I tired a few things on my end and no matter what the second avastui.exe connection in TCPView shows w2k325j.hosttalks.net.
Now it get really weird. Whois.net domain name lookup for w2k325j.hosttalks.net yields an IP address of 128.252.54.18?
Tracert of 128.252.54.18 yields a college endpoint - very suspect.
C:\Users\Don>tracert 128.252.54.18
Tracing route to ACCT-018131.nts.wustl.edu [128.252.54.18]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.254
2 26 ms 25 ms 26 ms adsl-98-91-36-1.chs.bellsouth.net [98.91. - me -
3 36 ms 36 ms 35 ms 72.157.38.17
4 36 ms 35 ms 35 ms 72.157.38.53
5 36 ms 36 ms 56 ms 12.81.68.48
6 35 ms 35 ms 39 ms 12.81.68.24
7 41 ms 35 ms 38 ms ixc00jan-5-1-1.bellsouth.net [65.83.237.87] -
? -
8 36 ms 35 ms 35 ms 12.81.98.30
9 35 ms 35 ms 73 ms 12.81.104.73
10 35 ms 35 ms 36 ms 12.81.100.4
11 36 ms 35 ms 35 ms 12.81.104.56
12 35 ms 35 ms 34 ms 12.81.56.61
13 101 ms 69 ms 35 ms 65.83.238.190
14 46 ms 45 ms 45 ms cr2.rlgnc.ip.att.net [12.123.152.110]
15 49 ms 47 ms 47 ms cr1.wswdc.ip.att.net [12.122.3.170]
16 44 ms 44 ms 44 ms 12.122.135.165
17 46 ms 45 ms 45 ms 192.205.37.106
18 50 ms 45 ms 46 ms te0-4-0-1.mpd22.dca01.atlas.cogentco.com [15
.41.249]
19 66 ms 64 ms 65 ms te0-2-0-4.mpd22.ord01.atlas.cogentco.com [15
.40.242]
20 66 ms 65 ms 65 ms te0-1-0-0.ccr22.ord01.atlas.cogentco.com [15
.6.178]
21 72 ms 72 ms 72 ms te3-2.ccr01.stl03.atlas.cogentco.com [154.54
30]
22 * * * Request timed out.
23 * * * Request timed out.
I have had no previous problems with using the Whois function in TCPView.
This sure smells like some type of DNS rebind to me.
In any event I found a solution - block outbound on avastui.exe.
