Author Topic: System Stall - Email Scan  (Read 2396 times)

0 Members and 1 Guest are viewing this topic.

Offline dcbevins

  • Newbie
  • *
  • Posts: 3
System Stall - Email Scan
« on: April 24, 2007, 02:14:28 PM »
Hello all,

I am trying to fix an annoying problem.  Periodically, when I try to launch a program, (double click icon), the system will stall, taking around 5 minutes to open the programs window.  When this happens, CTRL ALT DEL will not pull up task manager.  If an application is already running, it seems to work normally.  I have left Process Explorer, (a beefed up task manager), running.  It doesn't show any overtly suspicious tasks running.  System Idle Processes is using most of the CPU during this hang.  Applications I launch appear in the task list, but seem to take up to 5 minutes to create a window.

I have noticed that a mail scanner icon will appear in the system tray.  I use web based email, no pop3.

A hover over the mail scanner icon shows a Google address.

This is suspicious.  I wonder if the system stall and the suspicious mail activity are related.  In any event the mail activity should not be occurring.  Here is a copy of aswMaiSv.log. 

On a side note, my computer was taking some time to load apps at start up and show icons in the system tray.  Sometimes I would get a Winlogin.exe error on boot on the Welcome screen.  Powering down for a few minutes the error would go away.  Now I use the Classic logon and no winlogin.exe error and the system loads faster.

P4 3.2 Dell 1GB Ram  10k RPM 74GB Main Drive  Geoforce 6800  XP SP2 all recomended Windows Updates  Avast Home  Spybot Search and Destroy  True Sword (search only)  Windows Defender  Hijack  RootkitRevealer 

Any insights would be appreciated.


04/24/07 07:38:08 00000AC0:   Started as service, Log = 20
04/24/07 07:38:08 00000AC0:   Build 4.7.942
04/24/07 07:38:08 00000AC0:   Windows XP Workstation (Service Pack 2)
04/24/07 07:38:08 00000AC0:   Using WinSock 2.0
04/24/07 07:38:08 00000AC0:   PID = 2680
04/24/07 07:38:08 00000AC0:   AutoRedirect settings changed 1
04/24/07 07:38:09 00000AC0:   IgnoreAddress set
04/24/07 07:38:09 00000AC0:   IgnoreAddress set 212.26.219.158:119,70.86.176.98:119
04/24/07 07:38:09 00000AC0:   IgnoreProcess set
04/24/07 07:38:09 00000AC0:   IgnoreProcess set avast.setup,winroute.exe,ccEvtMgr.exe,ccPxySvc.exe,ccProxy.exe,ccApp.exe,ccPwdSvc.exe,ccSetMgr.exe,ccLgView.exe,SMPROXY.EXE,isafe.exe,TMPROXY.EXE,EMULE.EXE,WEBPROXY.EXE,NAVAPW32.EXE,SYMPROXYSVC.EXE,NETMONSV.EXE,CRAXY.EXE,CZDCPlusPlus.exe,ABC.EXE,mpftray.exe,bitcomet.exe,V3P3AT.EXE,ypager.exe,utorrent.exe,wcescomm.exe,tor.exe
04/24/07 07:38:09 00000AC0:   IgnoreProcess set avgemc.exe
04/24/07 07:38:09 00000AC0:   POP Start settings changed: 1
04/24/07 07:38:09 00000AC0:   POP Listen settings changed: 127.0.0.1 12110
04/24/07 07:38:09 00000AC0:   POP Listening daemon starting
04/24/07 07:38:09 00000AC0:   POP Listen handler: 0x00000BA4
04/24/07 07:38:09 00000AC0:   POP RedirectPort: 110
04/24/07 07:38:09 00000AC0:   Redirect set 110->127.0.0.1:12110
04/24/07 07:38:09 00000AC0:   POP Listening daemon started
04/24/07 07:38:09 00000AC0:   SMTP Start settings changed: 1
04/24/07 07:38:09 00000AC0:   SMTP Listen settings changed: 127.0.0.1 12025
04/24/07 07:38:09 00000AC0:   SMTP Listening daemon starting
04/24/07 07:38:09 00000AC0:   SMTP Listen handler: 0x00000BA8
04/24/07 07:38:09 00000AC0:   SMTP RedirectPort: 25
04/24/07 07:38:09 00000AC0:   Redirect set 25->127.0.0.1:12025
04/24/07 07:38:09 00000AC0:   SMTP Listening daemon started
04/24/07 07:38:09 00000AC0:   IMAP Start settings changed: 1
04/24/07 07:38:09 00000AC0:   IMAP Listen settings changed: 127.0.0.1 12143
04/24/07 07:38:09 00000AC0:   IMAP Listening daemon starting
04/24/07 07:38:09 00000AC0:   IMAP Listen handler: 0x00000BAC
04/24/07 07:38:09 00000AC0:   IMAP RedirectPort: 143
04/24/07 07:38:09 00000AC0:   Redirect set 143->127.0.0.1:12143
04/24/07 07:38:09 00000AC0:   IMAP Listening daemon started
04/24/07 07:38:09 00000AC0:   NNTP Start settings changed: 1
04/24/07 07:38:09 00000AC0:   NNTP Listen settings changed: 127.0.0.1 12119
04/24/07 07:38:09 00000AC0:   NNTP Listening daemon starting
04/24/07 07:38:09 00000AC0:   NNTP Listen handler: 0x00000BB4
04/24/07 07:38:09 00000AC0:   NNTP RedirectPort: 119
04/24/07 07:38:09 00000AC0:   Redirect set 119->127.0.0.1:12119
04/24/07 07:38:09 00000AC0:   NNTP Listening daemon started
04/24/07 07:38:09 00000AC0:   Ignored PIDs: 2756 2680
04/24/07 07:38:09 00000AC0:   Ignored Addresses: 72.3.135.203:80 193.243.128.78:80 193.243.128.76:80 62.132.1.234:80 204.58.27.60:80 204.58.27.58:80 204.58.27.57:80 204.58.27.51:80 204.58.27.50:80 204.58.27.49:80 204.58.27.43:80 204.58.27.42:80 204.58.27.41:80 204.58.27.35:80 204.58.27.34:80 204.58.27.33:80 198.200.173.74:80 198.200.173.139:80 70.86.176.98:119 212.26.219.158:119 127.0.0.1:80
04/24/07 07:38:09 00000AC0:   Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe tor.exe wcescomm.exe utorrent.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup
04/24/07 07:39:57 00000BA8:   SMTP accept connection from: 127.0.0.1
04/24/07 07:39:57 00000BA8:   Connection handler: 00000934 (488)
04/24/07 07:39:57 00000934:   Ignored PIDs: 2756 2680
04/24/07 07:39:57 00000934:   Ignored Addresses: 72.3.135.203:80 193.243.128.78:80 193.243.128.76:80 62.132.1.234:80 204.58.27.60:80 204.58.27.58:80 204.58.27.57:80 204.58.27.51:80 204.58.27.50:80 204.58.27.49:80 204.58.27.43:80 204.58.27.42:80 204.58.27.41:80 204.58.27.35:80 204.58.27.34:80 204.58.27.33:80 198.200.173.74:80 198.200.173.139:80 70.86.176.98:119 212.26.219.158:119 127.0.0.1:80
04/24/07 07:39:57 00000934:   Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe tor.exe wcescomm.exe utorrent.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup
04/24/07 07:39:57 00000934:   --SMTP command REDIRECT 216.239.57.25:25 1340
04/24/07 07:39:57 00000934:   PATH: \Device\HarddiskVolume2\WINDOWS\system32\svchost.exe
04/24/07 07:39:57 00000934:   Connected to SMTP server 216.239.57.25 25 (508)
04/24/07 07:39:59 00000934:   received 27 (508)
04/24/07 07:39:59 00000934:   <-SMTP 220 smtp.google.com ESMTP
04/24/07 07:39:59 00000934:   sent 27 (488)
04/24/07 07:40:02 00000934:   RecvTimeout error 10054 (488)
04/24/07 07:40:02 00000934:   --SMTP Finishing connection handler
04/24/07 07:40:02 00000BA8:   SMTP accept connection from: 127.0.0.1
04/24/07 07:40:02 00000BA8:   Connection handler: 00000948 (520)
04/24/07 07:40:02 00000948:   Ignored PIDs: 2756 2680
04/24/07 07:40:02 00000948:   Ignored Addresses: 72.3.135.203:80 193.243.128.78:80 193.243.128.76:80 62.132.1.234:80 204.58.27.60:80 204.58.27.58:80 204.58.27.57:80 204.58.27.51:80 204.58.27.50:80 204.58.27.49:80 204.58.27.43:80 204.58.27.42:80 204.58.27.41:80 204.58.27.35:80 204.58.27.34:80 204.58.27.33:80 198.200.173.74:80 198.200.173.139:80 70.86.176.98:119 212.26.219.158:119 127.0.0.1:80
04/24/07 07:40:02 00000948:   Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe tor.exe wcescomm.exe utorrent.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup
04/24/07 07:40:02 00000948:   --SMTP command REDIRECT 131.107.115.212:25 1340
04/24/07 07:40:02 00000948:   PATH: \Device\HarddiskVolume2\WINDOWS\system32\svchost.exe
04/24/07 07:40:02 00000948:   Connected to SMTP server 131.107.115.212 25 (512)
04/24/07 07:40:03 00000948:   received 96 (512)
04/24/07 07:40:03 00000948:   <-SMTP 220 mail01.microsoft.com Microsoft ESMTP MAIL Service ready at Tue, 24 Apr 2007 04:40:04 -0700
04/24/07 07:40:03 00000948:   sent 96 (520)
04/24/07 07:40:07 00000948:   RecvTimeout error 10054 (520)
04/24/07 07:40:07 00000948:   --SMTP Finishing connection handler



Thanks,


dcbevins