Windows running slowly, screen refreshing & page scrolling staggered

Posted on 2004-04-26
Last Modified: 2007-12-19

My Windows XP has suffered (Windows running very slowly, screen refreshing & page scrolling staggered), from Virus, Spy & Ad ware after surfing the net.  I have loaded McAfee Anti-virus and it found a few viruses, which have now been deleted. I have also ran Ad-aware and HijackThis. I have now deleted the registry items which these showed as supicious. I'm also now running a McAfee firewall.

But the problem still persists! Does this invole a virus missed McAfee or do I have to repair the registry. I have tried to restore my system but this seems to have no effect as it said there has been no system changes.

Whilst only running Windows Internet Explorer the performance figures are:-

CPU Usage - 0%
PF Usage - 135MB
Totals - Handles 12338, Threads 327, Processes 26
Physical Memory (K) - Total 228848, Available 77984, System Cache 104864
Commit Charge (K) - Total 138656, Limit 560712, Peak 152424
Kernel Memory (K) - Total 20052, Paged 16636, Nonpaged 3416

Is this normal?  

I am lost as to where to turn next - please help.

Many thanks.

Question by:olangotang
LVL 67

Assisted Solution

sirbounty earned 250 total points
ID: 10921758
Try disabling unneeded services:

You might also try running the System File Checker (read more here:
 To do so,
   Click Start->Run->SFC /Purgecache
   Start->Run->SFC /Scannow

   *You may need your installation source (CD) as this process will replace missing/corrupted drivers on your system.

Failing that, you can try the following method to eliminate items from startup:
  Click Start->Run->MSCONFIG

  In the Startup tab, start out by disabling everything you're unfamiliar with (or everything if you're unsure).
  Optionally, you can also disable non-Microsoft services from the Services tab.
  If the problem no longer exists after a reboot, then you can narrow it down as one of the items in your
  startup.  To permanently remove these item(s), proceed as follows...

  Click Start->Run->Regedit
  *Be careful when editing the registry as an accidental deletion can render your system inoperable.
  First navigate to the following key in the registry:
   *You might also find RunOnce, RunOnceEx, RunServices, RunServiceOnce or any of these with a trailing dash (-)

  Once found, click File, Export to save a copy of the key before you delete any items (if necessary).
  After the file has been saved, delete items as needed from the right pane.
  Now find the next startup key:
   *You might also find RunOnce, RunServices, RunServiceOnce or any of these with a trailing dash (-)
  Follow the previous procedures to export a copy before deleting items from the right pane.

You might also clear out your TEMP folders...
  Click Start->Run->%TEMP% <ENTER>
  This is your profile's temporary folder location.  All files can be deleted here, but not the containing
  folder.  Some files may be in use, so an error may be generated but can be ignored.
  Repeat the process with %SYSTEMROOT%\TEMP as well.

Can you post the log from Hijackthis?

Author Comment

ID: 10921793
Hi This is the log file from Hijackthis.

Logfile of HijackThis v1.97.7
Scan saved at 19:21:12, on 26/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Draw 64\Vga cast.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\\MPS\mscifapp.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\ACER\ACER Internet Keyboard\MMKbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Oakes\Desktop\steve\Downloads\Utilities\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1354A05A-F5F1-C940-A1B1-E58E78FCDC64} - C:\PROGRA~1\DARTWI~1\16Heck.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Slow download] C:\PROGRA~1\Draw 64\Vga cast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\\MPS\mscifapp.exe /embedding
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Internet Keyboard.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) -,0,80,22/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

LVL 49

Expert Comment

ID: 10922242
Remove these

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {1354A05A-F5F1-C940-A1B1-E58E78FCDC64} - C:\PROGRA~1\DARTWI~1\16Heck.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
(what toolbar have you got)

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.


Author Comment

ID: 10922377
Not sure what toolbar i have not intended to down load any. The only other one then the standard address and Link is some thing call Lock the toolbars ? Maybe a XP thing i've never seen it before.

I've delete the above, and the internet has stop changing home page.

I was going though the Processes, and a few have high memory usage

SVCHOST.EXE  - 14936k
IEEXPLORE.EXE - 19868k  - I'm only running this one page!
EXPLORER.EXE - 22412k - Is this normal.


Author Comment

ID: 10922740
Ive run the computer in safe mode and it still has a staggered display,  this there some system tool i should run to make the computer run faster?

Accepted Solution

JediPimp earned 250 total points
ID: 10923418
You could try the following:
from internet explorer click tools, internet options,
click clear cookies,
click clear history,
click clear delete files, check delete offline content, then click ok
click settings, set it to a low number like 5 or 10 mb

Next, open my computer, right click your system directory (probably c: drive)
choose properties
Click disk cleanup (it may take a while to run)
after it has finished scanning, put a check in all boxes but compress old files
click ok
click on tools, defragment now
click start and let it finish, if there is still some red, defrag one or two more times

Next, right click on my computer, choose properties
click on advanced tab
under the performance area click settings
click custom,
uncheck all but the second and third to bottom (if you like the new xp look check the very bottom one too)
click apply
click on advanced tab
make sure both settings are set to programs
click ok

Finally, right click on my computer, choose properties
click on the hardware tab and click device manager
Search for any drivers that have an exlamation mark or a red x and try to re-install drivers for them

Hope this helps some,


Expert Comment

ID: 10923457
I just noticed something that bothered me quite a bit, unless it is a typo:
IEEXPLORE.EXE - 19868k  - I'm only running this one page!

do you have a process running called IEEXPLORE.EXE?

all of those do seem a little high though, mine are
explorer.exe  14,232 K
svchost.exe     6,508 K
iexplore.exe  16,772 K

for svchost, you can lower it by disabling services as suggested by sirbounty up above at the black viper web page (very good one)


Author Comment

ID: 10931262
Sorry for slow reply, I'm just running thourgh all to do items.

Sorry it was a typo  IEEXPLORE.EXE was ment to read IEXPLORE.EXE


Author Comment

ID: 10932202
My problem has been solved thank you so very much

i've list the steps i went through to help others with the same problem.

Here is a list of all the processes running

Image Name      User Name      CPU      Mem Usage

mcsshld.exe      My Profile      00      3,088K
McAgent.exe      My Profile      00      2,864K
taskmgr.exe      My Profile      00      3,540K
EXPLORER.EXE      My Profile      02      14,492k
SPOOLSV.EXE      SYSTEM            00      4,792k
SVCHOST.EXE      LOCAL SERVICE      00      2,288k
SVCHOST.EXE      NETWORK SERVICE      00      2,628k
SVCHOST.EXE      SYSTEM            00      10,200k
SVCHOST.EXE      SYSTEM            00      2,404k
McShield.exe      SYSTEM            00      5,916k
LSASS.EXE      SYSTEM            00      1,336k
SERVICES.EXE      SYSTEM            00      1,552k
mcvsrte.exe      SYSTEM            00      4,032k
WINLOGON.EXE      SYSTEM            00      568k
CSRSS.EXE      SYSTEM            02      1,852k
SMSS.EXE      SYSTEM            00      252k
NOTEPAD            My Profile      00      2,792k
McVSEscn.exe      My Profile      00      2,424k
system            SYSTEM            02      80k
System Idle Process      SYSTEM      95      20k


CPU Usage - 0%
PF Usage - 99.7MB
Totals - Handles 4176, Threads 257, Processes 20
Physical Memory (K) - Total 228848, Available 109484, System Cache 151384
Commit Charge (K) - Total 101316, Limit 904628, Peak 178360
Kernel Memory (K) - Total 19232, Paged 15372, Nonpaged 3860

I Have gone through all the services on the 

web site, and set them to Defualt Home, most Manual now.

I can not run the System File Checker as i have lost the installation source disk.

The only items in MSCONFIG startup now are:-

McUpdate, McAgent, mcmnhdlr, mcvsshld  All McAfee items.

I have gone through the regedit,

& other run items

Only things now there are McAfee stuff

I've Cleared out the %TEMP% files & %SYSTEMROOT% files

Deleted Items in Hackthis log file.

Cleared Cookies, History And deleted all files. Set settings to 5MB
I've run Disk Cleanup
I've defrag the C: drive and there is no red items.

I've set my computer properties Processor scheduling & Memory usage to programs

I've check my devive manager and there are no drivers that have exlamation marks.


Author Comment

ID: 10932232
I've increaced the point and i'm going to split them as i think a virus caused the problem and change my computer settings.

Thank you again. It took time but it saved a rebuild

Expert Comment

ID: 10933718
Thanks, I'm glad I was of help,

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article ( first and run the tool TDSSKiller ( to get rid of the infection. Once done, and if the …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question