First Update

I have started doing my research into ShellBags. It appears that depending on the location of the folder ShellBag entries are created at different times.

On the Desktop If the folder is visited by the user the ShellBag entry is created immediately. If the ShellBags entry is not created before shutdown, it will be created on shutdown. So far I have not been able to create a folder on the Desktop that does not have a ShellBag entry after shutdown.

If you create a folder in the root of the C drive a ShellBags entry is immediately created even if you do not visit it. This behavior appears to continue down into a user profile. Once you get into the documents folder things change.  I have not quite figured out the behavior in the documents folder yet because the windows path to the documents folder C:\Users\Chad\Documents and the path you get when you click the documents under the library tab it has the path Libraries\Documents. So you get entries that look like the one below.

This is what the shell bag entry looks like if someone goes to the folder Champlain through Library\Documents 

The normal path should look like this.

Another thing that I have noticed is that there is a pattern of what the two Windows Registry files that contain ShellBags information USRCLASS.DAT and NTUSER.DAT contain. The NTUSER.DAT file has the ShellBag keys of things located on the Desktop and USRCLASS.DAT shows all the other places. So if you know a folder was on the desktop you can look straight at the NTUSER.DAT file instead of having to go through both.

I’m working on answering the questions I posted in my first blog and I am getting close to answering the rest of them.