I am looking for an app that can monitor my C: (system) drive and find which program is creating a folder, with the rather generic name TEMP1\, on that drive.
I wouldn't mind if it could hook the creation of files too – as there a couple of files created as well (quite probably from another process). Google does not help me, as the names of those files are a bit generic too (not as TEMP1 though – dvmaccounts.ini and dvmexp.idx).
The problem is that every time I delete those, they are recreated on startup, so the utility I'm searching must start up on boot and also start fast. It should also be really clever, as my C: drive is huge.
Answer
You can use Process Monitor, free from Microsoft, to do that. Set filter inside the Process Monitor to this folder, and it will show you when/if it is accessed:
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
If you think this folder is being accessed only during the boot process, you can enable boot logging by selecting the corresponding menu point under Options. When you boot Windows the next time, Process Monitor will log all system activity into a log file, which can be reviewed at a later time. You'll really need to enter a restrictive filter, otherwise your boot time will be really long.
No comments:
Post a Comment