Windows stores information about the programs that you use

Osiris · 01-22-2007, 08:14 AM

Windows XP displays a list of the most recent programs that you have accessed by default in the start menu. Did you know that those information are continuously updated even though the option to show them has been disabled ? A check on my personal account revealed that Windows stored information from 2005 until today.

The information are stored in the registry using a simple ROT-13 encryption. Windows XP saves the full path and name of the program, last access and the number of total executions. UserAssist is a nice little tool that decrypts the information and displays them it its main window. You can clear single entries by right-clicking and selecting clear. If you do have many entries in that list you might want to clear them all by clicking on commands, clear them all.

This does not disable the logging, it simply clears the current state. Windows XP will continue to log all activity unless you disable the whole process by clicking on commands, logging disabled. This will take effect once you restart, logoff and on again or kill the explorer.exe task in the task manager.

The manual way to disable logging would be to open your registry and navigate to the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\UserAssist\Settings\NoLog

and set the value of that key to 1.

Windows stores the encrypted information in the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\UserAssist

Please note that you should not disable or clear the feature if you want to work with the recent items in your start menu.

http://didierstevens.wordpress.com/programs/userassist/

01-22-2007, 08:14 AM	#1 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 25,860	Windows stores information about the programs that you use Windows XP displays a list of the most recent programs that you have accessed by default in the start menu. Did you know that those information are continuously updated even though the option to show them has been disabled ? A check on my personal account revealed that Windows stored information from 2005 until today. The information are stored in the registry using a simple ROT-13 encryption. Windows XP saves the full path and name of the program, last access and the number of total executions. UserAssist is a nice little tool that decrypts the information and displays them it its main window. You can clear single entries by right-clicking and selecting clear. If you do have many entries in that list you might want to clear them all by clicking on commands, clear them all. This does not disable the logging, it simply clears the current state. Windows XP will continue to log all activity unless you disable the whole process by clicking on commands, logging disabled. This will take effect once you restart, logoff and on again or kill the explorer.exe task in the task manager. The manual way to disable logging would be to open your registry and navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\UserAssist\Settings\NoLog and set the value of that key to 1. Windows stores the encrypted information in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\UserAssist Please note that you should not disable or clear the feature if you want to work with the recent items in your start menu. http://didierstevens.wordpress.com/programs/userassist/ __________________ www.MasterB365.com www.Tech-Dump.com "On 10-3-08 Obama Supporters Vandalized-Tresspassed and STOLE My Palin-McCain Sign Violating My First Amendment Right To Free Speech. Do It Again And You Will Find Out What The 2nd Amendment Is All ABOUT!"

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode