How To Determine Which Program Generated A File?

Enigma

New Member
Member
Messages
182
Location
Portland, Oregon, USA
I've had this problem for awhile, finding strange but not necessarily harmful files, and wondering which program created them, so I can determine if they're safe to delete. I've tried Googling the file extensions, sometimes it yields answers, sometimes not. I'm guessing I would have to install a program that monitors/records all files written to the HDD. Unless there is another way.

Anyone know?
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64, Windows Server 2012 R2 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo G700
    CPU
    Intel Core i7-3632QM, 2.20 GHz
    Motherboard
    Lenovo
    Memory
    6 GB DDR3
    Graphics Card(s)
    NVIDIA 720M, Intel HD 4000
    Monitor(s) Displays
    1 monitor
    Screen Resolution
    1600x900 (max)
    Hard Drives
    1 TB HDD (5400 RPM), 1.5 TB HDD (5400 RPM) installed in a 12.7mm disc drive caddy
    Case
    Lenovo
    Keyboard
    Lenovo
    Mouse
    Laptop/notebook keyboard/touchpad
    Internet Speed
    It varies, since I'm mobile most of the time
    Browser
    Chromium (the open-source browser which Google Chrome is derived from)
    Antivirus
    Kaspersky, Malwarebytes, Spybot, Privatefirewall
    Other Info
    I will add more information here later
If you Right click on a file and then Left Click "properties" that may tell you.
 

My Computer

System One

  • OS
    Win 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    i7 6700K
    Motherboard
    ASUS ROG Maximus VIII Hero
    Memory
    16 Gb G Skill TridentZ DDR4 3400
    Graphics Card(s)
    Intel (i7 CPU)
    Sound Card
    RealTek Integrated
    Monitor(s) Displays
    27" Dell SE2717HR
    Screen Resolution
    1920X1080
    Hard Drives
    500GB Samsung 850 SSD, 3TB for backups
    PSU
    EVGA Supernova 750 G2
    Case
    BeQuiet Silent Base 600
    Cooling
    Deepcool Captain 120EX
    Keyboard
    Microsoft Wireless
    Mouse
    Logitech wireless
    Internet Speed
    Cable - 100MB Downlink
    Browser
    Edge/Firefox
    Antivirus
    Microsoft
    Other Info
    Sonar Platinum 64 bit recording studio software with MOTU 896Mk3 Hybrid recording interface unit.

My Computer

System One

  • OS
    Windows 8 Pro x64
    Computer type
    Laptop
    System Manufacturer/Model
    HP Pavilion dv7t (17.3'', i7-2630QM, HD 6770M 1Gb, 8Gb RAM, 2 SSD@120Gb + 1 HDD@750Gb)
Sometimes you can find this out in Event Viewer as well, if a process creates a file, it should say that in the events.

Do you have Pro Tools installed? Pro Tools uses a Licensing method which generates a bunch of files in your AppData folders - If they are a bunch of randomized letters and numbers, you can generally delete these. But Pro Tools from version 8 up, creates these due to the PACE licensing. Other Production Programs use something similar, possibly AutoDesk and maybe even Adobe.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.
Process Monitor

File properties generally don't reveal the program, so set filter by path in Process Monitor and catch it in action.

Agreed.
Process Monitor is a useful tool.

IMO, the SysInternals tools are better than the built-in Windows tools (e.g. Process Explorer).
 

My Computer

System One

  • OS
    Windows 7 Ultimate SP1 (64 bit), Linux Mint 18.3 MATE (64 bit)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    n/a
    CPU
    AMD Phenom II x6 1055T, 2.8 GHz
    Motherboard
    ASRock 880GMH-LE/USB3
    Memory
    8GB DDR3 1333 G-Skill Ares F3-1333C9D-8GAO (4GB x 2)
    Graphics Card(s)
    ATI Radeon HD6450
    Sound Card
    Realtek?
    Monitor(s) Displays
    Samsung S23B350
    Screen Resolution
    1920x1080
    Hard Drives
    Western Digital 1.5 TB (SATA), Western Digital 2 TB (SATA), Western Digital 3 TB (SATA)
    Case
    Tower
    Mouse
    Wired Optical
    Other Info
    Linux Mint 16 MATE (64 bit) replaced with Linux Mint 17 MATE (64 bit) - 2014-05-17
    Linux Mint 14 MATE (64 bit) replaced with Linux Mint 16 MATE (64 bit) - 2013-11-13
    Ubuntu 10.04 (64 bit) replaced with Linux Mint 14 MATE (64 bit) - 2013-01-14
    RAM & Graphics Card Upgraded - 2013-01-13
    Monitor Upgraded - 2012-04-20
    System Upgraded - 2011-05-21, 2010-07-14
    HDD Upgraded - 2010-08-11, 2011-08-24,
I don't like that it totally takes over Task Manager once you start it though.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.
I don't understand

I don't like that it totally takes over Task Manager once you start it though.

Sorry?

Do you mean Process Explorer?
You have to choose the "Replace" option for that to happen.

I can run both at the same time (Task Manager and Process Explorer).
 

Attachments

  • PE & TM.png
    PE & TM.png
    74.2 KB · Views: 139

My Computer

System One

  • OS
    Windows 7 Ultimate SP1 (64 bit), Linux Mint 18.3 MATE (64 bit)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    n/a
    CPU
    AMD Phenom II x6 1055T, 2.8 GHz
    Motherboard
    ASRock 880GMH-LE/USB3
    Memory
    8GB DDR3 1333 G-Skill Ares F3-1333C9D-8GAO (4GB x 2)
    Graphics Card(s)
    ATI Radeon HD6450
    Sound Card
    Realtek?
    Monitor(s) Displays
    Samsung S23B350
    Screen Resolution
    1920x1080
    Hard Drives
    Western Digital 1.5 TB (SATA), Western Digital 2 TB (SATA), Western Digital 3 TB (SATA)
    Case
    Tower
    Mouse
    Wired Optical
    Other Info
    Linux Mint 16 MATE (64 bit) replaced with Linux Mint 17 MATE (64 bit) - 2014-05-17
    Linux Mint 14 MATE (64 bit) replaced with Linux Mint 16 MATE (64 bit) - 2013-11-13
    Ubuntu 10.04 (64 bit) replaced with Linux Mint 14 MATE (64 bit) - 2013-01-14
    RAM & Graphics Card Upgraded - 2013-01-13
    Monitor Upgraded - 2012-04-20
    System Upgraded - 2011-05-21, 2010-07-14
    HDD Upgraded - 2010-08-11, 2011-08-24,
No, I swear it took over my task manager- Without me telling it too. I Opened it and shut it. Then I tried to open Task Manager later from the taskbar, and Process Explorer came up.

It runs a TSR.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.
Weird

Since I'm in Linux Mint right now, here is a screenshot from a W7 VM.
There is an option in the Options menu that allows you to replace Task Manager.
Even if you choose that option, Task Manager should return when you uncheck it (it did for me when I tried it a few years ago).
 

My Computer

System One

  • OS
    Windows 7 Ultimate SP1 (64 bit), Linux Mint 18.3 MATE (64 bit)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    n/a
    CPU
    AMD Phenom II x6 1055T, 2.8 GHz
    Motherboard
    ASRock 880GMH-LE/USB3
    Memory
    8GB DDR3 1333 G-Skill Ares F3-1333C9D-8GAO (4GB x 2)
    Graphics Card(s)
    ATI Radeon HD6450
    Sound Card
    Realtek?
    Monitor(s) Displays
    Samsung S23B350
    Screen Resolution
    1920x1080
    Hard Drives
    Western Digital 1.5 TB (SATA), Western Digital 2 TB (SATA), Western Digital 3 TB (SATA)
    Case
    Tower
    Mouse
    Wired Optical
    Other Info
    Linux Mint 16 MATE (64 bit) replaced with Linux Mint 17 MATE (64 bit) - 2014-05-17
    Linux Mint 14 MATE (64 bit) replaced with Linux Mint 16 MATE (64 bit) - 2013-11-13
    Ubuntu 10.04 (64 bit) replaced with Linux Mint 14 MATE (64 bit) - 2013-01-14
    RAM & Graphics Card Upgraded - 2013-01-13
    Monitor Upgraded - 2012-04-20
    System Upgraded - 2011-05-21, 2010-07-14
    HDD Upgraded - 2010-08-11, 2011-08-24,
I'm not sure which OS this happened with. It may have been XP. But I went to MS one day and spent half the day downloading ALL of those Systernals - Didn't Symantec used to own those? Maybe I have the Symantec version, ripped out of the original POS Symantec Program it was embedded in? I am sure I remember seing Process Explorer inside of a Symantec Program.

Wait a Minute - Systernals and Sysinternals, are those the same thing? Maybe I am getting something mixed up.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.
OK! You are totally correct! Whew, I thought I had hopped from the Blue to the Red Universe for a second.

Systernals makes Process Explorer, Sysinternals, which is Microsoft, has something LIKE it - THAT's the pogrom that took over, not the Systernals one. Thanks, somehow in my mind the two things merged into a "Tuvox" deal.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.

My Computer

System One

  • OS
    Windows 7 Ultimate SP1 (64 bit), Linux Mint 18.3 MATE (64 bit)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    n/a
    CPU
    AMD Phenom II x6 1055T, 2.8 GHz
    Motherboard
    ASRock 880GMH-LE/USB3
    Memory
    8GB DDR3 1333 G-Skill Ares F3-1333C9D-8GAO (4GB x 2)
    Graphics Card(s)
    ATI Radeon HD6450
    Sound Card
    Realtek?
    Monitor(s) Displays
    Samsung S23B350
    Screen Resolution
    1920x1080
    Hard Drives
    Western Digital 1.5 TB (SATA), Western Digital 2 TB (SATA), Western Digital 3 TB (SATA)
    Case
    Tower
    Mouse
    Wired Optical
    Other Info
    Linux Mint 16 MATE (64 bit) replaced with Linux Mint 17 MATE (64 bit) - 2014-05-17
    Linux Mint 14 MATE (64 bit) replaced with Linux Mint 16 MATE (64 bit) - 2013-11-13
    Ubuntu 10.04 (64 bit) replaced with Linux Mint 14 MATE (64 bit) - 2013-01-14
    RAM & Graphics Card Upgraded - 2013-01-13
    Monitor Upgraded - 2012-04-20
    System Upgraded - 2011-05-21, 2010-07-14
    HDD Upgraded - 2010-08-11, 2011-08-24,
Thanks for the info everyone. But I was thinking more along the lines of real-time file access (write) logging, as it occurs. It seems a bit useless to me to have to try to figure out what program created a file after the fact, I'd rather see it as it happens. I have used Process Explorer in the past, and Sysinternals Suite is a really useful set of tools. But right now I currently use Process Hacker 2 as my default task manager, and Process Lasso for auto-managing the priorities of processes. Used tother they are very efficient and effective, very stable. Anyone know if these 2 apps support the functions outlined above?
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64, Windows Server 2012 R2 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo G700
    CPU
    Intel Core i7-3632QM, 2.20 GHz
    Motherboard
    Lenovo
    Memory
    6 GB DDR3
    Graphics Card(s)
    NVIDIA 720M, Intel HD 4000
    Monitor(s) Displays
    1 monitor
    Screen Resolution
    1600x900 (max)
    Hard Drives
    1 TB HDD (5400 RPM), 1.5 TB HDD (5400 RPM) installed in a 12.7mm disc drive caddy
    Case
    Lenovo
    Keyboard
    Lenovo
    Mouse
    Laptop/notebook keyboard/touchpad
    Internet Speed
    It varies, since I'm mobile most of the time
    Browser
    Chromium (the open-source browser which Google Chrome is derived from)
    Antivirus
    Kaspersky, Malwarebytes, Spybot, Privatefirewall
    Other Info
    I will add more information here later
But I was thinking more along the lines of real-time file access (write) logging, as it occurs.
Then please read the post #3 again.
 

My Computer

System One

  • OS
    Windows 8 Pro x64
    Computer type
    Laptop
    System Manufacturer/Model
    HP Pavilion dv7t (17.3'', i7-2630QM, HD 6770M 1Gb, 8Gb RAM, 2 SSD@120Gb + 1 HDD@750Gb)
Back
Top