Does my Computer have a Virus?

April 27, 2017 at 10:21:59
Specs: Windows 10, 8
I recently realized that whenever I go into a folder it says I'm copying like 3,000 items from Downloads to Downloads. I then realize that there is like 10 of each thing. It sounds like a virus, but I haven't downloaded anything in while. Anyone know what I should do?

See More: Does my Computer have a Virus?

Report •

#1
April 27, 2017 at 12:49:12
Lets see what is going on.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using one of these. No account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php


Report •

#2
April 27, 2017 at 15:05:13
I didn't really do anything but I just restarted my computer and it stopped doing that, but I really wonder what caused every single file to be duplicated

Report •

#3
April 27, 2017 at 20:47:15
Run the suggested program and post the results to be sure.
Even running Malwarebytes may pick up on things that might confirm a problem.

You have to be a little bit crazy to keep you from going insane.


Report •

Related Solutions

#4
April 29, 2017 at 07:22:57
Ok. Here is the link to my logs created by Farbar Recovery Scan Tool:

http://www.fileconvoy.com/dfl.php?i...


Report •

#5
April 29, 2017 at 16:59:23
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Advanced-PC-Care (HKLM\...\B7A64AC7-B828-4D74-98B2-097AFA836948_is1) (Version: 1.0.0.21086 - advancedpccare.net) <==== ATTENTION
Task: {6892E679-0F95-4185-B509-E70714CF6319} - System32\Tasks\Advanced-PC-Care_Logon => C:\Program Files\Advanced-PC-Care\apc.exe [2017-01-10] () <==== ATTENTION
Task: {68F01C31-993D-4B00-B4BD-A58B5FC713E3} - System32\Tasks\{0D1E0D98-B364-4990-93DB-DBF36BBF87E5} => pcalua.exe -a "C:\Users\Elliot\AppData\Local\Temp\Temp1_oldcalcwin10.zip\Old Calculator for Windows 10.exe" <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0AtDzz0C0F0DtBtA0FtB0AyDtC0FtCyDtN0D0Tzu0StCzytCyDtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0E0F0EyBtC0EtGtDyC0FtAtGyBtCtDtDtGyEzz0C0DtGtCyEyB0DyEtBzzyC0AtDyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0B0AyDyC0E0BtG0AyDtB0FtGyE0CyEyEtGzz0B0EzytGtA0D0B0AtBzz0DyCyD0C0FtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByDyCzy%26cr%3D934414480%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0AtDzz0C0F0DtBtA0FtB0AyDtC0FtCyDtN0D0Tzu0StCzytCyDtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0E0F0EyBtC0EtGtDyC0FtAtGyBtCtDtDtGyEzz0C0DtGtCyEyB0DyEtBzzyC0AtDyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0B0AyDyC0E0BtG0AyDtB0FtGyE0CyEyEtGzz0B0EzytGtA0D0B0AtBzz0DyCyD0C0FtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByDyCzy%26cr%3D934414480%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0AtDzz0C0F0DtBtA0FtB0AyDtC0FtCyDtN0D0Tzu0StCzytCyDtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0E0F0EyBtC0EtGtDyC0FtAtGyBtCtDtDtGyEzz0C0DtGtCyEyB0DyEtBzzyC0AtDyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0B0AyDyC0E0BtG0AyDtB0FtGyE0CyEyEtGzz0B0EzytGtA0D0B0AtBzz0DyCyD0C0FtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByDyCzy%26cr%3D934414480%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0AtDzz0C0F0DtBtA0FtB0AyDtC0FtCyDtN0D0Tzu0StCzytCyDtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0E0F0EyBtC0EtGtDyC0FtAtGyBtCtDtDtGyEzz0C0DtGtCyEyB0DyEtBzzyC0AtDyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0B0AyDyC0E0BtG0AyDtB0FtGyE0CyEyEtGzz0B0EzytGtA0D0B0AtBzz0DyCyD0C0FtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByDyCzy%26cr%3D934414480%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {AF0B28F9-45FE-4CCA-9BF6-93FCA052E4A3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1923425043-837747891-3282918834-1001 -> {014381EE-E235-424B-B59D-A5827D41F5E2} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1923425043-837747891-3282918834-1001 -> {AF0B28F9-45FE-4CCA-9BF6-93FCA052E4A3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1923425043-837747891-3282918834-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10118__170411__yaie&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll => No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll => No File
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll No File
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
CHR HKU\S-1-5-21-1923425043-837747891-3282918834-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Report •

#6
April 29, 2017 at 18:04:53
I think you made a mistake on the code. As it was running, it said it was deleting files that I KNOW WERE IMPORTANT like stuff in system32 and Windows. All my apps shut down without me asking and I then I just shut down my computer because I was scared of this and I took out the battery and put it back in. I KNOW YOU TRIED TO LIE BY POSTING DECEITFUL CODE!!!!!!!

Report •

#7
April 29, 2017 at 18:13:04
"I KNOW YOU TRIED TO LIE BY POSTING DECEITFUL CODE!!!!!!!"
Nope, everything that was needed, would have been replaced with clean code.


Report •

#8
April 29, 2017 at 18:22:56
A search on this site shows you how many times Farbar has been used on this site alone, over many, many years.

https://www.computing.net/cgi-bin/A...


Report •

#9
April 29, 2017 at 19:01:39
Then why did it say it was deleting files I know are mandatory for the OS to run?!

Report •

#10
April 29, 2017 at 21:53:36
If you put your mouse pointer over your name you will see your 'E' rank on this site. Your E rank will rise (lower number) as you contribute more and help others and gain experience. Your E rank is over 408,848, my E rank is currently 15, JohnW's E rank is 4 (the guy running the site is #1). He has the most experience on this site solving specifically your type of problem. When JohnW steps in and begins to help, he will see you through all of the way until your system is running properly even if it takes 40, 50, or more reply's to do it. He would not lead you astray and as long as you are giving him the full information he asks for, he will get you running properly again. When JohnW picks up a problem, most of us sit back and stay out of it or watch to learn.
NOW, by disabling the system in the middle of running this type of fix, I do NOT know if even HE can get it running again if it will not reboot when you try booting it again since he is not there in person to be completely hands on with it.
If it does not boot at all, the hard drive partitions probably will need to be deleted, created new and a full fresh install of Windows necessary. BUT, please try booting first and let JohnW know what you are seeing and see if he has any possibilities for you at this point.

You have to be a little bit crazy to keep you from going insane.


Report •

Ask Question