flickering, freezing, weird graphics

Discussion in 'Windows 7 Help and Support' started by sameh83, Jul 31, 2010.

  1. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
    I have a problem with my display on my Lenovo T61 ! while surfing the net, and a browser already opened, my current browser starts to flicker on/off and reopens new browsers with the same page i'm using ! I know it sounds crazy, but i tried a fresh install to solve the problem (win 7), and the problem persists. I have the latest drivers for the system by means of windows update, and Driver Checker. Browser keeps refreshing constantly but allows me to continue using windows normally. Please help
     
  2. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    Sounds like infection. (Since Windows is fine and problems are in Internet Browser only). What AntiVirus do you use? (If any? If you don't have an AntiVirus, you will always get infected by visiting the same sites you do, even after you do re-installs.)

    Install free Hijachthis, HijackThis - Trend Micro USA run a scan and save log to text file and upload to here so we can check it.
     
  3. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
    Amazingly so, i have ESET NOD32 installed for a long time now ! I just ran a check with ESET, and had 1 infiltrartion but not the culprit ! The problem seems to be instability when i open windows. It almost feels like i'm stressing the Laptop out ! However, i ran a HDD test, ran a memtest86, and all were good. I will upload a log for you too see of the scan in a few minutes. Thank you
     
  4. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    Good. Just a question though, what color is the NOD32 icon in your tray? Red, Green or yellow? Make sure it is updating itself. If it's any color but green, update the virus definitions and scan again. Don't do a quick scan but a full\complete scan of your system.

    Also, scan with one or all of the following:
    1. Spybot - Search & Destroy The home of Spybot-S&D!
    2. Spyblaster: SpywareBlaster
    3. http://www.superantispyware.com/
    3. Malwarebytes' Anti-Malware - Malwarebytes (Not freeware but you can see if it detect anything)
     
  5. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
    The color is green, and i always do a full scan of the computer ! However, i'm new to this Forum and i'm not sure how to upload the attachment for you to see ! :(
     
  6. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    After you click "reply", click "Go Advanced" and scroll down where you have a button "Manage Attachments" where you can upload the text file.
     
  7. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
  8. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    It's perfect. Give me a few minutes to analyze it.
     
  9. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
    Thank you soo much !
     
  10. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    Oh... :) I don't think this is the log of Hijackthis. Open Hijackthis, click SCAN and after the scan click "Save Log". It should save a file called hijackthis.log Upload that.
     
  11. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
    Sorry i misunderstood you. I thought you can use the ESET NOD32 log for this type of check ! I am installing and running HiJackThis right now !
     
  12. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
  13. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    For good measure while ZVit tells you what's up, you should run Malwarebytes. Update the definitions in the program. Then let it scan and remove anything it finds.

    You have lots of things starting with Windows that are unnecessary and some even look to be malware, like

    O4 - HKCU\..\Run: [cdloader] "C:\Users\SAMEH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [IDMan] C:\Users\SAMEH\AppData\Local\Temp\Rar$EX00.922\IDMan.exe /onboot

    Malwarebytes will take care of those if they are malware.
     
  14. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    First, click on the start button and click on "run" and type in %TEMP% and ok. Delete everything in that folder and restart.

    C:\Program Files\MyShoppingGenie\mnumsg.exe - Doesn't look pretty. See if you can find it in the Uninstall Programs list and get rid of it. (If not, get rid of it in Hijackthis by checking it and clicking "fix checked".

    Remove these unnecessary things that start with Windows: (Same way as above, do a scan, check them and click "fix checked".

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

    Then restart.

    I have to go for 5 minutes so do this in the meantime and I will continue soon
     
  15. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    FIRST delete your TEMP folder and restart.


    Remove all these and restart:

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Users\SAMEH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [cdloader] "C:\Users\SAMEH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK (Do you have MagicJack Softphone? If yes LEAVE IT)
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: CF65_S.b. & D.a..lnk = Share\Programs\CF65_S.b. & D.a..exe (I don't know what this is... Seems to be some kind of wallpaper and skinning. I suggest remove it)
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (You can manually start it when you need it)

    Try all that. But FIRST delete your TEMP folder and restart.

    After all this, do another scan and upload the new log.
     
  16. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
    @ TorrentG, MagicJack is my internet phone ! The other Registery you mentioned, i erased for good measure ! AND, @ Mr. Zvit, i have deleted all 5 Keys that you mentioned. And also deleted all of the Temp folder. However, MyShoppingGenie is a basic program that my brother is a co-owner of. Are you suggesting i uninstall that program, and reinstall it ?
     
  17. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    No. Leave it installed.

    Also do all that I wrote in me second post. Tell us how it went. If the computer is working better.
     
  18. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
    I have cleared out the TEMP folder EXCEPT two folders that will not erase :
    file:///C:/Users/SAMEH/AppData/Local/Temp/Rar$EX00.922
    file:///C:/Users/SAMEH/AppData/Local/Temp/FXSAPIDebugLogFile.txt
    I did everything else, and here is the new log !View attachment HiJackThis 2.txtView attachment HiJackThis 2.txt

    Thanks for your help
     
  19. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    Boot to safe mode and then delete everything in the temp folder.

    Did you scan with Malwarebytes yet?

    This file is malware and it will remove it:

    C:\Windows\System32\hkcmd.exe
     
  20. sameh83

    sameh83 Well-Known Member

    Joined:
    Jul 31, 2010
    Messages:
    209
    Likes Received:
    0
    what's the process of booting in safe mode again ? not sure how to access safe mode ! And, Malwarebytes is downloading as we speak !
     

Share This Page

Loading...