Disk access to Virtual Store folder for no reason?

[Carbonyl]

Hi everyone. I've just got a quick question that's been bothering me for a while. Recently I've noticed some bizarre activity in Win 7 Professional. I run ESET NOD32 v4, and it shows a 'current activity' readout that displays whatever file is being scanned, and thus currently being accessed by the OS or a program. I was watching it while my system was idle, and suddenly it started to scan through the Virtual Store directory. Specifically, it starting to scan through all of my old IM logs from a legacy IM client (Trillian). Now, I haven't even opened that IM client in a week, and the logs it was scanning were over three months old and haven't been altered since.

I ran a scan with NOD 32 v4, Windows Defender, and MalwareBytes antimalware. All of these came back clean with no infections/intrusions detected... But I can't think of any reason why three-month old files from a program that hasn't been run in a week would be accessed at all, other than a rootkit virus or something hidden poking through my personal correspondence.

Is there some reason that Win 7 might be accessing these file for some other purpose? I don't have automatic backups set up, and it looked pretty specific that the disk activity leafed through that specific folder and then stopped dead without looking at anything else.

Any advice would be appreciated. Thanks.

 

[kegobeer]

What application was scanning the logs?

 

[Carbonyl]

I wasn't able to tell. My attention was on NOD at the time, and NOD doesn't list the program doing the accessing, unfortunately. I had process explorer open at the same time, so if I'm going to judge by CPU usage, the only other program that was using any cycles at that time was an instance of svchost.exe. I think. I'm not positive about that.

Periodically when my system is idle, I'll hear the disk scanning or seeking (just the normal chugging sound you hear when disk access is going on), but process explorer will show every program completely idle - so I'm not sure if something 'hidden' is accessing the disk.

 

[kegobeer]

How old is your Windows 7 installation?

 

[logicearth]

It could have been the disk defragmentation moving the files away from the inner edge.

 

[infested999]

Could by the search engine indexing the text files so when you search for them you will find them quicker...

 

[Carbonyl]

The Win 7 Pro installation is roughly two months old at this point.

Also, I'm inclined to think that it's not the search indexer - usually when the indexer is running and indexing actively it has two daughter processes going. This time, not only were there no daughter processes for the Search Indexer task, but it also wasn't using any CPU. Defragmentation might be a possibility, but the defrag program certainly didn't pop up - I've seen that happen before when idling, and this certainly didn't happen, unless svchost was running defrag directly without launching a daughter process.