Jump to content
CCleaner Community Forums
Winapp2.ini

Winapp2.ini additions

Recommended Posts

gone off topic, but if TB still shows up, some string some where is still on your PC.

I would try using Revo to remove any lingering traces.

You could try to reinstall TB and then remove it with Revo.

Share this post


Link to post
Share on other sites

Revised Entries

Corrected the names

[Adblock Backups IE*]

[Adblock Backups*]

 

[Adblock Plus for IE Backups*]
LangSecRef=3022
Detect=HKLM\Software\Adblock Plus for IE
DetectFile=%LocalAppData%\Adblock Plus for IE
Default=False
FileKey1=%LocalAppData%\Adblock Plus for IE|patterns-backup*.ini
FileKey2=%LocalLowAppData%\Adblock Plus for IE|patterns-backup*.ini
FileKey3=%WinDir%\System32\config\systemprofile\AppData\LocalLow\Adblock Plus for IE|patterns-backup*.ini
 
[Adblock Plus for Firefox Backups*]
LangSecRef=3026
SpecialDetect=DET_MOZILLA
Default=False
FileKey1=%AppData%\Mozilla\Firefox\Profiles\*\adblockplus|patterns-backup*.ini;*.tmp

Share this post


Link to post
Share on other sites

Do we really need these entries?

 

[NVIDIA (Play On My TV)*]
LangSecRef=3023
Detect=HKLM\Software\NVIDIA Corporation
Default=False
Warning=If you output to multiple displays such as an HDTV or another monitor don't enable this!
RegKey1=HKCR\AVIFile\shellex\ContextMenuHandlers\NvPlayOnMyTV
RegKey2=HKCR\AVIFile\shellex\ContextMenuHandlers\PlayOnMyTV
RegKey3=HKCR\mpegfile\shellex\ContextMenuHandlers\NvPlayOnMyTV
RegKey4=HKCR\mpegfile\shellex\ContextMenuHandlers\PlayOnMyTV
RegKey5=HKCR\WMVFile\shellex\ContextMenuHandlers\NvPlayOnMyTV
RegKey6=HKCR\WMVFile\shellex\ContextMenuHandlers\PlayOnMyTV
RegKey7=HKLM\Software\Classes\AVIFile\shellex\ContextMenuHandlers\NvPlayOnMyTV
RegKey8=HKLM\Software\Classes\AVIFile\shellex\ContextMenuHandlers\PlayOnMyTV
RegKey9=HKLM\Software\Classes\mpegfile\shellex\ContextMenuHandlers\NvPlayOnMyTV
RegKey10=HKLM\Software\Classes\mpegfile\shellex\ContextMenuHandlers\PlayOnMyTV
RegKey11=HKLM\Software\Classes\WMVFile\shellex\ContextMenuHandlers\NvPlayOnMyTV
RegKey12=HKLM\Software\Classes\WMVFile\shellex\ContextMenuHandlers\PlayOnMyTV
 
[NVIDIA (Startup)*]
LangSecRef=3023
Detect=HKLM\Software\NVIDIA Corporation
Default=False
RegKey1=HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NvMediaCenter

Share this post


Link to post
Share on other sites

I think we should change the Detect of these two entries. Not everyone installs NVIDIA GFExperience.

Changed the LangSecRef from 3023 to 3024

 

[NVIDIA GFExperience Logs*]
LangSecRef=3024
DetectFile=%CommonAppData%\NVIDIA Corporation\GeForce Experience
Default=False
FileKey1=%SystemDrive%\NvidiaLogging\GFExperience|GridClientLog.log*|RECURSE
FileKey2=%CommonAppData%\NVIDIA Corporation\GeForce Experience\Logs|*.log
FileKey3=%CommonAppData%\NVIDIA Corporation\ShadowPlay|*.log;*.bak;*.stat
FileKey4=%LocalAppData%\NVIDIA Corporation\GFExperience|*.log
FileKey5=%LocalAppData%\NVIDIA Corporation\ShadowPlay|*.log;*.bak
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\GeForce Experience\Logs|*.log
FileKey7=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\ShadowPlay|*.log;*.bak;*.stat
 
[NVIDIA GFExperience Updates*]
LangSecRef=3024
DetectFile=%CommonAppData%\NVIDIA Corporation\GeForce Experience
Default=False
FileKey1=%CommonAppData%\NVIDIA\Updatus\DownloadManager|*.*
FileKey2=%CommonAppData%\NVIDIA\NvBackend\Updatus\DownloadManager|*.*
FileKey3=%CommonAppData%\NVIDIA Corporation\NetService|*.*|RECURSE
FileKey4=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\Updatus\DownloadManager|*.*
FileKey5=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\NvBackend\Updatus\DownloadManager|*.*
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\NetService|*.*|RECURSE

Share this post


Link to post
Share on other sites

Revised Entry

Added: RegKey1

 

[DVDFab Media Player 2*]
LangSecRef=3023
Detect=HKCU\Software\FabPlayer
Default=False
FileKey1=%Documents%\DVDFab Media Player|*.log
RegKey1=HKCU\Software\FabPlayer|DefaultFile

Share this post


Link to post
Share on other sites

using IE11 in Win7

On post #1 where it says ''Direct Download'' I relalize I can just rename it to .ini afterwards, but why when I double click to download winapp2.ini, it just opens in html, or if I right click and save target as, it still wants to save as an html?

I want it so that when I double click to download it that my browser pops up the dialog 'save as' box like it normally does with all my other downloads.

It does not matter whether I enable Internet Options Mime Sniffing or not, which I thought maybe was the issue so I changed it one way or another.

What am I missing?

Share this post


Link to post
Share on other sites

It could be IE's quirks. I don't use IE however perhaps you can right-click the downloadable file and make sure to add quotes around the download file name "winapp2.ini", then it may respect the filename.

Share this post


Link to post
Share on other sites

Changed name from [MS Office 2013 SkyDrive Setup Logs*] to [OneDrive Setup Logs*]
 

[OneDrive Setup Logs*]
LangSecRef=3021
Detect1=HKCU\Software\Microsoft\SkyDrive
Detect2=HKCU\Software\Microsoft\OneDrive
Default=False
FileKey1=%LocalAppData%\Microsoft\SkyDrive\Setup\Logs|*.*
FileKey2=%LocalAppData%\Microsoft\OneDrive\Setup\Logs|*.*



Edited: added Detect2 and FileKey2

Edited by Coffee4Joe

Share this post


Link to post
Share on other sites

 

Changed name from [MS Office 2013 SkyDrive Setup Logs*] to [skyDrive Setup Logs*]

 

[SkyDrive Setup Logs*]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\SkyDrive
Default=False
FileKey1=%LocalAppData%\Microsoft\SkyDrive\Setup\Logs|*.*

Shouldn't it be One Drive now? :)

Share this post


Link to post
Share on other sites

Shouldn't it be One Drive now? :)

:lol: Oops, that was the whole point of editing the entry too

 

Edited that entry, and noticed MS has started replacing instances of SkyDrive with OneDrive

 

Edited

Changed name from SkyDrive App Logs* to OneDrive App Logs*

Added DetectFile2 and FileKeys 2 & 4

[OneDrive App Logs*]
LangSecRef=3031
DetectFile1=%LocalAppData%\Microsoft\Windows\SkyDrive
DetectFile2=%LocalAppData%\Microsoft\Windows\OneDrive
Default=False
FileKey1=%LocalAppData%\Microsoft\Windows\SkyDrive\logs|*.*|RECURSE
FileKey2=%LocalAppData%\Microsoft\Windows\OneDrive\logs|*.*|RECURSE
FileKey3=%LocalAppData%\Microsoft\SkyDrive\logs|*.*|RECURSE
FileKey4=%LocalAppData%\Microsoft\OneDrive\logs|*.*|RECURSE

 

Share this post


Link to post
Share on other sites

This entry is not working, you need to change the Detect to HKCU\Software\Softpointer or sometrhing else.

 

[Tag&Rename*]
LangSecRef=3024
Detect=HKCU\Software\Softpointer\Tag&Rename\Config
Default=False
RegKey1=HKCU\Software\Softpointer\Tag&Rename\Config|FCurrentFolder
RegKey2=HKCU\Software\Softpointer\Tag&Rename\Config|FHistoryList
RegKey3=HKCU\Software\Softpointer\Tag&Rename2\Config|FCurrentFolder
RegKey4=HKCU\Software\Softpointer\Tag&Rename2\Config|FHistoryList
RegKey5=HKCU\Software\Softpointer\Tag&Rename3\Config|FCurrentFolder
RegKey6=HKCU\Software\Softpointer\Tag&Rename3\Config|FHistoryList
RegKey7=HKCU\Software\Softpointer\Tag&Rename3\Config|FileListHeader
RegKey8=HKCU\Software\Softpointer\Tag&Rename3.7\Config|FCurrentFolder
RegKey9=HKCU\Software\Softpointer\Tag&Rename3.7\Config|FHistoryList
RegKey10=HKCU\Software\Softpointer\Tag&Rename3.7\Config|FileListHeader
RegKey11=HKCU\Software\Softpointer\Tag&Rename3.7\Config|HistoryList

Share this post


Link to post
Share on other sites

[battle.Net Client Cache*]
Section=Games
Detect=HKCU\Software\Blizzard Entertainment\Battle.net
FileKey1=%LocalAppData%\Battle.net\BrowserCache|*.*|RECURSE
FileKey2=%LocalAppData%\Battle.net\Cache|*.*|RECURSE
FileKey3=%CommonAppData%\BlizzardEntertainment\Battle.net\Cache|*.*|RECURSE
FileKey4=%LocalAppData%\VirtualStore\ProgramData\BlizzardEntertainment\Battle.net\Cache|*.*|RECURSE

 

FileKey 3 is broken. Still picking up cache files in All Users/BlizzardEntertainment/Cache folder even after running the cleaner. I assume it has to be pointing at program data not commonappdata, but I am not sure. Anyone have any ideas?

Share this post


Link to post
Share on other sites

@back_track: I am will aware that commonappdata and all users are the same. The issue is the FileKey is broken and I believe that it needs to be changed to program data, just like we had to do with the Mozilla maintainence logs.

 

EDIT: Nevermind, I figured out what the issue is and it wasn't Winapp2 fault or my fault. Sorry for this inconvience.

 

EDIT2: The issue has been resolved. Please ignore my post about the mozzilla maintence logs and my post about battle.net entry.

Share this post


Link to post
Share on other sites

Revised Entry

Added FileKey5

 

http://forum.piriform.com/index.php?showtopic=32310&p=255744

 

[iMobie AnyTrans*]
LangSecRef=3024
DetectFile=%AppData%\iMobie\AnyTrans
Default=False
FileKey1=%AppData%\iMobie\AnyTrans\AutoUpdate|*.*|RECURSE
FileKey2=%AppData%\iMobie\AnyTrans\Backup|*.*|RECURSE
FileKey3=%AppData%\iMobie\AnyTrans\ErrorLog|*.*|RECURSE
FileKey4=%AppData%\iMobie\AnyTrans\iMobieConfig|*.*|RECURSE
FileKey5=%AppData%\iMobie\Backup|*.*|RECURSE
ExcludeKey1=PATH|%AppData%\iMobie\AnyTrans\iMobieConfig\ConfigReg.ini

Share this post


Link to post
Share on other sites
I think [samsung Device Error Recovery Log*] entry should be merged into [samsung Kies More*].

 


[samsung Kies More*]

LangSecRef=3023

Detect1=HKCU\Software\Samsung\Kies2.0

Detect2=HKCU\Software\Samsung\Kies3.0

Default=False

FileKey1=%AppData%\Samsung\Kies|*.mlca;*.mlme;*.mlpb;*.mlpgb;|RECURSE

FileKey2=%Documents%\samsung\Kies3\backup|*.dmp|RECURSE

FileKey3=%Documents%\SelfMV|*.log

FileKey4=%CommonAppData%\Samsung\Device Error Recovery|*.*

FileKey5=%LocalAppData%\VirtualStore\ProgramData\Samsung\Device Error Recovery|*.*

Share this post


Link to post
Share on other sites

Revised Entry

Added Detect2

 

[samsung Kies Air*]
LangSecRef=3023
Detect1=HKCU\Software\Samsung\Kies2.0
Detect2=HKCU\Software\Samsung\Kies3.0
Default=False
FileKey1=%CommonAppData%\Samsung\Kies|Kiesairmessage.log
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Samsung\Kies|Kiesairmessage.log

Share this post


Link to post
Share on other sites

Revised Entries

Changed LangSecRef from 3023 to 3024

 

[GEAR DIFx Installers*]
LangSecRef=3024
Detect1=HKCR\Installer\Products\CACFC38969C58104B8CE6D8561446C45
Detect2=HKLM\Software\GEAR Software\DIFx
Detect3=HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EC13FCAF38E85F44B0F1137C7FB5037
Default=False
FileKey1=%AppData%\188F1432-103A-4ffb-80F1-36B633C5C9E1|*.*|REMOVESELF
FileKey2=%AppData%\34BE82C4-E596-4e99-A191-52C6199EBF69|*.*|REMOVESELF
FileKey3=%AppData%\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B|*.*|REMOVESELF
FileKey4=%AppData%\Downloaded Installations|*.*|REMOVESELF
FileKey5=%CommonAppData%\188F1432-103A-4ffb-80F1-36B633C5C9E1|*.*|REMOVESELF
FileKey6=%CommonAppData%\34BE82C4-E596-4e99-A191-52C6199EBF69|*.*|REMOVESELF
FileKey7=%CommonAppData%\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B|*.*|REMOVESELF
FileKey8=%CommonAppData%\9727E41D-AD6A-47cd-B9BC-CF630B6013FD|*.*|REMOVESELF
FileKey9=%CommonAppData%\A73B37F8-7A4D-41f4-98A8-7F608CE8B98F|*.*|REMOVESELF
FileKey10=%CommonAppData%\{755AC846-7372-4AC8-8550-C52491DAA8BD}|*.*|REMOVESELF
FileKey11=%LocalAppData%\Downloaded Installations|*.*|REMOVESELF
FileKey12=%ProgramFiles%\188F1432-103A-4ffb-80F1-36B633C5C9E1|*.*|REMOVESELF
FileKey13=%ProgramFiles%\34BE82C4-E596-4e99-A191-52C6199EBF69|*.*|REMOVESELF
FileKey14=%ProgramFiles%\38FDB89C-1EBD-4366-84B2-336D12CC3209|*.*|REMOVESELF
FileKey15=%ProgramFiles%\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B|*.*|REMOVESELF
FileKey16=%ProgramFiles%\93E26451-CD9A-43A5-A2FA-C42392EA4001|*.*|REMOVESELF
FileKey17=%ProgramFiles%\9727E41D-AD6A-47cd-B9BC-CF630B6013FD|*.*|REMOVESELF

 

[NVIDIA GFExperience Logs*]
LangSecRef=3024
DetectFile=%CommonAppData%\NVIDIA Corporation\GeForce Experience
Default=False
FileKey1=%SystemDrive%\NvidiaLogging\GFExperience|GridClientLog.log*|RECURSE
FileKey2=%CommonAppData%\NVIDIA Corporation\GeForce Experience\Logs|*.log
FileKey3=%CommonAppData%\NVIDIA Corporation\ShadowPlay|*.log;*.bak;*.stat
FileKey4=%LocalAppData%\NVIDIA Corporation\GFExperience|*.log
FileKey5=%LocalAppData%\NVIDIA Corporation\ShadowPlay|*.log;*.bak
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\GeForce Experience\Logs|*.log
FileKey7=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\ShadowPlay|*.log;*.bak;*.stat
 
[NVIDIA GFExperience Updates*]
LangSecRef=3024
DetectFile=%CommonAppData%\NVIDIA Corporation\GeForce Experience
Default=False
FileKey1=%CommonAppData%\NVIDIA\Updatus\DownloadManager|*.*
FileKey2=%CommonAppData%\NVIDIA\NvBackend\Updatus\DownloadManager|*.*
FileKey3=%CommonAppData%\NVIDIA Corporation\NetService|*.*|RECURSE
FileKey4=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\Updatus\DownloadManager|*.*
FileKey5=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\NvBackend\Updatus\DownloadManager|*.*
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\NetService|*.*|RECURSE
 
[NVIDIA GLCache*]
LangSecRef=3024
Detect=HKLM\Software\NVIDIA Corporation
Default=False
FileKey1=%AppData%\NVIDIA\GLCache|*.*|RECURSE
 
[NVIDIA Logs*]
LangSecRef=3024
Detect=HKLM\Software\NVIDIA Corporation
Default=False
FileKey1=%CommonAppData%\NVIDIA|*.log|RECURSE
FileKey2=%CommonAppData%\NVIDIA\NvBackend|*.log|RECURSE
FileKey3=%LocalAppData%\NVIDIA\NvBackend|*.bak
FileKey4=%ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs|*.*
FileKey5=%LocalAppData%\VirtualStore\Program Files*\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs|*.*
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA|*.log|RECURSE
FileKey7=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\NvBackend|*.log|RECURSE
 
[NVIDIA Updates*]
LangSecRef=3024
Detect=HKLM\Software\NVIDIA Corporation
Default=False
FileKey1=%CommonAppData%\Nvidia\Updates|*.bak
FileKey2=%CommonAppData%\Nvidia\Updatus|*.bak
FileKey3=%CommonAppData%\Nvidia\NvBackend\Updates|*.bak
FileKey4=%CommonAppData%\Nvidia\NvBackend\Updatus|*.bak
FileKey5=%CommonAppData%\NVIDIA|Resource.old
FileKey6=%LocalAppData%\VirtualStore\ProgramData\Nvidia\Updates|*.bak
FileKey7=%LocalAppData%\VirtualStore\ProgramData\Nvidia\Updatus|*.bak
FileKey8=%LocalAppData%\VirtualStore\ProgramData\Nvidia\NvBackend\Updates|*.bak
FileKey9=%LocalAppData%\VirtualStore\ProgramData\Nvidia\NvBackend\Updatus|*.bak
FileKey10=%LocalAppData%\VirtualStore\ProgramData\NVIDIA|Resource.old

Share this post


Link to post
Share on other sites

This entry should be removed. Its not part of iTunes. I think it belongs to some other program.

 

[iPhone Temporary Files*]
LangSecRef=3023
Detect=HKLM\Software\Apple Computer, Inc.\iTunes
Default=False
FileKey1=%CommonAppData%\Apple Computer\iTunes\iPhone Temporary Files|*.*|RECURSE
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Apple Computer\iTunes\iPhone Temporary Files|*.*|RECURSE

Share this post


Link to post
Share on other sites

Revised Entry

Changed the name from [NVIDIA GLCache*] to [NVIDIA Cache*]

Added %AppData%\NVIDIA\ComputeCache|*.*|RECURSE

 

[NVIDIA Cache*]
LangSecRef=3024
Detect=HKLM\Software\NVIDIA Corporation
Default=False
FileKey1=%AppData%\NVIDIA\ComputeCache|*.*|RECURSE
FileKey2=%AppData%\NVIDIA\GLCache|*.*|RECURSE

Share this post


Link to post
Share on other sites

Updated

 

 

 

What's new in winapp2.ini 5.00.141125

General:

04 New Entries
15 Modified Entries
02 Removed Entries

Verbose:

------------------------------------------------------------------------------

New Entries:

[Avira Speedup Logs*]
LangSecRef=3024
Detect=HKLM\Software\AviraSpeedup
Default=False
FileKey1=%LocalAppData%\AviraSpeedup\logs\|*.*

[iMobie AnyTrans*]
LangSecRef=3024
DetectFile=%AppData%\iMobie\AnyTrans
Default=False
FileKey1=%AppData%\iMobie\AnyTrans\AutoUpdate|*.*|RECURSE
FileKey2=%AppData%\iMobie\AnyTrans\Backup|*.*|RECURSE
FileKey3=%AppData%\iMobie\AnyTrans\ErrorLog|*.*|RECURSE
FileKey4=%AppData%\iMobie\AnyTrans\iMobieConfig|*.*|RECURSE
ExcludeKey1=PATH|%AppData%\iMobie\AnyTrans\iMobieConfig\ConfigReg.ini


[Wondershare Video Converter Ultimate More*]
LangSecRef=3023
Detect1=HKLM\Wondershare\Wondershare Video Converter Ultimate
Detect2=HKLM\SOFTWARE\Wow6432Node\Wondershare\Wondershare Video Converter Ultimate
Default=False
FileKey1=%CommonAppData%\Wondershare\ProductFeatures\LocalLogs|*.*|RECURSE
FileKey2=%CommonAppData%\Wondershare\ProductFeatures\RemoteLogs|*.*|RECURSE
FileKey3=%Documents%\Wondershare MediaServer\log|*.*|RECURSE

[Yahoo Messenger Photo Sharing cache]
LangSecRef=3022
Detect=HKCU\Software\Yahoo\pager
Warning=Selecting this will remove all your Yahoo Messenger Photo Sharing photos.
Default=False
FileKey1=%CommonAppData%\Yahoo!\Messenger\PhotoSharing|*.*|RECURSE

------------------------------------------------------------------------------

Modified Entries:

[Adblock Plus for IE Backups*]
LangSecRef=3022
Detect=HKLM\Software\Adblock Plus for IE
DetectFile=%LocalAppData%\Adblock Plus for IE
Default=False
FileKey1=%LocalAppData%\Adblock Plus for IE|patterns-backup*.ini
FileKey2=%LocalLowAppData%\Adblock Plus for IE|patterns-backup*.ini
FileKey3=%WinDir%\System32\config\systemprofile\AppData\LocalLow\Adblock Plus for IE|patterns-backup*.ini

    - Renamed

[Adblock Plus for Firefox Backups*]
LangSecRef=3026
SpecialDetect=DET_MOZILLA
Default=False
FileKey1=%AppData%\Mozilla\Firefox\Profiles\*\adblockplus|patterns-backup*.ini;*.tmp

    - Renamed

[Avira GmbH Logs*]
LangSecRef=3024
Detect=HKLM\Software\Avira
Default=False
FileKey1=%ProgramFiles%\Avira GmbH|*.log|RECURSE
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Avira GmbH|*.log|RECURSE

    - Renamed
    
[DVDFab Media Player 2*]
LangSecRef=3023
Detect=HKCU\Software\FabPlayer
Default=False
FileKey1=%Documents%\DVDFab Media Player|*.log
RegKey1=HKCU\Software\FabPlayer|DefaultFile

    - Added RegKey1
    
[iMobie AnyTrans*]
LangSecRef=3024
DetectFile=%AppData%\iMobie\AnyTrans
Default=False
FileKey1=%AppData%\iMobie\AnyTrans\AutoUpdate|*.*|RECURSE
FileKey2=%AppData%\iMobie\AnyTrans\Backup|*.*|RECURSE
FileKey3=%AppData%\iMobie\AnyTrans\ErrorLog|*.*|RECURSE
FileKey4=%AppData%\iMobie\AnyTrans\iMobieConfig|*.*|RECURSE
FileKey5=%AppData%\iMobie\Backup|*.*|RECURSE
ExcludeKey1=PATH|%AppData%\iMobie\AnyTrans\iMobieConfig\ConfigReg.ini

    - Added FileKey5
    
[Malwarebytes Anti-Exploit Logs*]
LangSecRef=3024
Detect=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc
Default=False
FileKey1=%CommonAppData%\Malwarebytes Anti-Exploit\|*.Log
FileKey2=%ProgramFiles%\Malwarebytes Anti-Exploit\|mbae-uninstall.log;changelog.txt

    - Added FileKey2
    
[NVIDIA Cache*]
LangSecRef=3024
Detect=HKLM\Software\NVIDIA Corporation
Default=False
FileKey1=%AppData%\NVIDIA\ComputeCache|*.*|RECURSE
FileKey2=%AppData%\NVIDIA\GLCache|*.*|RECURSE

    - Added FileKey1
        
[NVIDIA GFExperience Logs*]
LangSecRef=3024
DetectFile=%CommonAppData%\NVIDIA Corporation\GeForce Experience
Default=False
FileKey1=%SystemDrive%\NvidiaLogging\GFExperience|GridClientLog.log*|RECURSE
FileKey2=%CommonAppData%\NVIDIA Corporation\GeForce Experience\Logs|*.log
FileKey3=%CommonAppData%\NVIDIA Corporation\ShadowPlay|*.log;*.bak;*.stat
FileKey4=%LocalAppData%\NVIDIA Corporation\GFExperience|*.log
FileKey5=%LocalAppData%\NVIDIA Corporation\ShadowPlay|*.log;*.bak
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\GeForce Experience\Logs|*.log
FileKey7=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\ShadowPlay|*.log;*.bak;*.stat

    - Tweaked DetectFile

[NVIDIA GFExperience Updates*]
LangSecRef=3024
DetectFile=%CommonAppData%\NVIDIA Corporation\GeForce Experience
Default=False
FileKey1=%CommonAppData%\NVIDIA\Updatus\DownloadManager|*.*
FileKey2=%CommonAppData%\NVIDIA\NvBackend\Updatus\DownloadManager|*.*
FileKey3=%CommonAppData%\NVIDIA Corporation\NetService|*.*|RECURSE
FileKey4=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\Updatus\DownloadManager|*.*
FileKey5=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\NvBackend\Updatus\DownloadManager|*.*
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\NetService|*.*|RECURSE

    - Tweaked DetectFile
    
[OneDrive Setup Logs*]
LangSecRef=3021
Detect1=HKCU\Software\Microsoft\SkyDrive
Detect2=HKCU\Software\Microsoft\OneDrive
Default=False
FileKey1=%LocalAppData%\Microsoft\SkyDrive\Setup\Logs|*.*
FileKey2=%LocalAppData%\Microsoft\OneDrive\Setup\Logs|*.*

    - Renamed
    - Added FileKey2
    - Added Detect2
    
[OneDrive App Logs*]
LangSecRef=3031
DetectFile1=%LocalAppData%\Microsoft\Windows\SkyDrive
DetectFile2=%LocalAppData%\Microsoft\Windows\OneDrive
Default=False
FileKey1=%LocalAppData%\Microsoft\Windows\SkyDrive\logs|*.*|RECURSE
FileKey2=%LocalAppData%\Microsoft\Windows\OneDrive\logs|*.*|RECURSE
FileKey3=%LocalAppData%\Microsoft\SkyDrive\logs|*.*|RECURSE
FileKey4=%LocalAppData%\Microsoft\OneDrive\logs|*.*|RECURSE

    - Added DetectFile2
    - Added FileKeys2 and 4
    
[samsung Kies Air*]
LangSecRef=3023
Detect1=HKCU\Software\Samsung\Kies2.0
Detect2=HKCU\Software\Samsung\Kies3.0
Default=False
FileKey1=%CommonAppData%\Samsung\Kies|Kiesairmessage.log
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Samsung\Kies|Kiesairmessage.log

    - Added Detect2
    
[samsung Kies More*]
LangSecRef=3023
Detect1=HKCU\Software\Samsung\Kies2.0
Detect2=HKCU\Software\Samsung\Kies3.0
Default=False
FileKey1=%AppData%\Samsung\Kies|*.mlca;*.mlme;*.mlpb;*.mlpgb;|RECURSE
FileKey2=%Documents%\samsung\Kies3\backup|*.dmp|RECURSE
FileKey3=%Documents%\SelfMV|*.log
FileKey4=%CommonAppData%\Samsung\Device Error Recovery|*.*
FileKey5=%LocalAppData%\VirtualStore\ProgramData\Samsung\Device Error Recovery|*.*

    - Added FileKeys4 and 5
    
[skype Temporary Files*]
LangSecRef=3022
Detect=HKCU\Software\Skype
Default=False
FileKey1=%AppData%\Skype\DbTemp|*.*|RECURSE
FileKey2=%AppData%\Skype|*.tmp|RECURSE
FileKey3=%AppData%\Skype\|*.db-journal|RECURSE
FileKey4=%AppData%\Skype\*\simcache|*.*
FileKey5=%AppData%\Skype\*\httpfe|*.*
FileKey6=%AppData%\Skype\*\ecache|*.*
FileKey7=%AppData%\Skype\DataRv|*.*
FileKey8=%AppData%\Skype\*\media_messaging\media_cache|*.*
FileKey9=%AppData%\Skype\*\media_messaging\storage_db\asyncdb\tmp|*.*
FileKey10=%AppData%\Skype\*\media_messaging\media_cache\asyncdb\tmp|*.*
FileKey11=%AppData%\Skype\*\qikdb\tmp|*.*
FileKey12=%AppData%\Skype\*\logs|*.*

    - Added FileKeys3-12
        
[Wondershare SafeEraser*]
LangSecRef=3021
Detect=HKLM\Software\Wondershare\SafeEraser
Default=False
FileKey1=%SystemDrive%\se_tmp|*.*|REMOVESELF
FileKey2=%AppData%\HYXDevPsnList|*.*|REMOVESELF
FileKey3=%AppData%\se_tmp|*.*|REMOVESELF
FileKey4=%AppData%\Wondershare\SafeEraser|*.log

    - Added FileKey4
    

    
------------------------------------------------------------------------------
Removed Entries:

[Jetclean Registry Backups*]
LangSecRef=3024
DetectFile=%ProgramFiles%\BlueSprig\JetClean\JetClean.exe
Default=False
Warning=Deleting the backups will result in you being unable to undo any changes by Jetclean. Be sure you are okay with removing the backups!
FileKey1=%AppData%\BlueSprig\JetClean\Backup|*.reg

    - Removed
    
[samsung Device Error Recovery Log*]
LangSecRef=3024
DetectFile=%CommonAppData%\Samsung\Device Error Recovery
Default=False
FileKey1=%CommonAppData%\Samsung\Device Error Recovery|*.*
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Samsung\Device Error Recovery|*.*

    - Merged into Kies

------------------------------------------------------------------------------
 

 

 

Share this post


Link to post
Share on other sites

Thanks for the update, but you forgot these entries:

 

Edit:

 

[ClamWin*]
LangSecRef=3021
Detect1=HKLM\Software\ClamWin

Detect2=HKCU\Software\ClamWin

Default=False
FileKey1=%AppData%\.clamwin\log|*.*|RECURSE
FileKey2=%AllUsersProfile%\.clamwin\log|*.*|RECURSE
FileKey3=%ProgramFiles%\ClamWin\bin|*.txt
FileKey4=%LocalAppData%\VirtualStore\Program Files*\ClamWin\bin|*.tx

 

Added Detect2. Changed all the REMOVESELF to RECURSE.

 

[Clam Sentinel*]
LangSecRef=3021
Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1

Default=False

FileKey1=%AppData%\.clamwin\log|*.*|RECURSE
FileKey2=%AppData%\ClamSentinel|*.txt
FileKey3=%AllUsersProfile%\.clamwin\log|*.*|RECURSE
FileKey4=%ProgramFiles%\ClamSentinel|*.txt
FileKey5=%LocalAppData%\VirtualStore\Program Files*\ClamSentinel|*.txt

 

Added FileKey 1. Changed all the REMOVESELF to RECURSE.

Share this post


Link to post
Share on other sites

Thank you for the update!
 
Missed post:

[Yahoo Messenger Cache*]
LangSecRef=3022
DetectFile=%ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe
Detect1=HKCU\Software\Yahoo
Detect2=HKCU\Software\Yahoo\pager
Default=False
FileKey1=%AppData%\Yahoo!\Messenger|*.*|RECURSE
FileKey2=%LocalAppData%\VirtualStore\*\Yahoo!\Messenger\Cache|*.*|RECURSE

> Suggest removing DetectFile and Detect1 and rename Detect2 to Detect1 <

And the file "changes.txt" is not up-to-date.

Share this post


Link to post
Share on other sites

Edited
Added RegKey3

[SketchUp Make*]
LangSecRef=3021
Detect=HKCU\Software\SketchUp
Default=False
FileKey1=%AppData%\SketchUp\SketchUp *\SketchUp|~*.tmp
RegKey1=HKCU\Software\SketchUp\SketchUp 2013\Recent File List
RegKey2=HKCU\Software\SketchUp\SketchUp 2014\Recent File List
RegKey3=HKCU\Software\SketchUp\SketchUp 2015\Recent File List

Share this post


Link to post
Share on other sites

New Entries

 

[Ashampoo Burning Studio 15*]
LangSecRef=3024
Detect=HKCU\Software\Ashampoo\Ashampoo Burning Studio 15
Default=False
FileKey1=%AppData%\Ashampoo\Ashampoo Burning Studio 15|backupmetainfo.xml
FileKey2=%AppData%\Ashampoo\Ashampoo Burning Studio 15\Log|*.xml;*.txt
FileKey3=%AppData%\Ashampoo\Log|*.txt
RegKey1=HKCU\Software\Ashampoo\Ashampoo Burning Studio 15\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory
RegKey2=HKCU\Software\Ashampoo\Ashampoo Burning Studio 15\tempFiles
 
[iResizer*]
LangSecRef=3021
Detect=HKCU\Software\Teorex\iResizer
Default=False
RegKey1=HKCU\Software\Teorex\iResizer\RecentFileList

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×