For some recent time, when I plug-in the USB device (stick or external disk) on my ThinkPad (R51, 1 GB RAM, XP PRO SP3, Avast Free Antivirus version 6.0.1203) I see an excessive I/O activity. The regular USB plug-in functions and introduction of the device to be shown in Windows Explorer are finished in regular timeframe; after that the I/O activities continue for about further 30+ seconds and then everything is eventually over. Most of that time the total CPU is not higher than 5-10 %, but Process Explorer seems locked, perhaps because operations are going on in privileged mode, so I couldn’t monitor the real-time figures in Process Explorer and I used Performance Monitor instead.

The similar case I have when I plug-out that device via “Safely Remove Hardware” tool: in expected time the device disappears from Explorer’s list, there appears the balloon message that the device is free and safe to detach, but I/O activities proceed further for about next 30+ seconds.

As I could find out so far, it seems to me that these I/Os are mainly of categories “I/O Others” and “Page Faults”, belonging to process Windows Explorer.

In the very same testing on other two laptops (Toshiba, Compaq), everything was absolutely normal. So, what this might have to do with Avast? Sincerely, I don’t know - maybe nothing, maybe much. Namely, if I stop the real-time shields via Avast shields control option (context menu of Avast icon in system tray), plug-in and plug-out operations are performed in a quite normal manner, i.e. quick and without this excessive I/Os!!! Therefore, I can suppose that Avast might not be the culprit; perhaps it’s just initiating some normal requests, but Windows Explorer or some other part is malfunctioning. I am not able to make the final conclusion, but knowing that Avast actually had some issues with regard to USB devices and “Safely Remove Hardware” routine, I just think it wouldn’t be too big surprise there to still remain some unresolved points though.

Besides, I must mention that Avast Boot-time scan, MalwareBites and RootkitRevealer found nothing relevant. Tried also in Avast to exclude sandbox option, as well as to exclude real-time shields one-by-one via Avast interface – but all that to no avail.

Of course, finally I must admit that so far the consequences of such a behavior are not serious at all, but still I’d like to clarify the cause, not only because it’s annoying, but potentially it might be a sign of something bigger what I am not able to reach. Therefore, what I would like mostly to know at the moment is the process and role of Avast in plug-in/plug-out operations, and, of course, does anybody have such an experience or see any relation here.

Thanks a lot for any help.