After Logon Pc Very Slow On 1 User Account

[bigred0269]

Hi
I run XP Home Ed SP2 on my home pc. Myself and my wife have user accounts.
When i login to my account it takes for ever for the desktop to appear and all the automatic programs etc to start up (i use sophos antivirus & EZ Firewall). I cant even get taskmanager to appear until everything has loaded. I have to go for a smoke while waiting for it to finish.
My wifes login however is instantaneous - everything appears quickly and ready to go in no time.
I dont understand this - i assumed the same programs were running cos they are installed on the psame pc.
Is there a program i can run to show me what is loading from the log on screen so i can compare between the two user accounts?
or can anyone suggest something to quicken mine up?
any help/suggestions will be greatly appreciated
Thanks
BigRed

 

[mrdw3]

i assumed the same programs were running cos they are installed on the psame pc.

Is there a program i can run to show me what is loading from the log on screen so i can compare between the two user accounts?

Never assume!


Get the trial version of Ewido and install it

The start the program, select analysis, then startup, then save report. Do this for both accounts,

Post the results and we'll take a look

mrdw

 

[bigred0269]

Thanks for getting back to me mrdw3 - apologies for the delay.

Ok here are the reports-
MINE
---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 18:02:17, 25/06/2005
+ Report-Checksum: 7484C144

Reg\HKLM\Run klp C:\WINDOWS\system32\PAL\PCS\explorer.exe
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Reg\HKLM\Run Zone Labs Client "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
Reg\HKLM\Run BTopenworld "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
Reg\HKLM\Run BTModemProtection BTModemProtection.lnk
Reg\HKLM\Run Trickler "c:\documents and settings\philip\local settings\temp\fsg_4203.exe"
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Shell\CommonStartup InterCheck Monitor.LNK C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterCheck Monitor.LNK
Shell\CommonStartup Microsoft Office.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 18:01:48, 25/06/2005
+ Report-Checksum: D60311FA

0: System Process
4: System Process
120: C:\Program Files\ewido\security suite\ewidoguard.exe
368: \SystemRoot\System32\smss.exe
432: \??\C:\WINDOWS\system32\csrss.exe
460: \??\C:\WINDOWS\system32\winlogon.exe
508: C:\WINDOWS\system32\services.exe
520: C:\WINDOWS\system32\lsass.exe
664: C:\WINDOWS\system32\svchost.exe
732: C:\WINDOWS\system32\svchost.exe
772: C:\WINDOWS\System32\svchost.exe
888: C:\WINDOWS\System32\svchost.exe
920: C:\WINDOWS\System32\svchost.exe
1004: C:\WINDOWS\system32\spoolsv.exe
1124: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1176: C:\WINDOWS\System32\svchost.exe
1200: C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
1216: C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
1244: C:\WINDOWS\system32\wdfmgr.exe
1272: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1344: C:\WINDOWS\system32\PAL\PCS\svchost.exe
1416: C:\documents and settings\philip\local settings\temp\fsg_4203.exe
1700: C:\WINDOWS\System32\alg.exe
1840: C:\Program Files\ewido\security suite\ewidoctrl.exe
2060: C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
2068: C:\PROGRA~1\DAP\DAP.EXE
2148: C:\WINDOWS\Explorer.EXE
2172: C:\WINDOWS\system32\ctfmon.exe
2528: C:\WINDOWS\system32\BTModemProtection.exe
2740: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
3108: C:\Program Files\Kazaa\kazaa.exe
3332: C:\Program Files\Internet Explorer\iexplore.exe
3452: C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
3768: C:\Program Files\ewido\security suite\SecuritySuite.exe

WIFE
---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 20:19:29, 25/06/2005
+ Report-Checksum: 1B191E66

Reg\HKLM\Run klp C:\WINDOWS\system32\PAL\PCS\explorer.exe
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Reg\HKLM\Run Zone Labs Client "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
Reg\HKLM\Run BTopenworld "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
Reg\HKLM\Run BTModemProtection BTModemProtection.lnk
Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Shell\CommonStartup InterCheck Monitor.LNK C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterCheck Monitor.LNK
Shell\CommonStartup Microsoft Office.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 20:19:52, 25/06/2005
+ Report-Checksum: 985EEC62

0: System Process
4: System Process
152: C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
368: \SystemRoot\System32\smss.exe
424: C:\WINDOWS\Explorer.EXE
432: \??\C:\WINDOWS\system32\csrss.exe
460: \??\C:\WINDOWS\system32\winlogon.exe
508: C:\WINDOWS\system32\services.exe
520: C:\WINDOWS\system32\lsass.exe
580: C:\Program Files\ewido\security suite\SecuritySuite.exe
664: C:\WINDOWS\system32\svchost.exe
732: C:\WINDOWS\system32\svchost.exe
772: C:\WINDOWS\System32\svchost.exe
888: C:\WINDOWS\System32\svchost.exe
920: C:\WINDOWS\System32\svchost.exe
1004: C:\WINDOWS\system32\spoolsv.exe
1124: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1176: C:\WINDOWS\System32\svchost.exe
1200: C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
1216: C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
1244: C:\WINDOWS\system32\wdfmgr.exe
1272: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1344: C:\WINDOWS\system32\PAL\PCS\svchost.exe
1700: C:\WINDOWS\System32\alg.exe
1840: C:\Program Files\ewido\security suite\ewidoctrl.exe
2096: C:\Program Files\ewido\security suite\ewidoguard.exe
2292: C:\WINDOWS\system32\ctfmon.exe
2336: C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
3568: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
3912: C:\WINDOWS\system32\BTModemProtection.exe


Hope this makes sense to you

Let me know if theres anything i need to do

Philip

 

[mrdw3]

By now You've probally read some other forums, seeing that a lot of people have simular problems as you.

I can see scumware running on your login...

My advice, is to follow the steps outlined Here

You'll be downloading a piece of software (called hijackthis) with will aid in the resolution, but follow the steps outlined in the link above.

Then post your hijackthis log.

 

[bigred0269]

Thanks for getting back to me mrdw3 - apologies for the delay wasnt on PC this week & it took me a while to download software, delete programs etc..

Ok here are the reports-
MINE
Logfile of HijackThis v1.97.7
Scan saved at 13:02:38, on 03/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\PAL\PCS\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\system32\BTModemProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Naviscope\naviscope.exe
D:\Philip\My Documents\My Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:81
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\system32\PAL\PCS\ieguard.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [klp] C:\WINDOWS\system32\PAL\PCS\explorer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [BTopenworld] "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [BTModemProtection] BTModemProtection.lnk
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: naviscope.lnk = C:\Program Files\Naviscope\naviscope.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab

Wife's

Logfile of HijackThis v1.97.7
Scan saved at 13:53:47, on 03/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\PAL\PCS\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\system32\BTModemProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Documents and Settings\Philip\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\system32\PAL\PCS\ieguard.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [klp] C:\WINDOWS\system32\PAL\PCS\explorer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [BTopenworld] "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [BTModemProtection] BTModemProtection.lnk
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab

One thing i noticed the extra context menu items - dapextie - i removed the download accelerator plus software searched for dapextie but couldnt find it so ive no idea why this is running?!?

But in saying that do you know of any similar software which can speed downloading and allow resume - i am one of the sad people with dialup rather than broadband and any software which can resume where the download broke off would be great.

Thanks for looking at this for me - hopefully you can help.

Philip