• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4281
  • Last Modified:

Windows running slowly, screen refreshing & page scrolling staggered


My Windows XP has suffered (Windows running very slowly, screen refreshing & page scrolling staggered), from Virus, Spy & Ad ware after surfing the net.  I have loaded McAfee Anti-virus and it found a few viruses, which have now been deleted. I have also ran Ad-aware and HijackThis. I have now deleted the registry items which these showed as supicious. I'm also now running a McAfee firewall.

But the problem still persists! Does this invole a virus missed McAfee or do I have to repair the registry. I have tried to restore my system but this seems to have no effect as it said there has been no system changes.

Whilst only running Windows Internet Explorer the performance figures are:-

CPU Usage - 0%
PF Usage - 135MB
Totals - Handles 12338, Threads 327, Processes 26
Physical Memory (K) - Total 228848, Available 77984, System Cache 104864
Commit Charge (K) - Total 138656, Limit 560712, Peak 152424
Kernel Memory (K) - Total 20052, Paged 16636, Nonpaged 3416

Is this normal?  

I am lost as to where to turn next - please help.

Many thanks.

2 Solutions
Try disabling unneeded services:

You might also try running the System File Checker (read more here: http://support.microsoft.com/?kbid=310747)
 To do so,
   Click Start->Run->SFC /Purgecache
   Start->Run->SFC /Scannow

   *You may need your installation source (CD) as this process will replace missing/corrupted drivers on your system.

Failing that, you can try the following method to eliminate items from startup:
  Click Start->Run->MSCONFIG

  In the Startup tab, start out by disabling everything you're unfamiliar with (or everything if you're unsure).
  Optionally, you can also disable non-Microsoft services from the Services tab.
  If the problem no longer exists after a reboot, then you can narrow it down as one of the items in your
  startup.  To permanently remove these item(s), proceed as follows...

  Click Start->Run->Regedit
  *Be careful when editing the registry as an accidental deletion can render your system inoperable.
  First navigate to the following key in the registry:
   *You might also find RunOnce, RunOnceEx, RunServices, RunServiceOnce or any of these with a trailing dash (-)

  Once found, click File, Export to save a copy of the key before you delete any items (if necessary).
  After the file has been saved, delete items as needed from the right pane.
  Now find the next startup key:
   *You might also find RunOnce, RunServices, RunServiceOnce or any of these with a trailing dash (-)
  Follow the previous procedures to export a copy before deleting items from the right pane.

You might also clear out your TEMP folders...
  Click Start->Run->%TEMP% <ENTER>
  This is your profile's temporary folder location.  All files can be deleted here, but not the containing
  folder.  Some files may be in use, so an error may be generated but can be ignored.
  Repeat the process with %SYSTEMROOT%\TEMP as well.

Can you post the log from Hijackthis?
olangotangAuthor Commented:
Hi This is the log file from Hijackthis.

Logfile of HijackThis v1.97.7
Scan saved at 19:21:12, on 26/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Draw 64\Vga cast.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\ACER\ACER Internet Keyboard\MMKbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Oakes\Desktop\steve\Downloads\Utilities\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netsearchsoft.com/passthrough/index.html?http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1354A05A-F5F1-C940-A1B1-E58E78FCDC64} - C:\PROGRA~1\DARTWI~1\16Heck.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Slow download] C:\PROGRA~1\Draw 64\Vga cast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Internet Keyboard.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37854.3597453704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Remove these

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netsearchsoft.com/passthrough/index.html?http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
O2 - BHO: (no name) - {1354A05A-F5F1-C940-A1B1-E58E78FCDC64} - C:\PROGRA~1\DARTWI~1\16Heck.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
(what toolbar have you got)

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

olangotangAuthor Commented:
Not sure what toolbar i have not intended to down load any. The only other one then the standard address and Link is some thing call Lock the toolbars ? Maybe a XP thing i've never seen it before.

I've delete the above, and the internet has stop changing home page.

I was going though the Processes, and a few have high memory usage

SVCHOST.EXE  - 14936k
IEEXPLORE.EXE - 19868k  - I'm only running this one page!
EXPLORER.EXE - 22412k - Is this normal.

olangotangAuthor Commented:
Ive run the computer in safe mode and it still has a staggered display,  this there some system tool i should run to make the computer run faster?
You could try the following:
from internet explorer click tools, internet options,
click clear cookies,
click clear history,
click clear delete files, check delete offline content, then click ok
click settings, set it to a low number like 5 or 10 mb

Next, open my computer, right click your system directory (probably c: drive)
choose properties
Click disk cleanup (it may take a while to run)
after it has finished scanning, put a check in all boxes but compress old files
click ok
click on tools, defragment now
click start and let it finish, if there is still some red, defrag one or two more times

Next, right click on my computer, choose properties
click on advanced tab
under the performance area click settings
click custom,
uncheck all but the second and third to bottom (if you like the new xp look check the very bottom one too)
click apply
click on advanced tab
make sure both settings are set to programs
click ok

Finally, right click on my computer, choose properties
click on the hardware tab and click device manager
Search for any drivers that have an exlamation mark or a red x and try to re-install drivers for them

Hope this helps some,

I just noticed something that bothered me quite a bit, unless it is a typo:
IEEXPLORE.EXE - 19868k  - I'm only running this one page!

do you have a process running called IEEXPLORE.EXE?

all of those do seem a little high though, mine are
explorer.exe  14,232 K
svchost.exe     6,508 K
iexplore.exe  16,772 K

for svchost, you can lower it by disabling services as suggested by sirbounty up above at the black viper web page (very good one)

olangotangAuthor Commented:
Sorry for slow reply, I'm just running thourgh all to do items.

Sorry it was a typo  IEEXPLORE.EXE was ment to read IEXPLORE.EXE

olangotangAuthor Commented:
My problem has been solved thank you so very much

i've list the steps i went through to help others with the same problem.

Here is a list of all the processes running

Image Name      User Name      CPU      Mem Usage

mcsshld.exe      My Profile      00      3,088K
McAgent.exe      My Profile      00      2,864K
taskmgr.exe      My Profile      00      3,540K
EXPLORER.EXE      My Profile      02      14,492k
SPOOLSV.EXE      SYSTEM            00      4,792k
SVCHOST.EXE      LOCAL SERVICE      00      2,288k
SVCHOST.EXE      NETWORK SERVICE      00      2,628k
SVCHOST.EXE      SYSTEM            00      10,200k
SVCHOST.EXE      SYSTEM            00      2,404k
McShield.exe      SYSTEM            00      5,916k
LSASS.EXE      SYSTEM            00      1,336k
SERVICES.EXE      SYSTEM            00      1,552k
mcvsrte.exe      SYSTEM            00      4,032k
WINLOGON.EXE      SYSTEM            00      568k
CSRSS.EXE      SYSTEM            02      1,852k
SMSS.EXE      SYSTEM            00      252k
NOTEPAD            My Profile      00      2,792k
McVSEscn.exe      My Profile      00      2,424k
system            SYSTEM            02      80k
System Idle Process      SYSTEM      95      20k


CPU Usage - 0%
PF Usage - 99.7MB
Totals - Handles 4176, Threads 257, Processes 20
Physical Memory (K) - Total 228848, Available 109484, System Cache 151384
Commit Charge (K) - Total 101316, Limit 904628, Peak 178360
Kernel Memory (K) - Total 19232, Paged 15372, Nonpaged 3860

I Have gone through all the services on the


web site, and set them to Defualt Home, most Manual now.

I can not run the System File Checker as i have lost the installation source disk.

The only items in MSCONFIG startup now are:-

McUpdate, McAgent, mcmnhdlr, mcvsshld  All McAfee items.

I have gone through the regedit,

& other run items

Only things now there are McAfee stuff

I've Cleared out the %TEMP% files & %SYSTEMROOT% files

Deleted Items in Hackthis log file.

Cleared Cookies, History And deleted all files. Set settings to 5MB
I've run Disk Cleanup
I've defrag the C: drive and there is no red items.

I've set my computer properties Processor scheduling & Memory usage to programs

I've check my devive manager and there are no drivers that have exlamation marks.

olangotangAuthor Commented:
I've increaced the point and i'm going to split them as i think a virus caused the problem and change my computer settings.

Thank you again. It took time but it saved a rebuild
Thanks, I'm glad I was of help,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now