How can I find out which program creates a file/folder in my C: drive?

I am looking for an app that can monitor my C: (system) drive and find which program is creating a folder, with the rather generic name TEMP1\, on that drive.

I wouldn't mind if it could hook the creation of files too – as there a couple of files created as well (quite probably from another process). Google does not help me, as the names of those files are a bit generic too (not as TEMP1 though – dvmaccounts.ini and dvmexp.idx).

The problem is that every time I delete those, they are recreated on startup, so the utility I'm searching must start up on boot and also start fast. It should also be really clever, as my C: drive is huge.

Mr_and_Mrs_D

Posted 2011-10-20T21:47:30.133

Reputation: 666

Why are you even worried about it? You do know that some programs actually need to create some files to work properly (even if they're improperly designed)? – slhck – 2011-10-20T21:56:33.427

1@slhck : The edits you made are actually cutting out info - please revert. Not : for example TEMP1 - TEMP1, which means google is no help. And I am not (very - I have a couple of reasons to be) worried - rather curious. The folder is always empty btw. And admittedly I hate people dumping stuff fin my c: drive – Mr_and_Mrs_D – 2011-10-20T22:05:23.200

I didn't quite understand, but does it make more sense now? I reverted the sentence to what you originally wrote. Please change as necessary. Sorry if it lost some info. – slhck – 2011-10-20T22:07:13.720

2Related for Mac visitors: http://superuser.com/questions/69682/find-out-which-app-created-a-file – Tamara Wijsman – 2011-10-20T22:12:24.593

2Related for Linux Visitors: http://superuser.com/questions/155299/finding-out-why-how-a-folder-is-being-created :) – Ƭᴇcʜιᴇ007 – 2011-10-20T23:47:38.440

.ini files are usually human-readable plain text files -- what's inside "dvmaccounts.ini"? – Ƭᴇcʜιᴇ007 – 2011-10-20T23:54:19.583

Answers

You can use Process Monitor, free from Microsoft, to do that. Set filter inside the Process Monitor to this folder, and it will show you when/if it is accessed:

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.

If you think this folder is being accessed only during the boot process, you can enable boot logging by selecting the corresponding menu point under Options. When you boot Windows the next time, Process Monitor will log all system activity into a log file, which can be reviewed at a later time. You'll really need to enter a restrictive filter, otherwise your boot time will be really long.

haimg

Posted 2011-10-20T21:47:30.133

Reputation: 19 503

1Hmm - I know about process monitor - I will try that - still I would like to have an app that boots with windows - cause I have the impression the folder is not being actually used. – Mr_and_Mrs_D – 2011-10-20T23:06:44.217

1Added info about boot logging. – haimg – 2011-10-20T23:25:55.033

Ahh - this - will be trying this on next reboot and let you know - I left PM open all night - my paging file exploded - I woke up with 4 kb in my c:\ lol - TEMP1 was not accessed though – Mr_and_Mrs_D – 2011-10-21T08:33:19.127

Ok - the temp1 folder disappeared but thanks to PM I found where those files were coming from - DVMExportService.exe fromour beloved ASUS - marked – Mr_and_Mrs_D – 2011-10-22T21:31:34.390

Don't delete the folder. Change permissions so that only a specific account (different than the one you normally use) has access to the folder. That ought to throw a wrench in whatever processes is doing this, hopefully allowing you to catch it.

Joel Coehoorn

Posted 2011-10-20T21:47:30.133

Reputation: 26 787

I might try this on next startup - still the folder is always empty - might be kind of a placeholder ? moreover I do need an app that can monitor and log dir/file creation - and I have already searched and tried and I have not one really up to the task – Mr_and_Mrs_D – 2011-10-20T22:07:15.990