Tr3bg0D Posted December 24, 2011 Share Posted December 24, 2011 I was playing around with Alan_B's TRIM.BAT and noticed duplicate entires: I thought I made an error and finally tracked it down to the WINAPP2.INI file...it has duplicate entries: [Adobe Flash Install Logs*] LangSecRef=3023 DetectFile1=%WinDir%\System32\Macromed\Flash DetectFile2=%WinDir%\SysWOW64\Macromed\Flash Default=False FileKey1=%WinDir%\System32\Macromed\Flash|FlashInstall.log FileKey2=%WinDir%\SysWOW64\Macromed\Flash|FlashInstall.log [Adobe Flash Player Asset Cache*] LangSecRef=3023 DetectFile=%AppData%\Adobe\Flash Player Default=False FileKey1=%AppData%\Adobe\Flash Player\AssetCache|*.*|RECURSE [Adobe Flash Install Logs*] LangSecRef=3023 DetectFile=%WinDir%\System32\Macromed\Flash|FlashInstall.log Default=False FileKey1=%WinDir%\System32\Macromed\Flash|FlashInstall.log Can they be combined? Link to comment Share on other sites More sharing options...
nodles Posted December 24, 2011 Share Posted December 24, 2011 I was playing around with Alan_B's TRIM.BAT and noticed duplicate entires: I thought I made an error and finally tracked it down to the WINAPP2.INI file...it has duplicate entries: [Adobe Flash Install Logs*] LangSecRef=3023 DetectFile1=%WinDir%\System32\Macromed\Flash DetectFile2=%WinDir%\SysWOW64\Macromed\Flash Default=False FileKey1=%WinDir%\System32\Macromed\Flash|FlashInstall.log FileKey2=%WinDir%\SysWOW64\Macromed\Flash|FlashInstall.log [Adobe Flash Player Asset Cache*] LangSecRef=3023 DetectFile=%AppData%\Adobe\Flash Player Default=False FileKey1=%AppData%\Adobe\Flash Player\AssetCache|*.*|RECURSE [Adobe Flash Install Logs*] LangSecRef=3023 DetectFile=%WinDir%\System32\Macromed\Flash|FlashInstall.log Default=False FileKey1=%WinDir%\System32\Macromed\Flash|FlashInstall.log Can they be combined? You have two instances of Adobe Flash Install Logs* Already mentioned. Link to comment Share on other sites More sharing options...
J_I_Mancinelli Posted December 25, 2011 Share Posted December 25, 2011 All right, here's a question for you smart folks here: Is it safe to delete the folder %userprofile% / %appdata% / TempImages? Based on this Google search, I suspect it is, but I want to hear from you people. If the answer is yes, should we put an entry for it in the Winapp2.ini file? I hope everyone is having a good holiday season. "When people are free to do as they please, they usually imitate each other." --Eric Hoffer Link to comment Share on other sites More sharing options...
Guest Keatah Posted December 25, 2011 Share Posted December 25, 2011 What a fine set of updates you got here. And thx for tweaking the VLC media player menu/settings right. Link to comment Share on other sites More sharing options...
J_I_Mancinelli Posted December 26, 2011 Share Posted December 26, 2011 All right, here's another temporary-installer-file deletion entry for ya: [TempImages directory*] LangSecRef=3025 DetectFile=%LocalAppData%\TempImages Default=false FileKey1=%LocalAppData%\TempImages|*.*|RECURSE I have to wonder if we should set "Default=true" for this since this folder appears to do nothing but take up space and occasionally hide malware. Let me know what you think. "When people are free to do as they please, they usually imitate each other." --Eric Hoffer Link to comment Share on other sites More sharing options...
Winapp2.ini Posted December 26, 2011 Author Share Posted December 26, 2011 All of the defaults are set to false so as to keep the user in full control of entries being checked. winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators Nergal Posted December 27, 2011 Moderators Share Posted December 27, 2011 All right, here's another temporary-installer-file deletion entry for ya: [TempImages directory*] LangSecRef=3025 DetectFile=%LocalAppData%\TempImages Default=false FileKey1=%LocalAppData%\TempImages|*.*|RECURSE I have to wonder if we should set "Default=true" for this since this folder appears to do nothing but take up space and occasionally hide malware. Let me know what you think. I've never seen this folder. What creates it. Which OS version? ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Winapp2.ini Posted December 27, 2011 Author Share Posted December 27, 2011 Seems to be a malware directory, based on the search he posted. ( https://www.google.com/search?q=Tempimages+folder&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#q=appdata+tempimages+folder&hl=en&client=firefox-a&tbo=1&rls=org.mozilla:en-US:official&nfpr=1&prmdo=1&prmd=imvnsfd&ei=--T2TqrkGIfu0gH669CkAg&start=0&sa=N&fp=1&biw=1366&bih=563&bav=on.2,or.r_gc.r_pw.r_cp.,cf.osb&cad=B ) winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators Nergal Posted December 27, 2011 Moderators Share Posted December 27, 2011 I fixed your link to not be a emoticon if it malware I don't believe this is the purview of ccleaner. also, the poster should seek a cleanup forum, I'm not sure the current status of our spyware hell, but should you post there a professional will help you. ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators Andavari Posted December 27, 2011 Moderators Share Posted December 27, 2011 if it malware I don't believe this is the purview of ccleaner. There's anti-malware related forums that have their own unique winapp2.ini files to remove malware via CCleaner, and they'll even write removals for people depending upon what logs they post. Sorry not links to such places since it really isn't what CCleaner is for. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted December 27, 2011 Author Share Posted December 27, 2011 That's interesting Andavari, I didn't know that. winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
J_I_Mancinelli Posted December 29, 2011 Share Posted December 29, 2011 Well, I don't have a malware infection on my machine (at least, not as far as I can tell) and this TempImages directory was in my %Localappdata% folder. It appears to have been filled with setup programs for those programs which are packaged with free software. According to VirusTotal, the Free WAV to MP3 Converter that I was using was packaged with malware. I think the reason I haven't had a problem is because I didn't use the stupid toolbar app that came with it. Nonetheless, I don't see why we shouldn't include this in the Winapp2.ini file. I've already added it as a custom location in my own installation of CCleaner. "When people are free to do as they please, they usually imitate each other." --Eric Hoffer Link to comment Share on other sites More sharing options...
Alan_B Posted December 29, 2011 Share Posted December 29, 2011 Hi I have just uploaded a new version Trim_2 at http://forum.pirifor...showtopic=34642 A new "sanity check" found an anomaly - this "[Adobe Flash Install Logs*]" appeared twice. My code handled it O.K., but I wonder about the behavior on a 32 bit system of acting on DetectFile1=%WinDir%\System32\Macromed\Flash ...... FileKey2=%WinDir%\SysWOW64\Macromed\Flash|FlashInstall.log And this looks strange - I have appended a " " to show the end of a very large chunk of "white space" [Cheat Engine Temp Files*] LangSecRef=3021 Detect=HKCU\Software\Cheat Engine Default=False FileKey1=%ProgramFiles%\Cheat Engine|*.tmp Link to comment Share on other sites More sharing options...
Moderators Nergal Posted December 29, 2011 Moderators Share Posted December 29, 2011 Well, I don't have a malware infection on my machine (at least, not as far as I can tell) and this TempImages directory was in my %Localappdata% folder. It appears to have been filled with setup programs for those programs which are packaged with free software. According to VirusTotal, the Free WAV to MP3 Converter that I was using was packaged with malware. I think the reason I haven't had a problem is because I didn't use the stupid toolbar app that came with it. Nonetheless, I don't see why we shouldn't include this in the Winapp2.ini file. I've already added it as a custom location in my own installation of CCleaner. this post is confusing. You don't have malware but you have malware? ccleaner shouldn't't clean that folder, on all users of the program/winapp2, because with many malware infections steps must be taken in order & ccleaner is for removing junk not cleaning after evil (unless prescribed by a malware-hunting expert) Hi I have just uploaded a new version Trim_2 at http://forum.pirifor...showtopic=34642 A new "sanity check" found an anomaly - this "[Adobe Flash Install Logs*]" appeared twice. My code handled it O.K., but I wonder about the behavior on a 32 bit system of acting on DetectFile1=%WinDir%\System32\Macromed\Flash ...... FileKey2=%WinDir%\SysWOW64\Macromed\Flash|FlashInstall.log And this looks strange - I have appended a " " to show the end of a very large chunk of "white space" [Cheat Engine Temp Files*] LangSecRef=3021 Detect=HKCU\Software\Cheat Engine Default=False FileKey1=%ProgramFiles%\Cheat Engine|*.tmp the 2nd entry is known about & will be fixed in the next iteration. ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Winapp2.ini Posted December 29, 2011 Author Share Posted December 29, 2011 Thanks Alan winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Alan_B Posted December 29, 2011 Share Posted December 29, 2011 Thanks Alan Your welcome. I sent by P.M. a FixWinni script - did you get it or was it lost in the Christmas rush I have thought of a few enhancements since then Alan Link to comment Share on other sites More sharing options...
Winapp2.ini Posted December 29, 2011 Author Share Posted December 29, 2011 I got it, but i haven't run it yet. winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
J_I_Mancinelli Posted December 30, 2011 Share Posted December 30, 2011 this post is confusing. You don't have malware but you have malware? What is so confusing about what I said? I said that I found this folder in %localappdata% folder but I DO NOT have a malware infection. "When people are free to do as they please, they usually imitate each other." --Eric Hoffer Link to comment Share on other sites More sharing options...
Moderators Nergal Posted December 30, 2011 Moderators Share Posted December 30, 2011 What I meant was you stated you knew for a fact you didn't have Malware, but then you reported that Virus Total reported that a program you installed was flagged (by at least one scanner, though you weren't very clear there either). That said, unless you can point us to a specific "widely" used program, I don't see any of us making an entry, nor adding one to the template. ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
m9s1k Posted December 31, 2011 Share Posted December 31, 2011 sry 4 my bad english, i'm russian and this my settings 4 comodo dragon (this is safely remake of chrom browser) ;This goes here as it is short for "Chromium Temp Files" [Temp Files*] ID=2013 LangSecRef=3029 Detect=HKCU\Software\Chromium DetectFile=%LocalAppData%\Google\Chrome\Application\chrome.exe DetectFile2=%ProgramFiles%\Google\Chrome\Application\chrome.exe DetectFile3=%LocalAppData%\Flock\Application\flock.exe DetectFile4=%ProgramFiles%\Flock\Application\flock.exe DetectFile5=%LocalAppData%\Google\Chrome SxS\Application\chrome.exe DetectFile6=%ProgramFiles%\Google\Chrome SxS\Application\chrome.exe DetectFile7=%LocalAppData%\SRWare Iron\iron.exe DetectFile8=%ProgramFiles%\SRWare Iron\iron.exe DetectFile9=%ProgramFiles%\Chromium\chrome.exe DetectFile10=%LocalAppData%\Chromium\chrome.exe DetectFile11=%ProgramFiles%\Chromium\Application\chrome.exe DetectFile12=%LocalAppData%\Chromium\Application\chrome.exe DetectFile13=%AppData%\ChromePlus\chrome.exe DetectFile14=%LocalAppData%\RockMelt\Application\rockmelt.exe DetectFile15=%ProgramFiles%\RockMelt\Application\rockmelt.exe DetectFile16=%ProgramFiles%\Comodo\Dragon\dragon.exe DetectFile17=%ProgramFiles%\Dragon\dragon.exe Default=False FileKey1=%LocalAppData%\Google\Chrome|*.tmp|RECURSE FileKey2=%LocalAppData%\Flock|*.tmp|RECURSE FileKey3=%LocalAppData%\Google\Chrome SxS|*.tmp|RECURSE FileKey4=%LocalAppData%\SRWare Iron|*.tmp|RECURSE FileKey5=%LocalAppData%\Chromium|*.tmp|RECURSE FileKey6=%LocalAppData%\Chrome Plus|*.tmp|RECURSE FileKey7=%LocalAppData%\Rockmelt|*.tmp|RECURSE FileKey8=%LocalAppData%\Comodo\Dragon|*.tmp|RECURSE Link to comment Share on other sites More sharing options...
Coffee4Joe Posted December 31, 2011 Share Posted December 31, 2011 New Entry [CamStudio*] LangSecRef=3023 DetectFile=%ProgramFiles%\CamStudio\ Default=False FileKey1=%ProgramFiles%\CamStudio|CamLayout.ini FileKey2=%ProgramFiles%\CamStudio|CamShapes.ini FileKey3=%ProgramFiles%\CamStudio|Camdata.ini Those 3 .ini's recreate themselfs upon launching the software. All I've found out about them is they get bigger each time the software launches. Haven't found any settings that are reset by removing them. Anyone else with it want to double check? CamStudio.ini should not be removed as it contrains important settings like frame rate, ratio's, format etc. Edited Manycam. So it is listed as multimedia [ManyCam*] LangSecRef=3023 DetectFile=%LocalAppData%\ManyCam\ Default=False FileKey1=%LocalAppData%\ManyCam|*.log Link to comment Share on other sites More sharing options...
Winapp2.ini Posted December 31, 2011 Author Share Posted December 31, 2011 Thanks! winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators Nergal Posted January 1, 2012 Moderators Share Posted January 1, 2012 sry 4 my bad english, i'm russian and this my settings 4 comodo dragon (this is safely remake of chrom browser) ;This goes here as it is short for "Chromium Temp Files" [Temp Files*] ID=2013 LangSecRef=3029 Detect=HKCU\Software\Chromium DetectFile=%LocalAppData%\Google\Chrome\Application\chrome.exe DetectFile2=%ProgramFiles%\Google\Chrome\Application\chrome.exe DetectFile3=%LocalAppData%\Flock\Application\flock.exe DetectFile4=%ProgramFiles%\Flock\Application\flock.exe DetectFile5=%LocalAppData%\Google\Chrome SxS\Application\chrome.exe DetectFile6=%ProgramFiles%\Google\Chrome SxS\Application\chrome.exe DetectFile7=%LocalAppData%\SRWare Iron\iron.exe DetectFile8=%ProgramFiles%\SRWare Iron\iron.exe DetectFile9=%ProgramFiles%\Chromium\chrome.exe DetectFile10=%LocalAppData%\Chromium\chrome.exe DetectFile11=%ProgramFiles%\Chromium\Application\chrome.exe DetectFile12=%LocalAppData%\Chromium\Application\chrome.exe DetectFile13=%AppData%\ChromePlus\chrome.exe DetectFile14=%LocalAppData%\RockMelt\Application\rockmelt.exe DetectFile15=%ProgramFiles%\RockMelt\Application\rockmelt.exe DetectFile16=%ProgramFiles%\Comodo\Dragon\dragon.exe DetectFile17=%ProgramFiles%\Dragon\dragon.exe Default=False FileKey1=%LocalAppData%\Google\Chrome|*.tmp|RECURSE FileKey2=%LocalAppData%\Flock|*.tmp|RECURSE FileKey3=%LocalAppData%\Google\Chrome SxS|*.tmp|RECURSE FileKey4=%LocalAppData%\SRWare Iron|*.tmp|RECURSE FileKey5=%LocalAppData%\Chromium|*.tmp|RECURSE FileKey6=%LocalAppData%\Chrome Plus|*.tmp|RECURSE FileKey7=%LocalAppData%\Rockmelt|*.tmp|RECURSE FileKey8=%LocalAppData%\Comodo\Dragon|*.tmp|RECURSE this is all already covered by the internal google chrome entry & all your entry has is removal of tmp file-type files & thus I believe cleans nothing ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Alan_B Posted January 1, 2012 Share Posted January 1, 2012 These entries in a downloaded WinApp2.ini look wrong :- [Windows 7 MUICache*] LangSecRef=3025 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\ Default=False RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache [Windows 7 ShellBags*] LangSecRef=3025 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\ Default=False RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags What they detect they also purge, and then they do not detect till it gets dirty again. I See that both these items appear and are checked in Cleaner / Applications [Windows 7 MUICache*] [Windows 7 ShellBags*] I hit "Run Cleaner" and the work is done, and both items remain under Cleaner / Applications. I hit Function key F5 to refresh and the items no longer appear. Would it be appropriate to have the detect reduced in each case to :- Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\ When some-one adds WinApp2.ini they will not see this capability unless the "dirt" is present, and if they cannot see it they have no ability to choose whether or not to un-check the boxes. Upon inspection I found that [Windows 7 ShellBags*] gets dirty very quickly, but [Windows 7 MUICache*] stays clean longer. When you clean your [Windows 7 MUICache*] will remain clean for a while and will no longer be detected. If you decide that cleaning [Windows 7 MUICache*] was bad, you are stuck - there is no box to uncheck because it is not detected. You will only be able to uncheck if you wait for it to get dirty again, and if you failed to spot its arrival it will be checked and repeat the damage. (Or for the brave, you can modify the settings held in the file CCleaner.ini, and for the SUPER brave, you can modify the CCleaner settings held in the registry ) Link to comment Share on other sites More sharing options...
Winapp2.ini Posted January 1, 2012 Author Share Posted January 1, 2012 or the ini I'll change that up winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now