Jump to content

Delete User Activity Traces in Windows with Shellbag Analyzer & Cleaner


Batu69

Recommended Posts

No matter what you do in your Windows computer, your activity is bound to leave some or other traces behind whether in the configuration files or in the Windows registry. In fact, the Windows operating system uses a certain set of registry keys known as “shellbags”.

 

These shellbag registry keys are used to hold the information about various folders that you open in the Windows File Explorer, about various items you access in the Windows Control Panel,  and the items that you look for using the search function of the File Explorer.

 

These shellbag registry keys can be used to track your user activity in your Windows PC – which folders you accessed, which folders were deleted, whether you used an external USB drive or a network drive and which actions were taken etc. You can find more technical information about the shellbag registry keys at http://www.williballenthin.com/forensics/shellbags/.

 

Shellbag Analyzer & Cleaner

 

But if you just want to find out what information your computer’s shellbag registry keys hold then you can use the free Shellbag Analyzer & Cleaner. This same tool can also be used to clean the shellbag entries. This is a portable tool, so you can launch it without having to install anything. Clicking on the Analyze button will find the entries from the registry and list them in the window.

 

You can find the entries belonging to various categories by selecting a category from the drop-down listbox – deleted folders, folders on network/external devices, existing folders, control panel & system, search results and so on. And if you want to clean these items from the registry, you can select the ones that you want to be cleaned and click on the Clean button.

 

Shellbag Analyzer & Cleaner

 

Conclusion: Shellbag Analyzer & Cleaner can find and clean the hidden items in the Windows registry that can carry information about your user activity – the folders you opened, the folders you have deleted, network drives, removable drives and so on.

 

Download Shellbag Analyzer & Cleaner

 

Article source

Link to comment
Share on other sites


  • Replies 10
  • Views 2k
  • Created
  • Last Reply

A word to the wise: This software destroyed the size configuration of all my VBox VM's (10 of them). I am trying to correct this.

 

A C:\ drive Image restore changed nothing.

 

VBox GUI opens in a lower resolution then normal--and VM's appear in the upper (L.) corner of the screen. The resolution won't adjust.

The cursor is offset from objects, so it doesn't click what it points at.

Did "repair-reinstallation."; Reinstalled Guest Additions.; Uninstalled and reinstalled VBox. No help.

 

Updated NVIDIA GPU drivers. No improvement.

 

Portable VBox opened with same low resolution (different GUI resolution)--and "add" (existing VM)--produced the same result as installed VBox.

 

This is a tragedy for me. If anyone has better ideas, suggestions appreciated.

 

I'm backing up the existing VM's to removable media; purging all VBox reg & file entries; restarting -- then reinstalling VBox.

More later if it works.

 

Before I was aware of this, I ran this cleaner on Win7Ult. & Win10Ent. HDD installs. It's not my best day.

 

UPDATE:

I had x(2) MacriumReflect system images (on networked drive) which were damaged by this software. When they are restored, the problem is duplicated.

Re-installing both systems is the only solution. I hope the VM's were not also damaged by this software--. 

 

On 7/25/2017 at 3:10 PM, DKT27 said:

It seems to come from a famous software creator, atleast from what I can notice here on forums. Such problems should not have happened, the developer should have made it better I think.

@DKT27  Reviews for this were all very positive. Both systems destroyed by this software were functioning perfectly.

I read nothing but enthusiastic reports from users on the developer's forum. Not a single negative feedback.

 

NOTE:

sfc /scannow, and chkdsk C: /f /r did nothing to repair this. The DOS screen letters were at a much lower resolution (bigger) than previously. 

 

Perhaps this will save someone else this grief.

 

Link to comment
Share on other sites


It seems if you would like to remove all your traces properly you should look into testing some forensics software to find all of them.. then figure out how to clean it..

Link to comment
Share on other sites


As @jabrwky said, it destroyed some settings = I never use it again (I used it as part of the Privazer Donator version). For me the only 100% working way to destroy tracks is do what you think it should not me traceable in a VM and go back to a snapshot after you finished your work, using a life system etc.

Link to comment
Share on other sites


14 hours ago, jabrwky said:

A word to the wise: This software destroyed the size configuration of all my VBox VM's (10 of them). I am trying to correct this.

 

A C:\ drive Image restore changed nothing.

 

VBox GUI opens in a lower resolution then normal--and VM's appear in the upper (L.) corner of the screen. The resolution won't adjust.

The cursor is offset from objects, so it doesn't click what it points at.

Did "repair-reinstallation."; Reinstalled Guest Additions.; Uninstalled and reinstalled VBox. No help.

 

Updated NVIDIA GPU drivers. No improvement.

 

Portable VBox opened with same low resolution (different GUI resolution)--and "add" (existing VM)--produced the same result as installed VBox.

 

This is a tragedy for me. If anyone has better ideas, suggestions appreciated.

 

I'm backing up the existing VM's to removable media; purging all VBox reg & file entries; restarting -- then reinstalling VBox.

More later if it works.

 

Before I was aware of this, I ran this cleaner on Win7Ult. & Win10Ent. HDD installs. It's not my best day.

 

 

Why don't you run your VMs in Virtual Box Portable.  Then there is nothing in your registry for anything to destroy.  As far as that goes, run nothing but portables on your system and keep them on flash drives or external drives that aren't connected when not needed and definitely aren't connected when you are running any type of utility.  Every VM I create on any system is backed up into an offline device, either a drive, flash drive, or NAS.  I do this so I always have a clean VM ready to go and can replace the one on the computer at any time.  

 

This shellbag utility is designed to clean all traces from your computer that could be used by a forensic investigator to gather evidence against you during an investigation, not as a normal cleaning utility for every day use.  Though I will tell you that deleted files are easy to recover unless they are over written at least 7 times.  The 3 times DOD writes you usually see as the minimum in most over writing software will not keep those files from being recovered if the entity doing the recovery really wants to invest the money in recovering them.

Link to comment
Share on other sites


  • Administrator

Interesting this. It seems to come from a famous software creator, atleast from what I can notice here on forums. Such problems should not have happened, the developer should have made it better I think.

Link to comment
Share on other sites


  • Administrator
On 25/7/2017 at 5:35 AM, jabrwky said:

@DKT27  Reviews for this were all very positive. Both systems destroyed by this software were functioning perfectly.

I read nothing but enthusiastic reports from users on the developer's forum. Not a single negative feedback.

 

NOTE:

sfc /scannow, and chkdsk C: /f /r did nothing to repair this. The DOS screen letters were at a much lower resolution (bigger) than previously. 

 

Perhaps this will save someone else this grief.

 

Sad that you have to go through all this. I highly recommend that you alert users and developer by giving information of your problems on their forums and such.

Link to comment
Share on other sites


CCleaner, via winapp2.ini, can clean Windows ShellBags

 

[Windows ShellBags*]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows
Default=False
RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags
RegKey3=HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU
RegKey4=HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags
ExcludeKey1=REG|HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
ExcludeKey2=REG|HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\AllFolders\Shell

Link to comment
Share on other sites


On 8/3/2017 at 6:15 AM, pc71520 said:

CCleaner, via winapp2.ini, can clean Windows ShellBags

Thanks. No mo' shellbag cleaning. 

Latest Win10 version update left my desktop with about 2" unavailable space on the left side.

I'm lazy, but must re-install. Then keep frequent backups & drive images, and disconnect them from network.

Link to comment
Share on other sites


It's not so important but the last version (1.25) of PrivaZer Shellbag Analyzer & Cleaner was released on 5 March 2016. Operating systems are constantly evolving, except for rare cases, I do not trust applications that are not updated frequently. However, although are available deeply tested alternatives, this is an interesting application.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...