Solved Strange Brave (the browser) shortcut appeared on desktop

Ginta · Jun 8, 2024

I noticed the shortcut as soon I logged in and when I went to properties it said that it was modified on the June 1st at 7:59 am. I am 100% sure that my PC was not on at that time. It last was accessed on June 8th (today) 10 minutes ago but the thing is my PC at the of reading when it was accessed was not on for 10 minutes, 5 minutes max. It also wasn't at the top of my screen, usually when a shortcut is created it is always at the top and I have to move it where I want it to be but this time it was already somewhere in the middle because there was a free spot between two shortcuts. Does anyone have an idea as to what could have caused this?

xrobwx71 · Jun 8, 2024

Are you saying you did not install the Brave browser?

If you did have Brave installed, it could simply be a Brave update downloaded in the background when your PC was on and installed in the background upon turning it on again. Sometimes these apps will create a new shortcut on the desktop with an update.

If you want, we can move this to the Security section and get it checked out.

Ginta · Jun 8, 2024

xrobwx71 said:
Are you saying you did not install the Brave browser?

If you did have Brave installed, it could simply be a Brave update downloaded in the background when your PC was on and installed in the background upon turning it on again. Sometimes these apps will create a new shortcut on the desktop with an update.

If you want, we can move this to the Security section and get it checked out.

Yes I already did have the brave browser installed. If it’s not too much trouble please move it to the Security section. Thank you for the help!

xrobwx71 · Jun 8, 2024

Please follow these instructions: https://pchelpforum.net/t/prework-please-read-before-posting.11235/

Ginta · Jun 8, 2024

xrobwx71 said:
Please follow these instructions: https://pchelpforum.net/t/prework-please-read-before-posting.11235/

I ran a scan with FRST. I have attached the files that FRST created. I don't think my PC is infected but better safe than sorry I guess.

DR M · Jun 9, 2024

Hello and welcome to PCHF Forums.

The Brave shortcut has nothing to do with an infection, and as my colleague said above it could just be a browser's update.

The logs include some entries related to a particular infection, so please do the following:

1. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads.

For now, just uninstall Java. If you would like to install it again, please wait to do this at the end of this procedure.

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Code:

Start::
CreateRestorePoint:
CloseProcesses:
AV: Kaspersky (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
CustomCLSID: HKU\S-1-5-21-2747520710-880075426-1544898997-1001_Classes\CLSID\{087a1a2f-2d93-5505-77df-7b835d6bfccd}\localserver32 -> "C:\Users\dodev\Desktop\FN OG\Release\FortniteLauncher.exe" -ToastActivated => No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat:D4F6BC83AF [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TM.blf:2F060694AD [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000001.regtrans-ms:AD9518691F [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000002.regtrans-ms:D4AE7C61D7 [5154]
AlternateDataStreams: C:\ProgramData\temp_Delete.bat:3AFEC52931 [5154]
AlternateDataStreams: C:\ProgramData\temp_runbat.vbs:83E5ECD070 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\HidHide Configuration Client.lnk:B7B9C8BD2D [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk:14E057C8D9 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk:D689419597 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FahrenLernen.lnk:F0A814A5B9 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk:DC8F23BC3A [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orca.lnk:2A8919CA1D [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [5154]
AlternateDataStreams: C:\Users\Public\AppData:CSM [458]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll [2023-01-22] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll [2023-01-22] (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{5800C117-7662-4F60-A9FF-87323BDBD4C1}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{94CE1ACF-01A8-405F-B5A8-68956C726F25}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{FC674DB9-F797-4341-B242-E86CEC434EC3}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8D57AF87-E2DB-4CA6-A5DA-F7C8DB29ECDF}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E17CE560-8766-4D16-87EC-B16B2B8F1ACA}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{C0A77587-B71F-4F06-8DE7-3EBC11AC577C}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{965685B1-228C-49AE-8397-68B4B9A9FBB5}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{0028A279-D0F6-4BB7-AAF8-F32CE86F926A}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{07FFA4DA-D72F-4C0F-9AEF-6325D5F96BA4}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{C4ED7FD2-FB46-4AB5-AD96-07EB823C1BC0}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{D3DEEDC3-B706-4DC1-93E1-9AA72B590D50}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{087698C2-1AEC-4D24-8CE4-58398BB60CC1}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{45E18840-C521-4A07-83DB-E94712E48145}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{1743298E-8CEB-4004-B505-193A16DAB8DB}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{D4D3133F-FE6C-4E9F-8B67-A6EA602B550C}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{885FBEC5-BD6F-4C02-8B16-B0F476A855A3}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [TCP Query User{CE28E71D-4CFB-4E49-ACD8-2F1B0FCE75FF}C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe => No File
FirewallRules: [UDP Query User{097B497A-E638-44A7-9228-0707BB340359}C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe => No File
FirewallRules: [TCP Query User{1908CC71-AF63-473B-BF80-0141F17D6E2A}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe => No File
FirewallRules: [UDP Query User{FC92CEBC-820D-448C-B1CF-1D911E457917}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe => No File
FirewallRules: [TCP Query User{4FBA5F27-5021-42CF-BBFF-68B49CE2AFDC}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe => No File
FirewallRules: [UDP Query User{3297A35A-9B30-43AE-BFA5-7EEA2D3026F7}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe => No File
FirewallRules: [TCP Query User{24214128-7AA2-4ECA-B341-88030C3ED971}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File
FirewallRules: [UDP Query User{69FB2083-724E-4C7B-8EC7-ABC0D12274AA}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File
FirewallRules: [TCP Query User{FDE8269A-90B2-45E5-92D1-FB23801234C8}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe => No File
FirewallRules: [UDP Query User{38B9F792-0B48-48CB-82C2-E7257DEDFE76}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe => No File
FirewallRules: [TCP Query User{387CBA54-BB1F-4528-B882-E587F7133953}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe => No File
FirewallRules: [UDP Query User{5680B3BB-9358-4E9C-A772-7D193A34C289}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe => No File
FirewallRules: [TCP Query User{D5DD7347-3869-4948-9875-6B977EAD329B}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{EDEA746D-4918-4BD8-A1C6-23145F410E4A}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{184920EE-4056-496D-9A86-99CEC5E86096}D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{EE57B5D6-F32B-4FA6-B2A7-704BABBB7029}D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{6966AD0B-5586-4BF6-AB72-CEADC76C58DE}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File
FirewallRules: [UDP Query User{CF2CB98B-7E95-4AAB-AC80-FD2898C1EF3E}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File
FirewallRules: [TCP Query User{2B95C8EC-CB08-4749-AA39-1CD06C543319}D:\grand theft auto iv - modded\gtaiv.exe] => (Block) D:\grand theft auto iv - modded\gtaiv.exe => No File
FirewallRules: [UDP Query User{0ACC2088-DA09-4F8B-8EF9-8D41573C468B}D:\grand theft auto iv - modded\gtaiv.exe] => (Block) D:\grand theft auto iv - modded\gtaiv.exe => No File
FirewallRules: [TCP Query User{85FEC107-4170-484F-B019-94AB8B8757C9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{623ECDA9-B3EE-49CF-98CC-6279400634D9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File
Edge HKU\S-1-5-21-2747520710-880075426-1544898997-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
S3 NalDrv; \??\C:\Users\dodev\Desktop\Injector\NalDrv.sys [X]
Hosts:
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

In your next reply, please post:

If you successfully uninstalled Java
The fixlog.txt

Ginta · Jun 9, 2024

DR M said:

Hello and welcome to PCHF Forums.

The Brave shortcut has nothing to do with an infection, and as my colleague said above it could just be a browser's update.

The logs include some entries related to a particular infection, so please do the following:

1. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads.

For now, just uninstall Java. If you would like to install it again, please wait to do this at the end of this procedure.

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Code:

Start::
CreateRestorePoint:
CloseProcesses:
AV: Kaspersky (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
CustomCLSID: HKU\S-1-5-21-2747520710-880075426-1544898997-1001_Classes\CLSID\{087a1a2f-2d93-5505-77df-7b835d6bfccd}\localserver32 -> "C:\Users\dodev\Desktop\FN OG\Release\FortniteLauncher.exe" -ToastActivated => No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat:D4F6BC83AF [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TM.blf:2F060694AD [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000001.regtrans-ms:AD9518691F [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000002.regtrans-ms:D4AE7C61D7 [5154]
AlternateDataStreams: C:\ProgramData\temp_Delete.bat:3AFEC52931 [5154]
AlternateDataStreams: C:\ProgramData\temp_runbat.vbs:83E5ECD070 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\HidHide Configuration Client.lnk:B7B9C8BD2D [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk:14E057C8D9 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk:D689419597 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FahrenLernen.lnk:F0A814A5B9 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk:DC8F23BC3A [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orca.lnk:2A8919CA1D [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [5154]
AlternateDataStreams: C:\Users\Public\AppData:CSM [458]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll [2023-01-22] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll [2023-01-22] (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{5800C117-7662-4F60-A9FF-87323BDBD4C1}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{94CE1ACF-01A8-405F-B5A8-68956C726F25}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{FC674DB9-F797-4341-B242-E86CEC434EC3}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8D57AF87-E2DB-4CA6-A5DA-F7C8DB29ECDF}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E17CE560-8766-4D16-87EC-B16B2B8F1ACA}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{C0A77587-B71F-4F06-8DE7-3EBC11AC577C}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{965685B1-228C-49AE-8397-68B4B9A9FBB5}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{0028A279-D0F6-4BB7-AAF8-F32CE86F926A}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{07FFA4DA-D72F-4C0F-9AEF-6325D5F96BA4}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{C4ED7FD2-FB46-4AB5-AD96-07EB823C1BC0}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{D3DEEDC3-B706-4DC1-93E1-9AA72B590D50}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{087698C2-1AEC-4D24-8CE4-58398BB60CC1}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{45E18840-C521-4A07-83DB-E94712E48145}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{1743298E-8CEB-4004-B505-193A16DAB8DB}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{D4D3133F-FE6C-4E9F-8B67-A6EA602B550C}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{885FBEC5-BD6F-4C02-8B16-B0F476A855A3}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [TCP Query User{CE28E71D-4CFB-4E49-ACD8-2F1B0FCE75FF}C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe => No File
FirewallRules: [UDP Query User{097B497A-E638-44A7-9228-0707BB340359}C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe => No File
FirewallRules: [TCP Query User{1908CC71-AF63-473B-BF80-0141F17D6E2A}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe => No File
FirewallRules: [UDP Query User{FC92CEBC-820D-448C-B1CF-1D911E457917}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe => No File
FirewallRules: [TCP Query User{4FBA5F27-5021-42CF-BBFF-68B49CE2AFDC}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe => No File
FirewallRules: [UDP Query User{3297A35A-9B30-43AE-BFA5-7EEA2D3026F7}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe => No File
FirewallRules: [TCP Query User{24214128-7AA2-4ECA-B341-88030C3ED971}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File
FirewallRules: [UDP Query User{69FB2083-724E-4C7B-8EC7-ABC0D12274AA}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File
FirewallRules: [TCP Query User{FDE8269A-90B2-45E5-92D1-FB23801234C8}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe => No File
FirewallRules: [UDP Query User{38B9F792-0B48-48CB-82C2-E7257DEDFE76}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe => No File
FirewallRules: [TCP Query User{387CBA54-BB1F-4528-B882-E587F7133953}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe => No File
FirewallRules: [UDP Query User{5680B3BB-9358-4E9C-A772-7D193A34C289}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe => No File
FirewallRules: [TCP Query User{D5DD7347-3869-4948-9875-6B977EAD329B}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{EDEA746D-4918-4BD8-A1C6-23145F410E4A}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{184920EE-4056-496D-9A86-99CEC5E86096}D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{EE57B5D6-F32B-4FA6-B2A7-704BABBB7029}D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{6966AD0B-5586-4BF6-AB72-CEADC76C58DE}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File
FirewallRules: [UDP Query User{CF2CB98B-7E95-4AAB-AC80-FD2898C1EF3E}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File
FirewallRules: [TCP Query User{2B95C8EC-CB08-4749-AA39-1CD06C543319}D:\grand theft auto iv - modded\gtaiv.exe] => (Block) D:\grand theft auto iv - modded\gtaiv.exe => No File
FirewallRules: [UDP Query User{0ACC2088-DA09-4F8B-8EF9-8D41573C468B}D:\grand theft auto iv - modded\gtaiv.exe] => (Block) D:\grand theft auto iv - modded\gtaiv.exe => No File
FirewallRules: [TCP Query User{85FEC107-4170-484F-B019-94AB8B8757C9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{623ECDA9-B3EE-49CF-98CC-6279400634D9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File
Edge HKU\S-1-5-21-2747520710-880075426-1544898997-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
S3 NalDrv; \??\C:\Users\dodev\Desktop\Injector\NalDrv.sys [X]
Hosts:
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

In your next reply, please post:

If you successfully uninstalled Java
The fixlog.txt

Thanks a lot for taking the time to help me! I downloaded Kaspersky again and I ran scan, the only thing that was flagged was a file that I know for a fact doesn’t harm my PC (I could be used so that’s probably why it got flagged). Before I run the script you sent me, could you elaborate a little bit on what the script is going to do? It creates a system restore point so I can revert the changes it makes but I would still like to know what it’s going to do. Thanks in advance! 😁

DR M · Jun 9, 2024

I downloaded Kaspersky again and I ran scan,

Please, do not download/install/run/use any program unless you are asked by me, during this cleaning procedure. In the script I included two Kaspersky entries which remained after a bad uninstall. Now you installed it again. Since logs change every time you do something, things are getting complicated and I can't help you effectively.

As to the fix I gave to you, it removes remnants,, unnecessary stuff, as well as the bad entries used to manipulate the Hosts file. And I do not recommend you in any case to revert any changes it does.

Ginta · Jun 9, 2024

DR M said:
Please, do not download/install/run/use any program unless you are asked by me, during this cleaning procedure. In the script I included two Kaspersky entries which remained after a bad uninstall. Now you installed it again. Since logs change every time you do something, things are getting complicated and I can't help you effectively.

As to the fix I gave to you, it removes remnants,, unnecessary stuff, as well as the bad entries used to manipulate the Hosts file. And I do not recommend you in any case to revert any changes it does.

I uninstalled Kaspersky again the same way I did it the first time. I ran another scan with FRST and the 2 Kaspersky entries were still there. I compared the logs and the thing that changed was everything in the "Hosts content" section because Kaspersky removed it and reverted the file to what it originally was, it wasn't doing anything harmful but it doesn't matter I can live without it. I'll attach the new logs in case you want to take a look but it looks the same to me. Should I still run the script?

DR M · Jun 9, 2024

Uninstall Java as I asked you before, and post fresh logs.

Do not download/install/run/use any program, unless I ask you to do so.

There is no meaning to run the previous fix now. I must review the latest logs to give you another one.

Ginta · Jun 9, 2024

Ok I will uninstall Java. The logs in my previous reply are the most recent ones. I have not downloaded anything since. Since the last scan I have just used the usual applications like Spotify, Discord, Brave and played some games.

DR M · Jun 9, 2024

I need your logs after you uninstall Java.

Ginta · Jun 9, 2024

Here are the new logs. A Microsoft window popped up asking me if I want to sign in so I can also be signed in on other Microsoft apps, while FRST was scanning. Don't know why it popped up or if it's even relevant to mention it (probably not) but yeah, I just canceled it. It was probably for Microsoft Office 365.

DR M · Jun 9, 2024

OK.

I'll need some time to check your logs again.

Ginta · Jun 9, 2024

Ok. Take your time. Thank you for helping even after I messed up😅.

DR M · Jun 9, 2024

Please, follow with the same order the instructions below. DO NOT use the computer, while the scans are running.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Code:

Start::
CreateRestorePoint:
CloseProcesses:
AV: Kaspersky (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
CustomCLSID: HKU\S-1-5-21-2747520710-880075426-1544898997-1001_Classes\CLSID\{087a1a2f-2d93-5505-77df-7b835d6bfccd}\localserver32 -> "C:\Users\dodev\Desktop\FN OG\Release\FortniteLauncher.exe" -ToastActivated => No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat:D4F6BC83AF [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TM.blf:2F060694AD [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000001.regtrans-ms:AD9518691F [5154]
AlternateDataStreams: C:\ProgramData\ntuser.dat{be914813-e61a-11ee-8398-06a911285b47}.TMContainer00000000000000000002.regtrans-ms:D4AE7C61D7 [5154]
AlternateDataStreams: C:\ProgramData\temp_Delete.bat:3AFEC52931 [5154]
AlternateDataStreams: C:\ProgramData\temp_runbat.vbs:83E5ECD070 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\HidHide Configuration Client.lnk:B7B9C8BD2D [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk:14E057C8D9 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk:D689419597 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FahrenLernen.lnk:F0A814A5B9 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk:DC8F23BC3A [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orca.lnk:2A8919CA1D [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [5154]
AlternateDataStreams: C:\Users\Public\AppData:CSM [458]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{5800C117-7662-4F60-A9FF-87323BDBD4C1}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{94CE1ACF-01A8-405F-B5A8-68956C726F25}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{FC674DB9-F797-4341-B242-E86CEC434EC3}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8D57AF87-E2DB-4CA6-A5DA-F7C8DB29ECDF}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E17CE560-8766-4D16-87EC-B16B2B8F1ACA}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{C0A77587-B71F-4F06-8DE7-3EBC11AC577C}C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\dodev\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{965685B1-228C-49AE-8397-68B4B9A9FBB5}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{0028A279-D0F6-4BB7-AAF8-F32CE86F926A}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{07FFA4DA-D72F-4C0F-9AEF-6325D5F96BA4}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{C4ED7FD2-FB46-4AB5-AD96-07EB823C1BC0}D:\call of duty modern warfare\modernwarfare.exe] => (Block) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{D3DEEDC3-B706-4DC1-93E1-9AA72B590D50}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{087698C2-1AEC-4D24-8CE4-58398BB60CC1}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{45E18840-C521-4A07-83DB-E94712E48145}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{1743298E-8CEB-4004-B505-193A16DAB8DB}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{D4D3133F-FE6C-4E9F-8B67-A6EA602B550C}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{885FBEC5-BD6F-4C02-8B16-B0F476A855A3}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [TCP Query User{CE28E71D-4CFB-4E49-ACD8-2F1B0FCE75FF}C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe => No File
FirewallRules: [UDP Query User{097B497A-E638-44A7-9228-0707BB340359}C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y7s4.2.0.1pc_c7361317_d1569606_s50031_50497889\1623537794\rainbowsix.exe => No File
FirewallRules: [TCP Query User{1908CC71-AF63-473B-BF80-0141F17D6E2A}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe => No File
FirewallRules: [UDP Query User{FC92CEBC-820D-448C-B1CF-1D911E457917}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\4015291770\rainbowsix.exe => No File
FirewallRules: [TCP Query User{4FBA5F27-5021-42CF-BBFF-68B49CE2AFDC}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe => No File
FirewallRules: [UDP Query User{3297A35A-9B30-43AE-BFA5-7EEA2D3026F7}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3075775909\rainbowsix.exe => No File
FirewallRules: [TCP Query User{24214128-7AA2-4ECA-B341-88030C3ED971}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File
FirewallRules: [UDP Query User{69FB2083-724E-4C7B-8EC7-ABC0D12274AA}D:\tom clancy's rainbow six siege\rainbowsix.exe] => (Block) D:\tom clancy's rainbow six siege\rainbowsix.exe => No File
FirewallRules: [TCP Query User{FDE8269A-90B2-45E5-92D1-FB23801234C8}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe => No File
FirewallRules: [UDP Query User{38B9F792-0B48-48CB-82C2-E7257DEDFE76}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.1.0.2pc_c7495669_d1598026_s50996_53838173\857925340\rainbowsix.exe => No File
FirewallRules: [TCP Query User{387CBA54-BB1F-4528-B882-E587F7133953}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe => No File
FirewallRules: [UDP Query User{5680B3BB-9358-4E9C-A772-7D193A34C289}C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe] => (Block) C:\users\dodev\appdata\local\ubisoft\r6siege\y8s1.2.0_c7498104_d1603541_s51115_53918566\1671572565\rainbowsix.exe => No File
FirewallRules: [TCP Query User{D5DD7347-3869-4948-9875-6B977EAD329B}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{EDEA746D-4918-4BD8-A1C6-23145F410E4A}D:\overwatch\_retail_\overwatch.exe] => (Block) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{184920EE-4056-496D-9A86-99CEC5E86096}D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{EE57B5D6-F32B-4FA6-B2A7-704BABBB7029}D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe] => (Block) D:\fmod\fortnitegame\binaries\win64\fmodclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{6966AD0B-5586-4BF6-AB72-CEADC76C58DE}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File
FirewallRules: [UDP Query User{CF2CB98B-7E95-4AAB-AC80-FD2898C1EF3E}D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe] => (Block) D:\steamlibrary\steamapps\common\call of duty hq\mp23\mp23-cod.exe => No File
FirewallRules: [TCP Query User{85FEC107-4170-484F-B019-94AB8B8757C9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{623ECDA9-B3EE-49CF-98CC-6279400634D9}D:\forza horizon 5\forza horizon 5\forzahorizon5.exe] => (Block) D:\forza horizon 5\forza horizon 5\forzahorizon5.exe => No File
Edge HKU\S-1-5-21-2747520710-880075426-1544898997-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
S3 NalDrv; \??\C:\Users\dodev\Desktop\Injector\NalDrv.sys [X]
2024-06-09 00:43 - 2024-06-09 12:11 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2024-06-09 00:40 - 2024-06-09 00:40 - 004457224 _____ (Kaspersky) C:\Users\dodev\Downloads\startup (1).exe
2024-05-31 00:34 - 2024-06-09 03:06 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.rollback
2024-05-31 00:34 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.backup
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

2. Run Malwarebytes (scan only)

Download Malwarebytes and save it to your Desktop.
Once downloaded, close all programs and Windows on your computer.
Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
Follow the instructions to install the program.
When finished, double click the program's icon created on your Desktop.
Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
Return to the Dashboard and choose Scan.
When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.

3. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

Double click AdwCleaner.exe to run it.
Click the Scan Now button.
Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
Click the Log Files tab.
Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
A Notepad file will open containing the results of the removal.
Please post the contents of the file in your next reply.

Note: Click Skip Basic Repair if you are asked to.

In your next reply, please post:

The fixlog.txt
The Malwarebytes report
The AdwCleaner[S0*].txt

Ginta · Jun 9, 2024

Hey I ran the script. Here is the Fixlog.txt. I am going to do Step 2 and 3 now.

Ginta · Jun 9, 2024

Here are all 3 files. There were 3 detections in the Malwarebytes scan. The first one is a downgrader for GTA IV, the person that made the downgrader is well known and trusted and also has other mods for GTA IV, second is a mod menu that I downloaded from a forum that has been around for a long time and is trusted don't know if I'm allowed to say which forum + the guy that made the menu is also very trusted and every file is checked by mods before being released, the third is just the shortcut for the menu.

DR M · Jun 10, 2024

Hello.

The fixlist ran successfully, and as you can see:

Windows Resource Protection found corrupt files and successfully repaired them.

As to the items detected by Malwarebytes, you can read here about this kind of detections:

Floxif.Virus.Fileinfector.DDS

Floxif.Virus.Fileinfector.DDS is Malwarebytes’ detection name for a family of viruses detected by Malwarebytes’ Katana engine.

www.malwarebytes.com

Riskware.GameHack

RiskWare.GameHack is Malwarebytes' generic detection name for files that give users unauthorized access to a gaming platform or server, or an unfair advantage in a game.

www.malwarebytes.com

You can also use the VirusTotal engine, to check them.

Your computer, so your decision to keep or remove them.

If you have no other question...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

Right-click kprm_(version).exe and select Run as Administrator.
Read and accept the disclaimer.
When the tool opens, ensure all boxes under Actions are checked.
Under Delete Quarantines select Delete Now, then click Run.
Once complete, click OK.
A log will open in Notepad titled kprm-(date).txt.
Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.

Ginta · Jun 10, 2024

Here you go. I forgot to check 2 things so I ran it again. I hope you keep on helping the community. Thank you so much for everything! 😁

Ginta

xrobwx71

Ginta

xrobwx71

Ginta

Attachments

DR M

Ginta

DR M

Ginta

Attachments

DR M

Ginta

DR M

Ginta

Attachments

DR M

Ginta

DR M

Ginta

Attachments

Ginta

Attachments

DR M

Floxif.Virus.Fileinfector.DDS

Riskware.GameHack

Ginta

Attachments

Search

Search

Solved Strange Brave (the browser) shortcut appeared on desktop

We value your privacy