Jump to content

SMalik

Experienced Members
  • Posts

    1,747
  • Joined

  • Last visited

Everything posted by SMalik

  1. New Entries [Taskbar Favorites Statistics *] DetectOS=10.0| LangSecRef=3025 Detect=HKCU\SOFTWARE\Microsoft\Windows RegKey1=HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband|FavoritesChanges [Windows Media Player *] LangSecRef=3025 Detect=HKCU\SOFTWARE\Microsoft\MediaPlayer RegKey1=HKCU\SOFTWARE\Microsoft\MediaPlayer\Preferences|MostRecentFileAddOrRemove
  2. Revised Entry Removed FileKey3=%WinDir%\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Caches|*.*|RECURSE because this location does not exist. This is the correct location %WinDir%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Caches|*.*|RECURSE, but I think this should be excluded. [Windows Start Cache *] DetectOS=10.0| Section=Dangerous Windows Detect=HKCU\Software\Microsoft\Windows Warning=Use only in Windows Safe Mode. FileKey1=%CommonAppData%\Microsoft\Windows\Caches|*.*|RECURSE FileKey2=%LocalAppData%\Microsoft\Windows\Caches|*.*|RECURSE
  3. New Entry [Edge Stored Favicons *] LangSecRef=3006 DetectFile=%LocalAppData%\Microsoft\Edge* FileKey1=%LocalAppData%\Microsoft\Edge*\User Data\*\|Favicons
  4. I think we should go through all of the entries and see if any LangSecRef need to be corrected.
  5. Revised Entry Changed: LangSecRef from 3023 to 3021 [Mp3tag *] LangSecRef=3021 Detect=HKLM\Software\Florian Heidenreich\Mp3tag FileKey1=%AppData%\Mp3tag|Mp3tagError.log
  6. We can add the rest of the files.
  7. Revised Entry Removed: Detect2, Detect3, Detect4, Detect5 Added: Detect2=HKCU\Software\Nero %AppData%\Nero\Nero Start\cefcache.1\Cache|*.*|RECURSE %AppData%\Nero\Nero Start\cefcache.1\Code Cache|*.*|RECURSE %AppData%\Nero\Nero Start\cefcache.1\GPUCache|*.*|RECURSE %AppData%\Nero\Nero Start\cefcache.1\IndexedDB|*.*|RECURSE %AppData%\Nero\Nero Start\cefcache.1\Local Storage\leveldb|*.log;*.old;MANIFEST-000001 %AppData%\Nero\Nero Start\cefcache.1\Session Storage|*.log;*.old;MANIFEST-000001 %AppData%\Nero\Nero Start\cefcache.1|*.log;*.old;Cookies;Cookies-journal;MANIFEST-000001;QuotaManager;QuotaManager-journal;Visited Links %AppData%\Nero\Nero Start\logs|*.*|RECURSE %AppData%\Nero\Nero Start\temp|*.*|RECURSE %LocalAppData%\Nero\NeroKnowHowPLUS\*|*.cache %LocalAppData%\Nero\NeroKnowHowPLUS|*.log [Nero *] LangSecRef=3021 Detect1=HKCU\Software\Ahead Detect2=HKCU\Software\Nero FileKey1=%AppData%\Nero|NeroHistory.log FileKey2=%AppData%\Nero\Nero Burning ROM|*.log FileKey3=%AppData%\Nero\Nero*\Nero BackItUp\Cache|*.* FileKey4=%AppData%\Nero\Nero*\Nero Burning ROM|*.log FileKey5=%AppData%\Nero\Nero*\Nero Recode\AnalysisData|*.dat FileKey6=%AppData%\Nero\Nero*\Nero Recode\Thumbs|*.* FileKey7=%AppData%\Nero\Nero*\Nero Vision|*.txt;*.bin FileKey8=%AppData%\Nero\Nero*\Nero Vision\NVFACache|*.* FileKey9=%AppData%\Nero\Nero*\Nero3D|*.log FileKey10=%AppData%\Nero\Nero Start\cefcache.1\Cache|*.*|RECURSE FileKey11=%AppData%\Nero\Nero Start\cefcache.1\Code Cache|*.*|RECURSE FileKey12=%AppData%\Nero\Nero Start\cefcache.1\GPUCache|*.*|RECURSE FileKey13=%AppData%\Nero\Nero Start\cefcache.1\IndexedDB|*.*|RECURSE FileKey14=%AppData%\Nero\Nero Start\cefcache.1\Local Storage\leveldb|*.log;*.old;MANIFEST-000001 FileKey15=%AppData%\Nero\Nero Start\cefcache.1\Session Storage|*.log;*.old;MANIFEST-000001 FileKey16=%AppData%\Nero\Nero Start\cefcache.1|*.log;*.old;Cookies;Cookies-journal;MANIFEST-000001;QuotaManager;QuotaManager-journal;Visited Links FileKey17=%AppData%\Nero\Nero Start\logs|*.*|RECURSE FileKey18=%AppData%\Nero\Nero Start\temp|*.*|RECURSE FileKey19=%CommonAppData%\Nero\Nero BackItUp*\Cache|*.* FileKey20=%CommonAppData%\Nero\PeakFiles|*.tmp FileKey21=%LocalAppData%\Nero\Nero *\Nero Vision\Cache|*.* FileKey22=%LocalAppData%\Nero\Nero *\Nero Vision\Cache\GraphicObjectCache|*.* FileKey23=%LocalAppData%\Nero\NeroKnowHowPLUS\*|*.cache FileKey24=%LocalAppData%\Nero\NeroKnowHowPLUS|*.log RegKey1=HKCU\Software\ahead\Nero PhotoSnap\Recent File List RegKey2=HKCU\Software\Ahead\NeroSearch\NeroSavedSearches\SavedSearches RegKey3=HKCU\Software\ahead\NeroVision\2.0\RecentFiles RegKey4=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Compilation|VolumeLabelAutoTemplate RegKey5=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Compilation|VolumeLabelISOTemplate RegKey6=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Compilation|VolumelabelJolietTemplate RegKey7=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Compilation|VolumeLabelUDFTemplate RegKey8=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Recent File List RegKey9=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Settings|EncodingLastDir RegKey10=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Settings|NeroCompilation RegKey11=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Settings|TrackSaveDir RegKey12=HKCU\Software\Nero\Nero 11\Nero Burning ROM\Settings|WorkingDir RegKey13=HKCU\Software\Nero\Nero 11\Nero CoverDesigner\Recent File List RegKey14=HKCU\Software\Nero\Nero 11\Nero Express\Compilation|VolumeLabelAutoTemplate RegKey15=HKCU\Software\Nero\Nero 11\Nero Express\Compilation|VolumeLabelISOTemplate RegKey16=HKCU\Software\Nero\Nero 11\Nero Express\Compilation|VolumelabelJolietTemplate RegKey17=HKCU\Software\Nero\Nero 11\Nero Express\Compilation|VolumeLabelUDFTemplate RegKey18=HKCU\Software\Nero\Nero 11\Nero Express\General|OFDLastAudioDir RegKey19=HKCU\Software\Nero\Nero 11\Nero Express\General|OFDLastISODir RegKey20=HKCU\Software\Nero\Nero 11\Nero Express\General|OFDLastVideoDVDKey RegKey21=HKCU\Software\Nero\Nero 11\Nero Express\Recent File List RegKey22=HKCU\Software\Nero\Nero 11\Nero Express\Settings|BootImageDir RegKey23=HKCU\Software\Nero\Nero 11\Nero Express\Settings|BrowserDir RegKey24=HKCU\Software\Nero\Nero 11\Nero Express\Settings|ImageDir RegKey25=HKCU\Software\Nero\Nero 11\Nero Express\Settings|NeroCompilation RegKey26=HKCU\Software\Nero\Nero 11\Nero Express\Settings|TrackSaveDir RegKey27=HKCU\Software\Nero\Nero 11\Nero Express\Settings|WorkingDir RegKey28=HKCU\Software\Nero\Nero 11\Nero Toolkit\DiscSpeed\Capture|Folder RegKey29=HKCU\Software\Nero\Nero 11\Nero Toolkit\DiscSpeed\Save|Folder RegKey30=HKCU\Software\Nero\Nero 11\Nero Vision\Application|AudioDir RegKey31=HKCU\Software\Nero\Nero 11\Nero Vision\Application|CaptureDir RegKey32=HKCU\Software\Nero\Nero 11\Nero Vision\Application|DocDir RegKey33=HKCU\Software\Nero\Nero 11\Nero Vision\Application|ExportAudioDir RegKey34=HKCU\Software\Nero\Nero 11\Nero Vision\Application|ExportVideoDir RegKey35=HKCU\Software\Nero\Nero 11\Nero Vision\Application|ImportVideoDir RegKey36=HKCU\Software\Nero\Nero 11\Nero Vision\Application|MediaDir RegKey37=HKCU\Software\Nero\Nero 11\Nero Vision\Application|PicDir RegKey38=HKCU\Software\Nero\Nero 11\Nero Vision\Application|PicSaveDir RegKey39=HKCU\Software\Nero\Nero 11\Nero Vision\Application|TmpDir RegKey40=HKCU\Software\Nero\Nero 11\Nero Vision\Application|VideoDir RegKey41=HKCU\Software\Nero\Nero 11\Nero WaveEditor\Directories|Last RegKey42=HKCU\Software\Nero\Nero 11\Nero WaveEditor\Recent File List RegKey43=HKCU\Software\Nero\Nero 12\Nero Burning ROM\Compilation|VolumeLabelAutoTemplate RegKey44=HKCU\Software\Nero\Nero 12\Nero Burning ROM\Compilation|VolumeLabelISOTemplate RegKey45=HKCU\Software\Nero\Nero 12\Nero Burning ROM\Compilation|VolumelabelJolietTemplate RegKey46=HKCU\Software\Nero\Nero 12\Nero Burning ROM\Compilation|VolumeLabelUDFTemplate RegKey47=HKCU\Software\Nero\Nero 12\Nero Burning ROM\Settings|EncodingLastDir RegKey48=HKCU\Software\Nero\Nero 12\Nero Burning ROM\Settings|TrackSaveDir RegKey49=HKCU\Software\Nero\Nero 12\Nero Burning ROM\Settings|WorkingDir RegKey50=HKCU\Software\Nero\Nero 12\Nero Express\Compilation|VolumeLabelAutoTemplate RegKey51=HKCU\Software\Nero\Nero 12\Nero Express\Compilation|VolumeLabelISOTemplate RegKey52=HKCU\Software\Nero\Nero 12\Nero Express\Compilation|VolumelabelJolietTemplate RegKey53=HKCU\Software\Nero\Nero 12\Nero Express\Compilation|VolumeLabelUDFTemplate RegKey54=HKCU\Software\Nero\Nero 12\Nero Express\Settings|BootImageDir RegKey55=HKCU\Software\Nero\Nero 12\Nero Express\Settings|ImageDir RegKey56=HKCU\Software\Nero\Nero 12\Nero Express\Settings|NeroCompilation RegKey57=HKCU\Software\Nero\Nero 12\Nero Express\Settings|TrackSaveDir RegKey58=HKCU\Software\Nero\Nero 12\Nero Toolkit\DiscSpeed\Capture|Folder RegKey59=HKCU\Software\Nero\Nero 12\Nero Toolkit\DiscSpeed\Save|Folder RegKey60=HKCU\Software\Nero\Nero 12\Nero Vision\Application|AudioDir RegKey61=HKCU\Software\Nero\Nero 12\Nero Vision\Application|CaptureDir RegKey62=HKCU\Software\Nero\Nero 12\Nero Vision\Application|DocDir RegKey63=HKCU\Software\Nero\Nero 12\Nero Vision\Application|ExportAudioDir RegKey64=HKCU\Software\Nero\Nero 12\Nero Vision\Application|ExportVideoDir RegKey65=HKCU\Software\Nero\Nero 12\Nero Vision\Application|ImportVideoDir RegKey66=HKCU\Software\Nero\Nero 12\Nero Vision\Application|MediaDir RegKey67=HKCU\Software\Nero\Nero 12\Nero Vision\Application|PicDir RegKey68=HKCU\Software\Nero\Nero 12\Nero Vision\Application|PicSaveDir RegKey69=HKCU\Software\Nero\Nero 12\Nero Vision\Application|TmpDir RegKey70=HKCU\Software\Nero\Nero 12\Nero Vision\Application|VideoDir RegKey71=HKCU\Software\Nero\Nero 12\Nero WaveEditor\Directories|Last RegKey72=HKCU\Software\Nero\Nero Blu-ray Player\Settings|DefFolder RegKey73=HKCU\Software\Nero\Nero8\Cover Designer\Recent File List RegKey74=HKCU\Software\Nero\Nero8\Nero - Burning Rom\Recent File List
  8. Revised Entry Autopilot and Device Provisioning Diagnostic Logs Added: %CommonAppData%\Microsoft\DiagnosticLogCSP\Collectors|*.etl;*.etl.merged https://www.anoopcnair.com/mdm-diagnostics-tool-windows-autopilot/ [Windows Logs *] LangSecRef=3025 Detect=HKLM\Software\Microsoft\Windows FileKey1=%CommonAppData%\Microsoft\Diagnosis\DownloadedSettings|*.json.bk FileKey2=%CommonAppData%\Microsoft\DiagnosticLogCSP\Collectors|*.etl;*.etl.merged FileKey3=%CommonAppData%\Microsoft\Network\Downloader|*.*|RECURSE FileKey4=%CommonAppData%\Microsoft\WDF|*.*|RECURSE FileKey5=%CommonAppData%\Microsoft\Windows Security Health\Logs|*.*|RECURSE FileKey6=%CommonAppData%\USOShared\Logs|*.*|RECURSE FileKey7=%LocalAppData%\ConnectedDevicesPlatform|*.log FileKey8=%LocalAppData%\Diagnostics|*.*|RECURSE FileKey9=%ProgramFiles%\UNP\*Logs|*.* FileKey10=%SystemDrive%\PerfLogs\System\Diagnostics|*.*|RECURSE FileKey11=%SystemDrive%\PerfLogs\System\Performance|*.*|RECURSE FileKey12=%WinDir%\AppCompat\Programs|*.txt;*.xml FileKey13=%WinDir%\AppCompat\Programs\Install|*.txt;*.xml FileKey14=%WinDir%\debug\WIA|*.log FileKey15=%WinDir%\inf|*.log* FileKey16=%WinDir%\Logs\CBS|*.cab FileKey17=%WinDir%\Logs\dosvc|*.*|RECURSE FileKey18=%WinDir%\Logs\NetSetup|*.*|RECURSE FileKey19=%WinDir%\Logs\SIH|*.*|RECURSE FileKey20=%WinDir%\Logs\WindowsBackup|*.etl FileKey21=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html;PostGatherPnPList.log;PreGatherPnPList.log FileKey22=%WinDir%\Panther\FastCleanup|*.log FileKey23=%WinDir%\Panther\Rollback|*.txt FileKey24=%WinDir%\Panther\UnattendGC|diagerr.xml;diagwrn.xml FileKey25=%WinDir%\repair|setup.log FileKey26=%WinDir%\security\logs|*.*|RECURSE FileKey27=%WinDir%\System32\CatRoot|*.tmp FileKey28=%WinDir%\System32\catroot2|*.chk;*.log;*.jrs;*.txt FileKey29=%WinDir%\System32\LogFiles\HTTPERR|*.log FileKey30=%WinDir%\System32\LogFiles\Scm|*.*|RECURSE FileKey31=%WinDir%\System32\LogFiles\setupcln|*.*|RECURSE FileKey32=%WinDir%\System32\LogFiles\Srt|*.*|RECURSE FileKey33=%WinDir%\System32\LogFiles\WMI|*.*|RECURSE FileKey34=%WinDir%\System32\SleepStudy|*.etl FileKey35=%WinDir%\System32\SleepStudy\ScreenOn|*.etl FileKey36=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml;*.log FileKey37=%WinDir%\System32\WDI\*|snapshot.etl|REMOVESELF FileKey38=%WinDir%\System32\WDI\LogFiles\StartupInfo|*.*|RECURSE RegKey1=HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications RegKey2=HKLM\Software\Microsoft\Tracing RegKey3=HKLM\Software\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications RegKey4=HKLM\Software\Wow6432Node\Microsoft\Tracing
  9. Revised Entry Added: %LocalAppData%\Packages\Microsoft.YourPhone_*\AC\TokenBroker\Cache|*.*|RECURSE [Your Phone *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.YourPhone_8wekyb3d8bbwe FileKey1=%LocalAppData%\Packages\Microsoft.YourPhone_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.YourPhone_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.YourPhone_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.YourPhone_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.YourPhone_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.YourPhone_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.YourPhone_*\TempState|*.*|RECURSE
  10. New Entries [Storage Usage Statistics *] LangSecRef=3026 Detect1=HKLM\Software\ComodoGroup\IceDragon Detect2=HKLM\Software\FlashPeak\SlimBrowser Detect3=HKLM\Software\Mozilla\Basilisk Detect4=HKLM\Software\Mozilla\Pale Moon Detect5=HKLM\Software\Mozilla\SeaMonkey Detect6=HKLM\Software\Mozilla\Waterfox DetectFile=%AppData%\Mozilla\Firefox FileKey1=%AppData%\Comodo\IceDragon\Profiles\*|storage.sqlite FileKey2=%AppData%\FlashPeak\SlimBrowser\Profiles\*|storage.sqlite FileKey3=%AppData%\Moonchild Productions\Basilisk\Profiles\*|storage.sqlite FileKey4=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|storage.sqlite FileKey5=%AppData%\Mozilla\Firefox\Profiles\*|storage.sqlite FileKey6=%AppData%\Mozilla\SeaMonkey\Profiles\*|storage.sqlite FileKey7=%AppData%\Waterfox\Profiles\*|storage.sqlite [WebRender Shader Cache *] LangSecRef=3026 Detect1=HKLM\Software\ComodoGroup\IceDragon Detect2=HKLM\Software\FlashPeak\SlimBrowser Detect3=HKLM\Software\Mozilla\Basilisk Detect4=HKLM\Software\Mozilla\Pale Moon Detect5=HKLM\Software\Mozilla\SeaMonkey Detect6=HKLM\Software\Mozilla\Waterfox DetectFile=%AppData%\Mozilla\Firefox FileKey1=%AppData%\Comodo\IceDragon\Profiles\*\shader-cache|*.*|RECURSE FileKey2=%AppData%\FlashPeak\SlimBrowser\Profiles\*\shader-cache|*.*|RECURSE FileKey3=%AppData%\Moonchild Productions\Basilisk\Profiles\*\shader-cache|*.*|RECURSE FileKey4=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\shader-cache|*.*|RECURSE FileKey5=%AppData%\Mozilla\Firefox\Profiles\*\shader-cache|*.*|RECURSE FileKey6=%AppData%\Mozilla\SeaMonkey\Profiles\*\shader-cache|*.*|RECURSE FileKey7=%AppData%\Waterfox\Profiles\*\shader-cache|*.*|RECURSE
  11. Like I said before, the problem is only with the websites that are in my bookmarks, when I open them. I can see that there is a problem with CCleaner and it not being able to clean those traces. I have another privacy cleaner program that cleans those traces without any issue. I must have made a mistake starting two threads. There is no need to repost that. Thank you.
  12. Did I really post the same question twice? I have checked all items, including those in Winapp2.ini, and CCleaner does not clean visited websites (whose links are stored in bookmarks).
  13. Revised Entry https://ericmathison.com/blog/remove-shellbags-in-windows-for-privacy Removed: RegKey1=HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU RegKey2=HKCU\Local Settings\Software\Microsoft\Windows\Shell\Bags ExcludeKey1=REG|HKCU\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders [Folders View Settings *] LangSecRef=3025 Detect=HKCU\Software\Microsoft\Windows Warning=This will reset folders size, view, icon or position settings to default and remove traces of the folders that do not exist anymore. RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags RegKey3=HKCU\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\BagMRU RegKey4=HKCU\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags RegKey5=HKCU\Software\Microsoft\Windows\Shell\BagMRU RegKey6=HKCU\Software\Microsoft\Windows\Shell\Bags RegKey7=HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU RegKey8=HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags ExcludeKey1=REG|HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders ExcludeKey2=REG|HKCU\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders ExcludeKey3=REG|HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop ExcludeKey4=REG|HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\AllFolders
  14. This is only with the websites that are saved as bookmarks in Chrome. The website highlighted in the screenshot is in my bookmarks. Whenever I visit this website, CCleaner does not wipe this link from the "History" file. Same thing with other websites that I have in Chrome bookmarks.
  15. It is pretty confusing. I think we should leave Windows Search entry as is. https://www.groovypost.com/howto/disable-cortana-replace-windows-search/#:~:text=Cortana allows you to search,update%2C you could disable Cortana.
  16. Visited websites are not being removed in Chrome from the "History" file in the location listed below. %LocalAppData%\Google\Chrome\User Data\Default
  17. That is fine but, I think Windows Search entry should be merged into Cortana entry.
  18. New Entry [Microsoft To DO *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Todos_8wekyb3d8bbwe FileKey1=%LocalAppData%\Packages\Microsoft.Todos_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Todos_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Todos_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Todos_*\LocalCache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Todos_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Todos_*\TempState|*.*|RECURSE
  19. Revised Entry Added: %LocalAppData%\Packages\Microsoft.Windows.Search_*\LocalState\DeviceSearchCache|*.*|RECURSE [Windows Search *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy FileKey1=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Temp|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.Windows.Search_*\LocalCache|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.Windows.Search_*\LocalState\AppIconCache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.Windows.Search_*\LocalState\DeviceSearchCache|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.Windows.Search_*\TempState|*.*|RECURSE
  20. Revised Entry Changed the entry name from [Mail and Calendar *] to [Calendar, Mail & People *] Added: FileKey10 [Calendar, Mail & People *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowscommunicationsapps_8wekyb3d8bbwe FileKey1=%LocalAppData%\Comms\Unistore\data|AggregateCache.uca FileKey2=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\AC\Temp|*.*|RECURSE FileKey7=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey8=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\LocalCache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\LocalState\AppData\Local\Office\*\WebServiceCache\AllUsers\officeclient.microsoft.com|*.*|RECURSE FileKey10=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\LocalState|*.etl;*.log FileKey11=%LocalAppData%\Packages\microsoft.windowscommunicationsapps_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SearchHistory
  21. Revised Entry Added: %LocalAppData%\Packages\Microsoft.549981C3F5F10_*\AC\TokenBroker\Cache|*.*|RECURSE [Cortana *] LangSecRef=3031 Detect1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.549981C3F5F10_8wekyb3d8bbwe Detect2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Cortana_8wekyb3d8bbwe Detect3=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Cortana_cw5n1h2txyewy Detect4=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy FileKey1=%LocalAppData%\Packages\Microsoft.*Cortana_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.*Cortana_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.*Cortana_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.*Cortana_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.*Cortana_*\AC\Temp|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.*Cortana_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.*Cortana_*\TempState|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.549981C3F5F10_*\AC\INet*|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.549981C3F5F10_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.549981C3F5F10_*\AC\Temp|*.*|RECURSE FileKey11=%LocalAppData%\Packages\Microsoft.549981C3F5F10_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey12=%LocalAppData%\Packages\Microsoft.549981C3F5F10_*\LocalCache|*.*|RECURSE FileKey13=%LocalAppData%\Packages\Microsoft.549981C3F5F10_*\TempState|*.*|RECURSE FileKey14=%LocalAppData%\Packages\Microsoft.Windows.Cortana_*\LocalCache|*.*|RECURSE FileKey15=%LocalAppData%\Packages\Microsoft.Windows.Cortana_*\LocalState\AppIconCache|*.*|RECURSE FileKey16=%LocalAppData%\Packages\Microsoft.Windows.Cortana_*\LocalState\DeviceSearchCache|*.txt ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Windows.Cortana_*\LocalState\DeviceSearchCache\|SettingsCache.txt
  22. Revised Entry Added: FileKey2 RegKey1 [3D Viewer *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe FileKey1=%LocalAppData%\Packages\Microsoft.Microsoft3DViewer_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Microsoft3DViewer_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Microsoft3DViewer_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Microsoft3DViewer_*\LocalCache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Microsoft3DViewer_*\LocalState\Cache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Microsoft3DViewer_*\TempState|*.*|RECURSE RegKey1=HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\PersistedStorageItemTable\MostRecentlyUsed
  23. I have Windows 10 20H2 (OS Build 19042.782). I just uninstalled Cortana app and it removed Microsoft.Windows.Search_cw5n1h2txyewy package. I have another privacy cleaner program on my system and Microsoft.Windows.Search_cw5n1h2txyewy files are under Cortana entry.
  24. Cortana app package name has changed. The new package is Microsoft.Windows.Search_cw5n1h2txyewy We already have an entry for the new package as [Windows Search *] Please remove [Cortana *], [Cortana Show Me *] entries and name current [Windows Search *] to [Cortana *]
  25. New Entry https://superuser.com/questions/1538665/what-does-the-windows-folder-tasks-migrated-do [Tasks Migrated *] LangSecRef=3025 Detect=HKCU\Software\Microsoft\Windows FileKey1=%WinDir%\System32\Tasks_Migrated|*.*|REMOVESELF
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.