programm takes 10 seconds to get active

Posted on 2008-10-27
Last Modified: 2012-05-05
Hi there,

I have a program which, if opened in windows, takes about 10 seconds to get active. It is a program which uses mdb or sql for his data. All other programs are acting normally, but only this on is slow. I do a lot of copy/paste  from outlook to this program so if I have to wait 10 seconds every time it is getting very annoying.
The problem is that it happened suddenly (after not using it for 2 months).
Does anybody haave a suggestion where to look for a solution?


Question by:rogerberger
  • 14
  • 12
  • 8
  • +1
LVL 14

Expert Comment

ID: 22811326
Try going to the properties of your hard drive and doing a "disk cleanup" then click the tools tab, and see if the disk needs defragging.
LVL 14

Expert Comment

ID: 22811346
How much RAM is installed on this system? If it's 512Mb or less, you'd probably see an improvement if you installed another 512Mb or even 1Gb more RAM.

Author Comment

ID: 22811379
Defragging is not necessary.
There is 1Gb of ram installed and 680Mb in use.
LVL 27

Expert Comment

ID: 22811397
You could also try the System File Checker to see if you have a partly corrupted file>
Start>Run       .. and then type SFC /scannow

"How to use the scannow sfc tool in Windows XP":
LVL 27

Expert Comment

ID: 22811421
Could also be due to a virus or Malware.
Unless you're absolutely sure the machine is clean, try scanning with Malwarebytes Anti-Malware:

Also try the Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>
LVL 41

Expert Comment

ID: 22812186
So, tell us more about where the databases are (on a remote PC/Server?) and how they are configured...
This sounds like a problem with a SQL connection... where it attempts to connect via a protocol that's no longer active, and has to "time out" before trying another method of connection

Author Comment

ID: 22812727
first it used an mdb database, but now it uses a sql server express 5 database. This is on the same system. It was allready slow when I was working with an mdb database. That's why I switched to sql server, but without any progression.
LVL 41

Expert Comment

ID: 22812880
Hummm....  how big is the database?
Take a look at the "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data" directory and tell us how big the *.mdf and *.ldf files are for that database

Author Comment

ID: 22819667
The mdf file is 105Mb and the LDF is 832Kb.
kaspersky found nothing
malwarebyte didn't find anything either
sfc /scannow  did nothing as far as I can see.
I did a defrag without a positive result.
LVL 27

Expert Comment

ID: 22819722
Ok, thanks.  Incidently when the problem suddenly occurred (after not using it for 2 months), did you update from SP2 to SP3 at about that time?
If yes, System Restore is a possible(temporary) solution, or SP3 roll back.

Author Comment

ID: 22819795
No, It was before SP3
I also tried to kill all processes which are not 'necessary', but even that won't work. Strange..
LVL 27

Expert Comment

ID: 22819882
Ok.   Another suggestion is to run Process Explorer version 11.13:

Watch the CPU activity during one of those "10 sec slows", normally (at idle) it should be somewhere between 2% and 4%.
If it's not, double click any offending file. Is it a svchost.exe file?  If yes, select the Services Tab to see what services are running.

If we find nothing, & you get no further suggestions, an XP repair install may be the best way forward .. you need not be in a hurry to do this, but it's something we should bear in mind.  Will investigate further, periodically ....

How to Perform a Windows XP Repair Install:


Author Comment

ID: 22819968
processExplorer gives no strange cpu usage. What I do see is that SQL server express is using 8% cpu usage about 90% off the time. I will try the XPrepaiinstall tonight.

Thanks so far.
LVL 27

Expert Comment

ID: 22820051
> SQL server express is using 8% cpu usage about 90% off the time <
That's your reason for the delays!
Recommend therefore that you delay that repair install, it may not be necessary, and try HijackThis>

Trend HijackThis 2.02:

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page & there i can get it analysed.  

Also, you may like to take a look at this ongoing EE question, in particular the comments by rpggamergirl who is brilliant at Malware removal >
LVL 27

Expert Comment

ID: 22821009
Even though you're prepared to do an XP repair install, it may not resolve the issue, although it's definitely worth a HijackThis scan!  
If nothing is detected it would not be surprising, *if* we have a nasty present.  
In such a case i would suggest running Combofix >

Download ComboFix and save to your Desktop >

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running, and remember to re-enable them later, upon completion.

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins.  Just let it run.

ComboFix does present a slight risk to your system, but it's worth considering under these circumstances.

Author Comment

ID: 22875141
Sorry for the delay, but I was quiet a bit busy. I have attached the hijackThis log. Thanks so far. I also upgraded the system from 1 to 2Gb memory and ran the combofix. Offcourse without any result.
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:10:11, on 4-11-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:










C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe



C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe

C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe



C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe



C:\Program Files\VMware\VMware Converter\vmware-ufad.exe



C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\ClamWin\bin\ClamTray.exe


C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe


C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Rabo\Support\RaboSessionMon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE


C:\Program Files\SnelStart\V900\SnelStart.exe

C:\Program Files\Mozilla Firefox\firefox.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =ý

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{85E02B6F-F6EC-4455-901F-832B7144AA10}: NameServer =

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe

O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\ruttn\moha\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)

O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe


End of file - 11034 bytes

Open in new window

LVL 41

Expert Comment

ID: 22875647
So, post a bit of the source code for the application... particularly the parts where you open the databases
LVL 27

Expert Comment

ID: 22876302
Your HijackThis logfile has a suspicious entry or two, particularly this one.  Do you know the IP or Domain ''?      If you do, we'll leave it alone.  If not, it needs to be removed >

O17 - HKLM\System\CCS\Services\Tcpip\..\{85E02B6F-F6EC-4455-901F-832B7144AA10}: NameServer =

In this form it looks like a Trojan or Worm.  SDFix should be able to remove it.

How to use SDFix:

Meanwhile i'll investigate the other HJT entries ..
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

LVL 27

Expert Comment

ID: 22876454
Have done a quick check on the eleven remaining entries that HijackThis analysis had questioned, but i can see nothing visibly wrong.

You could post the ComboFix log here if you still have it please, it could be useful.

Perplexed, but still contemplating   :)

Author Comment

ID: 22877879 is my adsl router. I am not at home, but will add my combofix log later on.

Author Comment

ID: 22885321
Here is my combofix log.
ComboFix 08-11-03.04 - Roger 2008-11-04 11:53:27.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.3.1252.31.1043.18.1420 [GMT 1:00]

Gestart vanuit: c:\installatie\ComboFix.exe

 * Nieuw herstelpunt werd aangemaakt


((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))


c:\documents and settings\Roger\Application Data\inst.exe

c:\program files\INSTALL.LOG





(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((   Bestanden Gemaakt van 2008-10-04 to 2008-11-04  ))))))))))))))))))))))))))))))


2008-10-28 15:35 . 2008-10-02 10:07	453,152	--a------	c:\windows\system32\NVUNINST.EXE

2008-10-28 15:35 . 2008-10-07 13:33	453,152	--a------	c:\windows\system32\nvudisp.exe

2008-10-28 15:35 . 2008-11-04 11:58	201,151	--a------	c:\windows\system32\nvapps.xml

2008-10-28 15:35 . 2008-10-07 13:33	18,477	--a------	c:\windows\system32\nvdisp.nvu

2008-10-28 09:01 . 2001-08-17 21:28	794,654	--a--c---	c:\windows\system32\dllcache\usr1801.sys

2008-10-28 09:00 . 2001-09-06 20:29	899,594	--a--c---	c:\windows\system32\dllcache\r2mdkxga.sys

2008-10-28 08:59 . 2001-08-17 22:05	351,616	--a--c---	c:\windows\system32\dllcache\ovcodek2.sys

2008-10-28 08:58 . 2001-08-17 21:28	802,683	--a--c---	c:\windows\system32\dllcache\ltsm.sys

2008-10-28 08:57 . 2001-09-06 21:26	1,733,120	--a--c---	c:\windows\system32\dllcache\g400d.dll

2008-10-28 08:56 . 2001-08-17 20:14	952,007	--a--c---	c:\windows\system32\dllcache\diwan.sys

2008-10-28 08:55 . 2001-09-06 18:59	980,034	--a--c---	c:\windows\system32\dllcache\cicap.sys

2008-10-28 08:54 . 2001-08-17 21:28	871,388	--a--c---	c:\windows\system32\dllcache\bcmdm.sys

2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware

2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\documents and settings\Roger\Application Data\Malwarebytes

2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes

2008-10-27 13:45 . 2008-10-22 16:10	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-27 13:45 . 2008-10-22 16:10	15,504	--a------	c:\windows\system32\drivers\mbam.sys

2008-10-27 11:19 . 2008-10-27 11:21	<DIR>	d--h-c---	c:\documents and settings\All Users\Application Data\{74E78FE3-7059-467C-AAB0-5F11DE6042B2}

2008-10-22 15:48 . 2008-10-22 15:48	<DIR>	d--------	c:\documents and settings\suusje\Application Data\.clamwin

2008-10-15 14:33 . 2008-10-15 14:33	<DIR>	d--------	c:\program files\K-Lite Codec Pack

2008-10-15 14:32 . 2008-10-15 14:32	<DIR>	d--------	c:\program files\Encode360

2008-10-15 14:30 . 2008-10-15 14:30	<DIR>	d--------	c:\windows\system32\windows media

2008-10-15 14:30 . 2008-10-15 14:30	<DIR>	d--------	c:\program files\Windows Media Components

2008-10-15 12:57 . 2008-10-15 12:57	<DIR>	d--------	c:\program files\VSO

2008-10-15 12:57 . 2008-10-15 13:23	<DIR>	d--------	c:\documents and settings\Roger\Application Data\Vso

2008-10-15 12:57 . 2004-05-04 11:53	1,645,320	--a------	c:\windows\gdiplus.dll

2008-10-15 12:57 . 2006-05-20 16:16	1,184,984	--a------	c:\windows\system32\wvc1dmod.dll

2008-10-15 12:57 . 2006-04-02 13:47	630,784	--a------	c:\windows\system32\vp7vfw.dll

2008-10-15 12:57 . 2006-09-29 12:24	217,127	--a------	c:\windows\system32\drv43260.dll

2008-10-15 12:57 . 2006-09-29 12:25	208,935	--a------	c:\windows\system32\drv33260.dll

2008-10-15 12:57 . 2006-09-29 12:26	176,165	--a------	c:\windows\system32\drv23260.dll

2008-10-15 12:57 . 2007-03-18 20:37	65,602	--a------	c:\windows\system32\cook3260.dll

2008-10-15 12:57 . 2008-10-15 12:57	47,360	--a------	c:\windows\system32\drivers\pcouffin.sys

2008-10-15 12:57 . 2008-10-15 12:57	47,360	--a------	c:\documents and settings\Roger\Application Data\pcouffin.sys

2008-10-15 04:01 . 2008-08-14 14:27	2,193,536	--a--c---	c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 04:01 . 2008-08-14 14:27	2,070,400	--a--c---	c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-13 14:24 . 2008-10-13 14:28	<DIR>	d--------	c:\documents and settings\Roger\Application Data\vlc

2008-10-13 14:22 . 2008-10-13 14:22	<DIR>	d--------	c:\program files\VideoLAN

2008-10-11 15:17 . 2008-04-14 18:02	159,232	--a------	c:\windows\system32\ptpusd.dll

2008-10-11 15:17 . 2001-09-06 20:27	5,632	--a------	c:\windows\system32\ptpusb.dll

2008-10-08 11:14 . 2008-10-08 11:14	<DIR>	d--------	c:\program files\ClamWin

2008-10-08 11:14 . 2008-10-08 11:15	<DIR>	d--------	c:\documents and settings\Roger\Application Data\.clamwin

2008-10-08 11:14 . 2008-10-08 11:14	<DIR>	d--------	c:\documents and settings\All Users\.clamwin

2008-10-08 08:49 . 2008-10-08 08:49	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Avg7

2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\program files\Deskshare

2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\program files\Common Files\Deskshare Shared

2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Deskshare


(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-11-04 10:59	---------	d-----w	c:\documents and settings\Roger\Application Data\Skype

2008-10-30 10:09	---------	d-----w	c:\program files\Rabotwin

2008-10-29 07:21	---------	d-----w	c:\program files\hp

2008-10-29 07:21	---------	d-----w	c:\program files\Hewlett-Packard

2008-10-28 18:12	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2008-10-28 18:11	---------	d-----w	c:\program files\AGEIA Technologies

2008-10-28 14:43	---------	d-----w	c:\program files\TomTom HOME 2

2008-10-27 10:20	---------	d-----w	c:\program files\SnelStart

2008-10-27 10:16	---------	d-----w	c:\program files\Tonaya

2008-10-27 10:14	---------	d--h--w	c:\program files\InstallShield Installation Information

2008-10-27 10:14	---------	d-----w	c:\program files\Microsoft ActiveSync

2008-10-27 07:58	---------	d-----w	c:\documents and settings\All Users\Application Data\Rabo Support

2008-10-27 07:12	---------	d-----w	c:\program files\Microsoft Silverlight

2008-10-21 08:53	---------	d-----w	c:\program files\FTDv3.8

2008-10-15 14:18	---------	d-----w	c:\documents and settings\Roger\Application Data\FileZilla

2008-10-15 07:19	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help

2008-10-08 07:49	---------	d-----w	c:\documents and settings\All Users\Application Data\Grisoft

2008-10-03 17:27	107,888	----a-w	c:\windows\system32\CmdLineExt.dll

2008-09-26 13:08	---------	d-----w	c:\documents and settings\Roger\Application Data\VMware

2008-09-25 06:48	---------	d-----w	c:\documents and settings\Roger\Application Data\uTorrent

2008-09-22 09:52	---------	d-----w	c:\documents and settings\Roger\Application Data\GetRightToGo

2008-09-19 15:25	---------	d-----w	c:\program files\uTorrent

2008-09-17 06:55	---------	d-----w	c:\program files\VMware

2008-09-15 15:28	1,846,528	------w	c:\windows\system32\win32k.sys

2008-09-10 07:27	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware

2008-09-08 10:41	333,824	------w	c:\windows\system32\drivers\srv.sys

2008-09-08 08:51	---------	d-----w	c:\program files\WinImage

2008-09-08 08:44	---------	d-----w	c:\program files\IZArc

2008-08-26 08:27	826,368	----a-w	c:\windows\system32\wininet.dll

2008-08-18 14:06	98,304	----a-w	c:\windows\system32\DLSBAR32.DLL

2008-08-18 14:06	512,512	----a-w	c:\windows\system32\llPDFLibX.dll

2008-08-18 14:06	446,464	----a-w	c:\windows\system32\HHActiveX.dll

2008-08-18 14:06	441,856	----a-w	c:\windows\system32\VCFIWZ5.dll

2008-08-18 14:06	28,672	----a-w	c:\windows\system32\LayCSupp.dll

2008-08-18 14:06	27,648	----a-w	c:\windows\system32\SnelStartCompress.dll

2008-08-18 14:06	200,704	----a-w	c:\windows\system32\VIC32.DLL

2008-08-14 13:27	2,149,888	------w	c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27	2,028,544	------w	c:\windows\system32\ntkrnlpa.exe

2007-03-26 09:11	49,721,344	----a-w	c:\program files\SnelStart.rar

2004-08-16 16:24	14,472	----a-w	c:\documents and settings\Roger\MTK.SYS

2003-12-18 10:33	20,102	----a-w	c:\program files\Readme.txt

2003-09-03 06:46	10,960	----a-w	c:\program files\EULA.txt

2003-07-17 02:26	448,640	------w	c:\windows\inf\EL2K_N64.sys

2003-07-17 02:22	147,328	------w	c:\windows\inf\EL2K_XP.sys

2003-06-03 07:47	147,328	------w	c:\windows\inf\EL2K_2K.sys


(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))



*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond



"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]


"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2003-12-01 126976]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]


"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-09-08 805392]

Rabo Session Monitor.lnk - c:\program files\Rabo\Support\RaboSessionMon.exe [2005-07-12 880128]

Snelstart HP Image Zone.lnk - c:\program files\hp\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 110080]


"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.CEGSM"= mobilev.acm

"VIDC.HFYU"= huffyuv.dll

"msacm.ac3filter"= ac3filter.acm

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"vidc.i263"= i263_32.drv




"EnableFirewall"= 0 (0x0)



"c:\\Program Files\\Common Files\\EPSON\\EBAPI\\eEBSvc.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe: RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe: Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe: Application

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\devolo\\informer\\devinf.exe"=

"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\games\\BF 2142\\BF2142.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP: Service

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [2005-11-18 64976]

R0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2005-10-27 78336]

R0 viaraid;viaraid;c:\windows\system32\DRIVERS\viaraid.sys [2003-05-21 70272]

R2 FiberlinkMonitor;Fiberlink Monitor Service;c:\program files\Fiberlink\Extend360\WENGINE\wmonitor.exe [2005-09-08 69696]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2007-02-07 35840]

R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [2007-07-10 393216]

R2 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [2008-04-29 186928]

R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2008-04-29 19248]

R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [2004-11-02 17536]

R3 gcapi20;Intelligent CAPI 2.0 driver;c:\windows\system32\DRIVERS\gcapi20.sys [2001-07-03 165328]

R3 gisdnwan;Intelligent ISDN WAN miniport;c:\windows\system32\DRIVERS\gisdnwan.sys [2002-02-11 54033]

R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\DRIVERS\uac4pdt.sys [2003-11-11 15232]

S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys [ ]

S3 ASUSHWIO;ASUSHWIO;c:\windows\system32\drivers\ASUSHWIO.sys [ ]

S3 Gisdnpnp;Intelligent ISDN PnP driver;c:\windows\system32\DRIVERS\gisdnpnp.sys [2002-02-04 78032]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys [2004-08-16 14472]

S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [ ]

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\windows\system32\PLCMPR5.SYS [ ]


Inhoud van de 'Gedeelde Taken' map

2008-11-03 c:\windows\Tasks\backup.job

- c:\windows\system32\ntbackup.exe [2008-04-14 18:03]


- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-LiveNote - livenote.exe


------- Bijkomende Scan -------


FireFox -: Profile - c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\66o46bys.default\

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npntrplugin.dll

FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - c:\windows\system32\NTR\npntrplugin.dll



catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

Rootkit scan 2008-11-04 11:58:08

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0



"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"


------------------------ Andere Aktieve Processen ------------------------


c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe



c:\program files\Creative\Shared Files\CTDevSrv.exe

c:\program files\Common Files\EPSON\EBAPI\eEBAgent.exe

c:\program files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe



c:\program files\Fiberlink\Extend360\ServiceMgr.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe





c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

c:\program files\hp\Digital Imaging\bin\hpqgalry.exe








Voltooingstijd: 2008-11-04 12:01:18 - machine werd herstart

ComboFix-quarantined-files.txt  2008-11-04 11:01:13

Pre-Run: bytes beschikbaar

Post-Run: 107,398,750,208 bytes beschikbaar


[boot loader]



[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

274	--- E O F ---	2008-10-28 14:39:53

Open in new window

LVL 27

Expert Comment

ID: 22887931
Still researching your ComboFix log but surprised to find that inst.exe is a process which is registered as a trojan, according to the following article >

c:\documents and settings\Roger\Application Data\inst.exe

"inst.exe - inst process information":

Will continue to investigate, but meanwhile may i suggest you run the following scans.  If all three come up clean i'll have to re-think >

"Trend Micro's FREE online virus scanner":   

a-squared Free:
Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>

LVL 27

Expert Comment

ID: 22889342
Have double checked the inst.exe problem & have come to the same conclusion as before, it should be removed.   Have searched for but can see no other problematic entry.

If one of those three scanners does not remove the Trojan, we can re-run CombFix and apply a Script, as described in this Tutorial >

A guide and tutorial on using ComboFix:

Now, open notepad and copy & paste this text into it, as shown between the lines >


c:\documents and settings\Roger\Application Data\inst.exe


Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture in the tutorial above, drag the CFScript into ComboFix.exe

When finished, it should have produced a log for you at "C:\ComboFix.txt", and hopefully done the trick.
LVL 41

Expert Comment

ID: 22891131
This is getting to be a very long thread.... so let's do a quick recap to make sure we're not going off on a tangent
  • You have one application that takes a very long time to launch
  • This occurred suddenly and has remained consistently slow since that time
  • All other applications on this PC seem launch normally
... is that about it?
If so, how many folks still think this phenomenon is related to malware?!?!

Author Comment

ID: 22892842
Launching the app is not really much slower then  normal (it always was very slow to open). The problem is that it is slow to activate when I switch windows. The app is for my administration, so I want to copy/paste aa lot from outlook to this app. When I have selected some text in outlook and click on the app it seems to freeze for about 10 seconds. The manufacturer of the software havent't seen this problem before and doesn't know what the problem can be.
I will remove all malware on my compu offcourse, but I think too that the problem is somewhere else.

LVL 41

Expert Comment

ID: 22894314
Let's dig a bit deeper...
  • Is the length of the delay associated with the size of the information being copied?
  • I presume that merely switching to/from the application (without doing a copy/paste) works as expected?
...ya know, I think we're getting some where!

Author Comment

ID: 22894463
nope, without copy/pasting it's also slow.
LVL 27

Expert Comment

ID: 22894559
If after removing the inst.exe file there is/was no improvement then i'm out of ideas for the moment ... best perhaps to follow graye's approach.
LVL 41

Expert Comment

ID: 22900659
So, how do you "activate" the program?
  • Is it already launched, but just minimized, and all you do it click on the tray icon?
  • Or, do you launch it "from scratch"?

Author Comment

ID: 22902679
I have a widescreen monitor and for example outlook and this program are situated next to each other. When I click on Outlook I can work instantly with it, but when I click on the program it freezes for about 10 seconds. After these 10 seconds I can use it normally again until I switch to outlook (or another app) again.
BTW. You can download a demo of the program here:
LVL 41

Expert Comment

ID: 22903751
Actually, a bit for the source code would be more helpful

Author Comment

ID: 22903784
I have no source code. It's a commercial program.
LVL 41

Expert Comment

ID: 22909037
Ouch... that means we're running out of options.
I suspect you'll have to contact the vendor... perhaps they are aware and have an update

Author Comment

ID: 22915495
I allready talked to them twice. Yhey say it's not a known problem, so it can't be in the program itself. I contacted them again on friday and on of their second line technicians will call me back on monday. I'll let you know. Thanks so far.


Accepted Solution

rogerberger earned 0 total points
ID: 22929797
OK guys,

Ik talked to the makers of the program yesterday and they couldn't find the problem either. So I used my morning to completely reinstall windows XP. Now the program is acting normally again. It is even reacting much faster as before. I think it was a problem in the registration of the problem.
I want to thank you all for helping.

LVL 27

Expert Comment

ID: 22970086
You are very welcome.

Featured Post

Why are Office 365 signatures so complicated?

Trying to setup transport rules for Office 365 email signatures and can’t quite figure it out? Having to test the signature over and over? Make things simple by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Several part series to implement Internet Explorer 11 Enterprise Mode
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now