Solved

Windows running slowly, screen refreshing & page scrolling staggered

Posted on 2004-04-26
11
4,233 Views
Last Modified: 2007-12-19
Hi,

My Windows XP has suffered (Windows running very slowly, screen refreshing & page scrolling staggered), from Virus, Spy & Ad ware after surfing the net.  I have loaded McAfee Anti-virus and it found a few viruses, which have now been deleted. I have also ran Ad-aware and HijackThis. I have now deleted the registry items which these showed as supicious. I'm also now running a McAfee firewall.

But the problem still persists! Does this invole a virus missed McAfee or do I have to repair the registry. I have tried to restore my system but this seems to have no effect as it said there has been no system changes.

Whilst only running Windows Internet Explorer the performance figures are:-

CPU Usage - 0%
PF Usage - 135MB
Totals - Handles 12338, Threads 327, Processes 26
Physical Memory (K) - Total 228848, Available 77984, System Cache 104864
Commit Charge (K) - Total 138656, Limit 560712, Peak 152424
Kernel Memory (K) - Total 20052, Paged 16636, Nonpaged 3416

Is this normal?  

I am lost as to where to turn next - please help.

Many thanks.

0
Comment
Question by:olangotang
11 Comments
 
LVL 67

Assisted Solution

by:sirbounty
sirbounty earned 250 total points
ID: 10921758
Try disabling unneeded services:
 http://www.blackviper.com/WinXP/servicecfg.htm
 http://www.techspot.com/tweaks/win2k_services/index.shtml

You might also try running the System File Checker (read more here: http://support.microsoft.com/?kbid=310747)
 To do so,
   Click Start->Run->SFC /Purgecache
   Start->Run->SFC /Scannow

   *You may need your installation source (CD) as this process will replace missing/corrupted drivers on your system.

Failing that, you can try the following method to eliminate items from startup:
  Click Start->Run->MSCONFIG

  In the Startup tab, start out by disabling everything you're unfamiliar with (or everything if you're unsure).
  Optionally, you can also disable non-Microsoft services from the Services tab.
  If the problem no longer exists after a reboot, then you can narrow it down as one of the items in your
  startup.  To permanently remove these item(s), proceed as follows...

  Click Start->Run->Regedit
  *Be careful when editing the registry as an accidental deletion can render your system inoperable.
  First navigate to the following key in the registry:
   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
   *You might also find RunOnce, RunOnceEx, RunServices, RunServiceOnce or any of these with a trailing dash (-)

  Once found, click File, Export to save a copy of the key before you delete any items (if necessary).
  After the file has been saved, delete items as needed from the right pane.
  Now find the next startup key:
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   *You might also find RunOnce, RunServices, RunServiceOnce or any of these with a trailing dash (-)
  Follow the previous procedures to export a copy before deleting items from the right pane.

You might also clear out your TEMP folders...
  Click Start->Run->%TEMP% <ENTER>
  This is your profile's temporary folder location.  All files can be deleted here, but not the containing
  folder.  Some files may be in use, so an error may be generated but can be ignored.
  Repeat the process with %SYSTEMROOT%\TEMP as well.

Can you post the log from Hijackthis?
0
 

Author Comment

by:olangotang
ID: 10921793
Hi This is the log file from Hijackthis.

Logfile of HijackThis v1.97.7
Scan saved at 19:21:12, on 26/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Draw 64\Vga cast.exe
C:\Program Files\QuickTime\qttask.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\McAfee.com\MPS\mscifapp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\ACER\ACER Internet Keyboard\MMKbd.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\PROGRA~1\SONYER~1\MOBILE\MOBILE~1\EPMWOR~1.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Oakes\Desktop\steve\Downloads\Utilities\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netsearchsoft.com/passthrough/index.html?http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1354A05A-F5F1-C940-A1B1-E58E78FCDC64} - C:\PROGRA~1\DARTWI~1\16Heck.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Slow download] C:\PROGRA~1\Draw 64\Vga cast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Internet Keyboard.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37854.3597453704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10922242
Remove these

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netsearchsoft.com/passthrough/index.html?http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
O2 - BHO: (no name) - {1354A05A-F5F1-C940-A1B1-E58E78FCDC64} - C:\PROGRA~1\DARTWI~1\16Heck.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
(what toolbar have you got)

0
 

Author Comment

by:olangotang
ID: 10922377
Not sure what toolbar i have not intended to down load any. The only other one then the standard address and Link is some thing call Lock the toolbars ? Maybe a XP thing i've never seen it before.

I've delete the above, and the internet has stop changing home page.

I was going though the Processes, and a few have high memory usage

SVCHOST.EXE  - 14936k
IEEXPLORE.EXE - 19868k  - I'm only running this one page!
EXPLORER.EXE - 22412k - Is this normal.

Cheers
0
 

Author Comment

by:olangotang
ID: 10922740
Ive run the computer in safe mode and it still has a staggered display,  this there some system tool i should run to make the computer run faster?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Accepted Solution

by:
JediPimp earned 250 total points
ID: 10923418
Hello,
You could try the following:
from internet explorer click tools, internet options,
click clear cookies,
click clear history,
click clear delete files, check delete offline content, then click ok
click settings, set it to a low number like 5 or 10 mb

Next, open my computer, right click your system directory (probably c: drive)
choose properties
Click disk cleanup (it may take a while to run)
after it has finished scanning, put a check in all boxes but compress old files
click ok
click on tools, defragment now
click start and let it finish, if there is still some red, defrag one or two more times

Next, right click on my computer, choose properties
click on advanced tab
under the performance area click settings
click custom,
uncheck all but the second and third to bottom (if you like the new xp look check the very bottom one too)
click apply
click on advanced tab
make sure both settings are set to programs
click ok

Finally, right click on my computer, choose properties
click on the hardware tab and click device manager
Search for any drivers that have an exlamation mark or a red x and try to re-install drivers for them

Hope this helps some,

JediPimp
0
 
LVL 1

Expert Comment

by:JediPimp
ID: 10923457
I just noticed something that bothered me quite a bit, unless it is a typo:
IEEXPLORE.EXE - 19868k  - I'm only running this one page!

do you have a process running called IEEXPLORE.EXE?

all of those do seem a little high though, mine are
explorer.exe  14,232 K
svchost.exe     6,508 K
iexplore.exe  16,772 K

for svchost, you can lower it by disabling services as suggested by sirbounty up above at the black viper web page (very good one)

JediPimp
0
 

Author Comment

by:olangotang
ID: 10931262
Sorry for slow reply, I'm just running thourgh all to do items.

Sorry it was a typo  IEEXPLORE.EXE was ment to read IEXPLORE.EXE

olangotang
0
 

Author Comment

by:olangotang
ID: 10932202
My problem has been solved thank you so very much

i've list the steps i went through to help others with the same problem.

Here is a list of all the processes running

Image Name      User Name      CPU      Mem Usage

mcsshld.exe      My Profile      00      3,088K
McAgent.exe      My Profile      00      2,864K
taskmgr.exe      My Profile      00      3,540K
EXPLORER.EXE      My Profile      02      14,492k
SPOOLSV.EXE      SYSTEM            00      4,792k
SVCHOST.EXE      LOCAL SERVICE      00      2,288k
SVCHOST.EXE      NETWORK SERVICE      00      2,628k
SVCHOST.EXE      SYSTEM            00      10,200k
SVCHOST.EXE      SYSTEM            00      2,404k
McShield.exe      SYSTEM            00      5,916k
LSASS.EXE      SYSTEM            00      1,336k
SERVICES.EXE      SYSTEM            00      1,552k
mcvsrte.exe      SYSTEM            00      4,032k
WINLOGON.EXE      SYSTEM            00      568k
CSRSS.EXE      SYSTEM            02      1,852k
SMSS.EXE      SYSTEM            00      252k
NOTEPAD            My Profile      00      2,792k
McVSEscn.exe      My Profile      00      2,424k
system            SYSTEM            02      80k
System Idle Process      SYSTEM      95      20k

Performance

CPU Usage - 0%
PF Usage - 99.7MB
Totals - Handles 4176, Threads 257, Processes 20
Physical Memory (K) - Total 228848, Available 109484, System Cache 151384
Commit Charge (K) - Total 101316, Limit 904628, Peak 178360
Kernel Memory (K) - Total 19232, Paged 15372, Nonpaged 3860

I Have gone through all the services on the

http://www.blackviper.com/WinXP/servicecfg.htm

web site, and set them to Defualt Home, most Manual now.

I can not run the System File Checker as i have lost the installation source disk.

The only items in MSCONFIG startup now are:-

McUpdate, McAgent, mcmnhdlr, mcvsshld  All McAfee items.

I have gone through the regedit,

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
& other run items

Only things now there are McAfee stuff

I've Cleared out the %TEMP% files & %SYSTEMROOT% files

Deleted Items in Hackthis log file.

Cleared Cookies, History And deleted all files. Set settings to 5MB
I've run Disk Cleanup
I've defrag the C: drive and there is no red items.

I've set my computer properties Processor scheduling & Memory usage to programs

I've check my devive manager and there are no drivers that have exlamation marks.

0
 

Author Comment

by:olangotang
ID: 10932232
I've increaced the point and i'm going to split them as i think a virus caused the problem and change my computer settings.

Thank you again. It took time but it saved a rebuild
0
 
LVL 1

Expert Comment

by:JediPimp
ID: 10933718
Thanks, I'm glad I was of help,
JediPimp
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Rebuilding Hive in Windows XP Pro. 17 87
Windows XP on Acer Aspire One 49 153
XP as a dual boot with Windows 10 10 88
Decrypting the Zepto Virus 21 601
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now