There's a bunch of problems with that procedure. Start with these two blog posts:
http://sqlinthewild.co.za/index.php/2009/03/19/catch-all-queries/
http://sqlinthewild.co.za/index.php/2008/05/22/parameter-sniffing-pt-3/
Fixing those two problems should help a lot.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability