There is a way to prevent the information to be stored in ShellBag registry keys: setting their permissions so they can't be written into. On Windows XP, you can delete the following keys: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU Then set the permissions for all users (including SYSTEM) to "Read" for HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam and HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU keys. This way nobody will be able to write into those keys. Be aware though that you will lose the ability to remember settings for each folder. Also, you could do the same for HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags key and subkeys, but from what I tested on XP, this key is responsible with storing the icons positions on desktop, so being unable to write to it will mean that the position of icons will not be stored anymore. Disclaimer: This procedure can break some other Windows XP functionality that I don't use, and so I wasn't able to test, so use it on your own risk and after some thorough testing. Also, a registry backup before this is highly recommended.
I really like the way Microsoft explains the need for those “Dirty BAGS” registry keys - to remember the size, view, icon or position of a folder. From Microsoft's web-site: If Windows XP does not remember the View settings for a folder, Microsoft recommends deleting and re-creating the following registry subkeys: HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam For x64-based versions of Windows Vista or Windows 7, re-create the following registry subkeys: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\BagMRU What would happen if I “forget” to recreate those subkeys? How difficult would be to write a small program that would prevent deleting those very few subkeys responsible for the icon position on desktop? (In my case, all desktop icons on Windows 7 and Windows 8 computers remained in the same position after I ran CCleaner with Enhancer.) What is the difference between Shell and ShellNoRoam BAGS? Why CCleaner with Enhancer was able to remove ShellNoRoam BAGS but left Shell type BAGS untouched?
We are working on that to find a way to clean it smartly. Deleting all entries in Shell\lbag and Shell\bagMRU is too drastic.
It is exactly what they do. That is exactly what happens if you do the changes I presented. I'm sure there is a way to replicate the permission changes on Win 7 too...
How to difficult would be to find the non-existing - deleted - folders and remove any BAGS related to those folders?
Retrieving the folder name of a Shell Bag entry is quiet easy. But, to test if folders have been deleted or not, you have to retrieve folder location in Shell Bag and this is more complicated since there are various types of Shell Bag entries.
I'd say, it should be a separate button for cleaning "Bags", a.k.a., "the size, view, icon or position settings". It should have a note "Only for advanced users". That utility could run and search for any "BAGS" and produce a report. One column could say something like, "Points to a Deleted Folder". "Could be (safely ?) deleted." Next column could say, "Points to a Folder on a Networked Computer/External Device". "Would you like to delete", etc... Also, I have not noticed any changes on my Windows 7 or Windows 8 computers after CCEnhancer removed "ShellNoRoam" subkeys from Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\ CCEnhancer did not remove Shell subkeys from Software\Microsoft\Windows\Shell\Bags\ A few links. Windows ShellBag Parser (sbag) http://www.tzworks.net/prototype_page.php?proto_id=14 More utilities from TZWorks LLC http://www.tzworks.net/download_links.php registrydecoder/ShellBags.py http://code.google.com/p/registryde...nk/templates/template_files/ShellBags.py?r=97 Windows File Analyzer Tool for forensic file analysis http://www.mitec.cz/wfa.html
Thanks for the links. We will add a column showing if the folder is deleted or not. Our "Shellbag AnalyZer" is 99% done after 2 weeks of work. We will post a link tomorrow. We hope it will help.
Sorry for delay. Our application to analyze and clean ShellBags will be available tomorrow. Thanks for your patience.
As promised, we provide you with a thorough ShellBag AnalyZer & Cleaner to view Shellbags and clean them securely (1 Pass overwriting method, for now). This small app will prevent from viewing activity called "View folder in Explorer" in LastactivityView. It is version 1.0 beta but fully functional that you can test it. Compatible XP, Vista, Win7, Win8, 32bits & 64bits Version 1.0 Beta comes with full backups of ShellBags and ShellBagMRU keys in .reg files. Please backup your keys, before performing any cleanups if you want to perform consecutive tests. Download ShellBag AnalyZer & Cleaner v1.0 beta here : http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php Thanks for feedback.
I'd still use the permission changes I described in an earlier post. That way the keys are never created again, so there is no need for periodic cleaning
I think today, we quietly passed a big milestone in cleaning software history. Never before, an average computer user could download that kind of tool. (A bulky and slow CCleaner with CCEnhancer finished in second place.) I've tested on two XP computers without any issues. On one computer it found 6366 ShellBags and 4935 traces to deleted files, going back to 2005. I've tested on Windows 8 OS. Again, no problems. I've just tested "ShellBag AnalyZer & Cleaner" on my Windows 7 computer. Firstly, I cleaned my computer with CCEnhancer twice, and checked the ShellBag status with ShellBagsView. It found 49 ShellBags. Secondly, I ran ShellBag AnalyZer & Cleaner. It found 57 ShellBags. After I cleaned those Bags with SBAC (ShellBag AnalyZer & Cleaner), I ran ShellBagsView. This time, it found only 4 records. At this moment I'd say, that SBAC from Privazer finds more "Dirty Laundry Bags" (a joke) than ShellBagsView. ShellBagsView does not clean it, SBAC - does it. P.S. When SBAC was making a backup on Windows 7, I got several times a pop-up window asking my permission to run Registry Editor. After I clicked several time "Yes", the back up was complete. Thank you Privazer.
I've just tried it - before running R-W&C there were 263 items and after restart 220 items. After cleaning, R-Wipe&Clean restarted my PC and I realized on the top of the list are all "run.exe files" (all progs that automatically started with the restart of Windows), bellow it I have "User logon", "System started", "System Shutdown", "User logoff", "run.exe file Windows Logonui.exe" and two "run.exe files" from R-W&C itself. All other items that R-Wipe&Clean didn't delete are "Software installation" items (all software I have ever installed, all Windows updates and other things installed before I bought this computer). Therefore, R-Wipe&Clean doesn't delete items described as "Software installation".
I'm not sure how beneficial/widely-used this would be, but it crossed my mind so I'll mention it... It seems that potentially useful/desirable information is stored in these registry keys. I'm not sure I saw a full accounting of what is stored in all of them, but even something like view type and window size/position might be nice to remember for *some* things (some local folders for example, particularly those with non-default settings) but not necessarily *all* things (attached/mounted drives for example). Then there is the problem with timestamps. There will be timestamps maintained by the filesystem of course, but I don't know why these particular registry entries would need to have any timestamp information in them or (accurate) timestamps reflecting when they were modified. What about a "selective delete and force all timestamps to be Unix epoch" option which would allow users to keep certain entries while setting their timestamps to a long previous date so that the registry, at least, wouldn't reveal when individual things were accessed? If it isn't possible to backdate those timestamps... for example, if the registry functions automatically generate them and they can't be modified... perhaps just touching the registry entries to make them current time would be better than nothing. Yes, my "hello, world" is several hundred lines long <lol>.
Hello TheWindBringeth, 1. yes, as you said, there are useful info in these ShellBags keys : your folder view preferences are stored there, 1 entry for each folder you open. 2. yes, there are detailed timestamp information in them revealing the last time when you opened the folder That's really a privacy issue but solution is already there : please, try out our new tool called ShellBag AnalyZer & Cleaner which not only analyzes ShellBags but also cleans them smartly ! - it performs a "selective" deletion of ShellBags, you can select the type of ShellBags to delete : . ShellBags of Existing folders . ShellBags of Old / deleted folders . ShellBags of Folders on Network / External devices - it scrambles all dates as you requested it. - it removes invalid ShellBags - it can backup your ShellBag keys before cleanups. This features will also be included in PrivaZer pretty soon. Download "ShellBag AnalyZer & Cleaner" here : http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php Keep us informed.
I will check it out at some point, I just wanted to get those ideas off my head right now before I forgot about them. You already built some such more flexible features in? I didn't catch that just reading the thread. Way to go!
Yes, that's in and we've just updated to v1.1 beta. Changelog : - Improved recovery of folders paths - Improved backups - now, it runs as admin when user is admin
I've upgraded. Thank you. I think the problem was/is the way I had tried to update SBAC. I went through "Check for Updates" and got the following link: http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php#.UTDzZTDnZsA When I went directly to your web-site, I got this link: http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php#.UTDzWZDnZsA
