I would be very grateful if someone could help me. I am new to the Forum and am afraid that I do not have a great deal of experience. I have a Sony Vaio PCG-Z1RSP laptop PC. For the last 11 months I have used McAffee Personal Firewall and McAffee Anti-virus and Internet Protection. I also use Ad-Aware. All products are kept scrupulously up-to-date. Previously I have used Norton Anti-virus. I have recently noticed that my computer has been acting strangely. The first indication was that the tray icon for McAffee firewall appeared to be activated and then deactivated on other occasions. I also recently had my old hard drive replacement with a new one. Reflect was used for the replacement process and it appeared to work well. Soon after, a tray icon appeared, from McAffee, indicating that I was not protected. McAffee resisted all attempts to fix the problem through the McAffee front end. I started to see some new files appearing when I made a routine clean with EasyCleaner. The new files were: SystemVolumeInformation\_restore{3CAC”750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP1\A0000043.old Each day new files based on this template appeared. I ran McAffee but found no infection. I ran the on-line Symantec virus scan and it indicated that: C:\windows|system32\afflb.dll was infected with Bloodhound.Overpacked. When I deactivated the System Restore the files: SystemVolume Information\_rstore{xxxxxxxxxxxxxxxxx}.old, disappeared. I went into Safe Mode and found that McAffee would not run. I now appreciate that AcAffee does not run in Safe Mode. I then downloaded AVG7.5 and ran in Safe Mode with System Restore active and deactivated. No infection was found. However, as soon as System Restore was activated the SystemVolume Information\_rstore{xxxxxxxxxxxxxxxxx}.old files returned. I ran Ad-Aware in normal and Safe Mode with System Restore active and deactivated. No infections were found. I installed ZoneAlarm and ran the anti-virus and anti-spyware, but without any result. I downloaded Spybot Search and Destroy and CCleaner. I ran both in Safe Mode with System Restore active and deactivated. I deleted everything found by both programs. I have also appended the most recent HJT file below. This was captured after running the above scanns. I also ran the Kaspersky on-line virus scan and have appended the results below HJT. After all of the scans the: SystemVolume Information\_rstore{xxxxxxxxxxxxxxxxx}.old files are still appearing and I am very concerned. I sincerely apologise, in advance, if this is a topic that has been addressed before. Can you please help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:29, on 06/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\ezSP_Px.exe C:\Program Files\Common Files\AOL\1132875776\ee\AOLSoftware.exe C:\Program Files\Macrium\Reflect\RefSched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AOL Companion\companion.exe c:\program files\common files\aol\1132875776\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe c:\program files\common files\aol\1132875776\ee\aolsoftware.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Pando Networks\Pando\pando.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Phil\Desktop\Sweep Clean\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132875776\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [hpppta] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe" /ICON O4 - HKLM\..\Run: [Reflect Scheduler] "C:\Program Files\Macrium\Reflect\RefSched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe (User 'Default user') O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-GB\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O17 - HKLM\System\CCS\Services\Tcpip\..\{131935AE-659A-4454-A441-B252626E6C3D}: NameServer = 192.168.1.1,4.2.2.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{94644C54-9D42-47ED-A3AA-134E9CE1B38F}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{131935AE-659A-4454-A441-B252626E6C3D}: NameServer = 192.168.1.1,4.2.2.2 O17 - HKLM\System\CS3\Services\Tcpip\..\{131935AE-659A-4454-A441-B252626E6C3D}: NameServer = 192.168.1.1,4.2.2.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: McAfee Application Installer Cleanup (0290471194348672) (0290471194348672mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\029047~1.EXE O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Macrium Reflect Scheduling Services (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12371 bytes Tuesday, November 06, 2007 4:43:53 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/11/2007 Kaspersky Anti-Virus database records: 452113 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ E:\ G:\ Scan Statistics Total number of scanned objects 88995 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 02:03:02 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9F954B29-5010-4DE3-B8D1-B3E55B2A53AF}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR7.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11062007-015816.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Phil\Application Data\MailFrontier\ASD.log Object is locked skipped C:\Documents and Settings\Phil\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Phil\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped C:\Documents and Settings\Phil\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Phil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Phil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Phil\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Phil\Local Settings\Temp\~DF7C91.tmp Object is locked skipped C:\Documents and Settings\Phil\Local Settings\Temp\~DFB7EF.tmp Object is locked skipped C:\Documents and Settings\Phil\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Phil\ntuser.dat Object is locked skipped C:\Documents and Settings\Phil\NTUSER.DAT.LOG Object is locked skipped C:\System Volume Information\38C.tmp Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP1\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\Internet Logs\YOUR-BIVIOSD2X9.ldb Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{5D854D02-8E49-4EE0-BA89-65FD7AEBFABB}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\mcmsc_8KLdaPxbJepdRcV Object is locked skipped C:\WINDOWS\Temp\mcmsc_JVdFMIHfFdaeRYo Object is locked skipped C:\WINDOWS\Temp\mcmsc_l5bpbyyhFhuSFq6 Object is locked skipped C:\WINDOWS\Temp\mcmsc_nTKYoELlujCkbf4 Object is locked skipped C:\WINDOWS\Temp\sqlite_ByfQRyvbnWB70VS Object is locked skipped C:\WINDOWS\Temp\sqlite_lAfMGo7tyvqREbu Object is locked skipped C:\WINDOWS\Temp\sqlite_SIvihbtAnuC4jmo Object is locked skipped C:\WINDOWS\Temp\sqlite_v5s2XmhCcgJdakv Object is locked skipped C:\WINDOWS\Temp\ZLT03aa7.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT03aab.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
As an addendum to the above posting, I have appended a PerfectDisk Drive Analysis that shows excess fragments. The fragments relate to SystemVolumeInformation. I hope that this may be helpful and hope to hear from you. Drive C:\ analyzed on 07/11/2007, 12:23:22 Drive HealthPerformance Indicator % Fragmented Number Excess Fragments File Fragmentation 0.2 186 2655 Directory Fragmentation 0.0 1 3 Performance Indicator Size Excess Fragments Page File Fragmentation 2.0 GB 0 Metadata 59.6 MB 0 MFT Fragmentation 195.3 MB 0 Largest Free Space 44.5 GB File Organization SummaryFile Type Number MB % of Drive Rarely Modified 83697 13139.6 MB 14 % Occasionally Modified 415 655.8 MB 1 % Recently Modified 4445 2620.5 MB 3 % Directory 5789 30.8 MB 0 % Boot 658 214.6 MB 0 % Excluded 10 3100.5 MB 3 % Free space outside the MFT Reserved zone N/A 63723.3 MB 67 % Free space inside the MFT Reserved zone N/A 11729.0 MB 12 % Total 95014 95214.1 MB 100 % List of the 100 most fragmented files and directories# of Fragments File Size in MB File/Directory Name 337 7.0 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001547.reg (337) 286 5.8 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001548.reg (286) 113 1.8 C:\Documents and Settings\Phil\Local Settings\Temp\~DF65A6.tmp 72 3.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001538.exe (72) 50 1.7 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001458.dll (50) 43 1.9 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001650.dll (43) 43 1.9 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001651.dll (43) 31 1.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001425.dll (31) 23 0.9 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001462.dll (23) 22 1.0 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP7\A0001775.dll (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001674.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001671.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP7\A0001746.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP7\A0001773.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001673.RDB (22) 22 0.9 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001599.exe (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP7\A0001748.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP7\A0001753.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP7\A0001752.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP7\A0001751.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001740.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001739.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001672.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001690.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001688.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001687.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001686.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001685.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001684.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001745.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001744.RDB (22) 22 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001683.RDB (22) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001526.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001525.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001524.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001523.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001522.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001521.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001520.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001519.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001507.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001625.RDB (21) 21 0.8 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001436.dll (21) 21 0.8 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001437.dll (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001605.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001644.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001497.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001496.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001517.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001633.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001627.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001649.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001637.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001636.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001635.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001624.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001629.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001619.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001621.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001475.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001504.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001503.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001634.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001630.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001670.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP5\A0001643.RDB (21) 21 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001604.RDB (21) 19 0.8 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001540.exe (19) 18 0.7 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001600.dll (18) 18 0.7 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001440.dll (18) 17 0.7 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001614.sys (17) 17 0.7 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001412.dll (17) 17 0.7 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001481.dll (17) 16 0.5 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001532.nfo (16) 15 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001439.exe (15) 13 0.5 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001492.dll (13) 13 0.5 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001461.dll (13) 13 0.6 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001445.dll (13) 12 0.5 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001736.dll (12) 11 0.5 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001743.dll (11) 11 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001597.exe (11) 11 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001451.dll (11) 10 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001539.exe (10) 10 0.1 C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\MISP\mcupdmgr\mcupdmgr001.log 10 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001415.dll (10) 10 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001537.dll (10) 10 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP7\A0001774.ocx (10) 9 0.2 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001414.dll (9) 9 0.4 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001613.sys (9) 8 0.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001536.exe (8) 8 0.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001422.dll (8) 8 0.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001455.dll (8) 8 0.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001479.dll (8) 7 0.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001434.dll (7) 7 0.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001545.exe (7) 7 0.3 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP4\A0001541.exe (7) 7 0.2 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001476.sys (7) 6 0.2 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP6\A0001732.exe (6) 6 0.2 C:\System Volume Information\_restore{3CAC2750-5E56-4BC4-8F7A-D6A13E7F81B4}\RP3\A0001453.dll (6) 6 0.1 C:\Documents and Settings\Phil\Local Settings\Temporary Internet Files\Content.IE5\index.dat List of Excluded Files (Directories not included)Reason File Name (Directories Not Included) Excess Fragments Metadata file C:\$MFT::$BITMAP 0 Metadata file C:\$MFTMirr 0 Metadata file C:\$LogFile 0 Metadata file C:\$Volume 0 Metadata file C:\$Bitmap 0 Metadata file C:\$Boot 0 Metadata file C:\$BadClus:$Bad 0 Metadata file C:\$Extend\$UsnJrnl:$J 0 Access denied C:\hiberfil.sys 0 Access denied C:\pagefile.sys 0 File Type File Type Size Percentage Number Graphic 1443.5 MB 19 % 6622 Music 69.7 MB 0 % 341 Program 4679.1 MB 63 % 15557 Temporary 13.0 MB 0 % 20 Text 901.6 MB 12 % 7160 Video 237.4 MB 3 % 55
You can get rid of all the system restore files by simply turning the system restore option off and then back on. This dumps all the previous files.But since you are having a problem i would be careful in doing so since the option to go back will not be there in case you want to go back before the dump.
