Not infected(?), but might as well be...

Hi there @MzSpeed and welcome to PCHF

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select “Scan”



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team

We will need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fi.imgur.com%2FeEGkHP S.jpg&hash=9d86645a66bb9b6449fe719c6716af3d
Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fi.imgur.com%2FhBYSf6 z.jpg&hash=af98690e2992f0cd042f494104f2143e

The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the “Clean” button.

https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fi.imgur.com%2FftC2Wa B.jpg&hash=d9ff9a13d300d5fb04f14c89122527fb

After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Clean log)

https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fi.imgur.com%2Fjr9Bx9 h.jpg&hash=a2754927c83a88cae15454a532fd71e5

Please Copy and Paste the contents of the log file with your next reply.

This is Adobe’s download manager
What is readerdc_en_ka_cra_install.exe ? readerdc_en_ka_cra_install.exe info

What Adobe programs do you have on your computer?

Hey Guys, good morning!

Thank you so much for the thorough response, jmarket! I love step-by-step instructions and know how much can go into making a cohesive tutorial, so I truly appreciate it! Hopefully I won’t have to go through all that when I tell you guys that I solved the mystery.

Apparently the night before while I was sound asleep, my S/O was having issues editing & saving a PDF. It prompted him to download the latest version of Acrobat. He clicked on the link. There were 3 options, he selected Reader and continued to download. It notified him that Reader was already installed, then proceeded to download the other 2 options - one was McAffee, and the third he can’t remember. Needless to say, I feel like a big ol dummy for thinking that it magically appeared overnight, as well as a little jerk for making a new rule regarding the desktop haha Such is life.

Thank you for sharing that link, @plodr! I found Photoshop, Acrobat Reader, Creative Cloud, Creative Cloud_bkp94A4DEE, and Adobe Sync in two different program files on the local disk. I’m not sure that I’ve ever noticed that before, is that normal? Program Files & Program Files (x86)

Sorry, I don’t know. The only Adobe item I have on all the computers is flash and once Adobe stops that in 2020, I’ll remove it.

If you have a 64 bit OS, perhaps Adobe adds the 32 bit version and the 64 bit version so that’s why it appears in 2 locations.

You might want to install Unchecky
Download MajorGeeks.Com - MajorGeeks
this will make sure that an install Unchecks all those boxes with addon things you don’t want!

Be a little careful thinking Unchecky will protect you from installing all unwanted applications. Some authors are know requiring a box/boxes to be ticked to prevent installation of unwanted crap in an attempt to bypass Unchecky.

@MzSpeed do you consider this issue solved?