Lists open files and connected via USB devices, browser history, DNS cache - all this helps to find out what the user was doing. We have compiled step by step instructions how to remove traces of your activities in different versions Windows, Office and popular browsers. At the end of the article you will find several scripts that will help you automatically keep your machine clean.
1. Clear lists of recent places and programs
Let's start cleaning with lists of recent places and programs. The list of recent (in Windows 10 - frequently used) programs is in the main menu, and the list of recent places is in Explorer.
How to turn off this disgrace? In Windows 7 - click right click mouse on the “Start” button, select “Properties” and in the window that appears, uncheck both checkboxes in the “Privacy” section.
To clear the list last places and documents, you need to delete the contents of the %appdata%\Microsoft\Windows\Recent directory. To do this, open command line and run two commands:
Cd %appdata%\Microsoft\Windows\Recent echo y | del *.*
It also wouldn't hurt to delete the contents of the %appdata%\microsoft\windows\recent\automaticdestinations\ directory. It stores latest files, which appear in the jump list:
Cd %appdata%\microsoft\windows\recent\automaticdestinations\ echo y | del *.*
To ensure that recent files are cleared automatically when you exit, you must enable the "Clear the history of recently opened documents on exit" policy, which is located in the "User Configuration\Administrative Templates\Start Menu and Taskbar" section.
Now let's move on to Windows 10. You can disable the list of recently added and frequently used applications through the Settings window. Open it and go to the “Personalization” section, “Start”. Turn off everything that is there.
It seems that the problem has been solved, but this, alas, is not entirely true. If you enable these parameters again, all lists with the same composition will appear again. Therefore, you will have to disable this feature through Group Policy. Open gpedit.msc and go to User Configuration\Administrative Templates\Start Menu and Taskbar. Enable the following policies:
- “Clearing the list of recently used programs for new users”;
- “Clear history of recently opened documents on exit”;
- “Clear notification log on tile when exiting”;
- “Remove the list of programs pinned to the Start menu.”
Clearing recent places in Windows 10 is easier than in Windows 7. Open File Explorer, go to the View tab and click the Options button. In the window that appears, disable the options “Show recently used files in the panel” quick access" and "Show frequently used folders in the Quick Access Toolbar." Don't forget to click the "Clear" button.
As you can see, such a simple task as cleaning up the last objects has a rather complicated solution. No editing group policies- nowhere.
2. Clear the list of USB drives
At some sensitive facilities, only flash drives registered in the log are allowed to be connected to the computer. Moreover, as usual, the magazine is the most ordinary one - paper. That is, the computer itself does not in any way restrict the connection of unregistered drives. It doesn’t limit, but it records! And if during the check it is discovered that the user connected unregistered drives, he will have problems.
We under no circumstances advise you to try to steal military secrets, but the ability to clear the list of recently connected drives can be useful in other life situations. To do this, look at the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\
Here they are - all the drives that you connected to your computer.
It would seem that you just need to take it and clean everything. But that was not the case! Firstly, the permissions for these registry branches are set in such a way that you cannot delete anything even in “seven”, not to mention “ten”.
Secondly, assigning rights and permissions manually takes a long time, especially if there are many drives. Thirdly, administrator rights will not help. The screenshot above was created when I performed the delete operation with admin rights. Fourthly, in addition to these two sections, you need to clean a long list of sections. Moreover, they need not just to be deleted, but to be edited correctly.
If for some reason you need to do everything manually, then look for keywords MountPoints, MountedDevices DeviceClasses and RemovableMedia. But it’s much easier to use a ready-made program that will do everything for you. Some forums recommend USBDeview for this. However, I tested it and declare that it does not clear information from all required sections. USBSTOR And USB continue to contain information about connected media.
I can recommend the program. Run it, check the “Perform real cleaning” checkbox. You can turn on the “Save .reg cancel file” option or not, but if the goal is not to test the program, but to prepare for an upcoming computer inspection, then it’s better to turn it off.
The program not only cleans the registry, but also displays a detailed log of its actions (see below). When it finishes, there will be no mention of connecting drives to the computer.
3. Clear cache and browser history
The third point in our tutu is clearing the cache and browser history. There are no difficulties here - each browser allows you to reset the list of recently visited sites.
Continuation is available only to members
Option 1. Join the “site” community to read all materials on the site
Membership in the community within the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!
The article describes one of the cases of solving a problem in which Windows takes up a lot of space on the hard drive from session to session, and cleaning temporary folders does not bring results and the problem constantly returns.
Trying to find out where the free space has disappeared hard drive? The situation is sometimes complicated by the fact that nothing seems to have been installed, and tens and sometimes even hundreds of gigabytes of space have been blown away... But listen further.
Windows users Sometimes, meanwhile, they report strange behavior of the system. Using methods for detecting “space sinks” in the article “?” or, you can count on temporary positive results. However, by the end of the session, Windows takes up a lot of space again: Windows log files accumulate over and over again, sometimes occupying hundreds of gigabytes, generating individual files in batches of 100 MB each. The “harmful” folder seems to have been detected - this is C:\Windows\Temp, but nothing can be done: files with the extension .cab fill temporary storage until free disk space disappears completely. This action is similar to a maneuver that by the end of the “session” will consume all the free space on the HDD.
Windows takes up a lot of space: the crux of the matter
Windows developers have known about this problem for a long time. It is known that the problem stems from the results of work Component-Oriented Maintenance systems ( Component-Based Servicing), sometimes creating logs of incredible size. They are located in the folder C:\Windows\Logs\CBS. The current log is named as cbs.log. But as soon as it reaches a certain value in its size, the cleaning process that is launched immediately renames this file to a file like .log and immediately tries to compress it in size, eventually assigning the extension to the resulting file .cab. with the help system utility makecab.exe. But this is where a “bonus” sometimes awaits the user: when the file cbs.log reaches a size of 2 GB before the cleaning process has time to contact it for compression, the specified utility... cannot cope with it - and it is supposedly too large: the utility makecab.exe It’s frankly “stupid” when faced with files of such sizes. The log is renamed to C bsPersist-time-date.log and when makecab.exe tries to compress it, an error appears. The error loops and eventually: every 15 - 30 minutes. (it's different for everyone)
- The utility creates the first 100 MB of “compression” .cab
- encounters an error
- and the same thing repeats.
Windows takes up a lot of space: probable solution
So, if you are faced with a situation where Windows takes up a lot of space on your hard drive every now and then, try this:
- while working we “slow down” Windows Modules Installer via console
- looking for a folder C:\Windows\Logs\CBS and inside the folder we rename all the files (as you like)
- looking for a folder C:\Windows\Temp and delete all files cab
- reboot
Now makecab.exe will not be able to process files incorrectly and disk clutter should stop. And if you don't need the Windows log files, you can delete them too.
Second option
Download, unzip and run via Power Shell as administrator file
Post how it worked for someone.
Hi all. Today we will talk about log files, or rather about what Windows Log files are. So first a little general information so to speak. What are log files? These are files where the program records its actions - what it was able to do and what it couldn’t, where the error occurred.. That is, we can say that a log file is a type of report. If suddenly an error occurs, then using the log file you can try to understand where exactly it appeared.
But what are Windows Log files? Well, it’s logical that these are Windows log files. Maybe you found a folder somewhere called Windows Log files? If this is a folder, then you can delete it... in principle, but I think it’s not worth it.
The log files themselves are harmless. Represent themselves text documents with extension log. Inside such a file there may be just some text, or there may be lines, each of which begins with a date, time, and then there is a description of the event.
The name of Windows Log files can be anywhere. For example, this could be a folder, as I already wrote, or there could be another item in the system cleaning program, there could be a checkbox somewhere called Windows Log files. And if you check this box, then in theory the log files will be deleted.
That is, log files, in principle, are not very critical files. And if the computer is working properly, then they can be removed. But it may happen that there will be an error when deleting some log file, such as it is busy. Yes, this can happen if at the moment The log file is open for writing, and the program writes a report there about what it is doing.
I also forgot to say that in general, both the system and any program can have log files, if this is included in it. It seems to me that log files were invented just for this purpose - analyzing the operation of the program, identifying errors. Nothing else comes to mind =)
Let me show you the log files as an example. The most common ones - they are in every Windows, I won’t even look for them, I’ll just open the Windows folder. So look, let's squeeze Win buttons+ R, then write the command in the window:
Click OK and then the most important and most system Windows folder will open, in it we immediately click on the Type column to sort files by type:
After that, all the files with the log extension will be side by side, you just need to twist the mouse a little and here they are, I have only four of them here, which is somehow not enough:
Do you see there is WindowsUpdate.log here? This is a Windows update log file, that is, this file contains a report on updates, is everything okay there, this is just an example, but I opened the file and this is what’s inside:
Here everything is as usual - first comes the date, then the time, then something else... I don’t even know what... and then there is a description of the event. As an example, I also opened the setupact.log file, there is no time or date here, just some information is indicated here:
But still, traditionally the log file should come with the date and time at the beginning of each line.
So, let's look for the log files? Well, in general, let’s see how many there are, in which folders.. guys, press Win + E, an explorer window will appear, you go there, or rather in the upper right corner there is a search text field, paste this there:
So I just inserted it and the files have already appeared, as you can see, their size is small, so they... well, they can hardly really take up much disk space. Although I was thinking here.. what if some kind of glitch happened in the program.. and it constantly writes and writes to the log file.. and the file itself cannot be deleted, it’s busy.. and it writes and writes.. well I imagined this, of course, but I think that this can happen in life. So, in the end I found only 219 log files, I honestly thought there would be more:
But do you see there are also files with the LOG1 extension? I think that these are not log files, that is, not reports, they cannot even be opened, like there is no program that can be opened, the following window pops up:
But I did this... I chose the second item and tried to open it using notepad, but alas, there was an error and by the way I wrote about it that this could happen:
Because the file is open by the system for writing, which means the file is busy =) But I tried another one. You and I tried to open SYSTEM.LOG1, but I found another file COMPONENTS.LOG1 and I was able to open it, but the contents are still incomprehensible:
Maybe this is a log file, but as we see it is in a different encoding. In short, okay.
So, let's go back to Windows Log files... otherwise I'm really interested in log files. I decided to look for pictures on the Internet at Windows theme Log files, maybe I’ll find something interesting... there’s not much interesting at all, but I found this picture, it’s a CCleaner cleaner and it just mentions Windows Log files:
That is, in the picture we see that CCleaner can clean your computer from Windows log files =) Here is another program, also some kind of cleaner, but it’s unfamiliar to me, it’s called Sweepi and it’s also here Windows item Log files:
You see, there is also Temporary Internet Files - these are temporary Internet files. In general, wherever you see the word Temp, it’s all temporary, so you can just delete it to speed up the system.
Just in case, I don’t know what you have there - a folder called Windows Log files or a program like that, or something else... But before making any changes in Windows, I recommend creating a restore point. And it doesn't require any special knowledge. You just need to hold down Win + R and paste there:
SystemPropertiesProtection
Then there you need to select the system disk and click the Create button (but if you need it the other way around, then there is the button above Recovery):
I advise you to set the name of the point simple, for example Deleting the Windows Log files folder:
The creation process will be short:
And that’s it, then it will be written that it was successful:
And that’s all - now you can carry out some actions and not be afraid, because if anything happens, there is a recovery point! Of course, I don’t mean that you can, for example, delete boot files... no, everything is within the bounds of decency.
That's all, friends, I hope the information presented was useful to someone. Good luck to you and have a great mood!
When installing Windows operating systems version seven and higher (for example, after XP), users saw quite a lot of innovations. In particular, this concerned the appearance of some strange directories that were not previously on the system disk. One of these is the PerfLogs directory. What kind of folder with this name is displayed in “Explorer” or in another file manager, will be discussed further. To understand this, first consider why this directory was created in the system.
What is the PerfLogs folder on drive C?
This catalog was first introduced in file structure only in Windows 7. At the moment it is present in all the latest OS. But what is the PerfLogs directory used for? What is this folder in Windows 10, as well as in Windows 7 or 8?
To understand its purpose, you just need to decipher the abbreviation of the name. The first part (Perf) is derived from the English Performance, which can be interpreted as “design” or “performance”, and the second (Logs) denotes logs, or special system reports corresponding to the performance log.
What data is stored in the directory
Thus, speaking about what the PerfLogs folder is, it is not difficult to understand that it is a place for saving special files that record the results of performance tests, if any.
It is also worth noting that the more tests are carried out, the more files are stored there. And they, in turn, can be quite large in size, since old reports do not disappear anywhere. In other words, new reports are not written over old ones. Ultimately the volume occupied disk space may increase significantly.
Default Settings
It’s a little clear what the PerfLogs folder is in Windows 7 or higher systems. Now a few words about the nuances that every computer system user should know.
The fact is that initially there is no information in this directory (it is empty or occupies a minimal amount). Report data appears only after performance tests are carried out using the operating system. They are mainly used after some time has passed, when the system begins to slow down significantly or cause failures at the system level, which entails an increase in the load on hardware resources. So the more often you run tests, the larger this directory will be. However, all this applies only to the Windows toolkit. Therefore, in order not to clutter the system partition, it is better to use third-party utilities for performance testing.
Viewing Log Files
Many users would like to view full reports, for example to find out why their system is performing poorly. But it is not possible to simply open files located in the PerfLogs directory (no program is associated with their extensions by default in Windows).
So what is the PerfLogs folder if you can't open its contents? The problem here is that this directory belongs to the performance monitor service, but not the one that is available in the Task Manager, but the one that is presented as a hidden standard application.
You can call it through the regular “Run” menu by entering the perfmon command, that is, the abbreviated name for the performance monitor. In the monitor itself, you need to use performance counters, divided into groups, where you can see the results of all checks.
In this case, the test files are loaded automatically, but the overall report result for all categories is stored not in the main directory, but in the Diagnostics subdirectory, which is located in the System folder of the main directory (PerfLogs). Thus, there is no need to open files one by one.
Is it possible to delete the PerfLogs folder
Let's say a few words about the possibility or impossibility of this action. Since, as already noted, the files contained in the directory can take up too much disk space, many users have a completely natural question about whether it is possible to get rid of this directory.
You can delete a folder with all files and subdirectories, but this will not affect the performance of the operating system. The user will only lose the ability to view the results of checks if he conducted them. As for the folder itself, even after deleting it, the operating system upon restart, using its own automated means of restoring settings (registry entries, folders and files), will automatically create a directory of the same name. It will be located in the same place where the remote folder was located. As in the default settings, this automatically created directory will initially be empty! As soon as you start checking the system for performance, you will immediately see an increase in its size. Conclusion: you shouldn’t do checks too often, so as not to increase the amount of information in the PerfLogs folder, then it won’t interfere.
If the decision to delete a folder has been made, but it is not possible to delete it using the standard method in Explorer, you can use the Unlocker unlocking program or log in as an administrator. It’s even easier to activate it to log in via the command line in order to immediately assign yourself all admin rights. But she herself command console should initially be launched only with administrator rights.
In conclusion
That's it for the PerfLogs directory. What kind of folder is on the system drive and what it is intended for, hopefully, has now become clear. As for deleting a directory, the choice is up to the user. If you sometimes need to view report results to compare tests at different time points, it is better to leave the directory alone. If space on the system partition is extremely limited, the directory can be deleted. And remember that for the normal operation of any system last generations it is necessary to keep at least 10-15% of the total volume free system disk. In the presence of powerful processors and large volumes RAM, and also to reduce the use of the system partition, you can simply disable virtual memory (deactivate the use of the paging file).
Many are faced with the problem of shortage free space on your hard drive. The disk on which the operating system itself is installed becomes especially clogged. This is due to the fact that there are a lot of folders on it, which the system itself fills with the information it needs. This problem also relevant for Windows 7. Clean system folders You can remove unnecessary garbage either manually or using special programs.
Windows 7 system folders: the need for cleaning and possible consequences
Each of the system folders has its own purpose and stores information of a certain kind. Before cleaning the disk, carefully read what function a particular folder is responsible for, otherwise you may lose important data or cause serious damage operating system, which will lead to its breakdown:
Video: what files can be deleted on the system disk
What not to do when cleaning system folders
Please carefully read the features of the above folders. Before you empty one of them, consider whether you might need its contents in the future. Some folders, such as Windows or System32, should not be touched at all. And don't try to empty folders by simply deleting their contents. This will lead to the fact that remnants of them are stored in the computer’s memory, which in the future will begin to clutter and overload the system. There are only a few folders that can be cleaned manually:
Do not delete the folders themselves under any circumstances, this will lead to critical errors during system operation, you only need to erase their contents. Also, before clearing system folders, make sure you can free up memory using other methods, for example, by uninstalling third-party applications and games.
Methods for cleaning up Windows 7 system folders
If you still decide to clear hard drive from accumulated third-party files, the easiest way is to use the built-in Windows functions. There are two initial options - standard and advanced cleaning.
Standard cleaning
Using the standard cleanup method, you will get rid of the following files and folders:
To spend standard cleaning hard drive, follow these steps:
Open the properties of the system disk
Go to the “General” section
Select the files we want to delete
Click the “Clean” button in the “System Restore and Shadow Copies” section
Advanced Cleaning
With the advanced cleaning option, you will delete the following folders and files:
To perform an advanced disk cleanup, follow these steps:
Launch Command Prompt as administrator
We write the cleanmgr command
Select the disk on which to perform cleaning
Selecting the files to be deletedVideo: disk cleaning using Windows
Disk cleanup using third-party programs
Before you start manually cleaning each folder individually, you should use special third party programs created for automatic search and clean the disk from unnecessary files:
Download the CCleaner application
Go to the “Cleaning” section
Selecting the partitions that need to be cleaned
Click the “Analysis” button
Before deleting files, you can view information about them
Video: Removing system files using CCleaner
Features of cleaning individual system folders
If the previous cleaning methods did not solve your problem or you need to clean one of the folders selectively, then find it in the sections below and follow the instructions provided.
But many folders are hidden by default to prevent the user from accidentally damaging them. To display hidden folders in the general list do the following:
Open Explorer
Expanding the “Service” menu
Go to the “Folder Options” section
Go to the “View” section
Changing hidden folder settings
Winsxs
Cleaning the Winsxs folder on Windows 7 is done through standard disk cleanup. This method has already been described above. Before you start cleaning, you are presented with a list of files that can be deleted. Check the "Files" section. backup copy update package."
Check “Update package backup files”
Video: how to empty the Winsxs folder in Windows 7
System Volume Information
To clear the System Volume Information folder, you must first access it:
Open the properties of the System Volume Information folder
Go to the “Security” tab
Click the “Change” button
Click the “Add” button
Enter the username
Granting full access to the folder
Go to computer properties
Go to the “System Protection” section
Click the “Configure” button
Consistently click the “Apply” button, OK.
DriversStore
To remove outdated drivers from a repository called DriversStore, follow these steps:
Open the command line
We write the command pnputil.exe –e
We write and execute the command
Installer
The Installer folder may contain files necessary for the system or programs, but there is a special third party application PatchCleaner, which will automatically determine what content can be removed:
PatchCleaner searches for outdated update files and allows you to move them to another media or completely delete them
Click the Browse button
Specify the path to the Installer folder
Click the Delete button
Confirm the action by clicking on the Yes button
Pagefile.sys
If you are confident that your computer will cope with the required tasks without the Pagefile.sys page file, you can remove it by following these steps:
Go to the “Advanced system settings” section
Click the “Options” button
Click the “Change” button in the “Advanced” tab
Set the required parameters
Reboot the computer
Folders with history, cache and browser cookies
Browser files can take up a large amount of disk space. The easiest and safest way to remove them is through the settings of the browser itself: 
Marking the files. which should be deleted from the browser history
Set the “All time” parameter and clear the history
Problems with disk cleanup
If, after you have deleted any files from the system folder, errors appear or the computer begins to slow down, there is only one thing left to do - perform a system restore. This could happen due to incorrect disk cleanup or deletion. necessary files. System recovery is only possible if there are restore points on the computer:
Start the computer in safe mode
Open the System Restore application
Click the “Next” button
Selecting a restore point
Video: Restoring Windows 7
What to do if there is no “Clean up system files” button
If, when trying to free up disk space using the standard cleaning method, you are faced with the absence of a “Clean up” button system files", this means that you have disabled UAC (control accounts), and the program starts immediately with the ability to clean system files. That is, clicking the “Clean up system files” button gives you administrator rights and with them the ability to edit and clean up system folders. But if UAC is disabled, then you have access to changing system files immediately and clicking any additional buttons no need.
If the "Clean up system files" button is missing, User Account Control is disabled
If you want to clean up disk space or are sure that part of the virus remains in the system files, then in this case the operating system itself has a standard and advanced disk cleaning function. You can also use third-party programs or clean each folder separately. But you shouldn’t delete everything, otherwise it will damage your computer, and the only way out will be to roll back the system to the last restore point.
