(OT) Autocomplete suggestions/entries in IE.

  • Thread starter Thread starter Phoenix
  • Start date Start date
P

Phoenix

Using Win98SE/IE5.5

One of the things that *some* of us like to do is to clear our intenet
surfing traces.
Things like History, Temporary Internet Files, Cookies and Typed URL's
spring to mind.
There are a number of apps which will remove this data with comparative
ease.

What doesn't seem to be tackled is autocomplete data, for example the
prompting you get when typing a query into a search engine like Google (I'm
not talking about the Google toolbar where you can easily clear the search
history) or filling web forms.

Having done a comprehensive search, the ONLY place that the data seems to be
stored is is the file USER.DAT. So far as I am aware, this is one of the TWO
files which store the registry data, the other being SYSTEM.DAT.

Given that both of these seem to be binary files, and are both quite large,
it would seem impossible to manually clean them. Also, it is quite possible
that one could cause registry corruption if one attempted to do so. Doing a
registry search does not bring up the entries even though they ARE inside
USER.DAT.

The question therefore is this. Does anyone know if an app has ever been
developed (or a method) to safely remove autocomplete data from USER.DAT?

(This) enquiring mind would like to know. Many thanks.
 
Using Win98SE/IE5.5

One of the things that *some* of us like to do is to clear our intenet
surfing traces.
Things like History, Temporary Internet Files, Cookies and Typed URL's
spring to mind.
There are a number of apps which will remove this data with comparative
ease.

What doesn't seem to be tackled is autocomplete data, for example the
prompting you get when typing a query into a search engine like Google (I'm
not talking about the Google toolbar where you can easily clear the search
history) or filling web forms.
<snip>
Click to expand...

In Internet Explorer: Tools/Internet Options/Content tab/AutoComplete
button.
 
Phoenix said:
Using Win98SE/IE5.5

One of the things that *some* of us like to do is to clear our intenet
surfing traces.
Things like History, Temporary Internet Files, Cookies and Typed URL's
spring to mind.
There are a number of apps which will remove this data with comparative
ease.

What doesn't seem to be tackled is autocomplete data, for example the
prompting you get when typing a query into a search engine like Google (I'm
not talking about the Google toolbar where you can easily clear the search
history) or filling web forms.
Click to expand...

I think I saw someone in this thread answer that the GUI way to clear the
data is provided by MSIE, its CPL applet. "Internet Options" > "Content"
Tab. Or, a Run command: control inetcpl.cpl,,2. Look for "AutoComplete..."
There you can execute command to clear stored form data. Also that dialog
if you want to reset enabling / disabling the MSIE autocomplete option.
Having done a comprehensive search, the ONLY place that the data seems to be
stored is is the file USER.DAT. So far as I am aware, this is one of the TWO
files which store the registry data, the other being SYSTEM.DAT.
Click to expand...

This is the time for a registry monitor. You could use, for example, RegShot
(28k zip). Take a "before" snapshot of your registry. Then do the action
that will write to your registry. The action I used was to type a search
term into Google, with iexplore.exe the interface. Then immediately take an
"after" snapshot.

The output report shows which section in the registry gets written to:

HKLM\Software\Microsoft\Protected Storage System Provider\ ...

Pasting that into a registry editor (eg RegMagik), that gives you a visual
look of the layout of that section. Many of the value names are discernable:
acct user names, past searches, form data like zipcodes, etc. Yet the value
data entries themselves, that's binary, and unreadable to my eyes.

I put the part of the regkey path above into Google. Came back with an
interesting little program.

| pStoreReader Björn Stickler http://www.stickler.de/software.aspx
|
| This tool dumps the data from the Windows Registry Protected Storage
| System (outlook passwords, ie passwords and formdata, ...).
|
| http://www.stickler.de/downloads/pStoreReader.zip (25k zip)

It's commandline. So you'd do an approach, for instance, of a notepad .bat
file that has a redirect command: pstorereader>formdata.txt. pStorereader
outputs that binary stored data, into readable strings. Passwords, I assume,
too? I don't let MSIE store my passwords, just the other stuff, so I can't
say definitely, but assume those are just as quick.

I used pStoreReader at the beginning of this post. Saw some old search
terms I used, tons of transient usernames from web forms, forgotten email
address I had, etc. Then I did the thing with the CPL applet, telling it
to clear all my data. I expected the outcome to be sloppy-Windows, and
only partial. However, pStoreReader's afterwards run showed up a nice
clean output file.

The full regkey, by the way, I did not list it earlier, in part because
it's so long. The subkey after Protected Storage System Provider, it
will vary; it's the currently logged on user. Then a key named data.
And then this number, twice:


\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\

Google brings up a few hits for that string. The one I took a glance at
was at http://www.kellys-korner-xp.com/. Some info there for if you want to
selectively clear certain form history fields - well, at least those related
to Google (the only section I read on that). Using your regeditor, or else
a reg script file. As opposed to just wiping the totality of stored form
data out, using the MSIE cpl dialog.

[...]
Doing a registry search does not bring up the entries even though they ARE
inside USER.DAT.
Click to expand...

Since these values in question are stored binary. MSFT perhaps decided that
it's protecting our privacy. Have you noticed, that the TypedURLs history,
in the registry, MSFT uses this really fancy encryption scheme for that one?
ROT13. (This is fact, the ROT13 use.)

Re this other, the forms data - I'd bumped into pstores.exe, and the
Protected Storage System subkey, for other reasons, but never really
looked until now, how it puts together, with Autocomplete. Ah, and main
thing, result of your question. It was fun to find that teeny toy that
so effortlessly unfolds all our MSIE "Protected" form data out to a plain
text file.
 
omega said:
I put the part of the regkey path above into Google. Came back with an
interesting little program.

| pStoreReader Björn Stickler http://www.stickler.de/software.aspx
|
| This tool dumps the data from the Windows Registry Protected Storage
| System (outlook passwords, ie passwords and formdata, ...).
|
| http://www.stickler.de/downloads/pStoreReader.zip (25k zip)

It's commandline. So you'd do an approach, for instance, of a notepad .bat
file that has a redirect command: pstorereader>formdata.txt. pStorereader
outputs that binary stored data, into readable strings. Passwords, I assume,
too? I don't let MSIE store my passwords, just the other stuff, so I can't
say definitely, but assume those are just as quick.
Click to expand...

I tried running pStoreReader on my Windows 98 machine, and it didn't
work. It just had an error message. So I decided to research
pStoreReader some more.

I found this message:
http://groups.google.com/[email protected]_remove_nospam

| There is one version of mIRC variant that included PStor.EXE file.
This is
| a program to steal username and passwords stored via pstorec.dll,
which
| include some IE and Web Outlook. PStor.EXE is actually the
program
| pStoreReader, and you can find the .exe and source code at
| http://intex.ath.cx. I first saw this variant in 10/23/2002, and
it has
| surfaced again.

Is pStoreReader safe to use by itself and the version of mIRC variant
is only using it to get the information?

I also found a freeware program called Protected Storage PassView
(pspv):

http://nirsoft.multiservers.com/utils/pspv.html

I was impressed with Protected Storage PassView.

My question is are pStoreReader & Protected Storage PassView both free
of spyware?

Thanks,
Dwane
 
(e-mail address removed) (Dwane):
I tried running pStoreReader on my Windows 98 machine, and it didn't
work. It just had an error message.
Click to expand...

It works fine on my w98 machine. You used a command like the one I did?
So I decided to research pStoreReader some more.

I found this message:
http://groups.google.com/[email protected]_remove_nospam

| There is one version of mIRC variant that included PStor.EXE file.
| This is a program to steal username and passwords stored via pstorec.dll,
| which include some IE and Web Outlook. PStor.EXE is actually the
| program pStoreReader, and you can find the .exe and source code at
| http://intex.ath.cx. I first saw this variant in 10/23/2002, and

Is pStoreReader safe to use by itself and the version of mIRC variant
is only using it to get the information?
Click to expand...

They're discussing there trojans who bundle pStoreReader as a malign tool.
pStoteReader is not a trojan. It is precisely what it says it is, and no
more: a password reader. So, yonder, in some trojan(s), it is getting snuck
in together with some other PEs, for some stupid juvenile attempts at
stealing passwords... If you download a program that secretly includes
pStoreReader, yes, then you have malware.

But downloading pStoreReader yourself, to read your own passwords and data,
well, that's an independent matter, and clean.
I also found a freeware program called Protected Storage PassView
(pspv):

http://nirsoft.multiservers.com/utils/pspv.html

I was impressed with Protected Storage PassView.

My question is are pStoreReader & Protected Storage PassView both free
of spyware?
Click to expand...

NirSoft has many great utilities, and yes, trustworthy. The link you post
is ideal for the subject of this thread; it has a good clear outline about
the Protected [sic] Storage System. I downloaded the utility just now (28k
zip) and the program has a very nice interface (Nirsoft is good that way).
Since I recently deleted all my data in that key, I don't have much to look
over. Yet just glancing at the commands (which include export raw data,
to .reg format), it strikes me that this program is very much superior to
the single-function commandline one.

Thank you for the link!
 
Phoenix said:
Using Win98SE/IE5.5

One of the things that *some* of us like to do is to clear our intenet
surfing traces. Things like History, Temporary Internet Files, Cookies
and Typed URL's spring to mind. There are a number of apps which will
remove this data with comparative ease.

What doesn't seem to be tackled is autocomplete data, for example the
prompting you get when typing a query into a search engine like Google (I'm
not talking about the Google toolbar where you can easily clear the search
history) or filling web forms.
Click to expand...

I'd earlier posted a reply that you can use the MSIE applet, to clear
all your Autocomplete data. Now, what if you want to selectively clear
only certain entries, after visually reviewing them? Today, Dwane
(e-mail address removed) posted about a utility which looks quite
perfect for this purpose.

Protected Storage PassView (pspv):
http://nirsoft.multiservers.com/utils/pspv.html
 
omega said:
It works fine on my w98 machine. You used a command like the one I did?
Click to expand...

Here is the error that it gives:

"This application has requested the Runtime to terminate it in an
unusual way.
Please contact the application's support team for more information."

I think it may be a conflict with some other software that I have
installed. I'm very happy with Protected Storage PassView, so I'm not
worried about getting pStoreReader to work.
Is pStoreReader safe to use by itself and the version of mIRC variant
is only using it to get the information?
Click to expand...

They're discussing there trojans who bundle pStoreReader as a malign tool.
pStoteReader is not a trojan. It is precisely what it says it is, and no
more: a password reader. So, yonder, in some trojan(s), it is getting snuck
in together with some other PEs, for some stupid juvenile attempts at
stealing passwords... If you download a program that secretly includes
pStoreReader, yes, then you have malware.

But downloading pStoreReader yourself, to read your own passwords and data,
well, that's an independent matter, and clean.
....
My question is are pStoreReader & Protected Storage PassView both free
of spyware?
Click to expand...

NirSoft has many great utilities, and yes, trustworthy. The link you post
is ideal for the subject of this thread; it has a good clear outline about
the Protected [sic] Storage System. I downloaded the utility just now (28k
zip) and the program has a very nice interface (Nirsoft is good that way).
Since I recently deleted all my data in that key, I don't have much to look
over. Yet just glancing at the commands (which include export raw data,
to .reg format), it strikes me that this program is very much superior to
the single-function commandline one.
Click to expand...

Thanks for answering my questions. I'm new to this newsgroup and
appreciate your help.
Thank you for the link!
Click to expand...

Glad the link was helpful. :)

Thanks again,
Dwane
 
Back
Top