Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Background Cursor Busy Every 5 seconds


  • Please log in to reply
7 replies to this topic

#1 errhkman

errhkman

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 01 January 2014 - 11:39 PM

Every 5 seconds, my mouse pointer switches to the busy icon (arrow with circle next to it). I have searched through several forums and can't find the solution to my problem. I have done a spybot scan, a windows defender scan, and tried a reboot with minimal services running but none of those have fixed the problem. I have attached a screen shot of my process explorer window showing the files that I believe are causing the problem, although I don't know how to resolve the issue. It appears that an instance of svchost and rundll32 are initializing every 5 seconds. These initializations coincide with the busy cursor signal. I don't see a path to the svchost source file or to the rundll32 source file location, but I have read that there should be one. I am unable to kill these processes. This problem has only been happening the last week or so.

 

The only change to the computer that I can think of is I installed a new mouse. I had a wire USB optical mouse. Now I have a logitech wireless USB mouse. Not sure if that is the problem or not. I haven't tried switching to a different mouse yet but I can't think of why a mouse would cause this issue anyway. I changed printers several months ago from an HP to a Brother.

Attached Files


Edited by hamluis, 03 January 2014 - 05:38 PM.
Moved from Win 7 to Am I Infected -Hamluis.


BC AdBot (Login to Remove)

 


#2 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:04:59 PM

Posted 02 January 2014 - 10:25 AM

Hi,

 

If you haven't already done so can you click on File and then Show Details for All Processes.  This should populate the currently empty fields if the processes are genuine.

 

While these processes are running can you hover the mouse pointer over them in turn.  In the information box that will appear, both svchost.exe and rundll32.exe should be in the path C:\Windows\System 32\.  If they are not then they need to looked at as suspect.  Also, in the information box it would be interesting to know what services are running under these processes.



#3 errhkman

errhkman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 02 January 2014 - 11:35 PM

I can't seem to attach another picture, is there a limit?

 

I showed details for all processes but it doesn't show the path you specified. Here is what it said:

 

svchost:

Path: C:\Windows\SysWOW64\svchost.exe (svcboot_pubqdjk)

Services: svcboot_pubqdjk [svcboot_pubqdjk]

rundll32:

Path: C:\Windows\System32\rundll32.exe

Rundll Target: c:\windows\syswow64\hacuidgd\shim64_ppbdicr.dll

 

The processes sometimes duplicate, sometimes turn green, and sometimes turn red in process explorer.

 

As an additional note, I have an administrator account on this computer as well, and when I log in to that account, the problem does not seem to occur.

 

Also, I seem to have a ton of errors with Bonjour service (Apple, right?). Not sure if that is related. Those problems with Bonjour extend back long before I noticed any issues with the busy icon.


Edited by errhkman, 03 January 2014 - 12:05 AM.


#4 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:04:59 PM

Posted 03 January 2014 - 10:08 AM

Hi,

 

Please log in as an administrator.

 

Please follow the How to Use Malwarebytes Anti-Malware guide to install and run Malwarebytes.  Copy and paste the content of the log in your next post.



#5 errhkman

errhkman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 03 January 2014 - 09:51 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.03.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Halpenny :: HALPENNY-PC [administrator]
 
1/3/2014 6:04:47 PM
mbam-log-2014-01-03 (18-04-47).txt
 
Scan type: Full scan (C:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 414285
Time elapsed: 43 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0O1C2U1C1L1M1U1RtGzztB -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Family\Downloads\FLVPlayerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
 
(end)


#6 errhkman

errhkman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 03 January 2014 - 09:56 PM

The problem is still occurring after removing the items that malwarebytes found.

 

I did think of one other change that I made recently. I uninstalled Firefox recently before this issue started. I don't know for certain, but it might have started very soon after that uninstall. Is there any chance this is a firefox residual application trying to initialize?



#7 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:04:59 PM

Posted 04 January 2014 - 10:02 AM

Hi,

 

I don't think this is related to Firefox.  I am still concerned that there is malware on your system - the names of the service and dll are suspicious - that has not been picked up by Malwarebytes.

 

Please follow the How to use Malwarebytes Ant-Rootkit guide to run the tool.  Copy and paste the content of the mbar-log (but not the system-log) into you next post.



#8 errhkman

errhkman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 10 January 2014 - 09:55 PM

Hi,

I did not end up using the anti-rootkit. I started out making a backup of my files before running the rootkit, and then I decided to try a system restore back to a point before the issue began. After the system restore, the issue has stopped. I appreciate your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users