# How to get rid of mysterious "Toshiba drivers" folder from my desktop?



## qubit (Feb 3, 2014)

Ok, this is a weird one.

With my old install of Windows 7 I had this mysterious "Toshiba drivers" folder spontaneously appear on my desktop. If I deleted it, it would always return, either within a few minutes or a few hours or a day and the folder was always empty. I tried to figure out where it was coming from, especially as I don't have any Toshiba hardware in my PC, but came up blank and googling didn't find anything on it, either. The only thing I could do was to set it to hidden and it's been like that for a good couple of years.

My Windows install had become problematic, with lots of niggly things not working, so I've just installed a fresh copy on another drive and patched it. Everything was working fine, until I browsed the profile on my old Windows install to retrieve the files there. After allowing the permissions to be changed, I could open the Desktop folder and move the files over.

And you guessed it, this bloody folder has now appeared on my new install! I deleted it and it returned within a few minutes. I deleted it again and it's still not shown up yet, but it will eventually.

Now, besides being damned annoying, I wonder if there's some kind of malware doing this that browsing my old profile infected my new install? Note that I haven't installed Kasperky Internet Security yet. Perhaps if I had, it would have blocked this? I did run virus scans on the old install previously, using different security suites, but they never found anything.

Any ideas on how to get rid of this once and for all?


----------



## FX-GMC (Feb 3, 2014)

Curious issue you have here.

Couple things that come to mind:

-Search the registry for anything containing Toshiba drivers and see if anything looks suspect.
-It also wouldn't hurt to see if something scheduled a task in the task scheduler.

Also, have you checked the directory via command prompt to verify that the folder is actually empty.  I've seen situations where windows explorer wouldn't see folders that were Hidden even with that view option turned on.


----------



## qubit (Feb 3, 2014)

I searched the registry for "toshiba drivers" and came up blank. I searched just for "toshiba" and it found a couple of entries, but they didn't look likely at all.
I checked the Task Scheduler and again nothing.
I did this for the old install way back when and just now on the new one. I also checked msconfig on both installs and nothing.

No, I haven't looked at the directory via the command prompt, but I don't see what advantage that would have? The folder keeps getting recreated if I delete it and isn't even hidden. If it's already present though, duplicates are not created.

Is there a monitoring program that one can run which will log what program or service/process has manipulated files and folders? Imagine targeting it at my desktop and getting a log file of the offending process that created it? Mystery solved.


----------



## FX-GMC (Feb 3, 2014)

qubit said:


> I searched the registry for "toshiba drivers" and came up blank. I searched just for "toshiba" and it found a couple of entries, but they didn't look likely at all.
> I checked the Task Scheduler and again nothing.
> I did this for the old install way back when and just now on the new one. I also checked msconfig on both installs and nothing.
> 
> ...



Running dir will tell you if there are any files in the directory.  If there are, you could use something like process monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) to see what app is using the files.



> You can use Process Monitor, free from Microsoft, to do that. Set filter inside the Process Monitor to this folder, and it will show you when/if it is accessed:
> 
> Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
> 
> If you think this folder is being accessed only during the boot process, you can enable *boot logging* by selecting the corresponding menu point under Options. When you boot Windows the next time, Process Monitor will log all system activity into a log file, which can be reviewed at a later time. You'll really need to enter a restrictive filter, otherwise your boot time will be really long. - Source



Found a couple of apps that monitor directories. http://brutaldev.com/page/Directory-Monitor http://www.ghacks.net/2013/04/08/monitor-windows-folders-for-file-changes/

Unfortunately they do not say which process made the changes.


----------



## jsfitz54 (Feb 3, 2014)

Do you have a firmware install utility for the Samsung DVD drive listed in your "specs"  aka TSST Corp?  I just updated a SH-222BB with it.


----------



## qubit (Feb 4, 2014)

@Fx - I tried DIR, setting it to show hidden files and it didn't show me anything more than the equivalent Windows Explorer view. Thanks for the utility links, I'll try those. For now, that folder still hasn't returned.

@js - No I don't have a firmware utility, but it has made me realize that Samsung DVD drive is actually a Toshiba-Samsung product. That drive is relatively new though and the problem has been around much longer than that, plus this is the only drive of this brand that I have.


----------



## Solaris17 (Feb 4, 2014)

damn i was really banking on the task sheduler.

hm so lets see service?

ms config?

appdata?

check your event logs maybe. desktop iirc is an admin protected resource. which means that whatever it is should be leaving a log.


WAIT

check the desktop folder in the public/default user folder in the root of C:\ I used to use this trick in domains to keep users from deleting things on the desktop.


----------



## Arjai (Feb 4, 2014)

qubit said:


> With my old install of Windows 7 I had this mysterious "Toshiba drivers" folder spontaneously appear. If I deleted it, it would always return,...



Buy an ASUS!


----------



## FX-GMC (Feb 4, 2014)

Solaris17 said:


> check the desktop folder in the public/default user folder in the root of C:\ I used to use this trick in domains to keep users from deleting things on the desktop.



Good call, forgot about that. Public is the one you want.  Default is only on user creation.

Deleting a folder from the user's desktop deletes it from the public user's desktop.


----------



## Solaris17 (Feb 4, 2014)

FX-GMC said:


> Good call, forgot about that. Public is the one you want.  Default is only on user creation.
> 
> Deleting a folder from the user's desktop deletes it from the public user's desktop.



this is true only if the folder permissions allow it. if something created it in public and it is owned by system then he wont be able to it will re-appear. Especially since he migrated settings from an old Os install all of those folders are probably permission locked from being part of a seperate Os install none of the guids will match.


----------



## FX-GMC (Feb 4, 2014)

Solaris17 said:


> this is true only if the folder permissions allow it. if something created it in public and it is owned by system then he wont be able to it will re-appear. Especially since he migrated settings from an old Os install all of those folders are probably permission locked from being part of a seperate Os install none of the guids will match.



So instead of giving a permissions error, it will disappear and re-appear?


----------



## Solaris17 (Feb 4, 2014)

FX-GMC said:


> So instead of giving a permissions error, it will disappear and re-appear?



you got me it would.


----------



## zsolt_93 (Feb 4, 2014)

It is from Bluetooth drivers, checked out and your mobo seems to have Bluetooth. Toshiba Blutetooth Stack makes it appear.


----------



## qubit (Feb 4, 2014)

zsolt_93 said:


> It is from Bluetooth drivers, checked out and your mobo seems to have Bluetooth. Toshiba Blutetooth Stack makes it appear.


Thanks my mobo does have Bluetooth. I'll install the driver when I get home and see if this thing goes away. It's still kinda weird how it pops up for this one thing. Imagine if a folder popped up for every device without a driver?!

The folder got created again btw.


----------



## RCoon (Feb 4, 2014)

Drive to Toshiba HQ, set fire to laptop, throw at front entrance.
Problem solved, don't buy Toshiba again.


----------



## qubit (Feb 4, 2014)

rofl


----------

