avast service internet comunication

I started to have problem with uncontroled download and upload from my IP and I installed PC Tools Firewall Plus. Among others he shows me internet comunication of Avast antivirus and something called Avast service. Avast service is constantly downloading something at rate of approx 250 MB per day. This to much in any case, I don’t know what is it, but I do know it is not update.

What is it, can I limit its work or disable it?

How does that compare with your other downloads ? I think you are looking at webshield here as everything you download goes through webshield for scanning. So every web page and download you do will be recorded as belonging to Avast

I don’t have any downloads at all. I am talking what computer is turned on without any programs, downloads, updates or similar things started. If it is something that goes through Avast and how can I stop this?

Avast itself will only initiate a connection for updates, and they are in the order of Kilobytes

You may have something on your system

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/ASWMbr1.gif

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/ASWMbr2.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Click on Minimal Output at the top
[*]Click on Scan all users
[*]Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select “Save”
[*]Double click inside the Custom Scan box at the bottom
[*]A window will appear saying “Click Ok to load a custom scan from a file or Cancel to cancel”
[*]Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
[*]Select scan.txt and click Open. Writing will now appear under the Custom Scan box
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link for second download is not ok. Can you check?

THEN
Download OTL[/url] to your Desktop

Fixed the link should work now :-[

aswMBR version 0.9.3 Copyright(c) 2011 avast! Software
Run date: 2011-03-04 21:42:25

21:42:25.859 OS Version: Windows 5.1.2600 Service Pack 2
21:42:25.859 Number of processors: 1 586 0x801
21:42:25.859 ComputerName: ABIT-NF7 UserName: Dragomir
21:42:38.406 Initialize success
21:43:08.421 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\00000065
21:43:08.421 Disk 0 Vendor: Maxtor_6Y120P0 YAR41BW0 Size: 117246MB BusType: 3
21:43:08.421 Disk 1 \Device\Harddisk1\DR1 → \Device\00000067
21:43:08.437 Disk 1 Vendor: WDC_WD1600AAJS-00L7A0 01.03E01 Size: 152627MB BusType: 3
21:43:08.437 Disk 2 \Device\Harddisk2\DR6 → \Device\00000071
21:43:08.437 Disk 2 Vendor: StoreJet Size: 305245MB BusType: 7
21:43:08.453 Disk 0 MBR read successfully
21:43:08.453 Disk 0 MBR scan
21:43:08.453 Disk 0 scanning sectors +240091425
21:43:08.484 Disk 0 scanning C:\WINDOWS\system32\drivers
21:43:11.921 Service scanning
21:43:13.265 Disk 0 trace - called modules:
21:43:13.296 ntoskrnl.exe CLASSPNP.SYS disk.sys nvatabus.sys hal.dll
21:43:13.296 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x866cb030]
21:43:13.296 3 CLASSPNP.SYS[f787005b] → nt!IofCallDriver → \Device\00000065[0x867c7030]
21:43:13.312 Scan finished successfully

I attached all scan logs

It appears you may have used an infected USB at some stage, however, I can see nothing that would explain all the traffic. Apart from IE being allowed to accept info delivery so I will close that

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O33 - MountPoints2\{be3f970b-8a6c-11df-abae-ab118cf26dd9}\Shell\Explore\Command - "" = WScript.exe .\6942.vbs O33 - MountPoints2\{be3f970b-8a6c-11df-abae-ab118cf26dd9}\Shell\Open\Command - "" = WScript.exe .\6942.vbs

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[
]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

here is fix log

Did MBAM reveal anything ?

found something. how serious is it?

Not serious at all

Are you still getting the high downloads ?

still same rate of download.

Ok lets put the big boy onto the case - by the way you are still at XP SP 2

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

left it to work for a few hours. Everything is ok for now. Essexboy, thanks for your help.

They need to read this.
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31