Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is working hard while not actually doing much, mouse wheel spins


  • Please log in to reply
9 replies to this topic

#1 huntu

huntu

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 March 2017 - 01:53 AM

Hey guys,

 

So that blue wheel by my mouse spins when my computer is not in heavy use, and I'm curious if that is a sign of a virus. I recently went onto a site called putlocker because I was told it was good to watch movie previews but then I realized it had full movies. The guys I was did not tell me the exact URL for it so I just went to the first link and then an ad popped up for no reason. Now, my computer works kind of hard while doing almost nothing. I am almost certain this is sign of malware.

 

I do have AdBlock and NoScript, but an ad still popped up so I'm just worried something malicious happened.

 

As of 3:08AM, I am running a Malwarebytes Full Scan. Will post update after it completes.

 

EDIT 3:21AM - Finished scan, nothing found. What else can I do? I don't like the fact that this computer is working hard for no reason.


Edited by huntu, 12 March 2017 - 02:22 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 AM

Posted 12 March 2017 - 07:46 AM

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Please download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 huntu

huntu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 March 2017 - 03:20 PM

1. Ran CCleaner. All went well

 

2. AdwCleaner:

 

 

# AdwCleaner v6.044 - Logfile created 12/03/2017 at 16:11:20
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-12.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : John- LAPTOP-A2O44PHC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
No malicious services found.

***** [ Folders ] *****
No malicious folders found.

***** [ Files ] *****
No malicious files found.

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious keys found.

***** [ Shortcuts ] *****
No infected shortcut found.

***** [ Scheduled Tasks ] *****
No malicious task found.

***** [ Registry ] *****
No malicious registry entries found.

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [1171 Bytes] - [12/03/2017 16:11:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1244 Bytes] ##########
 
 
3. JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x64
Ran by John (Administrator) on Sun 03/12/2017 at 16:21:13.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 4
Successfully deleted: C:\ProgramData\1482963326.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1483075280.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1483075282.bdinstall.bin (File)
Successfully deleted: C:\Users\John\AppData\Roaming\3909 (Folder)
 
Registry: 0
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/12/2017 at 17:22:09.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
4. Zemana Antimalware
 
Zemana AntiMalware 2.72.179.176 (Installed)
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/3/12
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-6200U CPU @ 2.30GHz
BIOS Mode              : UEFI
CUID                   : 1222C9134FBDE7AB8BC81E
Scan Type              : System Scan
Duration               : 3m 45s
Scanned Objects        : 162378
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 

Looks like nothing was found. Maybe I'm just being paranoid?


Edited by huntu, 12 March 2017 - 04:33 PM.


#4 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 AM

Posted 12 March 2017 - 04:29 PM

Rerun AdwCleaner and be sure to click on Clean when scan finishes.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 huntu

huntu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 March 2017 - 04:38 PM

Done. Here is the log after the reboot:

 

 

# AdwCleaner v6.044 - Logfile created 12/03/2017 at 17:34:39
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-12.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : John - LAPTOP-A2O44PHC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
***** [ Folders ] *****
 
***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
 
***** [ Web browsers ] *****
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [998 Bytes] - [12/03/2017 17:34:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [1323 Bytes] - [12/03/2017 16:11:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [1395 Bytes] - [12/03/2017 17:29:17]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1216 Bytes] ##########


#6 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 AM

Posted 12 March 2017 - 04:51 PM

JRT removed some items....what problem they may have caused or what ads they were responsible for...I don't know for sure.

 

Last scan....

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 huntu

huntu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 March 2017 - 04:57 PM

Here goes:
 
 
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 12.03.2017 17:53:30
Path starting: C:\Users\John\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: John
VersionXML: 4.01is-11.03.2017
___________________________________________________________________________
Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 27.12.2016 18:00:19
LicenseStatus: Office 16, Office16HomeStudentR_Grace edition Windows is in Notification mode
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\Windows\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [475.7 Gb] Used: [126.5 Gb] Free: [349.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x64 v.14.0.7015.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (enabled and up to date)
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
Avast Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.17.1.2286
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.0.6.1469 v.3.0.6.1469
Zemana AntiMalware v.2.72.0.176
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.04 (x64) v.16.04
VLC media player v.2.2.4
LibreOffice 5.2.4.2 v.5.2.4.2 Warning! Download Update
Microsoft Silverlight v.5.1.20513.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.32 v.7.32.104 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 111 (64-bit) v.8.0.1110.14 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-x64.exe).
Java 8 Update 121 (64-bit) v.8.0.1210.13
Java 8 Update 111 v.8.0.1110.14 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-i586.exe).
Java 8 Update 121 v.8.0.1210.13
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.5.5
Bonjour Service (Bonjour Service) - The service is running
------------------------------- [ Browser ] -------------------------------
Google Chrome v.56.0.2924.87 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe v.11.0.14393.693
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.1.3394.0
aswbIDSAgent (aswbIDSAgent) - The service is running
C:\Program Files\AVAST Software\Avast\avastui.exe v.17.1.3394.46
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.912
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.415
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.72.0.176
----------------------------- [ End of Log ] ------------------------------

Edited by huntu, 12 March 2017 - 04:58 PM.


#8 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 AM

Posted 12 March 2017 - 05:18 PM

Uninstall these Programs:

Java 8 Update 111 (64-bit) v.8.0.1110.14

Java 8 Update 111 v.8.0.1110.14

Zemana AntiMalware

 

That's it...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 huntu

huntu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 March 2017 - 05:26 PM

@buddy215 - Thanks! You da bomb! ;D



#10 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 AM

Posted 12 March 2017 - 05:43 PM

You're welcome...

Maybe you allowed one script too many to run when you visited that site the ad popped up on. I've used NoScript since it was invented.

When properly used....can't ask for a better security program when surfin' the web.

 

If you haven't done this...click on the ABP icon and choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users