Opened .pdf from suspicious email, possibly infected.

[moongo1337]

I just opened an email attachment (a .pdf file) and closed it five seconds later after realizing it was probably not from a legitimate source. Following that, I promptly deleted the email and the PDF file. I have also just run a HijackThis scan. Could you please help me and take a look to see if I am infected? Thank you!
CollectionLog-2023.12.29-21.15.zip
HiJackThis.log

[dragokas]

Hi,
thank you for the log.
We'll return to you as soon as possible, though, it may take a while because of weekends and holidays.

---

Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

[Sandor-Helper]

Hi,

I didn't see any obvious signs of infection.
Just a couple of recomendations.
Uninstal potentially unwanted program - Bonjour. You don't need it at all.

Please fix in Hijackthis next:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O1 - Hosts: is empty
O2 - HKLM\..\BHO: Virtual Storage Mount Notification - {8A539CDE-C3F3-4FC2-B196-E224C81CC7F6}' - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\rempl\shell - C:\Program Files\rempl\sedlauncher.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Shell\FamilySafetyRefresh - {EBF00FCB-0769-4B81-9BEC-6C05514111AA},$(Arg0) - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\WindowsUpdate\Automatic App Update - {A6BA00FE-40E8-477C-B713-C64A14F18ADB} - (no file)

Restart your PC and get new pack of CollectionLog.

[moongo1337]

Thank you very much for your help!
Just one question: What do you mean with getting a new pack of CollectionLog?

[dragokas]

It means you need to follow initial instruction one more time and run AutoLogger.exe again to get fresh CollectionLog-.zip file.

[moongo1337]

Happy new Year all!
Here we go:

CollectionLog-2024.01.01-11.33.zip
HiJackThis_01012024.log

[Sandor-Helper]

Happy New Year!

Lets continue.

Uninstal potentially unwanted program - Bonjour. You don't need it at all.

But you still do not do it.
Uninstal it and get us new logs:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please attach the logs back here.

[moongo1337]

I did de-install Bojour now.

Also i did the Farbar Recovery Scan Tool.
FRST.txt
Addition.txt

Thank you!

[Sandor-Helper]

Temporarily turn off any antivirus.
Highlight following code:

Start::
CreateRestorePoint:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\AsrDrv106.sys:BDU [1]
AlternateDataStreams: C:\Users\Bastian\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Bastian\Downloads\546.17-desktop-win10-win11-64bit-international-dch-whql.exe:BDU [0]
AlternateDataStreams: C:\Users\Bastian\Downloads\aida64extreme700.exe:BDU [0]
AlternateDataStreams: C:\Users\Bastian\Downloads\fpsmon-5472.exe:BDU [0]
AlternateDataStreams: C:\Users\Bastian\Downloads\GeForce_Experience_v3.27.0.120.exe:BDU [0]
AlternateDataStreams: C:\Users\Bastian\Downloads\hwmonitor_1.52.exe:BDU [0]
AlternateDataStreams: C:\Users\Bastian\Downloads\instspeedfan452.exe:BDU [0]
AlternateDataStreams: C:\Users\Bastian\Downloads\PDFStreamDumper_Setup.exe:BDU [0]
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

I did de-install Bojour now.

But it still in Programs list.

[moongo1337]

Ok. Done. Did deactivate BitDefender upfront and then run FRST64:

Fixlog.txt

The reason Bojour was in the programs list was i did deinstall it afterwards. I first did not understand what you mean with Bojour. I forgot i have installed it months ago...

[Sandor-Helper]

Ok, I repeat - you don't need this Bonjour program at all. It is needed onlyj for Apple TV, and even though you can use Apple TV without it.

Now I like you to explore - does the problem you described first still persist?

[moongo1337]

I belive its all done! No problem anymore.
Thank you again for your great help.

[Sandor-Helper]

Good to know.
Rename FRST.exe (FRST64.exe) to uninstall.exe and run it. PC will reboot.
All other tools and its folders you can delete manually.

[moongo1337]

Ok. Also done. Thanks again!