SMalik
-
Posts
1,747 -
Joined
-
Last visited
Posts posted by SMalik
-
-
Revised entry
Added: %LocalAppData%\Packages\Microsoft.WindowsNotepad_*\Settings|*.*|RECURSE
Files here keep information about Find and Replace words in Notepad.Changed: %LocalAppData%\Packages\Microsoft.WindowsNotepad_*\SystemAppData\Helium|*.*|RECURSE
I think RegKey1 and RegKey2 should be removed. These paths do not exist on Windows 10/11.
[Windows Notepad *]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Notepad
DetectFile=%LocalAppData%\Packages\Microsoft.WindowsNotepad_*
FileKey1=%LocalAppData%\Packages\Microsoft.WindowsNotepad_*\Settings|*.*|RECURSE
FileKey2=%LocalAppData%\Packages\Microsoft.WindowsNotepad_*\SystemAppData\Helium|*.*|RECURSE
RegKey1=HKCU\Software\Microsoft\Notepad|replaceString
RegKey2=HKCU\Software\Microsoft\Notepad|searchString -
Removed: xulstore.json
It stores Firefox window size and style.
{"chrome://browser/content/browser.xhtml":{"main-window":{"screenX":"230","screenY":"49","width":"1598","height":"968","sizemode":"normal"},"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""}}}
[Firefox Caches *]
LangSecRef=3026
Detect1=HKCU\Software\LibreWolf
Detect2=HKLM\Software\ComodoGroup\IceDragon
Detect3=HKLM\Software\FlashPeak\SlimBrowser
Detect4=HKLM\Software\Mozilla\Basilisk
Detect5=HKLM\Software\Mozilla\Pale Moon
Detect6=HKLM\Software\Mozilla\SeaMonkey
Detect7=HKLM\Software\Mozilla\Waterfox
DetectFile1=%AppData%\Mozilla\Firefox
DetectFile2=%LocalAppData%\Packages\Mozilla.Firefox_*
FileKey1=%AppData%\ArtistScope\ArtisBrowser\Profiles\*|*.corrupt|RECURSE
FileKey2=%AppData%\ArtistScope\ArtisBrowser\Profiles\*|AlternateServices.txt;notificationstore.json;parent.lock;serviceworker.txt;webappsstore.sqlite;cert9.db;ClientAuthRememberList.txt
FileKey3=%AppData%\ArtistScope\ArtisBrowser\Profiles\*\notificationstore|*
FileKey4=%AppData%\ArtistScope\ArtisBrowser\Profiles\*\security_state|*
FileKey5=%AppData%\ArtistScope\ArtisBrowser\Profiles\*\shader-cache|*
FileKey6=%AppData%\ArtistScope\ArtisBrowser\Profiles\*\storage\temporary|*|RECURSE
FileKey7=%AppData%\Comodo\IceDragon\Profiles\*|*.corrupt|RECURSE
FileKey8=%AppData%\Comodo\IceDragon\Profiles\*|AlternateServices.txt;notificationstore.json;parent.lock;serviceworker.txt;webappsstore.sqlite;cert9.db;ClientAuthRememberList.txt
FileKey9=%AppData%\Comodo\IceDragon\Profiles\*\notificationstore|*
FileKey10=%AppData%\Comodo\IceDragon\Profiles\*\security_state|*
FileKey11=%AppData%\Comodo\IceDragon\Profiles\*\shader-cache|*
FileKey12=%AppData%\Comodo\IceDragon\Profiles\*\storage\temporary|*|RECURSE
FileKey13=%AppData%\FlashPeak\SlimBrowser\Profiles\*|*.corrupt|RECURSE
FileKey14=%AppData%\FlashPeak\SlimBrowser\Profiles\*|AlternateServices.txt;notificationstore.json;parent.lock;serviceworker.txt;webappsstore.sqlite;cert9.db;ClientAuthRememberList.txt
FileKey15=%AppData%\FlashPeak\SlimBrowser\Profiles\*\notificationstore|*
FileKey16=%AppData%\FlashPeak\SlimBrowser\Profiles\*\security_state|*
FileKey17=%AppData%\FlashPeak\SlimBrowser\Profiles\*\shader-cache|*
FileKey18=%AppData%\FlashPeak\SlimBrowser\Profiles\*\storage\temporary|*|RECURSE
FileKey19=%AppData%\LibreWolf\Profiles\*|*.corrupt|RECURSE
FileKey20=%AppData%\LibreWolf\Profiles\*|AlternateServices.txt;notificationstore.json;parent.lock;serviceworker.txt;webappsstore.sqlite;cert9.db;ClientAuthRememberList.txt
FileKey21=%AppData%\LibreWolf\Profiles\*\notificationstore|*
FileKey22=%AppData%\LibreWolf\Profiles\*\security_state|*
FileKey23=%AppData%\LibreWolf\Profiles\*\shader-cache|*
FileKey24=%AppData%\LibreWolf\Profiles\*\storage\temporary|*|RECURSE
FileKey25=%AppData%\Moonchild Productions\*\Profiles\*|*.corrupt|RECURSE
FileKey26=%AppData%\Moonchild Productions\*\Profiles\*|AlternateServices.txt;notificationstore.json;parent.lock;serviceworker.txt;webappsstore.sqlite;cert9.db;ClientAuthRememberList.txt
FileKey27=%AppData%\Moonchild Productions\*\Profiles\*\notificationstore|*
FileKey28=%AppData%\Moonchild Productions\*\Profiles\*\security_state|*
FileKey29=%AppData%\Moonchild Productions\*\Profiles\*\shader-cache|*
FileKey30=%AppData%\Moonchild Productions\*\Profiles\*\storage\temporary|*|RECURSE
FileKey31=%AppData%\Mozilla\*\Profiles\*|*.corrupt|RECURSE
FileKey32=%AppData%\Mozilla\*\Profiles\*|AlternateServices.txt;notificationstore.json;parent.lock;serviceworker.txt;webappsstore.sqlite;cert9.db;ClientAuthRememberList.txt
FileKey33=%AppData%\Mozilla\*\Profiles\*\notificationstore|*
FileKey34=%AppData%\Mozilla\*\Profiles\*\security_state|*
FileKey35=%AppData%\Mozilla\*\Profiles\*\shader-cache|*
FileKey36=%AppData%\Mozilla\*\Profiles\*\storage\temporary|*|RECURSE
FileKey37=%AppData%\Waterfox\Profiles\*|*.corrupt|RECURSE
FileKey38=%AppData%\Waterfox\Profiles\*|AlternateServices.txt;notificationstore.json;parent.lock;serviceworker.txt;webappsstore.sqlite;cert9.db;ClientAuthRememberList.txt
FileKey39=%AppData%\Waterfox\Profiles\*\notificationstore|*
FileKey40=%AppData%\Waterfox\Profiles\*\security_state|*
FileKey41=%AppData%\Waterfox\Profiles\*\shader-cache|*
FileKey42=%AppData%\Waterfox\Profiles\*\storage\temporary|*|RECURSE
FileKey43=%LocalAppData%\Basilisk-Dev\Basilisk\Profiles\*\*cache*|*|REMOVESELF
FileKey44=%LocalAppData%\Basilisk-Dev\Basilisk\Profiles\*\Safebrowsing-failedupdate|*|REMOVESELF
FileKey45=%LocalAppData%\Basilisk-Dev\Basilisk\Profiles\*\thumbnails|*|REMOVESELF
FileKey46=%LocalAppData%\Flashpeak\SlimBrowser\Profiles\*\*cache*|*|REMOVESELF
FileKey47=%LocalAppData%\Flashpeak\SlimBrowser\Profiles\*\Safebrowsing-failedupdate|*|REMOVESELF
FileKey48=%LocalAppData%\Flashpeak\SlimBrowser\Profiles\*\thumbnails|*|REMOVESELF
FileKey49=%LocalAppData%\LibreWolf\Profiles\*\*cache*|*|REMOVESELF
FileKey50=%LocalAppData%\LibreWolf\Profiles\*\Safebrowsing-failedupdate|*|REMOVESELF
FileKey51=%LocalAppData%\LibreWolf\Profiles\*\thumbnails|*|REMOVESELF
FileKey52=%LocalAppData%\Moonchild Productions\*\Profiles\*\*cache*|*|REMOVESELF
FileKey53=%LocalAppData%\Moonchild Productions\*\Profiles\*\Safebrowsing-failedupdate|*|REMOVESELF
FileKey54=%LocalAppData%\Moonchild Productions\*\Profiles\*\thumbnails|*|REMOVESELF
FileKey55=%LocalAppData%\Mozilla\*\Profiles\*\*cache*|*|REMOVESELF
FileKey56=%LocalAppData%\Mozilla\*\Profiles\*\Safebrowsing-failedupdate|*|REMOVESELF
FileKey57=%LocalAppData%\Mozilla\*\Profiles\*\thumbnails|*|REMOVESELF
FileKey58=%LocalAppData%\Packages\Mozilla.Firefox_*\AC|*|RECURSE
FileKey59=%LocalAppData%\Packages\Mozilla.Firefox_*\LocalCache\Roaming\Mozilla\Firefox\Profiles\*|*.corrupt|RECURSE
FileKey60=%LocalAppData%\Packages\Mozilla.Firefox_*\LocalCache\Roaming\Mozilla\Firefox\Profiles\*|AlternateServices.txt;notificationstore.json;parent.lock;serviceworker.txt;webappsstore.sqlite;cert9.db;ClientAuthRememberList.txt
FileKey61=%LocalAppData%\Packages\Mozilla.Firefox_*\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\*cache*|*|RECURSE
FileKey62=%LocalAppData%\Packages\Mozilla.Firefox_*\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\notificationstore|*
FileKey63=%LocalAppData%\Packages\Mozilla.Firefox_*\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\security_state|*
FileKey64=%LocalAppData%\Packages\Mozilla.Firefox_*\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\storage\temporary|*|RECURSE
FileKey65=%LocalAppData%\Packages\Mozilla.Firefox_*\Settings|*.log*
FileKey66=%LocalAppData%\Packages\Mozilla.Firefox_*\TempState|*|RECURSE
FileKey67=%LocalAppData%\Waterfox\Profiles\*\*cache*|*|REMOVESELF
FileKey68=%LocalAppData%\Waterfox\Profiles\*\Safebrowsing-failedupdate|*|REMOVESELF
FileKey69=%LocalAppData%\Waterfox\Profiles\*\thumbnails|*|REMOVESELF
FileKey70=%LocalAppData%\Waterfox\Profiles\Profiles\*\Safebrowsing-failedupdate|*|REMOVESELF
FileKey71=%LocalAppData%\Waterfox\Profiles\Profiles\*\thumbnails|*|REMOVESELF
FileKey72=%ProgramData%\Mozilla*|cache2.*
FileKey73=%ProgramFiles%\Basilisk|*.tmp|RECURSE
FileKey74=%ProgramFiles%\Firefox*|*.tmp|RECURSE
FileKey75=%ProgramFiles%\LibreWolf|*.tmp|RECURSE
FileKey76=%ProgramFiles%\Mozilla*|*.tmp;*_tmp.exe|RECURSE
FileKey77=%ProgramFiles%\Pale Moon|*.tmp|RECURSE
FileKey78=%ProgramFiles%\SeaMonkey|*.tmp|RECURSE
FileKey79=%ProgramFiles%\SlimBrowser|*.tmp|RECURSE
FileKey80=%ProgramFiles%\Waterfox|*.tmp|RECURSE
FileKey81=%ProgramFiles%\WindowsApps\Mozilla.Firefox_*\VFS\ProgramFiles\Firefox Package Root|*.tmp;*_tmp.exe|RECURSE
FileKey82=%UserProfile%\AppData\LocalLow\Mozilla\Temp-*|*|REMOVESELF -
New entry
[Firefox Jump List Cache *]
LangSecRef=3026
DetectFile1=%AppData%\Mozilla\Firefox
DetectFile2=%LocalAppData%\Packages\Mozilla.Firefox_*
FileKey1=%LocalAppData%\Mozilla\Firefox\Profiles\*\jumpListCache|*|RECURSE -
3 hours ago, SMalik said:
Revised entry
Added:
%WinDir%\Backup|*|RECURSE
%WinDir%\AppCompat\pca|*.txt[Windows Logs *]
Revised entry
I made a mistake in the previous post. This is correct.
Added:
%WinDir%\AppCompat\Backup|*.json
%WinDir%\AppCompat\pca|*.txt[Windows Logs *]
LangSecRef=3025
Detect=HKLM\Software\Microsoft\Windows
FileKey1=%LocalAppData%\ConnectedDevicesPlatform|*.log
FileKey2=%LocalAppData%\Diagnostics|*|RECURSE
FileKey3=%LocalAppData%\Microsoft\Dialer|*.log.txt
FileKey4=%LocalAppData%\Microsoft\msipc\Logs|*
FileKey5=%LocalAppData%\Microsoft\Portable Devices|wpdlog*.sqm
FileKey6=%LocalAppData%\Microsoft\Windows\Explorer|*.etl
FileKey7=%ProgramData%\Microsoft\Diagnosis\DownloadedSettings|*.json.bk
FileKey8=%ProgramData%\Microsoft\Diagnosis\ETLLogs|*|RECURSE
FileKey9=%ProgramData%\Microsoft\DiagnosticLogCSP|*|RECURSE
FileKey10=%ProgramData%\Microsoft\Network\Downloader|*|RECURSE
FileKey11=%ProgramData%\Microsoft\WDF|*|RECURSE
FileKey12=%ProgramData%\Microsoft\Windows Security Health\Logs|*|RECURSE
FileKey13=%ProgramData%\Microsoft\Windows\wfp|*.etl
FileKey14=%ProgramData%\USOShared\Logs|*|RECURSE
FileKey15=%ProgramFiles%\UNP\*Logs|*
FileKey16=%SystemDrive%|DumpStack.log
FileKey17=%SystemDrive%\PerfLogs\System\Diagnostics|*|RECURSE
FileKey18=%SystemDrive%\PerfLogs\System\Performance|*|RECURSE
FileKey19=%WinDir%|*.log
FileKey20=%WinDir%\AppCompat\Backup|*.json
FileKey21=%WinDir%\AppCompat\pca|*.txt
FileKey22=%WinDir%\AppCompat\Programs|*.txt;*.xml
FileKey23=%WinDir%\AppCompat\Programs\Install|*.txt;*.xml
FileKey24=%WinDir%\debug|*.log|RECURSE
FileKey25=%WinDir%\INF|*.etl;*.log*
FileKey26=%WinDir%\Logs|*.etl;*.log|RECURSE
FileKey27=%WinDir%\Logs\CBS|*.cab
FileKey28=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html;*GatherPnPList.log;*.tmp
FileKey29=%WinDir%\Panther\FastCleanup|*.log
FileKey30=%WinDir%\Panther\Rollback|*.txt
FileKey31=%WinDir%\Panther\UnattendGC|diag*.xml;setup*.log
FileKey32=%WinDir%\repair|setup.log
FileKey33=%WinDir%\security\logs|*|RECURSE
FileKey34=%WinDir%\ServiceProfiles\NetworkService\debug|*.log
FileKey35=%WinDir%\System32\CatRoot|*.tmp
FileKey36=%WinDir%\System32\CatRoot_bak|*|REMOVESELF
FileKey37=%WinDir%\System32\catroot2|*.chk;*.log;*.jrs;*.txt
FileKey38=%WinDir%\System32\LogFiles|*|RECURSE
FileKey39=%WinDir%\System32\Logs|*.etl
FileKey40=%WinDir%\System32\NDF|*.etl
FileKey41=%WinDir%\System32\SleepStudy|*.etl|RECURSE
FileKey42=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml;*.log
FileKey43=%WinDir%\System32\WDI\*|*.etl*|REMOVESELF
FileKey44=%WinDir%\System32\WDI\LogFiles\StartupInfo|*|RECURSE
FileKey45=%WinDir%\Temp|*.log
RegKey1=HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications
RegKey2=HKLM\Software\Microsoft\Tracing
RegKey3=HKLM\Software\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications
RegKey4=HKLM\Software\Wow6432Node\Microsoft\Tracing -
It has been more than two months and no update.
-
What happened to all of the Microsoft store apps entries?
-
New entry
[Western Digital Dashboard *]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Western Digital\SSD Dashboard
FileKey1=%LocalAppData%\Western Digital\Dashboard\cache\QtWebEngine\Default\Cache|*|RECURSE
FileKey2=%LocalAppData%\Western Digital\Dashboard\QtWebEngine\Default|*.old
FileKey3=%LocalAppData%\Western Digital\Dashboard\QtWebEngine\Default\GPUCache|*|RECURSE
FileKey4=%ProgramFiles%\Western Digital\SSD Dashboard|dashboard.log -
Revised entry
Added:
%ProgramData%\Wondershare\dr.fone\ThumbnailCache
%ProgramData%\Wondershare\dr.fone\iOSTemp|*.*|RECURSE
%ProgramData%\Wondershare\dr.fone\log|*.log
%ProgramData%\Wondershare\dr.fone\Sparrow|*.bak;*.log[Wondershare Dr.Fone *]
LangSecRef=3021
DetectFile=%ProgramFiles%\Wondershare\Wondershare Dr.Fone
FileKey1=%AppData%\DataEraser_Temp|*.*|RECURSE
FileKey2=%ProgramData%\Wondershare\dr.fone\ThumbnailCache
FileKey3=%ProgramData%\Wondershare\dr.fone\Wondershare_DataEraser_Clean|*.*|RECURSE
FileKey4=%ProgramData%\Wondershare\dr.fone\iOSTemp|*.*|RECURSE
FileKey5=%ProgramData%\Wondershare\dr.fone\log|*.log
FileKey6=%ProgramData%\Wondershare\dr.fone\Sparrow|*.bak;*.log
FileKey7=%ProgramData%\Wondershare\DriverInstall|*.log
FileKey8=%ProgramData%\Wondershare\WSRoot|*.tmp
FileKey9=%ProgramData%\WsAppHelper\Dr.Fone|*.log
FileKey10=%ProgramFiles%\Wondershare\dr.fone\ThumbnailCache|*.*|RECURSE
FileKey11=%ProgramFiles%\Wondershare\MirrorGo\Log|*.*|RECURSE -
Revised entry
FileKey3, 4, 5, 6, 11 changed from |*|RECURSE to |*.*|RECURSE[Adobe *]
LangSecRef=3023
Detect=HKCU\Software\Adobe
FileKey1=%AppData%\Adobe|*.log|RECURSE
FileKey2=%AppData%\Adobe\Acrobat\Distiller*|*.log
FileKey3=%AppData%\Adobe\Common\* Cache*|*.*|RECURSE
FileKey4=%AppData%\Adobe\Common\Peak Files|*.*|RECURSE
FileKey5=%AppData%\Adobe\CRLogs|*.*|RECURSE
FileKey6=%AppData%\Adobe\LogTransport2\Logs|*.*|RECURSE
FileKey7=%CommonProgramFiles%\Adobe\Creative Cloud Libraries|*.log|RECURSE
FileKey8=%CommonProgramFiles%\Adobe\Installers|*.log*|RECURSE
FileKey9=%LocalAppData%\Adobe|*.Log|RECURSE
FileKey10=%LocalAppData%\Adobe\ARM|*.*|RECURSE
FileKey11=%ProgramData%\Adobe\ARM|*.*|RECURSE
FileKey12=%ProgramFiles%\Adobe\Adobe Creative Cloud Experience\js\node_modules\table-parser\test\output|*.log
FileKey13=%UserProfile%\Documents\Adobe|*.log|RECURSE
RegKey1=HKCU\Software\Adobe\Adobe ARM\1.0\ARM|tLastT_Reader
RegKey2=HKCU\Software\Adobe\Adobe Customization Wizard 8\Recent File List
RegKey3=HKCU\Software\Adobe\Adobe Customization Wizard 9\Recent File List
RegKey4=HKCU\Software\Adobe\Adobe Customization Wizard X\Recent File List
RegKey5=HKCU\Software\Adobe\Adobe Customization Wizard XI\Recent File List -
Revised entry name from [Groove Media Player *] to [Media Player *]
[Media Player *]
LangSecRef=3023
DetectFile=%LocalAppData%\Packages\Microsoft.ZuneMusic_*
FileKey1=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC|*|RECURSE
FileKey2=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalCache\Image|*|RECURSE
FileKey3=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalCache\PlayReady|*|RECURSE
FileKey4=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState|*.tmp;AppState.json*;*.db*
FileKey5=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\Database\*|*.log
FileKey6=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\ImageCache|*|RECURSE
FileKey7=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\ImageRetrievalFailure|*|RECURSE
FileKey8=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\ImageStore|*|RECURSE
FileKey9=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\navigationHistory|*|RECURSE
FileKey10=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\PlayReady|*|RECURSE
FileKey11=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\Settings|*.log*
FileKey12=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\TempState|*|RECURSE
RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe\SearchHistory -
Revised entry
Removed as it is already included into built-in entry
%LocalAppData%\Microsoft\OneDrive\Logs|*|RECURSE[Microsoft OneDrive *]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\OneDrive
DetectFile=%LocalAppData%\Packages\microsoft.microsoftskydrive_*
FileKey1=%LocalAppData%\Microsoft\OneDrive\Setup\Logs|*|RECURSE
FileKey2=%LocalAppData%\Microsoft\Windows\OneDrive\logs|*|RECURSE
FileKey3=%LocalAppData%\OneDrive\Cache|*|RECURSE
FileKey4=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\AC|*|RECURSE
FileKey5=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\LocalCache|*|RECURSE
FileKey6=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\LocalState\Logs|*.log
FileKey7=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\Settings|*.log*
FileKey8=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\TempState|*|RECURSE
FileKey9=%ProgramFiles%\Microsoft OneDrive\Setup\Logs|*
FileKey10=%WinDir%\System32\config\systemprofile\AppData\Local\Microsoft\OneDrive\Logs|*|RECURSE
FileKey11=%WinDir%\System32\config\systemprofile\AppData\Local\Microsoft\OneDrive\Setup\Logs|*|RECURSE
FileKey12=%WinDir%\System32\LogFiles\CloudFiles|*|RECURSE
FileKey13=%WinDir%\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OneDrive\Logs|*|RECURSE
FileKey14=%WinDir%\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OneDrive\Setup\Logs|*|RECURSE
RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.microsoftskydrive_8wekyb3d8bbwe\PersistedPickerData\microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive\DefaultOpenFileMultiple|LastLocation
RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.microsoftskydrive_8wekyb3d8bbwe\SearchHistory -
I think [Adobe Acrobat Distiller *] and [Adobe Acrobat *] entries should be separated
[Adobe Acrobat Distiller *]
LangSecRef=3021
Detect=HKCU\Software\Adobe\Acrobat Distiller
FileKey1=%AppData%\Adobe\Acrobat\Distiller*\Cache|*
FileKey2=%LocalAppData%\Adobe\Acrobat\Distiller*\Cache|*
RegKey1=HKCU\Software\Adobe\Acrobat Distiller\PrinterJobControl[Adobe Acrobat *]
LangSecRef=3021
Detect=HKCU\Software\Adobe\Adobe Acrobat
FileKey1=%AppData%\Adobe\Acrobat\DC\Security\CRLCache|*|RECURSE
FileKey2=%AppData%\Adobe\OOBE|dlcanalytics.db
FileKey3=%LocalAppData%|oobelibMkey.log
FileKey4=%LocalAppData%\Adobe\Acrobat|*.idx|RECURSE
FileKey5=%LocalAppData%\Adobe\Acrobat\*DC\Cache|*.lst
FileKey6=%LocalAppData%\Adobe\Acrobat\11.0|UserCache.bin
FileKey7=%LocalAppData%\Adobe\Acrobat\DC|*.lst;Exchange-ProMessages;IconCacheAcro*.dat;SharedDataEvents;UserCache*.bin
FileKey8=%LocalAppData%\Adobe\Acrobat\DC\ProtectedView|*.lst;UserCache*.bin
FileKey9=%LocalAppData%\Adobe\Acrobat\DC\ToolsSearchCacheAcro|*|RECURSE
FileKey10=%LocalAppData%\Adobe\AcroCef\DC\Acrobat\Cache|*|RECURSE
FileKey11=%LocalAppData%\Adobe\AcroCef\DC\Acrobat\Cookie|*
FileKey12=%LocalAppData%\Adobe\Color|*.lst
FileKey13=%LocalAppData%\Adobe\TypeSupport|*.lst
FileKey14=%UserProfile%\AppData\LocalLow\Adobe\Acrobat\DC|*-journal;Exchange-ProMessages
FileKey15=%UserProfile%\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB|notificationsDB
FileKey16=%UserProfile%\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync|*.db-shm;*.db-wal
FileKey17=%UserProfile%\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync|*.log
FileKey18=%UserProfile%\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Synchronizer|*-log.txt
FileKey19=%UserProfile%\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons|*|RECURSE
FileKey20=%UserProfile%\AppData\LocalLow\Adobe\Acrobat\DC\Search|*|RECURSE
FileKey21=%UserProfile%\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache|*|RECURSE
FileKey22=%UserProfile%\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie|*-journal
RegKey1=HKCU\Software\Adobe\Adobe Acrobat\11.0\AVGeneral\cRecentFolders
RegKey2=HKCU\Software\Adobe\Adobe Acrobat\2015\AVGeneral\cRecentFiles
RegKey3=HKCU\Software\Adobe\Adobe Acrobat\2015\AVGeneral\cRecentFolders
RegKey4=HKCU\Software\Adobe\Adobe Acrobat\2017\AVGeneral\cRecentFiles
RegKey5=HKCU\Software\Adobe\Adobe Acrobat\2017\AVGeneral\cRecentFolders
RegKey6=HKCU\Software\Adobe\Adobe Acrobat\2020\AVGeneral\cRecentFiles
RegKey7=HKCU\Software\Adobe\Adobe Acrobat\2020\AVGeneral\cRecentFolders
RegKey8=HKCU\Software\Adobe\Adobe Acrobat\DC\AVConnector\cIconCache
RegKey9=HKCU\Software\Adobe\Adobe Acrobat\DC\AVConversionFromPDF\cSettings
RegKey10=HKCU\Software\Adobe\Adobe Acrobat\DC\AVConversionToPDF\cSettings
RegKey11=HKCU\Software\Adobe\Adobe Acrobat\DC\AVGeneral|iNumAcrobatLaunches
RegKey12=HKCU\Software\Adobe\Adobe Acrobat\DC\AVGeneral|iNumOfAVDocsOpened
RegKey13=HKCU\Software\Adobe\Adobe Acrobat\DC\AVGeneral|uLastAppLaunchTimeStamp
RegKey14=HKCU\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cDockables
RegKey15=HKCU\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles
RegKey16=HKCU\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFolders
RegKey17=HKCU\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentToolsList
RegKey18=HKCU\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cToolbars
RegKey19=HKCU\Software\Adobe\Adobe Acrobat\DC\CompoundDocs\cStoredBinder
RegKey20=HKCU\Software\Adobe\Adobe Acrobat\DC\RememberedViews\cNoCategoryFiles
RegKey21=HKCU\Software\Adobe\Adobe Acrobat\DC\SessionManagement|uLastAppExitTimeStamp
RegKey22=HKCU\Software\Adobe\Adobe Acrobat\DC\ShareIdentity
RegKey23=HKCU\Software\Adobe\Adobe Synchronizer\DC -
-
Revised Entry
[Windows Shell - Folder View Settings *]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows
RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags
RegKey3=HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU
RegKey4=HKCU\Software\Microsoft\Windows\ShellNoRoam\BagsOn XP:
HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU
HKCU\Software\Microsoft\Windows\ShellNoRoam\BagsWindows after XP:
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagsRemoved unnecessary:
HKCU\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
HKCU\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bagshttps://www.jeroentielen.nl/explaining-the-bagsbagmru-registry-tree-trying/
New Entries[Windows Shell - Desktop View Settings *]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows
Warning=This will reset Desktop view settings to default.
RegKey1=HKCU\Software\Microsoft\Windows\Shell\BagMRU
RegKey2=HKCU\Software\Microsoft\Windows\Shell\BagsThis resets Desktop view settings to default. Also removes history of previously removed Desktop shortcuts.
[Notification Area Icons Cache *]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows
RegKey1=HKEY_CURRENT_USER\Control Panel\NotifyIconSettings
RegKey2=HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify -
Revised entry
Added: %CommonAppData%\Wondershare\dr.fone\ThumbnailCache|*.*|RECURSE
[Wondershare Dr.Fone *]
LangSecRef=3021
DetectFile=%ProgramFiles%\Wondershare\Wondershare Dr.Fone
FileKey1=%AppData%\DataEraser_Temp|*.*|RECURSE
FileKey2=%CommonAppData%\Wondershare\dr.fone\ThumbnailCache|*.*|RECURSE
FileKey3=%CommonAppData%\Wondershare\dr.fone\Wondershare_DataEraser_Clean|*.*|RECURSE
FileKey4=%CommonAppData%\Wondershare\DriverInstall|*.log
FileKey5=%CommonAppData%\Wondershare\WSRoot|*.tmp
FileKey6=%CommonAppData%\WsAppHelper\Dr.Fone|*.log
FileKey7=%ProgramFiles%\Wondershare\MirrorGo\Log|*.*|RECURSE -
On 20/03/2023 at 23:35, SMalik said:
I think we should have a separate entry for Intel Driver and Support Assistant
[Intel Driver and Support Assistant *]
LangSecRef=3024
Detect=HKCU\Software\Intel\Driver and Support Assistant
FileKey1=%CommonAppData%\Intel\DSA\Logs|*.bak;*.log;*.txt
FileKey2=%CommonAppData%\Intel\GCC|*.txt
FileKey3=%CommonAppData%\Intel\Intel Extreme Tuning Utility\Logs|*.*|RECURSE
FileKey4=%CommonAppData%\Intel\Logs|*.*|RECURSE
FileKey5=%WinDir%\System32\config\systemprofile\AppData\Local\Intel\GCC|*.txt[Intel Driver & Support Assistant *]
LangSecRef=3024
Detect=HKCU\Software\Intel\Driver and Support Assistant
FileKey1=%CommonAppData%\Intel\DSA\Logs|*.bak;*.log;*.txt
FileKey2=%CommonAppData%\Intel\GCC|*.txt
FileKey3=%CommonAppData%\Intel\Intel Extreme Tuning Utility\Logs|*.*|RECURSE
FileKey4=%CommonAppData%\Intel\Logs|*.*|RECURSE
FileKey5=%WinDir%\System32\config\systemprofile\AppData\Local\Intel\GCC|*.txt -
I think we should have a separate entry for Intel Driver and Support Assistant
[Intel Driver and Support Assistant *]
LangSecRef=3024
Detect=HKCU\Software\Intel\Driver and Support Assistant
FileKey1=%CommonAppData%\Intel\DSA\Logs|*.bak;*.log;*.txt
FileKey2=%CommonAppData%\Intel\GCC|*.txt
FileKey3=%CommonAppData%\Intel\Intel Extreme Tuning Utility\Logs|*.*|RECURSE
FileKey4=%CommonAppData%\Intel\Logs|*.*|RECURSE
FileKey5=%WinDir%\System32\config\systemprofile\AppData\Local\Intel\GCC|*.txt -
Revised entry
Added: FileKey6
[Windows Installer *]
LangSecRef=3025
Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\Installer
FileKey1=%SystemDrive%\Config.msi|*|REMOVESELF
FileKey2=%WinDir%\Installer|*.tmp|RECURSE
FileKey3=%WinDir%\Installer|SourceHash{*};wix{*}.SchedServiceConfig.rmi
FileKey4=%WinDir%\Installer\Config.Msi|*|REMOVESELF
FileKey5=%WinDir%\Installer\MSI*.tmp-|*|REMOVESELF
FileKey6=%WinDir%\System32\config\systemprofile\AppData\Local|*.tmp|RECURSE -
18 hours ago, SMalik said:
I think [Bing Maps *] and [Bing News *] names should be changed to [Maps *], [News *]
Micorsoft does not use “Bing” with their store apps anymore.
-
I think [Bing Maps *] and [Bing News *] names should be changed to [Maps *], [News *]
-
Revised entry
Changed FileKey4 to |*.*|RECURSE
[Wondershare UniConverter *]
LangSecRef=3023
Detect1=HKLM\Software\Wondershare\Wondershare UniConverter
Detect2=HKLM\Software\Wondershare\Wondershare UniConverter 13
FileKey1=%CommonAppData%\Wondershare\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Wondershare\UniConverter*\DataTrack|tmp;*.bak;*.log
FileKey3=%CommonAppData%\Wondershare\UniConverter*\TempThumbDir|*.*|RECURSE
FileKey4=%CommonAppData%\Wondershare\UniConverter*\UpdatePackge|*.*|RECURSE
FileKey5=%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE
FileKey6=%ProgramFiles%\Wondershare\*UniConverter*\Log|*.*|RECURSE
FileKey7=%Public%\Documents\Wondershare|*.*|REMOVESELF
FileKey8=%SystemDrive%|logWSVCUUpdateHelper.log
FileKey9=%SystemDrive%\Wondershare UniConverter\Downloaded\temp|*.*|REMOVESELF
FileKey10=%UserProfile%\.cache|*.*|REMOVESELF -
Revised entry
This should be removed: %AppData%\Techsmith\Snagit\Preferences\Output\*|*.*|REMOVESELF
[Snagit *]
LangSecRef=3021
Detect=HKCU\Software\TechSmith\Snagit
FileKey1=%CommonAppData%\TechSmith\Uploader|*.log
FileKey2=%Documents%|SnagitDebug.log
FileKey3=%Documents%\Snagit|*.snagx
FileKey4=%Documents%\Snagit\.metadata|*.*|RECURSE
FileKey5=%LocalAppData%\TechSmith\Logs|*.log
FileKey6=%LocalAppData%\TechSmith\Snagit|Tray.bin
FileKey7=%LocalAppData%\TechSmith\Snagit\*\NativeCrashReporting\Reports|*.dmp|RECURSE
FileKey8=%LocalAppData%\TechSmith\Snagit\*\WebView2Cache\EBWebView\*\GPUCache|*.*|REMOVESELF
FileKey9=%LocalAppData%\TechSmith\Snagit\CrashDumps|*.*|RECURSE
FileKey10=%LocalAppData%\TechSmith\Snagit\DataStore\AppIcons|*.ico
FileKey11=%LocalAppData%\TechSmith\Snagit\DataStore\WebSiteIcons|*.ico
FileKey12=%LocalAppData%\TechSmith\Snagit\Thumbnails|*.*|RECURSE
FileKey13=%LocalAppData%\TechSmith\Snagit\TrackerbirdFiles|*.log;*.logtmp
FileKey14=%Public%\TechSmith\Snagit\License|*.cache;*.log
RegKey1=HKCU\Software\TechSmith\Snagit\9|StampCustomFolder
RegKey2=HKCU\Software\TechSmith\Snagit\10|StampCustomFolder
RegKey3=HKCU\Software\TechSmith\Snagit\11|CaptureCount
RegKey4=HKCU\Software\TechSmith\Snagit\11|CaptureOpenCount
RegKey5=HKCU\Software\TechSmith\Snagit\11|OutputDirLastUsed
RegKey6=HKCU\Software\TechSmith\Snagit\11|VidOutputDirLastUsed
RegKey7=HKCU\Software\TechSmith\Snagit\11\SnagItEditor\Tray|Thumbnailsize
RegKey8=HKCU\Software\TechSmith\Snagit\12|CaptureCount
RegKey9=HKCU\Software\TechSmith\Snagit\12|CaptureOpenCount
RegKey10=HKCU\Software\TechSmith\Snagit\12|OutputDirLastUsed
RegKey11=HKCU\Software\TechSmith\Snagit\12|VidOutputDirLastUsed
RegKey12=HKCU\Software\TechSmith\Snagit\12\SnagItEditor\Tray|Thumbnailsize
RegKey13=HKCU\Software\TechSmith\Snagit\13|CaptureCount
RegKey14=HKCU\Software\TechSmith\Snagit\13|CaptureOpenCount
RegKey15=HKCU\Software\TechSmith\Snagit\13|OutputDirLastUsed
RegKey16=HKCU\Software\TechSmith\Snagit\13|VidOutputDirLastUsed
RegKey17=HKCU\Software\TechSmith\Snagit\13\Recent Captures
RegKey18=HKCU\Software\TechSmith\Snagit\13\SnagitEditor\Recent File List
RegKey19=HKCU\Software\TechSmith\Snagit\13\SnagItEditor\Tray|Thumbnailsize
RegKey20=HKCU\Software\TechSmith\Snagit\18|CaptureCount
RegKey21=HKCU\Software\TechSmith\Snagit\18|CaptureOpenCount
RegKey22=HKCU\Software\TechSmith\Snagit\18|OutputDirLastUsed
RegKey23=HKCU\Software\TechSmith\Snagit\18|VidOutputDirLastUsed
RegKey24=HKCU\Software\TechSmith\Snagit\18\Recent Captures
RegKey25=HKCU\Software\TechSmith\Snagit\18\SnagitEditor\Recent File List
RegKey26=HKCU\Software\TechSmith\Snagit\18\SnagItEditor\Tray|Thumbnailsize
RegKey27=HKCU\Software\TechSmith\Snagit\19|CaptureCount
RegKey28=HKCU\Software\TechSmith\Snagit\19|CaptureOpenCount
RegKey29=HKCU\Software\TechSmith\Snagit\19|OutputDirLastUsed
RegKey30=HKCU\Software\TechSmith\Snagit\19|VidOutputDirLastUsed
RegKey31=HKCU\Software\TechSmith\Snagit\19\Recent Captures
RegKey32=HKCU\Software\TechSmith\Snagit\19\SnagitEditor\Recent File List
RegKey33=HKCU\Software\TechSmith\Snagit\19\SnagItEditor\Tray|Thumbnailsize
RegKey34=HKCU\Software\TechSmith\Snagit\20|CaptureCount
RegKey35=HKCU\Software\TechSmith\Snagit\20|CaptureOpenCount
RegKey36=HKCU\Software\TechSmith\Snagit\20|OutputDirLastUsed
RegKey37=HKCU\Software\TechSmith\Snagit\20|VidOutputDirLastUsed
RegKey38=HKCU\Software\TechSmith\Snagit\20\Recent Captures
RegKey39=HKCU\Software\TechSmith\Snagit\20\SnagitEditor\Recent File List
RegKey40=HKCU\Software\TechSmith\Snagit\20\SnagItEditor\Tray|Thumbnailsize
RegKey41=HKCU\Software\TechSmith\Snagit\21|CaptureCount
RegKey42=HKCU\Software\TechSmith\Snagit\21|CaptureOpenCount
RegKey43=HKCU\Software\TechSmith\Snagit\21|OutputDirLastUsed
RegKey44=HKCU\Software\TechSmith\Snagit\21|VidOutputDirLastUsed
RegKey45=HKCU\Software\TechSmith\Snagit\21\Recent Captures
RegKey46=HKCU\Software\TechSmith\Snagit\21\SnagitEditor\Recent File List
RegKey47=HKCU\Software\TechSmith\Snagit\21\SnagItEditor\Tray|Thumbnailsize
RegKey48=HKCU\Software\TechSmith\Snagit\22|CaptureCount
RegKey49=HKCU\Software\TechSmith\Snagit\22|CaptureOpenCount
RegKey50=HKCU\Software\TechSmith\Snagit\22|OutputDirLastUsed
RegKey51=HKCU\Software\TechSmith\Snagit\22|VidOutputDirLastUsed
RegKey52=HKCU\Software\TechSmith\Snagit\22\Recent Captures
RegKey53=HKCU\Software\TechSmith\Snagit\22\SnagitEditor\Recent File List
RegKey54=HKCU\Software\TechSmith\Snagit\22\SnagItEditor\Tray|Thumbnailsize -
Revised entry
changed DetectFile
added FileKeys 1, 3, 4, 9, 10[Wondershare Dr.Fone *]
LangSecRef=3021
DetectFile=%ProgramFiles%\Wondershare\Wondershare Dr.Fone
FileKey1=%AppData%\DataEraser_Temp|*.*|RECURSE
FileKey2=%CommonAppData%\Wondershare\dr.fone\log|*.*|RECURSE
FileKey3=%CommonAppData%\Wondershare\dr.fone\Wondershare_DataEraser_Clean|*.*|RECURSE
FileKey4=%CommonAppData%\Wondershare\DriverInstall|*.log
FileKey5=%CommonAppData%\Wondershare\WAF\Log|*.*|RECURSE
FileKey6=%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE
FileKey7=%CommonAppData%\Wondershare\WSRoot|*.tmp
FileKey8=%CommonAppData%\Wondershare\WSRoot\Logs|*.*|RECURSE
FileKey9=%CommonAppData%\WsAppHelper\Dr.Fone|*.log
FileKey10=%ProgramFiles%\Wondershare\MirrorGo\Log|*.*|RECURSE -
Winapp2.ini additions
in CCleaner
Posted
Revised entry
Snip & Sketch app is now Snipping Tool. I think entry name should be changed to [Snipping Tool *]
[Windows Snip & Sketch *]
LangSecRef=3025
Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ScreenSketch_8wekyb3d8bbwe
FileKey1=%LocalAppData%\Packages\MicrosoftWindows.Client.*\TempState\ScreenClip|*
RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ScreenSketch_8wekyb3d8bbwe\PersistedPickerData\Microsoft.ScreenSketch_8wekyb3d8bbwe!App\AppSnipAndSketchFileSaveSettings|LastLocation
RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ScreenSketch_8wekyb3d8bbwe\PersistedPickerData\Microsoft.ScreenSketch_8wekyb3d8bbwe!App\DefaultOpenFileSingle|LastLocation