programm takes 10 seconds to get active

Hi there,

I have a program which, if opened in windows, takes about 10 seconds to get active. It is a program which uses mdb or sql for his data. All other programs are acting normally, but only this on is slow. I do a lot of copy/paste  from outlook to this program so if I have to wait 10 seconds every time it is getting very annoying.
The problem is that it happened suddenly (after not using it for 2 months).
Does anybody haave a suggestion where to look for a solution?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Try going to the properties of your hard drive and doing a "disk cleanup" then click the tools tab, and see if the disk needs defragging.
How much RAM is installed on this system? If it's 512Mb or less, you'd probably see an improvement if you installed another 512Mb or even 1Gb more RAM.
rogerbergerAuthor Commented:
Defragging is not necessary.
There is 1Gb of ram installed and 680Mb in use.
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

You could also try the System File Checker to see if you have a partly corrupted file>
Start>Run       .. and then type SFC /scannow

"How to use the scannow sfc tool in Windows XP":
Could also be due to a virus or Malware.
Unless you're absolutely sure the machine is clean, try scanning with Malwarebytes Anti-Malware:

Also try the Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>
So, tell us more about where the databases are (on a remote PC/Server?) and how they are configured...
This sounds like a problem with a SQL connection... where it attempts to connect via a protocol that's no longer active, and has to "time out" before trying another method of connection
rogerbergerAuthor Commented:
first it used an mdb database, but now it uses a sql server express 5 database. This is on the same system. It was allready slow when I was working with an mdb database. That's why I switched to sql server, but without any progression.
Hummm....  how big is the database?
Take a look at the "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data" directory and tell us how big the *.mdf and *.ldf files are for that database
rogerbergerAuthor Commented:
The mdf file is 105Mb and the LDF is 832Kb.
kaspersky found nothing
malwarebyte didn't find anything either
sfc /scannow  did nothing as far as I can see.
I did a defrag without a positive result.
Ok, thanks.  Incidently when the problem suddenly occurred (after not using it for 2 months), did you update from SP2 to SP3 at about that time?
If yes, System Restore is a possible(temporary) solution, or SP3 roll back.
rogerbergerAuthor Commented:
No, It was before SP3
I also tried to kill all processes which are not 'necessary', but even that won't work. Strange..
Ok.   Another suggestion is to run Process Explorer version 11.13:

Watch the CPU activity during one of those "10 sec slows", normally (at idle) it should be somewhere between 2% and 4%.
If it's not, double click any offending file. Is it a svchost.exe file?  If yes, select the Services Tab to see what services are running.

If we find nothing, & you get no further suggestions, an XP repair install may be the best way forward .. you need not be in a hurry to do this, but it's something we should bear in mind.  Will investigate further, periodically ....

How to Perform a Windows XP Repair Install:

rogerbergerAuthor Commented:
processExplorer gives no strange cpu usage. What I do see is that SQL server express is using 8% cpu usage about 90% off the time. I will try the XPrepaiinstall tonight.

Thanks so far.
> SQL server express is using 8% cpu usage about 90% off the time <
That's your reason for the delays!
Recommend therefore that you delay that repair install, it may not be necessary, and try HijackThis>

Trend HijackThis 2.02:

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page & there i can get it analysed.  

Also, you may like to take a look at this ongoing EE question, in particular the comments by rpggamergirl who is brilliant at Malware removal >
Even though you're prepared to do an XP repair install, it may not resolve the issue, although it's definitely worth a HijackThis scan!  
If nothing is detected it would not be surprising, *if* we have a nasty present.  
In such a case i would suggest running Combofix >

Download ComboFix and save to your Desktop >

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running, and remember to re-enable them later, upon completion.

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins.  Just let it run.

ComboFix does present a slight risk to your system, but it's worth considering under these circumstances.
rogerbergerAuthor Commented:
Sorry for the delay, but I was quiet a bit busy. I have attached the hijackThis log. Thanks so far. I also upgraded the system from 1 to 2Gb memory and ran the combofix. Offcourse without any result.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:11, on 4-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Rabo\Support\RaboSessionMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SnelStart\V900\SnelStart.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{85E02B6F-F6EC-4455-901F-832B7144AA10}: NameServer =
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\ruttn\moha\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
End of file - 11034 bytes

Open in new window

So, post a bit of the source code for the application... particularly the parts where you open the databases
Your HijackThis logfile has a suspicious entry or two, particularly this one.  Do you know the IP or Domain ''?      If you do, we'll leave it alone.  If not, it needs to be removed >

O17 - HKLM\System\CCS\Services\Tcpip\..\{85E02B6F-F6EC-4455-901F-832B7144AA10}: NameServer =

In this form it looks like a Trojan or Worm.  SDFix should be able to remove it.

How to use SDFix:

Meanwhile i'll investigate the other HJT entries ..
Have done a quick check on the eleven remaining entries that HijackThis analysis had questioned, but i can see nothing visibly wrong.

You could post the ComboFix log here if you still have it please, it could be useful.

Perplexed, but still contemplating   :)
rogerbergerAuthor Commented: is my adsl router. I am not at home, but will add my combofix log later on.
rogerbergerAuthor Commented:
Here is my combofix log.
ComboFix 08-11-03.04 - Roger 2008-11-04 11:53:27.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.31.1043.18.1420 [GMT 1:00]
Gestart vanuit: c:\installatie\ComboFix.exe
 * Nieuw herstelpunt werd aangemaakt
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
c:\documents and settings\Roger\Application Data\inst.exe
c:\program files\INSTALL.LOG
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((   Bestanden Gemaakt van 2008-10-04 to 2008-11-04  ))))))))))))))))))))))))))))))
2008-10-28 15:35 . 2008-10-02 10:07	453,152	--a------	c:\windows\system32\NVUNINST.EXE
2008-10-28 15:35 . 2008-10-07 13:33	453,152	--a------	c:\windows\system32\nvudisp.exe
2008-10-28 15:35 . 2008-11-04 11:58	201,151	--a------	c:\windows\system32\nvapps.xml
2008-10-28 15:35 . 2008-10-07 13:33	18,477	--a------	c:\windows\system32\nvdisp.nvu
2008-10-28 09:01 . 2001-08-17 21:28	794,654	--a--c---	c:\windows\system32\dllcache\usr1801.sys
2008-10-28 09:00 . 2001-09-06 20:29	899,594	--a--c---	c:\windows\system32\dllcache\r2mdkxga.sys
2008-10-28 08:59 . 2001-08-17 22:05	351,616	--a--c---	c:\windows\system32\dllcache\ovcodek2.sys
2008-10-28 08:58 . 2001-08-17 21:28	802,683	--a--c---	c:\windows\system32\dllcache\ltsm.sys
2008-10-28 08:57 . 2001-09-06 21:26	1,733,120	--a--c---	c:\windows\system32\dllcache\g400d.dll
2008-10-28 08:56 . 2001-08-17 20:14	952,007	--a--c---	c:\windows\system32\dllcache\diwan.sys
2008-10-28 08:55 . 2001-09-06 18:59	980,034	--a--c---	c:\windows\system32\dllcache\cicap.sys
2008-10-28 08:54 . 2001-08-17 21:28	871,388	--a--c---	c:\windows\system32\dllcache\bcmdm.sys
2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\documents and settings\Roger\Application Data\Malwarebytes
2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 13:45 . 2008-10-22 16:10	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-27 13:45 . 2008-10-22 16:10	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2008-10-27 11:19 . 2008-10-27 11:21	<DIR>	d--h-c---	c:\documents and settings\All Users\Application Data\{74E78FE3-7059-467C-AAB0-5F11DE6042B2}
2008-10-22 15:48 . 2008-10-22 15:48	<DIR>	d--------	c:\documents and settings\suusje\Application Data\.clamwin
2008-10-15 14:33 . 2008-10-15 14:33	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2008-10-15 14:32 . 2008-10-15 14:32	<DIR>	d--------	c:\program files\Encode360
2008-10-15 14:30 . 2008-10-15 14:30	<DIR>	d--------	c:\windows\system32\windows media
2008-10-15 14:30 . 2008-10-15 14:30	<DIR>	d--------	c:\program files\Windows Media Components
2008-10-15 12:57 . 2008-10-15 12:57	<DIR>	d--------	c:\program files\VSO
2008-10-15 12:57 . 2008-10-15 13:23	<DIR>	d--------	c:\documents and settings\Roger\Application Data\Vso
2008-10-15 12:57 . 2004-05-04 11:53	1,645,320	--a------	c:\windows\gdiplus.dll
2008-10-15 12:57 . 2006-05-20 16:16	1,184,984	--a------	c:\windows\system32\wvc1dmod.dll
2008-10-15 12:57 . 2006-04-02 13:47	630,784	--a------	c:\windows\system32\vp7vfw.dll
2008-10-15 12:57 . 2006-09-29 12:24	217,127	--a------	c:\windows\system32\drv43260.dll
2008-10-15 12:57 . 2006-09-29 12:25	208,935	--a------	c:\windows\system32\drv33260.dll
2008-10-15 12:57 . 2006-09-29 12:26	176,165	--a------	c:\windows\system32\drv23260.dll
2008-10-15 12:57 . 2007-03-18 20:37	65,602	--a------	c:\windows\system32\cook3260.dll
2008-10-15 12:57 . 2008-10-15 12:57	47,360	--a------	c:\windows\system32\drivers\pcouffin.sys
2008-10-15 12:57 . 2008-10-15 12:57	47,360	--a------	c:\documents and settings\Roger\Application Data\pcouffin.sys
2008-10-15 04:01 . 2008-08-14 14:27	2,193,536	--a--c---	c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 04:01 . 2008-08-14 14:27	2,070,400	--a--c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-13 14:24 . 2008-10-13 14:28	<DIR>	d--------	c:\documents and settings\Roger\Application Data\vlc
2008-10-13 14:22 . 2008-10-13 14:22	<DIR>	d--------	c:\program files\VideoLAN
2008-10-11 15:17 . 2008-04-14 18:02	159,232	--a------	c:\windows\system32\ptpusd.dll
2008-10-11 15:17 . 2001-09-06 20:27	5,632	--a------	c:\windows\system32\ptpusb.dll
2008-10-08 11:14 . 2008-10-08 11:14	<DIR>	d--------	c:\program files\ClamWin
2008-10-08 11:14 . 2008-10-08 11:15	<DIR>	d--------	c:\documents and settings\Roger\Application Data\.clamwin
2008-10-08 11:14 . 2008-10-08 11:14	<DIR>	d--------	c:\documents and settings\All Users\.clamwin
2008-10-08 08:49 . 2008-10-08 08:49	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Avg7
2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\program files\Deskshare
2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\program files\Common Files\Deskshare Shared
2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Deskshare
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-11-04 10:59	---------	d-----w	c:\documents and settings\Roger\Application Data\Skype
2008-10-30 10:09	---------	d-----w	c:\program files\Rabotwin
2008-10-29 07:21	---------	d-----w	c:\program files\hp
2008-10-29 07:21	---------	d-----w	c:\program files\Hewlett-Packard
2008-10-28 18:12	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2008-10-28 18:11	---------	d-----w	c:\program files\AGEIA Technologies
2008-10-28 14:43	---------	d-----w	c:\program files\TomTom HOME 2
2008-10-27 10:20	---------	d-----w	c:\program files\SnelStart
2008-10-27 10:16	---------	d-----w	c:\program files\Tonaya
2008-10-27 10:14	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-10-27 10:14	---------	d-----w	c:\program files\Microsoft ActiveSync
2008-10-27 07:58	---------	d-----w	c:\documents and settings\All Users\Application Data\Rabo Support
2008-10-27 07:12	---------	d-----w	c:\program files\Microsoft Silverlight
2008-10-21 08:53	---------	d-----w	c:\program files\FTDv3.8
2008-10-15 14:18	---------	d-----w	c:\documents and settings\Roger\Application Data\FileZilla
2008-10-15 07:19	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-08 07:49	---------	d-----w	c:\documents and settings\All Users\Application Data\Grisoft
2008-10-03 17:27	107,888	----a-w	c:\windows\system32\CmdLineExt.dll
2008-09-26 13:08	---------	d-----w	c:\documents and settings\Roger\Application Data\VMware
2008-09-25 06:48	---------	d-----w	c:\documents and settings\Roger\Application Data\uTorrent
2008-09-22 09:52	---------	d-----w	c:\documents and settings\Roger\Application Data\GetRightToGo
2008-09-19 15:25	---------	d-----w	c:\program files\uTorrent
2008-09-17 06:55	---------	d-----w	c:\program files\VMware
2008-09-15 15:28	1,846,528	------w	c:\windows\system32\win32k.sys
2008-09-10 07:27	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware
2008-09-08 10:41	333,824	------w	c:\windows\system32\drivers\srv.sys
2008-09-08 08:51	---------	d-----w	c:\program files\WinImage
2008-09-08 08:44	---------	d-----w	c:\program files\IZArc
2008-08-26 08:27	826,368	----a-w	c:\windows\system32\wininet.dll
2008-08-18 14:06	98,304	----a-w	c:\windows\system32\DLSBAR32.DLL
2008-08-18 14:06	512,512	----a-w	c:\windows\system32\llPDFLibX.dll
2008-08-18 14:06	446,464	----a-w	c:\windows\system32\HHActiveX.dll
2008-08-18 14:06	441,856	----a-w	c:\windows\system32\VCFIWZ5.dll
2008-08-18 14:06	28,672	----a-w	c:\windows\system32\LayCSupp.dll
2008-08-18 14:06	27,648	----a-w	c:\windows\system32\SnelStartCompress.dll
2008-08-18 14:06	200,704	----a-w	c:\windows\system32\VIC32.DLL
2008-08-14 13:27	2,149,888	------w	c:\windows\system32\ntoskrnl.exe
2008-08-14 13:27	2,028,544	------w	c:\windows\system32\ntkrnlpa.exe
2007-03-26 09:11	49,721,344	----a-w	c:\program files\SnelStart.rar
2004-08-16 16:24	14,472	----a-w	c:\documents and settings\Roger\MTK.SYS
2003-12-18 10:33	20,102	----a-w	c:\program files\Readme.txt
2003-09-03 06:46	10,960	----a-w	c:\program files\EULA.txt
2003-07-17 02:26	448,640	------w	c:\windows\inf\EL2K_N64.sys
2003-07-17 02:22	147,328	------w	c:\windows\inf\EL2K_XP.sys
2003-06-03 07:47	147,328	------w	c:\windows\inf\EL2K_2K.sys
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2003-12-01 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-09-08 805392]
Rabo Session Monitor.lnk - c:\program files\Rabo\Support\RaboSessionMon.exe [2005-07-12 880128]
Snelstart HP Image Zone.lnk - c:\program files\hp\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 110080]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"vidc.i263"= i263_32.drv
"EnableFirewall"= 0 (0x0)
"c:\\Program Files\\Common Files\\EPSON\\EBAPI\\eEBSvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe: RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe: Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe: Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\devolo\\informer\\devinf.exe"=
"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\games\\BF 2142\\BF2142.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP: Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [2005-11-18 64976]
R0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2005-10-27 78336]
R0 viaraid;viaraid;c:\windows\system32\DRIVERS\viaraid.sys [2003-05-21 70272]
R2 FiberlinkMonitor;Fiberlink Monitor Service;c:\program files\Fiberlink\Extend360\WENGINE\wmonitor.exe [2005-09-08 69696]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2007-02-07 35840]
R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [2007-07-10 393216]
R2 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [2008-04-29 186928]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2008-04-29 19248]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [2004-11-02 17536]
R3 gcapi20;Intelligent CAPI 2.0 driver;c:\windows\system32\DRIVERS\gcapi20.sys [2001-07-03 165328]
R3 gisdnwan;Intelligent ISDN WAN miniport;c:\windows\system32\DRIVERS\gisdnwan.sys [2002-02-11 54033]
R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\DRIVERS\uac4pdt.sys [2003-11-11 15232]
S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys [ ]
S3 ASUSHWIO;ASUSHWIO;c:\windows\system32\drivers\ASUSHWIO.sys [ ]
S3 Gisdnpnp;Intelligent ISDN PnP driver;c:\windows\system32\DRIVERS\gisdnpnp.sys [2002-02-04 78032]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys [2004-08-16 14472]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [ ]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\windows\system32\PLCMPR5.SYS [ ]
Inhoud van de 'Gedeelde Taken' map
2008-11-03 c:\windows\Tasks\backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 18:03]
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-LiveNote - livenote.exe
------- Bijkomende Scan -------
FireFox -: Profile - c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\66o46bys.default\
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npntrplugin.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\windows\system32\NTR\npntrplugin.dll
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-04 11:58:08
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
------------------------ Andere Aktieve Processen ------------------------
c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\EPSON\EBAPI\eEBAgent.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Fiberlink\Extend360\ServiceMgr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\hp\Digital Imaging\bin\hpqgalry.exe
Voltooingstijd: 2008-11-04 12:01:18 - machine werd herstart
ComboFix-quarantined-files.txt  2008-11-04 11:01:13
Pre-Run: bytes beschikbaar
Post-Run: 107,398,750,208 bytes beschikbaar
[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
274	--- E O F ---	2008-10-28 14:39:53

Open in new window

Still researching your ComboFix log but surprised to find that inst.exe is a process which is registered as a trojan, according to the following article >

c:\documents and settings\Roger\Application Data\inst.exe

"inst.exe - inst process information":

Will continue to investigate, but meanwhile may i suggest you run the following scans.  If all three come up clean i'll have to re-think >

"Trend Micro's FREE online virus scanner":   

a-squared Free:
Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>

Have double checked the inst.exe problem & have come to the same conclusion as before, it should be removed.   Have searched for but can see no other problematic entry.

If one of those three scanners does not remove the Trojan, we can re-run CombFix and apply a Script, as described in this Tutorial >

A guide and tutorial on using ComboFix:

Now, open notepad and copy & paste this text into it, as shown between the lines >


c:\documents and settings\Roger\Application Data\inst.exe


Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture in the tutorial above, drag the CFScript into ComboFix.exe

When finished, it should have produced a log for you at "C:\ComboFix.txt", and hopefully done the trick.
This is getting to be a very long thread.... so let's do a quick recap to make sure we're not going off on a tangent
  • You have one application that takes a very long time to launch
  • This occurred suddenly and has remained consistently slow since that time
  • All other applications on this PC seem launch normally
... is that about it?
If so, how many folks still think this phenomenon is related to malware?!?!
rogerbergerAuthor Commented:
Launching the app is not really much slower then  normal (it always was very slow to open). The problem is that it is slow to activate when I switch windows. The app is for my administration, so I want to copy/paste aa lot from outlook to this app. When I have selected some text in outlook and click on the app it seems to freeze for about 10 seconds. The manufacturer of the software havent't seen this problem before and doesn't know what the problem can be.
I will remove all malware on my compu offcourse, but I think too that the problem is somewhere else.

Let's dig a bit deeper...
  • Is the length of the delay associated with the size of the information being copied?
  • I presume that merely switching to/from the application (without doing a copy/paste) works as expected?
...ya know, I think we're getting some where!
rogerbergerAuthor Commented:
nope, without copy/pasting it's also slow.
If after removing the inst.exe file there is/was no improvement then i'm out of ideas for the moment ... best perhaps to follow graye's approach.
So, how do you "activate" the program?
  • Is it already launched, but just minimized, and all you do it click on the tray icon?
  • Or, do you launch it "from scratch"?
rogerbergerAuthor Commented:
I have a widescreen monitor and for example outlook and this program are situated next to each other. When I click on Outlook I can work instantly with it, but when I click on the program it freezes for about 10 seconds. After these 10 seconds I can use it normally again until I switch to outlook (or another app) again.
BTW. You can download a demo of the program here:
Actually, a bit for the source code would be more helpful
rogerbergerAuthor Commented:
I have no source code. It's a commercial program.
Ouch... that means we're running out of options.
I suspect you'll have to contact the vendor... perhaps they are aware and have an update
rogerbergerAuthor Commented:
I allready talked to them twice. Yhey say it's not a known problem, so it can't be in the program itself. I contacted them again on friday and on of their second line technicians will call me back on monday. I'll let you know. Thanks so far.

rogerbergerAuthor Commented:
OK guys,

Ik talked to the makers of the program yesterday and they couldn't find the problem either. So I used my morning to completely reinstall windows XP. Now the program is acting normally again. It is even reacting much faster as before. I think it was a problem in the registration of the problem.
I want to thank you all for helping.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
You are very welcome.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.