to what it originally was, it wasn’t doing anything harmful but it doesn’t matter I can live without it. I’ll attach the new logs in case you want to take a look but it looks the same to me. Should I still run the script?

Uninstall Java as I asked you before, and post fresh logs.

Do not download/install/run/use any program, unless I ask you to do so.

There is no meaning to run the previous fix now. I must review the latest logs to give you another one.

Ok I will uninstall Java. The logs in my previous reply are the most recent ones. I have not downloaded anything since. Since the last scan I have just used the usual applications like Spotify, Discord, Brave and played some games.

I need your logs after you uninstall Java.

OK.

I’ll need some time to check your logs again.

Ok. Take your time. Thank you for helping even after I messed up???.

Please, follow with the same order the instructions below. [COLOR=rgb(235, 107, 86)]DO NOT[COLOR=rgb(235, 107, 86)] use the computer, while the scans are running.

[COLOR=rgb(247, 218, 100)]1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
[ul]
[li]Select the entire contents of the code box below, from the “Start::” line to “End::”, including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.[/li][/ul]

[ICODE]Start:: CreateRestorePoint: CloseProcesses: AV: Kaspersky (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} CustomCLSID: HKU\S-1-5-21-2747520710-880075426-1544898997-1001_Classes\CLSID\{087a1a2f-2d93-5505-77df-7b835d6bfccd}\localserver32 -> "C:\Users\dodev\Desktop\FN OG\Release\FortniteLauncher.exe" -ToastActivated => No File AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat4F6BC83AF [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TM.blf:2F060694AD [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000001.regt rans-ms:AD9518691F [5154] AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000002.regt rans-ms4AE7C61D7 [5154] AlternateDataStreams: C:\ProgramData\temp_Delete.bat:3AFEC52931 [5154] AlternateDataStreams: C:\ProgramData\temp_runbat.vbs:83E5ECD070 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\HidHide Configuration Client.lnk:B7B9C8BD2D [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk:14E057C8D9 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk689419597 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FahrenLernen.lnk:F0A814A5B9 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnkC8F23BC3A [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orca.lnk:2A8919CA1D [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5154] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [5154] AlternateDataStreams: C:\Users\Public\AppData:CSM [458] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470] HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" FirewallRules: [{5800C117-7662-4F60-A9FF-87323BDBD4C1}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [{94CE1ACF-01A8-405F-B5A8-68956C726F25}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [TCP Query User{FC674DB9-F797-4341-B242-E86CEC434EC3}C:\users\dodev\appdata\roaming\.tlaun cher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre 1.8.0_281\bin\javaw.exe => No File FirewallRules: [UDP Query User{8D57AF87-E2DB-4CA6-A5DA-F7C8DB29ECDF}C:\users\dodev\appdata\roaming\.tlaun cher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre 1.8.0_281\bin\javaw.exe => No File FirewallRules: [TCP Query User{E17CE560-8766-4D16-87EC-B16B2B8F1ACA}C:\users\dodev\appdata\roaming\.tlaun cher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre 1.8.0_281\bin\javaw.exe => No File FirewallRules: [UDP Query User{C0A77587-B71F-4F06-8DE7-3EBC11AC577C}C:\users\dodev\appdata\roaming\.tlaun cher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre 1.8.0_281\bin\javaw.exe => No File FirewallRules: [TCP Query User{965685B1-228C-49AE-8397-68B4B9A9FBB5}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [UDP Query User{0028A279-D0F6-4BB7-AAF8-F32CE86F926A}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [TCP Query User{07FFA4DA-D72F-4C0F-9AEF-6325D5F96BA4}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [UDP Query User{C4ED7FD2-FB46-4AB5-AD96-07EB823C1BC0}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [TCP Query User{D3DEEDC3-B706-4DC1-93E1-9AA72B590D50}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File FirewallRules: [UDP Query User{087698C2-1AEC-4D24-8CE4-58398BB60CC1}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File FirewallRules: [{45E18840-C521-4A07-83DB-E94712E48145}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File FirewallRules: [{1743298E-8CEB-4004-B505-193A16DAB8DB}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File FirewallRules: [{D4D3133F-FE6C-4E9F-8B67-A6EA602B550C}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File FirewallRules: [{885FBEC5-BD6F-4C02-8B16-B0F476A855A3}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File FirewallRules: [TCP Query User{CE28E71D-4CFB-4E49-ACD8-2F1B0FCE75FF}C:\users\dodev\appdata\local\ubisoft\ r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_5049 7889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4. 2.0.1pc_c7361317_d1569606_s50031_50497889\16235377 94\rainbowsix.exe => No File FirewallRules: [UDP Query User{097B497A-E638-44A7-9228-0707BB340359}C:\users\dodev\appdata\local\ubisoft\ r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_5049 7889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4. 2.0.1pc_c7361317_d1569606_s50031_50497889\16235377 94\rainbowsix.exe => No File FirewallRules: [TCP Query User{1908CC71-AF63-473B-BF80-0141F17D6E2A}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_5275 0213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 0.0.1pc_c7441957_d1592481_s50764_52750213\40152917 70\rainbowsix.exe => No File FirewallRules: [UDP Query User{FC92CEBC-820D-448C-B1CF-1D911E457917}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_5275 0213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 0.0.1pc_c7441957_d1592481_s50764_52750213\40152917 70\rainbowsix.exe => No File FirewallRules: [TCP Query User{4FBA5F27-5021-42CF-BBFF-68B49CE2AFDC}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_5358 0025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 1.0.1pc_c7483627_d1598026_s50996_53580025\30757759 09\rainbowsix.exe => No File FirewallRules: [UDP Query User{3297A35A-9B30-43AE-BFA5-7EEA2D3026F7}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_5358 0025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 1.0.1pc_c7483627_d1598026_s50996_53580025\30757759 09\rainbowsix.exe => No File FirewallRules: [TCP Query User{24214128-7AA2-4ECA-B341-88030C3ED971}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File FirewallRules: [UDP Query User{69FB2083-724E-4C7B-8EC7-ABC0D12274AA}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File FirewallRules: [TCP Query User{FDE8269A-90B2-45E5-92D1-FB23801234C8}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_5383 8173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 1.0.2pc_c7495669_d1598026_s50996_53838173\85792534 0\rainbowsix.exe => No File FirewallRules: [UDP Query User{38B9F792-0B48-48CB-82C2-E7257DEDFE76}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_5383 8173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 1.0.2pc_c7495669_d1598026_s50996_53838173\85792534 0\rainbowsix.exe => No File FirewallRules: [TCP Query User{387CBA54-BB1F-4528-B882-E587F7133953}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566 \1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 2.0_c7498104_d1603541_s51115_53918566\1671572565\r ainbowsix.exe => No File FirewallRules: [UDP Query User{5680B3BB-9358-4E9C-A772-7D193A34C289}C:\users\dodev\appdata\local\ubisoft\ r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566 \1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1. 2.0_c7498104_d1603541_s51115_53918566\1671572565\r ainbowsix.exe => No File FirewallRules: [TCP Query User{D5DD7347-3869-4948-9875-6B977EAD329B}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File FirewallRules: [UDP Query User{EDEA746D-4918-4BD8-A1C6-23145F410E4A}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File FirewallRules: [TCP Query User{184920EE-4056-496D-9A86-99CEC5E86096}D:\fmod\fortnitegame\binaries\win64\f modclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{EE57B5D6-F32B-4FA6-B2A7-704BABBB7029}D:\fmod\fortnitegame\binaries\win64\f modclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{6966AD0B-5586-4BF6-AB72-CEADC76C58DE}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File FirewallRules: [UDP Query User{CF2CB98B-7E95-4AAB-AC80-FD2898C1EF3E}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File FirewallRules: [TCP Query User{85FEC107-4170-484F-B019-94AB8B8757C9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File FirewallRules: [UDP Query User{623ECDA9-B3EE-49CF-98CC-6279400634D9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File Edge HKU\S-1-5-21-2747520710-880075426-1544898997-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\E xtension: [jcpgbnbdnakoblgfkbgggankeidkfcdl] Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl] S3 NalDrv; \??\C:\Users\dodev\Desktop\Injector\NalDrv.sys [X] 2024-06-09 00:43 - 2024-06-09 12:11 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2024-06-09 00:40 - 2024-06-09 00:40 - 004457224 _____ (Kaspersky) C:\Users\dodev\Downloads\startup (1).exe 2024-05-31 00:34 - 2024-06-09 03:06 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.rollback 2024-05-31 00:34 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.backup CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow EmptyTemp: End:: [/ICODE]
[ul]
[li]Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click “yes” to the disclaimer.[/li][li]Press the Fix button once and wait.[/li][li]FRST will process fixlist.txt[/li][li]When finished, it will produce a log fixlog.txt on your Desktop.[/li][li]Post the log in your next reply.[/li][/ul]

[COLOR=rgb(247, 218, 100)]2. Run Malwarebytes (scan only)
[ul]
[li]Download Malwarebytes and save it to your Desktop.[/li][li]Once downloaded, close all programs and Windows on your computer.[/li][li]Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.[/li][li]Follow the instructions to install the program.[/li][li]When finished, double click the program’s icon created on your Desktop.[/li][li]Click the little gear on the top right B [/B]and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled. [/li][li]Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.[/li][li]Return to the Dashboard and choose Scan. [/li][li]When finished, you will see the Threat Scan Summary window open.[/li][li]If threats are not found, click View Report and proceed to the two last steps below. [/li]
If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.

• [li]Open Malwarebytes again, click on the Scanner, and then on the Reports tab.[/li][li]Find the report with the most recent date and double click on it.[/li][li]Click on Export and then Copy to Clipboard.[/li][li]Paste its content here, in your next reply.[/li][/ul]

[COLOR=rgb(247, 218, 100)]3. Run AdwCleaner (scan only)

Download [COLOR=rgb(84, 172, 210)]AdwCleaner[/COLOR][COLOR=rgb(84, 172, 210)][COLOR=rgb(84, 172, 210)] and save it to your desktop.
[ul]
[li]Double click AdwCleaner.exe to run it.[/li][li]Click the Scan Now button.[/li][li]Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.[/li][li]If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.[/li][li]Click the Log Files tab.[/li][li]Double click on the latest scan log [COLOR=rgb(84, 172, 210)](Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)[/li][li]A Notepad file will open containing the results of the removal.[/li][li]Please post the contents of the file in your next reply.[/li][/ul]
[COLOR=rgb(65, 168, 95)]Note: [COLOR=rgb(65, 168, 95)]Click Skip Basic Repair if you are asked to.

[COLOR=rgb(251, 160, 38)]In your next reply, please post:
[ol]
[li]The fixlog.txt[/li][li]The Malwarebytes report[/li][li]The AdwCleaner[S0*].txt[/li]
[/ol][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR][/color][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR]