Windows running slowly, screen refreshing & page scrolling staggered

Posted on 2004-04-26
Last Modified: 2007-12-19

My Windows XP has suffered (Windows running very slowly, screen refreshing & page scrolling staggered), from Virus, Spy & Ad ware after surfing the net.  I have loaded McAfee Anti-virus and it found a few viruses, which have now been deleted. I have also ran Ad-aware and HijackThis. I have now deleted the registry items which these showed as supicious. I'm also now running a McAfee firewall.

But the problem still persists! Does this invole a virus missed McAfee or do I have to repair the registry. I have tried to restore my system but this seems to have no effect as it said there has been no system changes.

Whilst only running Windows Internet Explorer the performance figures are:-

CPU Usage - 0%
PF Usage - 135MB
Totals - Handles 12338, Threads 327, Processes 26
Physical Memory (K) - Total 228848, Available 77984, System Cache 104864
Commit Charge (K) - Total 138656, Limit 560712, Peak 152424
Kernel Memory (K) - Total 20052, Paged 16636, Nonpaged 3416

Is this normal?  

I am lost as to where to turn next - please help.

Many thanks.

Question by:olangotang
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 67

Assisted Solution

sirbounty earned 250 total points
ID: 10921758
Try disabling unneeded services:

You might also try running the System File Checker (read more here:
 To do so,
   Click Start->Run->SFC /Purgecache
   Start->Run->SFC /Scannow

   *You may need your installation source (CD) as this process will replace missing/corrupted drivers on your system.

Failing that, you can try the following method to eliminate items from startup:
  Click Start->Run->MSCONFIG

  In the Startup tab, start out by disabling everything you're unfamiliar with (or everything if you're unsure).
  Optionally, you can also disable non-Microsoft services from the Services tab.
  If the problem no longer exists after a reboot, then you can narrow it down as one of the items in your
  startup.  To permanently remove these item(s), proceed as follows...

  Click Start->Run->Regedit
  *Be careful when editing the registry as an accidental deletion can render your system inoperable.
  First navigate to the following key in the registry:
   *You might also find RunOnce, RunOnceEx, RunServices, RunServiceOnce or any of these with a trailing dash (-)

  Once found, click File, Export to save a copy of the key before you delete any items (if necessary).
  After the file has been saved, delete items as needed from the right pane.
  Now find the next startup key:
   *You might also find RunOnce, RunServices, RunServiceOnce or any of these with a trailing dash (-)
  Follow the previous procedures to export a copy before deleting items from the right pane.

You might also clear out your TEMP folders...
  Click Start->Run->%TEMP% <ENTER>
  This is your profile's temporary folder location.  All files can be deleted here, but not the containing
  folder.  Some files may be in use, so an error may be generated but can be ignored.
  Repeat the process with %SYSTEMROOT%\TEMP as well.

Can you post the log from Hijackthis?

Author Comment

ID: 10921793
Hi This is the log file from Hijackthis.

Logfile of HijackThis v1.97.7
Scan saved at 19:21:12, on 26/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Draw 64\Vga cast.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\\MPS\mscifapp.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\ACER\ACER Internet Keyboard\MMKbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Oakes\Desktop\steve\Downloads\Utilities\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1354A05A-F5F1-C940-A1B1-E58E78FCDC64} - C:\PROGRA~1\DARTWI~1\16Heck.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Slow download] C:\PROGRA~1\Draw 64\Vga cast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\\MPS\mscifapp.exe /embedding
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Internet Keyboard.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) -,0,80,22/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

LVL 49

Expert Comment

ID: 10922242
Remove these

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {1354A05A-F5F1-C940-A1B1-E58E78FCDC64} - C:\PROGRA~1\DARTWI~1\16Heck.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
(what toolbar have you got)

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  


Author Comment

ID: 10922377
Not sure what toolbar i have not intended to down load any. The only other one then the standard address and Link is some thing call Lock the toolbars ? Maybe a XP thing i've never seen it before.

I've delete the above, and the internet has stop changing home page.

I was going though the Processes, and a few have high memory usage

SVCHOST.EXE  - 14936k
IEEXPLORE.EXE - 19868k  - I'm only running this one page!
EXPLORER.EXE - 22412k - Is this normal.


Author Comment

ID: 10922740
Ive run the computer in safe mode and it still has a staggered display,  this there some system tool i should run to make the computer run faster?

Accepted Solution

JediPimp earned 250 total points
ID: 10923418
You could try the following:
from internet explorer click tools, internet options,
click clear cookies,
click clear history,
click clear delete files, check delete offline content, then click ok
click settings, set it to a low number like 5 or 10 mb

Next, open my computer, right click your system directory (probably c: drive)
choose properties
Click disk cleanup (it may take a while to run)
after it has finished scanning, put a check in all boxes but compress old files
click ok
click on tools, defragment now
click start and let it finish, if there is still some red, defrag one or two more times

Next, right click on my computer, choose properties
click on advanced tab
under the performance area click settings
click custom,
uncheck all but the second and third to bottom (if you like the new xp look check the very bottom one too)
click apply
click on advanced tab
make sure both settings are set to programs
click ok

Finally, right click on my computer, choose properties
click on the hardware tab and click device manager
Search for any drivers that have an exlamation mark or a red x and try to re-install drivers for them

Hope this helps some,


Expert Comment

ID: 10923457
I just noticed something that bothered me quite a bit, unless it is a typo:
IEEXPLORE.EXE - 19868k  - I'm only running this one page!

do you have a process running called IEEXPLORE.EXE?

all of those do seem a little high though, mine are
explorer.exe  14,232 K
svchost.exe     6,508 K
iexplore.exe  16,772 K

for svchost, you can lower it by disabling services as suggested by sirbounty up above at the black viper web page (very good one)


Author Comment

ID: 10931262
Sorry for slow reply, I'm just running thourgh all to do items.

Sorry it was a typo  IEEXPLORE.EXE was ment to read IEXPLORE.EXE


Author Comment

ID: 10932202
My problem has been solved thank you so very much

i've list the steps i went through to help others with the same problem.

Here is a list of all the processes running

Image Name      User Name      CPU      Mem Usage

mcsshld.exe      My Profile      00      3,088K
McAgent.exe      My Profile      00      2,864K
taskmgr.exe      My Profile      00      3,540K
EXPLORER.EXE      My Profile      02      14,492k
SPOOLSV.EXE      SYSTEM            00      4,792k
SVCHOST.EXE      LOCAL SERVICE      00      2,288k
SVCHOST.EXE      NETWORK SERVICE      00      2,628k
SVCHOST.EXE      SYSTEM            00      10,200k
SVCHOST.EXE      SYSTEM            00      2,404k
McShield.exe      SYSTEM            00      5,916k
LSASS.EXE      SYSTEM            00      1,336k
SERVICES.EXE      SYSTEM            00      1,552k
mcvsrte.exe      SYSTEM            00      4,032k
WINLOGON.EXE      SYSTEM            00      568k
CSRSS.EXE      SYSTEM            02      1,852k
SMSS.EXE      SYSTEM            00      252k
NOTEPAD            My Profile      00      2,792k
McVSEscn.exe      My Profile      00      2,424k
system            SYSTEM            02      80k
System Idle Process      SYSTEM      95      20k


CPU Usage - 0%
PF Usage - 99.7MB
Totals - Handles 4176, Threads 257, Processes 20
Physical Memory (K) - Total 228848, Available 109484, System Cache 151384
Commit Charge (K) - Total 101316, Limit 904628, Peak 178360
Kernel Memory (K) - Total 19232, Paged 15372, Nonpaged 3860

I Have gone through all the services on the 

web site, and set them to Defualt Home, most Manual now.

I can not run the System File Checker as i have lost the installation source disk.

The only items in MSCONFIG startup now are:-

McUpdate, McAgent, mcmnhdlr, mcvsshld  All McAfee items.

I have gone through the regedit,

& other run items

Only things now there are McAfee stuff

I've Cleared out the %TEMP% files & %SYSTEMROOT% files

Deleted Items in Hackthis log file.

Cleared Cookies, History And deleted all files. Set settings to 5MB
I've run Disk Cleanup
I've defrag the C: drive and there is no red items.

I've set my computer properties Processor scheduling & Memory usage to programs

I've check my devive manager and there are no drivers that have exlamation marks.


Author Comment

ID: 10932232
I've increaced the point and i'm going to split them as i think a virus caused the problem and change my computer settings.

Thank you again. It took time but it saved a rebuild

Expert Comment

ID: 10933718
Thanks, I'm glad I was of help,

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Virtual PC for Windows 10 18 295
Exe program is not a valid Win 32 application 15 117
Best practices power settings GPO Win 10 4 121
How to install Windows XP Driver 28 171
Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question