flickering, freezing, weird graphics

sameh83

Well-Known Member
#1
I have a problem with my display on my Lenovo T61 ! while surfing the net, and a browser already opened, my current browser starts to flicker on/off and reopens new browsers with the same page i'm using ! I know it sounds crazy, but i tried a fresh install to solve the problem (win 7), and the problem persists. I have the latest drivers for the system by means of windows update, and Driver Checker. Browser keeps refreshing constantly but allows me to continue using windows normally. Please help
 


zvit

Honorable Member
#2
Sounds like infection. (Since Windows is fine and problems are in Internet Browser only). What AntiVirus do you use? (If any? If you don't have an AntiVirus, you will always get infected by visiting the same sites you do, even after you do re-installs.)

Install free Hijachthis, HijackThis - Trend Micro USA run a scan and save log to text file and upload to here so we can check it.
 


sameh83

Well-Known Member
#3
Amazingly so, i have ESET NOD32 installed for a long time now ! I just ran a check with ESET, and had 1 infiltrartion but not the culprit ! The problem seems to be instability when i open windows. It almost feels like i'm stressing the Laptop out ! However, i ran a HDD test, ran a memtest86, and all were good. I will upload a log for you too see of the scan in a few minutes. Thank you
 


zvit

Honorable Member
#4
Good. Just a question though, what color is the NOD32 icon in your tray? Red, Green or yellow? Make sure it is updating itself. If it's any color but green, update the virus definitions and scan again. Don't do a quick scan but a full\complete scan of your system.

Also, scan with one or all of the following:
1. Spybot - Search & Destroy The home of Spybot-S&D!
2. Spyblaster: SpywareBlaster
3. http://www.superantispyware.com/
3. Malwarebytes' Anti-Malware - Malwarebytes (Not freeware but you can see if it detect anything)
 


sameh83

Well-Known Member
#5
The color is green, and i always do a full scan of the computer ! However, i'm new to this Forum and i'm not sure how to upload the attachment for you to see ! :(
 


zvit

Honorable Member
#6
After you click "reply", click "Go Advanced" and scroll down where you have a button "Manage Attachments" where you can upload the text file.
 


zvit

Honorable Member
#8
It's perfect. Give me a few minutes to analyze it.
 


sameh83

Well-Known Member
#9
Thank you soo much !
 


zvit

Honorable Member
#10
Oh... :) I don't think this is the log of Hijackthis. Open Hijackthis, click SCAN and after the scan click "Save Log". It should save a file called hijackthis.log Upload that.
 


sameh83

Well-Known Member
#11
Sorry i misunderstood you. I thought you can use the ESET NOD32 log for this type of check ! I am installing and running HiJackThis right now !
 


#13
For good measure while ZVit tells you what's up, you should run Malwarebytes. Update the definitions in the program. Then let it scan and remove anything it finds.

You have lots of things starting with Windows that are unnecessary and some even look to be malware, like

O4 - HKCU\..\Run: [cdloader] "C:\Users\SAMEH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [IDMan] C:\Users\SAMEH\AppData\Local\Temp\Rar$EX00.922\IDMan.exe /onboot

Malwarebytes will take care of those if they are malware.
 


zvit

Honorable Member
#14
First, click on the start button and click on "run" and type in %TEMP% and ok. Delete everything in that folder and restart.

C:\Program Files\MyShoppingGenie\mnumsg.exe - Doesn't look pretty. See if you can find it in the Uninstall Programs list and get rid of it. (If not, get rid of it in Hijackthis by checking it and clicking "fix checked".

Remove these unnecessary things that start with Windows: (Same way as above, do a scan, check them and click "fix checked".

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

Then restart.

I have to go for 5 minutes so do this in the meantime and I will continue soon
 


zvit

Honorable Member
#15
FIRST delete your TEMP folder and restart.


Remove all these and restart:

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\SAMEH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Users\SAMEH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK (Do you have MagicJack Softphone? If yes LEAVE IT)
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CF65_S.b. & D.a..lnk = Share\Programs\CF65_S.b. & D.a..exe (I don't know what this is... Seems to be some kind of wallpaper and skinning. I suggest remove it)
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (You can manually start it when you need it)

Try all that. But FIRST delete your TEMP folder and restart.

After all this, do another scan and upload the new log.
 


sameh83

Well-Known Member
#16
@ TorrentG, MagicJack is my internet phone ! The other Registery you mentioned, i erased for good measure ! AND, @ Mr. Zvit, i have deleted all 5 Keys that you mentioned. And also deleted all of the Temp folder. However, MyShoppingGenie is a basic program that my brother is a co-owner of. Are you suggesting i uninstall that program, and reinstall it ?
 


zvit

Honorable Member
#17
No. Leave it installed.

Also do all that I wrote in me second post. Tell us how it went. If the computer is working better.
 


sameh83

Well-Known Member
#18
I have cleared out the TEMP folder EXCEPT two folders that will not erase :
file:///C:/Users/SAMEH/AppData/Local/Temp/Rar$EX00.922
file:///C:/Users/SAMEH/AppData/Local/Temp/FXSAPIDebugLogFile.txt
I did everything else, and here is the new log ! View attachment HiJackThis 2.txt View attachment HiJackThis 2.txt

Thanks for your help
 


#19
Boot to safe mode and then delete everything in the temp folder.

Did you scan with Malwarebytes yet?

This file is malware and it will remove it:

C:\Windows\System32\hkcmd.exe
 


sameh83

Well-Known Member
#20
what's the process of booting in safe mode again ? not sure how to access safe mode ! And, Malwarebytes is downloading as we speak !
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top