I'm running Windows 8.1 x64 so couldn't get a DDS log for this topic.
After receiving a large overage charge from my ISP I began closely monitoring my bandwidth usage. After much diagnosing, it's been concluded that the Background Intelligent Transfer Service (BITS) is often times throughout the day connecting to various IP addresses within my ISP's subnet, i.e. 18.104.22.168, 22.214.171.124, and maxing out the WAN connection to my LAN IP address and downloading approx. 1 GB of data before disconnecting. It would do this several times a day but I cannot determine what it could possibly be downloading so much data for. I originally placed a rule on the firewall to block this traffic before determining the cause to be the BITS service and have since stopped this service. I don't feel this should be necesssary.
Is it possible something malicious is utilizing this service to download large amounts of useless data? I did run MBAM and it found:
C:\$Recycle.Bin\S-1-5-21-4181669693-3579785937-3997762063-1626\$R3PVWCT.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-4181669693-3579785937-3997762063-1626\$RA047A6.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\mlp\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> No action taken.
C:\Users\mlp\AppData\Local\Temp\nse773E.tmp (PUP.Optional.Somoto) -> No action taken.
C:\Users\mlp\Local Settings\Temporary Internet Files\IE\54J3TUEN\BiTool.dll (PUP.Optional.Somoto) -> No action taken.
C:\Users\mlp\Local Settings\Temporary Internet Files\IE\54J3TUEN\setup.exe (PUP.Optional.Somoto) -> No action taken.
All of which I removed and future scans have resulted in nothing.
I scanned with TDSSKiller, RogueKiller, and AVG Free -- each of which had no results.
I tried quick scanning with aswMBR but it consistently crashes when it reaches service c2wts.
Thanks in advance