Solved

programm takes 10 seconds to get active

Posted on 2008-10-27
36
1,017 Views
Last Modified: 2012-05-05
Hi there,

I have a program which, if opened in windows, takes about 10 seconds to get active. It is a program which uses mdb or sql for his data. All other programs are acting normally, but only this on is slow. I do a lot of copy/paste  from outlook to this program so if I have to wait 10 seconds every time it is getting very annoying.
The problem is that it happened suddenly (after not using it for 2 months).
Does anybody haave a suggestion where to look for a solution?

Thanks,

Roger
0
Comment
Question by:rogerberger
  • 14
  • 12
  • 8
  • +1
36 Comments
 
LVL 14

Expert Comment

by:smiffy13
Comment Utility
Try going to the properties of your hard drive and doing a "disk cleanup" then click the tools tab, and see if the disk needs defragging.
0
 
LVL 14

Expert Comment

by:smiffy13
Comment Utility
How much RAM is installed on this system? If it's 512Mb or less, you'd probably see an improvement if you installed another 512Mb or even 1Gb more RAM.
0
 

Author Comment

by:rogerberger
Comment Utility
Defragging is not necessary.
There is 1Gb of ram installed and 680Mb in use.
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
You could also try the System File Checker to see if you have a partly corrupted file>
Start>Run       .. and then type SFC /scannow

"How to use the scannow sfc tool in Windows XP":
http://www.updatexp.com/scannow-sfc.html
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Could also be due to a virus or Malware.
Unless you're absolutely sure the machine is clean, try scanning with Malwarebytes Anti-Malware:
http://www.malwarebytes.org/mbam.php

Also try the Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>
http://www.kaspersky.co.uk/virusscanner
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
So, tell us more about where the databases are (on a remote PC/Server?) and how they are configured...
This sounds like a problem with a SQL connection... where it attempts to connect via a protocol that's no longer active, and has to "time out" before trying another method of connection
0
 

Author Comment

by:rogerberger
Comment Utility
first it used an mdb database, but now it uses a sql server express 5 database. This is on the same system. It was allready slow when I was working with an mdb database. That's why I switched to sql server, but without any progression.
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
Hummm....  how big is the database?
Take a look at the "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data" directory and tell us how big the *.mdf and *.ldf files are for that database
0
 

Author Comment

by:rogerberger
Comment Utility
The mdf file is 105Mb and the LDF is 832Kb.
kaspersky found nothing
malwarebyte didn't find anything either
sfc /scannow  did nothing as far as I can see.
I did a defrag without a positive result.
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Ok, thanks.  Incidently when the problem suddenly occurred (after not using it for 2 months), did you update from SP2 to SP3 at about that time?
If yes, System Restore is a possible(temporary) solution, or SP3 roll back.
0
 

Author Comment

by:rogerberger
Comment Utility
No, It was before SP3
I also tried to kill all processes which are not 'necessary', but even that won't work. Strange..
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Ok.   Another suggestion is to run Process Explorer version 11.13:
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

Watch the CPU activity during one of those "10 sec slows", normally (at idle) it should be somewhere between 2% and 4%.
If it's not, double click any offending file. Is it a svchost.exe file?  If yes, select the Services Tab to see what services are running.

If we find nothing, & you get no further suggestions, an XP repair install may be the best way forward .. you need not be in a hurry to do this, but it's something we should bear in mind.  Will investigate further, periodically ....

How to Perform a Windows XP Repair Install:
http://www.michaelstevenstech.com/XPrepairinstall.htm

0
 

Author Comment

by:rogerberger
Comment Utility
processExplorer gives no strange cpu usage. What I do see is that SQL server express is using 8% cpu usage about 90% off the time. I will try the XPrepaiinstall tonight.

Thanks so far.
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
> SQL server express is using 8% cpu usage about 90% off the time <
That's your reason for the delays!
Recommend therefore that you delay that repair install, it may not be necessary, and try HijackThis>

Trend HijackThis 2.02:
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page & there i can get it analysed.  

Also, you may like to take a look at this ongoing EE question, in particular the comments by rpggamergirl who is brilliant at Malware removal >
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23848905.html?cid=238#a22818645
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Even though you're prepared to do an XP repair install, it may not resolve the issue, although it's definitely worth a HijackThis scan!  
If nothing is detected it would not be surprising, *if* we have a nasty present.  
In such a case i would suggest running Combofix >

Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running, and remember to re-enable them later, upon completion.

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins.  Just let it run.

ComboFix does present a slight risk to your system, but it's worth considering under these circumstances.
0
 

Author Comment

by:rogerberger
Comment Utility
Sorry for the delay, but I was quiet a bit busy. I have attached the hijackThis log. Thanks so far. I also upgraded the system from 1 to 2Gb memory and ran the combofix. Offcourse without any result.
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:10:11, on 4-11-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe

C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\RaboCommSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\VMware\VMware Converter\vmware-ufad.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Rabo\Support\RaboSessionMon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\SnelStart\V900\SnelStart.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\installatie\HiJackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/nl/ý

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.10:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} - http://tmss.trendmicro.com/Dashboard/controls/activex_10/TMSSReportW.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85E02B6F-F6EC-4455-901F-832B7144AA10}: NameServer = 172.17.1.254

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe

O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\ruttn\moha\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)

O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
 

--

End of file - 11034 bytes

Open in new window

0
 
LVL 41

Expert Comment

by:graye
Comment Utility
So, post a bit of the source code for the application... particularly the parts where you open the databases
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Your HijackThis logfile has a suspicious entry or two, particularly this one.  Do you know the IP or Domain '172.17.1.254'?      If you do, we'll leave it alone.  If not, it needs to be removed >

O17 - HKLM\System\CCS\Services\Tcpip\..\{85E02B6F-F6EC-4455-901F-832B7144AA10}: NameServer = 172.17.1.254

In this form it looks like a Trojan or Worm.  SDFix should be able to remove it.

How to use SDFix:
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t131299.html

Meanwhile i'll investigate the other HJT entries ..
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Have done a quick check on the eleven remaining entries that HijackThis analysis had questioned, but i can see nothing visibly wrong.

You could post the ComboFix log here if you still have it please, it could be useful.

Perplexed, but still contemplating   :)
0
 

Author Comment

by:rogerberger
Comment Utility
172.17.1.254 is my adsl router. I am not at home, but will add my combofix log later on.
0
 

Author Comment

by:rogerberger
Comment Utility
Here is my combofix log.
ComboFix 08-11-03.04 - Roger 2008-11-04 11:53:27.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.3.1252.31.1043.18.1420 [GMT 1:00]

Gestart vanuit: c:\installatie\ComboFix.exe

 * Nieuw herstelpunt werd aangemaakt

.
 

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\documents and settings\Roger\Application Data\inst.exe

c:\program files\INSTALL.LOG

c:\windows\system32\ntr

c:\windows\system32\ntr\npntrplugin.dll

c:\windows\system32\ntr\nsINTRplugin.xpt
 

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_NPF
 
 

((((((((((((((((((((   Bestanden Gemaakt van 2008-10-04 to 2008-11-04  ))))))))))))))))))))))))))))))

.
 

2008-10-28 15:35 . 2008-10-02 10:07	453,152	--a------	c:\windows\system32\NVUNINST.EXE

2008-10-28 15:35 . 2008-10-07 13:33	453,152	--a------	c:\windows\system32\nvudisp.exe

2008-10-28 15:35 . 2008-11-04 11:58	201,151	--a------	c:\windows\system32\nvapps.xml

2008-10-28 15:35 . 2008-10-07 13:33	18,477	--a------	c:\windows\system32\nvdisp.nvu

2008-10-28 09:01 . 2001-08-17 21:28	794,654	--a--c---	c:\windows\system32\dllcache\usr1801.sys

2008-10-28 09:00 . 2001-09-06 20:29	899,594	--a--c---	c:\windows\system32\dllcache\r2mdkxga.sys

2008-10-28 08:59 . 2001-08-17 22:05	351,616	--a--c---	c:\windows\system32\dllcache\ovcodek2.sys

2008-10-28 08:58 . 2001-08-17 21:28	802,683	--a--c---	c:\windows\system32\dllcache\ltsm.sys

2008-10-28 08:57 . 2001-09-06 21:26	1,733,120	--a--c---	c:\windows\system32\dllcache\g400d.dll

2008-10-28 08:56 . 2001-08-17 20:14	952,007	--a--c---	c:\windows\system32\dllcache\diwan.sys

2008-10-28 08:55 . 2001-09-06 18:59	980,034	--a--c---	c:\windows\system32\dllcache\cicap.sys

2008-10-28 08:54 . 2001-08-17 21:28	871,388	--a--c---	c:\windows\system32\dllcache\bcmdm.sys

2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware

2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\documents and settings\Roger\Application Data\Malwarebytes

2008-10-27 13:45 . 2008-10-27 13:45	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes

2008-10-27 13:45 . 2008-10-22 16:10	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-27 13:45 . 2008-10-22 16:10	15,504	--a------	c:\windows\system32\drivers\mbam.sys

2008-10-27 11:19 . 2008-10-27 11:21	<DIR>	d--h-c---	c:\documents and settings\All Users\Application Data\{74E78FE3-7059-467C-AAB0-5F11DE6042B2}

2008-10-22 15:48 . 2008-10-22 15:48	<DIR>	d--------	c:\documents and settings\suusje\Application Data\.clamwin

2008-10-15 14:33 . 2008-10-15 14:33	<DIR>	d--------	c:\program files\K-Lite Codec Pack

2008-10-15 14:32 . 2008-10-15 14:32	<DIR>	d--------	c:\program files\Encode360

2008-10-15 14:30 . 2008-10-15 14:30	<DIR>	d--------	c:\windows\system32\windows media

2008-10-15 14:30 . 2008-10-15 14:30	<DIR>	d--------	c:\program files\Windows Media Components

2008-10-15 12:57 . 2008-10-15 12:57	<DIR>	d--------	c:\program files\VSO

2008-10-15 12:57 . 2008-10-15 13:23	<DIR>	d--------	c:\documents and settings\Roger\Application Data\Vso

2008-10-15 12:57 . 2004-05-04 11:53	1,645,320	--a------	c:\windows\gdiplus.dll

2008-10-15 12:57 . 2006-05-20 16:16	1,184,984	--a------	c:\windows\system32\wvc1dmod.dll

2008-10-15 12:57 . 2006-04-02 13:47	630,784	--a------	c:\windows\system32\vp7vfw.dll

2008-10-15 12:57 . 2006-09-29 12:24	217,127	--a------	c:\windows\system32\drv43260.dll

2008-10-15 12:57 . 2006-09-29 12:25	208,935	--a------	c:\windows\system32\drv33260.dll

2008-10-15 12:57 . 2006-09-29 12:26	176,165	--a------	c:\windows\system32\drv23260.dll

2008-10-15 12:57 . 2007-03-18 20:37	65,602	--a------	c:\windows\system32\cook3260.dll

2008-10-15 12:57 . 2008-10-15 12:57	47,360	--a------	c:\windows\system32\drivers\pcouffin.sys

2008-10-15 12:57 . 2008-10-15 12:57	47,360	--a------	c:\documents and settings\Roger\Application Data\pcouffin.sys

2008-10-15 04:01 . 2008-08-14 14:27	2,193,536	--a--c---	c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 04:01 . 2008-08-14 14:27	2,070,400	--a--c---	c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-13 14:24 . 2008-10-13 14:28	<DIR>	d--------	c:\documents and settings\Roger\Application Data\vlc

2008-10-13 14:22 . 2008-10-13 14:22	<DIR>	d--------	c:\program files\VideoLAN

2008-10-11 15:17 . 2008-04-14 18:02	159,232	--a------	c:\windows\system32\ptpusd.dll

2008-10-11 15:17 . 2001-09-06 20:27	5,632	--a------	c:\windows\system32\ptpusb.dll

2008-10-08 11:14 . 2008-10-08 11:14	<DIR>	d--------	c:\program files\ClamWin

2008-10-08 11:14 . 2008-10-08 11:15	<DIR>	d--------	c:\documents and settings\Roger\Application Data\.clamwin

2008-10-08 11:14 . 2008-10-08 11:14	<DIR>	d--------	c:\documents and settings\All Users\.clamwin

2008-10-08 08:49 . 2008-10-08 08:49	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Avg7

2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\program files\Deskshare

2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\program files\Common Files\Deskshare Shared

2008-10-06 11:26 . 2008-10-06 11:26	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Deskshare
 

.

(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-04 10:59	---------	d-----w	c:\documents and settings\Roger\Application Data\Skype

2008-10-30 10:09	---------	d-----w	c:\program files\Rabotwin

2008-10-29 07:21	---------	d-----w	c:\program files\hp

2008-10-29 07:21	---------	d-----w	c:\program files\Hewlett-Packard

2008-10-28 18:12	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2008-10-28 18:11	---------	d-----w	c:\program files\AGEIA Technologies

2008-10-28 14:43	---------	d-----w	c:\program files\TomTom HOME 2

2008-10-27 10:20	---------	d-----w	c:\program files\SnelStart

2008-10-27 10:16	---------	d-----w	c:\program files\Tonaya

2008-10-27 10:14	---------	d--h--w	c:\program files\InstallShield Installation Information

2008-10-27 10:14	---------	d-----w	c:\program files\Microsoft ActiveSync

2008-10-27 07:58	---------	d-----w	c:\documents and settings\All Users\Application Data\Rabo Support

2008-10-27 07:12	---------	d-----w	c:\program files\Microsoft Silverlight

2008-10-21 08:53	---------	d-----w	c:\program files\FTDv3.8

2008-10-15 14:18	---------	d-----w	c:\documents and settings\Roger\Application Data\FileZilla

2008-10-15 07:19	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help

2008-10-08 07:49	---------	d-----w	c:\documents and settings\All Users\Application Data\Grisoft

2008-10-03 17:27	107,888	----a-w	c:\windows\system32\CmdLineExt.dll

2008-09-26 13:08	---------	d-----w	c:\documents and settings\Roger\Application Data\VMware

2008-09-25 06:48	---------	d-----w	c:\documents and settings\Roger\Application Data\uTorrent

2008-09-22 09:52	---------	d-----w	c:\documents and settings\Roger\Application Data\GetRightToGo

2008-09-19 15:25	---------	d-----w	c:\program files\uTorrent

2008-09-17 06:55	---------	d-----w	c:\program files\VMware

2008-09-15 15:28	1,846,528	------w	c:\windows\system32\win32k.sys

2008-09-10 07:27	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware

2008-09-08 10:41	333,824	------w	c:\windows\system32\drivers\srv.sys

2008-09-08 08:51	---------	d-----w	c:\program files\WinImage

2008-09-08 08:44	---------	d-----w	c:\program files\IZArc

2008-08-26 08:27	826,368	----a-w	c:\windows\system32\wininet.dll

2008-08-18 14:06	98,304	----a-w	c:\windows\system32\DLSBAR32.DLL

2008-08-18 14:06	512,512	----a-w	c:\windows\system32\llPDFLibX.dll

2008-08-18 14:06	446,464	----a-w	c:\windows\system32\HHActiveX.dll

2008-08-18 14:06	441,856	----a-w	c:\windows\system32\VCFIWZ5.dll

2008-08-18 14:06	28,672	----a-w	c:\windows\system32\LayCSupp.dll

2008-08-18 14:06	27,648	----a-w	c:\windows\system32\SnelStartCompress.dll

2008-08-18 14:06	200,704	----a-w	c:\windows\system32\VIC32.DLL

2008-08-14 13:27	2,149,888	------w	c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27	2,028,544	------w	c:\windows\system32\ntkrnlpa.exe

2007-03-26 09:11	49,721,344	----a-w	c:\program files\SnelStart.rar

2004-08-16 16:24	14,472	----a-w	c:\documents and settings\Roger\MTK.SYS

2003-12-18 10:33	20,102	----a-w	c:\program files\Readme.txt

2003-09-03 06:46	10,960	----a-w	c:\program files\EULA.txt

2003-07-17 02:26	448,640	------w	c:\windows\inf\EL2K_N64.sys

2003-07-17 02:22	147,328	------w	c:\windows\inf\EL2K_XP.sys

2003-06-03 07:47	147,328	------w	c:\windows\inf\EL2K_2K.sys

.
 

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2003-12-01 126976]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
 

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-09-08 805392]

Rabo Session Monitor.lnk - c:\program files\Rabo\Support\RaboSessionMon.exe [2005-07-12 880128]

Snelstart HP Image Zone.lnk - c:\program files\hp\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 110080]
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.CEGSM"= mobilev.acm

"VIDC.HFYU"= huffyuv.dll

"msacm.ac3filter"= ac3filter.acm

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"vidc.i263"= i263_32.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\EPSON\\EBAPI\\eEBSvc.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\devolo\\informer\\devinf.exe"=

"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\games\\BF 2142\\BF2142.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
 

R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [2005-11-18 64976]

R0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2005-10-27 78336]

R0 viaraid;viaraid;c:\windows\system32\DRIVERS\viaraid.sys [2003-05-21 70272]

R2 FiberlinkMonitor;Fiberlink Monitor Service;c:\program files\Fiberlink\Extend360\WENGINE\wmonitor.exe [2005-09-08 69696]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2007-02-07 35840]

R2 Srv_RaboComm;Rabo Comm Server;c:\windows\system32\RaboCommSrv.exe [2007-07-10 393216]

R2 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [2008-04-29 186928]

R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2008-04-29 19248]

R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [2004-11-02 17536]

R3 gcapi20;Intelligent CAPI 2.0 driver;c:\windows\system32\DRIVERS\gcapi20.sys [2001-07-03 165328]

R3 gisdnwan;Intelligent ISDN WAN miniport;c:\windows\system32\DRIVERS\gisdnwan.sys [2002-02-11 54033]

R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\DRIVERS\uac4pdt.sys [2003-11-11 15232]

S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys [ ]

S3 ASUSHWIO;ASUSHWIO;c:\windows\system32\drivers\ASUSHWIO.sys [ ]

S3 Gisdnpnp;Intelligent ISDN PnP driver;c:\windows\system32\DRIVERS\gisdnpnp.sys [2002-02-04 78032]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys [2004-08-16 14472]

S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [ ]

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\windows\system32\PLCMPR5.SYS [ ]

.

Inhoud van de 'Gedeelde Taken' map
 

2008-11-03 c:\windows\Tasks\backup.job

- c:\windows\system32\ntbackup.exe [2008-04-14 18:03]

.

- - - - ORPHANS VERWIJDERD - - - -
 

HKLM-Run-LiveNote - livenote.exe
 
 

.

------- Bijkomende Scan -------

.

FireFox -: Profile - c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\66o46bys.default\

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npntrplugin.dll

FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - c:\windows\system32\NTR\npntrplugin.dll

.
 

**************************************************************************
 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-04 11:58:08

Windows 5.1.2600 Service Pack 3 NTFS
 

scannen van verborgen processen ...
 

scannen van verborgen autostart items ...
 

scannen van verborgen bestanden ...
 

Scan succesvol afgerond

verborgen bestanden: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msftesql]

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe

c:\windows\system32\CTSVCCDA.EXE

c:\windows\system32\Crypserv.exe

c:\program files\Creative\Shared Files\CTDevSrv.exe

c:\program files\Common Files\EPSON\EBAPI\eEBAgent.exe

c:\program files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Fiberlink\Extend360\ServiceMgr.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\progra~1\MICROS~4\rapimgr.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

c:\program files\hp\Digital Imaging\bin\hpqgalry.exe

c:\windows\system32\HPZinw12.exe

c:\windows\system32\searchprotocolhost.exe

c:\windows\system32\searchfilterhost.exe

c:\windows\system32\verclsid.exe

.

**************************************************************************

.

Voltooingstijd: 2008-11-04 12:01:18 - machine werd herstart

ComboFix-quarantined-files.txt  2008-11-04 11:01:13
 

Pre-Run: 103.262.072.832 bytes beschikbaar

Post-Run: 107,398,750,208 bytes beschikbaar
 

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
 

274	--- E O F ---	2008-10-28 14:39:53

Open in new window

0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Still researching your ComboFix log but surprised to find that inst.exe is a process which is registered as a trojan, according to the following article >

c:\documents and settings\Roger\Application Data\inst.exe

"inst.exe - inst process information":
http://www.liutilities.com/products/wintaskspro/processlibrary/inst/

Will continue to investigate, but meanwhile may i suggest you run the following scans.  If all three come up clean i'll have to re-think >

"Trend Micro's FREE online virus scanner":            
http://housecall.trendmicro.com/uk/

a-squared Free:
http://www.emsisoft.com/en/software/free/
 
Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>
http://www.kaspersky.co.uk/virusscanner

0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
roger,
Have double checked the inst.exe problem & have come to the same conclusion as before, it should be removed.   Have searched for but can see no other problematic entry.

If one of those three scanners does not remove the Trojan, we can re-run CombFix and apply a Script, as described in this Tutorial >

A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Now, open notepad and copy & paste this text into it, as shown between the lines >

===================

File::
c:\documents and settings\Roger\Application Data\inst.exe

===================


Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture in the tutorial above, drag the CFScript into ComboFix.exe

When finished, it should have produced a log for you at "C:\ComboFix.txt", and hopefully done the trick.
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
This is getting to be a very long thread.... so let's do a quick recap to make sure we're not going off on a tangent
  • You have one application that takes a very long time to launch
  • This occurred suddenly and has remained consistently slow since that time
  • All other applications on this PC seem launch normally
... is that about it?
If so, how many folks still think this phenomenon is related to malware?!?!
0
 

Author Comment

by:rogerberger
Comment Utility
Well,
Launching the app is not really much slower then  normal (it always was very slow to open). The problem is that it is slow to activate when I switch windows. The app is for my administration, so I want to copy/paste aa lot from outlook to this app. When I have selected some text in outlook and click on the app it seems to freeze for about 10 seconds. The manufacturer of the software havent't seen this problem before and doesn't know what the problem can be.
I will remove all malware on my compu offcourse, but I think too that the problem is somewhere else.

Roger
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
Let's dig a bit deeper...
  • Is the length of the delay associated with the size of the information being copied?
  • I presume that merely switching to/from the application (without doing a copy/paste) works as expected?
...ya know, I think we're getting some where!
0
 

Author Comment

by:rogerberger
Comment Utility
nope, without copy/pasting it's also slow.
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
If after removing the inst.exe file there is/was no improvement then i'm out of ideas for the moment ... best perhaps to follow graye's approach.
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
So, how do you "activate" the program?
  • Is it already launched, but just minimized, and all you do it click on the tray icon?
  • Or, do you launch it "from scratch"?
0
 

Author Comment

by:rogerberger
Comment Utility
I have a widescreen monitor and for example outlook and this program are situated next to each other. When I click on Outlook I can work instantly with it, but when I click on the program it freezes for about 10 seconds. After these 10 seconds I can use it normally again until I switch to outlook (or another app) again.
BTW. You can download a demo of the program here: http://www.snelstart.nl/download/SetupDemoSnelStart.exe
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
Actually, a bit for the source code would be more helpful
0
 

Author Comment

by:rogerberger
Comment Utility
I have no source code. It's a commercial program.
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
Ouch... that means we're running out of options.
I suspect you'll have to contact the vendor... perhaps they are aware and have an update
0
 

Author Comment

by:rogerberger
Comment Utility
I allready talked to them twice. Yhey say it's not a known problem, so it can't be in the program itself. I contacted them again on friday and on of their second line technicians will call me back on monday. I'll let you know. Thanks so far.

Roger
0
 

Accepted Solution

by:
rogerberger earned 0 total points
Comment Utility
OK guys,

Ik talked to the makers of the program yesterday and they couldn't find the problem either. So I used my morning to completely reinstall windows XP. Now the program is acting normally again. It is even reacting much faster as before. I think it was a problem in the registration of the problem.
I want to thank you all for helping.

Roger
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
You are very welcome.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now