Winapp2.ini Posted June 14, 2014 Author Share Posted June 14, 2014 yeah the debugger throws a warning for things like %EnvVar%| too so i changed those to %EnvVar%\| winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
CSGalloway Posted June 15, 2014 Share Posted June 15, 2014 Got this email today Link to comment Share on other sites More sharing options...
siliconman01 Posted June 15, 2014 Share Posted June 15, 2014 New: Malwarebytes Anti-Exploit Logs* [Malwarebytes Anti-Exploit Logs*] LangSecRef=3024 Detect1=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc Default=False FileKey1=%CommonAppData%\\Malwarebytes Anti-Exploit\|*.Log Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
back_track Posted June 15, 2014 Share Posted June 15, 2014 I think subkeys like those are denoted with a \ instead of a | eg RegKey1=HKCU\Software\Paint.NET\File/MostRecent/Path0 nope, it doesn't work.... I think it is a bug that ccleaner can't handle / in reg keys New: Malwarebytes Anti-Exploit Logs*[Malwarebytes Anti-Exploit Logs*]LangSecRef=3024 Detect1=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc Default=False FileKey1=%CommonAppData%\\Malwarebytes Anti-Exploit\|*.Log why there are \\ ? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 15, 2014 Moderators Share Posted June 15, 2014 they come from the new Paint.net 4.0 but ccleaner is unable to clean that.. why? Paint.NET v4.0 on the website says Beta. Although Paint.NET v4.0 when it's final/stable will require at least Windows 7 SP1. Link to comment Share on other sites More sharing options...
CSGalloway Posted June 15, 2014 Share Posted June 15, 2014 I looked over the spoiler from a few entries above and wanted to make these suggestions: NOTE: Search for "<==" or "==>" [ESET NOD32 Antivirus Backups*]LangSecRef=3021Detect=HKLM\Software\ESET\ESET SecurityDefault=FalseWarning=This will clean your Backup files.FileKey1=%CommonAppData%\ESET\ESET NOD32 Antivirus\backup|*.*|RECURSE<== change *.* to em__*-*.dat.bak [MS Office 2013 SkyDrive/OneDrive Logs*]LangSecRef=3021Detect=HKCU\Software\Microsoft\SkyDriveDefault=FalseFileKey1=%LocalAppData%\Microsoft\SkyDrive\Setup\Logs|*.*FileKey2=%LocalAppData%\Microsoft\SkyDrive\logs|*.*<== change *.* to be *.log above [HP Install Logs*] <== I would likely not use this entry - not bloat logs - sicne done by manufacturerLangSecRef=3021Detect=HKCU\Software\HPDetectFile=%CommonAppData%\HPDefault=FalseFileKey1=%CommonAppData%|hpzinstall.logFileKey2=%UserProfile%\All Users|hpzinstall.logFileKey3=%LocalAppData%\VirtualStore\ProgramData|hpzinstall.logFileKey4=%AppData%\HP\WebRegLogs|WebRegLog.txtFileKey5=%SystemDrive%\hp\bin\logs|*.logFileKey6=%CommonAppData%\Hewlett-Packard|*.log;*Log.txt|RECURSEFileKey7=%SystemDrive%\SYSTEM.SAV|*.log;*Log.txt|RECURSE Added Filekey 5-7 [HP Install Temps*]LangSecRef=3021Detect=HKCU\Software\HPDetectFile=%CommonAppData%\HPDefault=FalseFileKey1=%CommonAppData%\HP\Installer\Temp|*.*FileKey2=%CommonAppData%\HP\Temp|*.*FileKey3=%ProgramFiles%\HP\Temp|*.*|RECURSEFileKey4=%UserProfile%\All Users\HP\Installer\Temp|*.*FileKey5=%LocalAppData%\VirtualStore\Program Files*\HP\Temp|*.*|RECURSEFileKey6=%LocalAppData%\VirtualStore\ProgramData\HP\Installer\Temp|*.*FileKey7=%LocalAppData%\VirtualStore\ProgramData\HP\Temp|*.*FileKey8=%WinDir%|*.dat.temp <== suggest changing to hp*.dat.tmp [backup Assist*] <== This entry can be removed. I used C:\z_UserFiles as a backup folder while I migrate them to the proper folders.... From another machine...LangSecRef=3024DetectFile=%SystemDrive%\Z_UserFilesDefault=FalseFileKey1=%SystemDrive%\Z_UserFiles|*.err;*log.txt;*.log;*.diz;*.old;CHKLIST.MS|RECURSE [MyDefrag Logs*]LangSecRef=3021Detect=HKCU\Software\MyDefragDefault=FalseFileKey1=%ProgramFiles%\MyDefrag *|*.logFileKey2=%ProgramFiles%\MyDefrag *\LOGs|*.* <== I had moved logs here while I tested the scripts for the program... This is notneeded [Total Commander Logs*] <== JPSoft TakeCommand Command.com replacement =========LangSecRef=3021Detect1=HKCU\Software\Ghisler\Total CommanderDetect2=HKLM\SOFTWARE\Ghisler\Total CommanderDefault=FalseFileKey1=%SystemDrive%\TCMD\HowTo|*.errFileKey2=%SystemDrive%\TCMD\MyLOGS|*.*FileKey3=%SystemDrive%\TCMD\TCMDLogs|*.*FileKey4=%ProgramFiles%\TCMD\HowTo|*.errFileKey5=%ProgramFiles%\TCMD\MyLOGS|*.*FileKey6=%ProgramFiles%\TCMD\TCMDLogs|*.* <== change to Detect1 using "HKEY_CURRENT_USER\Software\JP Software" [Forte*] <== Forte Agent Newsgroup reader ======================================LangSecRef=3025Detect1=HKLM\SOFTWARE\ForteDetect2=HKLM\SOFTWARE\Wow6432Node\ForteDefault=FalseFileKey1=%SystemDrive%\My Data\ForteAgent|*.bak;*.logFileKey2=%AppData%\Forte\Agent|errorlog.xml;*.log|RECURSE Link to comment Share on other sites More sharing options...
back_track Posted June 15, 2014 Share Posted June 15, 2014 Paint.NET v4.0 on the website says Beta. Although Paint.NET v4.0 when it's final/stable will require at least Windows 7 SP1. ??? i have win 7 sp1 it self works. It could be that they change theire regkeys, but they could also stay. Link to comment Share on other sites More sharing options...
dvdbane Posted June 15, 2014 Share Posted June 15, 2014 I looked over the spoiler from a few entries above and wanted to make these suggestions: NOTE: Search for "<==" or "==>" [ESET NOD32 Antivirus Backups*] LangSecRef=3021 Detect=HKLM\Software\ESET\ESET Security Default=False Warning=This will clean your Backup files. FileKey1=%CommonAppData%\ESET\ESET NOD32 Antivirus\backup|*.*|RECURSE <== change *.* to em__*-*.dat.bak change to *.bak or is it still need em__*-*.dat? [Paint.NET More*] LangSecRef=3021 Detect=HKCU\Software\Paint.NET\ Default=False FileKey1=%LocalAppData%\Paint.NET|*.*|RECURSE RegKey1=HKCU\Software\Paint.NET\|LastFileDialogDirectory RegKey2=HKCU\Software\Paint.NET\|File/MostRecent/Path0 RegKey3=HKCU\Software\Paint.NET\|File/MostRecent/Path1 RegKey4=HKCU\Software\Paint.NET\|File/MostRecent/Path2 RegKey5=HKCU\Software\Paint.NET\|File/MostRecent/Path3 RegKey6=HKCU\Software\Paint.NET\|File/MostRecent/Path4 RegKey7=HKCU\Software\Paint.NET\|File/MostRecent/Path5 RegKey8=HKCU\Software\Paint.NET\|File/MostRecent/Path6 RegKey9=HKCU\Software\Paint.NET\|File/MostRecent/Path7 RegKey10=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail0 RegKey11=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail1 RegKey12=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail2 RegKey13=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail3 RegKey14=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail4 RegKey15=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail5 RegKey16=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail6 RegKey17=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail7 can you try this? i just add \ after HKCU\Software\Paint.NET seem working for me Link to comment Share on other sites More sharing options...
back_track Posted June 15, 2014 Share Posted June 15, 2014 change to *.bak or is it still need em__*-*.dat? can you try this? i just add \ after HKCU\Software\Paint.NET seem working for me I have found my problem I have to reopen regedit after cleaning .... they worked with | [Paint.NET More*] LangSecRef=3021 Detect=HKCU\Software\Paint.NET Default=False FileKey1=%LocalAppData%\Paint.NET|*.*|RECURSE RegKey1=HKCU\Software\Paint.NET|LastFileDialogDirectory RegKey2=HKCU\Software\Paint.NET|File/MostRecent/Path0 RegKey3=HKCU\Software\Paint.NET|File/MostRecent/Path1 RegKey4=HKCU\Software\Paint.NET|File/MostRecent/Path2 RegKey5=HKCU\Software\Paint.NET|File/MostRecent/Path3 RegKey6=HKCU\Software\Paint.NET|File/MostRecent/Path4 RegKey7=HKCU\Software\Paint.NET|File/MostRecent/Path5 RegKey8=HKCU\Software\Paint.NET|File/MostRecent/Path6 RegKey9=HKCU\Software\Paint.NET|File/MostRecent/Path7 RegKey10=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail0 RegKey11=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail1 RegKey12=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail2 RegKey13=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail3 RegKey14=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail4 RegKey15=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail5 RegKey16=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail6 RegKey17=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail7 Link to comment Share on other sites More sharing options...
CSGalloway Posted June 15, 2014 Share Posted June 15, 2014 change to *.bak or is it still need em__*-*.dat? I would suggest changing it to em*_*-*.dat.bak Had a typo in the first posting.... sorry.... Link to comment Share on other sites More sharing options...
Winapp2.ini Posted June 16, 2014 Author Share Posted June 16, 2014 I have found my problem I have to reopen regedit after cleaning .... they worked with | [Paint.NET More*] LangSecRef=3021 Detect=HKCU\Software\Paint.NET Default=False FileKey1=%LocalAppData%\Paint.NET|*.*|RECURSE RegKey1=HKCU\Software\Paint.NET|LastFileDialogDirectory RegKey2=HKCU\Software\Paint.NET|File/MostRecent/Path0 RegKey3=HKCU\Software\Paint.NET|File/MostRecent/Path1 RegKey4=HKCU\Software\Paint.NET|File/MostRecent/Path2 RegKey5=HKCU\Software\Paint.NET|File/MostRecent/Path3 RegKey6=HKCU\Software\Paint.NET|File/MostRecent/Path4 RegKey7=HKCU\Software\Paint.NET|File/MostRecent/Path5 RegKey8=HKCU\Software\Paint.NET|File/MostRecent/Path6 RegKey9=HKCU\Software\Paint.NET|File/MostRecent/Path7 RegKey10=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail0 RegKey11=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail1 RegKey12=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail2 RegKey13=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail3 RegKey14=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail4 RegKey15=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail5 RegKey16=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail6 RegKey17=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail7 You can hit F5 to update regedit without needing to close it, for future reference winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
siliconman01 Posted June 16, 2014 Share Posted June 16, 2014 why there are \\ ? Oops. Corrected below: [Malwarebytes Anti-Exploit Logs*] LangSecRef=3024 Detect1=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc Default=False FileKey1=%CommonAppData%\Malwarebytes Anti-Exploit\|*.Log Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted June 16, 2014 Author Share Posted June 16, 2014 Is Anti-Exploit out of Beta? [Malwarebytes Anti-Exploit Beta*] LangSecRef=3024 DetectFile=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit Default=False FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit|*.log FileKey2=%LocalAppData%\VirtualStore\ProgramData\Malwarebytes\Malwarebytes Anti-Exploit|*.log winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
dvdbane Posted June 16, 2014 Share Posted June 16, 2014 I have found my problem I have to reopen regedit after cleaning .... they worked with | weird..now, both are working dunno why I would suggest changing it to em*_*-*.dat.bak Had a typo in the first posting.... sorry.... is there a reason why the entry need those em*_*-* when you can simply use * to replace em*_*-* ? so that the entry become *.dat.bak instead of em*_*-*.dat.bak or to make it simpler, *.bak Is Anti-Exploit out of Beta? [Malwarebytes Anti-Exploit Beta*] LangSecRef=3024 DetectFile=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit Default=False FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit|*.log FileKey2=%LocalAppData%\VirtualStore\ProgramData\Malwarebytes\Malwarebytes Anti-Exploit|*.log yes, it is https://forums.malwarebytes.org/index.php?s=57484dc4fe808637b37cd93598665123&showtopic=150498 Link to comment Share on other sites More sharing options...
CSGalloway Posted June 16, 2014 Share Posted June 16, 2014 [omit] is there a reason why the entry need those em*_*-* when you can simply use * to replace em*_*-* ? so that the entry become *.dat.bak instead of em*_*-*.dat.bak or to make it simpler, *.bak I guess *.bak is ok - I don't use the program so I don't know. Just think - from my standpoint - any thing more specific then *.bak would be better Link to comment Share on other sites More sharing options...
dvdbane Posted June 16, 2014 Share Posted June 16, 2014 I guess *.bak is ok - I don't use the program so I don't know. Just think - from my standpoint - any thing more specific then *.bak would be better well, i don't use eset anymore so i don't know about this entry too just asking incase the entry need that specific detection sorry if you felt annoyed with the question its just that i like to ask till i get/know the answer Link to comment Share on other sites More sharing options...
CSGalloway Posted June 16, 2014 Share Posted June 16, 2014 (edited) Found MDMP files in C:\Program Files (x86)\TeamViewer\Version9 - winapp2.ini entry needed please... HKEY_CURRENT_USER\Software\TeamViewer\Version9 can be used for Detect..... Edited June 16, 2014 by CSGalloway Link to comment Share on other sites More sharing options...
back_track Posted June 18, 2014 Share Posted June 18, 2014 [NVIDIA GFExperience Updates*] LangSecRef=3023 Detect=HKLM\Software\NVIDIA Corporation Default=False FileKey1=%CommonAppData%\NVIDIA\Updatus\DownloadManager|*.* FileKey2=%CommonAppData%\NVIDIA\NvBackend\Updatus\DownloadManager|*.* FileKey3=%CommonAppData%\NVIDIA Corporation\NetService|*.*|RECURSE FileKey4=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\Updatus\DownloadManager|*.* FileKey5=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\NvBackend\Updatus\DownloadManager|*.* FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\NetService|*.*|RECURSE add support for nvidia 340. Filkey 3 and 6 add |RECURSE Link to comment Share on other sites More sharing options...
Winapp2.ini Posted June 20, 2014 Author Share Posted June 20, 2014 got this email today, with the most meta entry ever (No, this email's not real, it's http://deadfake.com)New ProjectOk Hi again,[CCleaner*]LangSecRef=3024Detect=HKCU\Software\Piriform\CCleanerDefault=FalseFileKey1=%ProgramFiles%\CCleaner|*.log;CCleaner_log*.txtFileKey2=%LocalAppData%\VirtualStore\Program Files*\CCleaner|*.log;CCleaner_log*.txtFileKey3=%UserProfile%|CCleaner_log*.txtOn Old Systems the debug mode Logs were saved as "CCleaner_log*.txt". Therefore I have added it.And it was probably even saved in Userprofile, therefore I added Filekey3.Found these:C:\Program Files\CCleaner\CCleaner64_v4.14.4707_2014-06-15_01-59-02.log[Defraggler*]LangSecRef=3024Detect=HKCU\Software\Piriform\DefragglerDefault=FalseFileKey1=%ProgramFiles%\Defraggler|*.dmp;*statistics*;*.log;Defraggler*.txtFileKey2=%LocalAppData%\VirtualStore\Program Files*\Defraggler|*.dmp;*statistics*;*.log;Defraggler*.txtFileKey3=%UserProfile%|Defraggler*.txtImproved Filekey 1 and 2. Added Filekey3Found these:C:\Program Files\Defraggler\Defraggler64.exe.[2_18_945][2014-06-16_19-40].txt[Recuva*]LangSecRef=3024Detect=HKCU\Software\Piriform\RecuvaDefault=FalseFileKey1=%ProgramFiles%\Recuva|*.log;Recuva_log*.txtFileKey2=%LocalAppData%\VirtualStore\Program Files*\Recuva|*.log;Recuva_log*.txtFileKey3=%UserProfile%|Recuva_log*.txt[speccy*]LangSecRef=3024Detect=HKCU\Software\Piriform\SpeccyDefault=FalseFileKey1=%ProgramFiles%\Speccy|*.log;Speccy_log*.txtFileKey2=%LocalAppData%\VirtualStore\Program Files*\Speccy|*.log;Speccy_log*.txtFileKey3=%UserProfile%|Speccy_log*.txt[Logitech Setpoint 6 (Logs)*]LangSecRef=3024Detect=HKCU\Software\Logitech\SetpointDefault=FalseFileKey1=%AppData%\Logishrd\sp6_Log|*.*|REMOVESELFFileKey2=%WinDir%\System32|lvcoinst.logFileKey3=%CommonAppData%\LogiShrd|*.log|RECURSEFileKey4=%ProgramFiles%\Common Files\logishrd|*.log|RECURSEFound these:C:\Windows\System32\lvcoinst.log 11 KBC:\ProgramData\LogiShrd\Updater\LuUpdater.log 0 KBC:\ProgramData\LogiShrd\Updater\LuUpdater.log 0 KBC:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.log 29 KBC:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.log 29 KB[Windows Live Mail*]LangSecRef=3025Detect=HKCU\Software\Microsoft\Windows Live MailDefault=FalseWarning=This will reset the read counts, which will be recalculated when WLMail is started.FileKey1=%LocalAppData%\Microsoft\Windows*Mail|*.log;*.jrs;*.chk;*.rss|RECURSEFileKey2=%LocalAppData%\Microsoft\Windows*Mail\Backup|*.*|REMOVESELFFileKey3=%LocalAppData%\Microsoft\Windows*Mail\*\Backup|*.*|REMOVESELFFileKey4=%LocalAppData%\Microsoft\Windows*Mail\Storage Folders|*.*|REMOVESELFFileKey5=%LocalAppData%\Microsoft\Windows*Mail\*.tmp|*.*|RECURSEFileKey6=%LocalAppData%\Microsoft\Windows*Mail\*|*.MSMessageStore|RECURSERegKey1=HKCU\Software\Microsoft\Windows Live Mail|SearchFolderVersion[Windows Live Messenger More*]LangSecRef=3022Detect=HKLM\Software\Microsoft\Windows Live\MessengerDefault=FalseFileKey1=%CommonProgramFiles%\Windows Live\.cache|*.*|RECURSEFileKey2=%LocalAppData%\Microsoft\Messenger|*.uccapilog;*.bak;*.txt|RECURSEFileKey3=%LocalAppData%\Microsoft\Windows Live|*.log;*.jrs;*.sqm|RECURSEFileKey4=%LocalAppData%\Microsoft\Windows Live Contacts|*.log;*.jrs|RECURSEFileKey5=%LocalAppData%\Microsoft\Windows Live Contacts\*\*\*\Backup|*.*|RECURSEFileKey6=%ProgramFiles%\Windows Live\Messenger|*.bak|RECURSEFileKey7=%WinDir%\System32\config\systemprofile\Documents|wlidsvctrace*.txtFileKey8=%WinDir%\SysWOW64\config\systemprofile\Documents|wlidsvctrace*.txtFileKey9=%LocalAppData%\VirtualStore\Program Files*\Windows Live\Messenger|*.bak|RECURSEFileKey10=%LocalAppData%\VirtualStore\Program Files*\Common Files\Windows Live\.cache|*.*|RECURSEWould you please add the below to the Winapp2.ini with entry I've send to you:Found these:C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA104.tmp 230 KBC:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA104.tmp 230 KBC:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini 10 KBC:\Program Files (x86)\Common Files\Windows Live\.cache\wlc3B52.tmp 231 KBC:\Program Files (x86)\Common Files\Windows Live\.cache\wlc8B43.tmp 231 KBC:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA893.tmp 230 KB[symantec SymSilent Logs*]LangSecRef=3024DetectFile=%Public%\Symantec\SymSilentDefault=FalseFileKey1=%Public%\Symantec\SymSilent\ccLog|*.*Found these:C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0630.log 4 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x072C.log 4 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0A90.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0A98.log 4 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AA8.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AEC.log 3 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AF0.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B10.log 3 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B44.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B8C.log 3 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B90.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0DCC.log 3 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x1234.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x123C.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x12EC.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0630.log 4 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x072C.log 4 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0A90.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0A98.log 4 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AA8.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AEC.log 3 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AF0.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B10.log 3 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B44.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B8C.log 3 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B90.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0DCC.log 3 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x1234.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x123C.log 2 KBC:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x12EC.log 2 KBC:\Users\Public\Symantec\SymSilent\SymSilent.log 1 KBC:\Users\Public\Symantec\SymSilent\SymSilent.log 1 KB[Copernic DesktopSearch4 Logs*]LangSecRef=3024Detect1=HKLM\SOFTWARE\Copernic\DesktopSearch4Detect2=HKLM\SOFTWARE\Wow6432Node\Copernic\DesktopSearch4Default=FalseFileKey1=%AppData%\Copernic\DesktopSearch4\Logs|*.*|REMOVESELFFound these:C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\Cds4Install.log 23 KBC:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\Cds4Install.log 23 KBC:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\CdsApp.log4 44 KBC:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\CdsQueue.log4 243 KBC:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\SP.0.log4 2 KBC:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\SPP.0.log4 31 KBC:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\CdsQueue.log4C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\Cds4Install.logC:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\SP.0.log4C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\SPP.0.log4[Wallpaper Juggler*]LangSecRef=3024DetectFile=%ProgramFiles%\Wallpaper JugglerDefault=FalseFileKey1=%ProgramFiles%\Wallpaper Juggler|*.logFileKey2=%LocalAppData%\VirtualStore\Program Files*\Wallpaper Juggler|*.logFound these:C:\Program Files (x86)\Wallpaper Juggler\INSTALL.LOG 8 KBC:\Program Files (x86)\Wallpaper Juggler\INSTALL.LOG 8 KB[serviio Logs*]LangSecRef=3024Detect=HKLM\SOFTWARE\ServiioDefault=FalseFileKey1=%ProgramFiles%\Serviio\log|*.*FileKey2=%LocalAppData%\VirtualStore\Program Files*\Serviio\log|*.*Found these:C:\Program Files\Serviio\log\derby.log 1 KBC:\Program Files\Serviio\log\serviio.log 2 KBC:\Program Files\Serviio\log\derby.log 1 KBC:\Program Files\Serviio\log\serviio.log 2 KBC:\Program Files\Serviio\log\serviio.logC:\Program Files\Serviio\log\derby.log[JDownloader Logs*]LangSecRef=3022Detect=HKLM\Software\JDownloaderDetectFile=%ProgramFiles%\JDownloaderDefault=FalseFileKey1=%ProgramFiles%\JDownloader|*.log;updateLog.txt;*.lck|RECURSEFileKey2=%UserProfile%\.jd_home|JDownloader.logFileKey3=%UserProfile%\.jd_home\logs|*.0FileKey4=%LocalAppData%\VirtualStore\Program Files*\JDownloader|*.log;updateLog.txt;*.lckI've added RECURSE to Filekey1.[JDownloader2 Logs*]LangSecRef=3022DetectFile1=%ProgramFiles%\JDownloader 2DetectFile2=%ProgramFiles%\JDownloader2Default=FalseFileKey1=%ProgramFiles%\JDownloader 2|*.log;Updater_*-*-*.log;SessionInstallLog.json.*|RECURSEFileKey2=%ProgramFiles%\JDownloader2|*.log;Updater_*-*-*.log;SessionInstallLog.json.*|RECURSEFileKey3=%ProgramFiles%\JDownloader 2\logs|*.*|RECURSEFileKey4=%LocalAppData%\VirtualStore\Program Files*\JDownloader 2|JDownloader.log;Updater_*-*-*.log;SessionInstallLog.json.*FileKey5=%LocalAppData%\VirtualStore\Program Files*\JDownloader2|JDownloader.log;Updater_*-*-*.log;SessionInstallLog.json.*FileKey6=%LocalAppData%\VirtualStore\Program Files*\JDownloader 2\logs|*.*|RECURSEI've added DetectFile2, because Filekey2 would be unimportant. And I've improved Filekey1 and 2, because I've added *.logand added RECURSE. Now the files below should get deleted.Found these:C:\Program Files (x86)\JDownloader\.install4j\files.log 220 KBC:\Program Files (x86)\JDownloader\.install4j\installation.log 336 KBC:\Program Files (x86)\JDownloader\.install4j\files.log 220 KBC:\Program Files (x86)\JDownloader\.install4j\installation.log 336 KB[Multi-Edit Logs*]LangSecRef=3024DetectFile1=%SystemDrive%\My Programs\Multi-Edit 2008DetectFile2=%AppData%\Multi Edit SoftwareDefault=FalseFileKey1=%SystemDrive%\My Programs\Multi-Edit 2008|*.logFileKey2=%AppData%\Multi Edit Software|*.log|RECURSEFound these:C:\My Programs\Multi-Edit 2008\INSTALL.LOG 293 KBC:\My Programs\Multi-Edit 2008\INSTALL.LOG 293 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\EVOLVE.LOG 16 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\FILEPANE.LOG 2 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\INSTALL.LOG 309 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\POLYSTYLE.LOG 25 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\TMPLPANE.LOG 1 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\WINLIST.LOG 1 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\EVOLVE.LOG 16 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\FILEPANE.LOG 2 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\INSTALL.LOG 309 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\POLYSTYLE.LOG 25 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\TMPLPANE.LOG 1 KBC:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\WINLIST.LOG 1 KB[WRAL Desktop Alert Logs*]LangSecRef=3024DetectFile=%ProgramFiles%\WRAL Desktop AlertDefault=FalseFileKey1=%ProgramFiles%\WRAL Desktop Alert|*.logFileKey2=%LocalAppData%\VirtualStore\Program Files*\WRAL Desktop Alert|*.logFound these:C:\Users\Galloway\AppData\Local\VirtualStore\Program Files (x86)\WRAL Desktop Alert\Installer.log 1 KBC:\Users\Galloway\AppData\Local\VirtualStore\Program Files (x86)\WRAL Desktop Alert\Installer.log 1 KBC:\Program Files (x86)\WRAL Desktop Alert\Installer.log 2 KBC:\Program Files (x86)\WRAL Desktop Alert\Installer.log 2 KB[360 Internet Security Logs*]LangSecRef=3024Detect=HKCU\Software\360SafeDefault=FalseFileKey1=%AppData%\360safe\360ScanLog|*.*FileKey2=%ProgramFiles%\360\360 Internet Security\Log|*.log|RECURSEFileKey3=%SystemDrive%\360SANDBOX|*.log*|RECURSEFileKey2=%ProgramFiles%\360\360 Internet Security|*.log*|RECURSEFound these:C:\Users\Boss\AppData\Roaming\360safe\360ScanLog\360rp.exe.DEEPSCAN.2014-06-14.log 1 KBC:\Users\Boss\AppData\Roaming\360safe\360ScanLog\360rp.exe.DEEPSCAN.2014-06-14.log 1 KBC:\Program Files (x86)\360\360 Internet Security\Log (within this folder are two other folders.)C:\360SANDBOX\360SandBox.sav.LOG1C:\360SANDBOX\360SandBox.sav.LOG2C:\Program Files\360\360 Internet Security\ipc\filecache\FileCache.dat.LOG1C:\Program Files\360\360 Internet Security\ipc\filecache\FileCache.dat.LOG2[A58-Easytune6 Logs*]LangSecRef=3024DetectFile=%ProgramFiles%\A58-Easytune6Default=FalseFileKey1=%ProgramFiles%\A58-Easytune6|*.logFound these:C:\Program Files (x86)\A58-Easytune6\setup.log 1 KBC:\Program Files (x86)\A58-Easytune6\setup.log 1 KBC:\Program Files (x86)\A58-Easytune6\setup.log 1 KBC:\Program Files (x86)\A58-Easytune6\setup.log 1 KB[CleanUp! Logs*]LangSecRef=3024Detect=HKCU\Software\stevengould.org\CleanUp!Default=FalseFileKey1=%AppData%|CleanUp!.logFound these:HKEY_CURRENT_USER\Software\stevengould.org\CleanUp!C:\Users\Galloway\AppData\Roaming\CleanUp!.log 994 KBC:\Users\Galloway\AppData\Roaming\CleanUp!.log 994 KB[Cyberduck Logs*]LangSecRef=3024Detect=HKCR\.cyberducklicenseDefault=FalseFileKey1=%AppData%\Cyberduck|*.logFound these:HKEY_CLASSES_ROOT\Cyberduck BookmarkHKEY_CLASSES_ROOT\.cyberducklicenseC:\Users\Boss\AppData\Roaming\Cyberduck\cyberduck.log 0 KBC:\Users\Boss\AppData\Roaming\Cyberduck\cyberduck.log 0 KB[TweetDeck Logs*]LangSecRef=3024DetectFile=%ProgramFiles%\Twitter\TweetDeckDefault=FalseFileKey1=%ProgramFiles%\Twitter\TweetDeck|*.logFound these:C:\Program Files (x86)\Twitter\TweetDeck\console.log 16 KBC:\Program Files (x86)\Twitter\TweetDeck\console.log 16 KB[Windows Live Writer Logs*]LangSecRef=3024Detect1=HKLM\SOFTWARE\Microsoft\Windows Live WriterDetect2=HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Live WriterDefault=FalseFileKey1=%LocalAppData%\Windows Live Writer|*.logFound these:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Live WriterHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live WriterC:\Users\Galloway\AppData\Local\Windows Live Writer\Windows Live Mail.log 1 KBC:\Users\Galloway\AppData\Local\Windows Live Writer\Windows Live Mail.log 1 KBC:\Users\Boss\AppData\Local\Windows Live Writer\Windows Live Writer.log[Google Earth More*]LangSecRef=3021Detect1=HKLM\Software\Google\Google Earth PlusDetect2=HKLM\Software\Google\Google Earth ProDetect3=HKCU\Software\Google\Google Earth PlusDetect4=HKCU\Software\Google\Google Earth ProDefault=FalseFileKey1=%LocalLowAppData%\Google\GoogleEarth|*.tmp;*.log|RECURSEFileKey2=%LocalLowAppData%\Google\GoogleEarth\unified_cache_leveldb_*|*.*|REMOVESELFFileKey2=%ProgramFiles%\Google\GoogleEarth\client|*.logImproved Filekey1Found these:HKEY_CURRENT_USER\Software\Google\Google Earth PlusC:\Users\Galloway\AppData\LocalLow\Google\GoogleEarth\unified_cache_leveldb_leveldb2.0\000101.log 123 KBC:\Users\Galloway\AppData\LocalLow\Google\GoogleEarth\unified_cache_leveldb_leveldb2.0\000101.log 123 KBC:\Program Files (x86)\Google\Google Earth\client\debug.log (If you start in Debug mode.)[Logitech Desktop Messenger*]LangSecRef=3024Detect1=HKCU\Software\Logitech\DesktopMessengerDetect2=HKLM\SOFTWARE\Wow6432Node\Logitech\Logitech Desktop MessengerDetect3=HKLM\SOFTWARE\Wow6432Node\Logitech\DesktopMessengerDetect4=HKLM\SOFTWARE\Logitech\DesktopMessengerDetect5=HKLM\SOFTWARE\Logitech\DesktopMessengerDefault=FalseFileKey1=%ProgramFiles%\Logitech\Desktop Messenger|*.log;*.bakFound these:HKEY_CURRENT_USER\Software\Logitech\DesktopMessengerHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Logitech\Logitech Desktop MessengerHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Logitech\DesktopMessengerC:\Program Files (x86)\Logitech\Desktop Messenger\8876480\clasid.bakC:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Users\Boss\Data\main.logC:\Program Files (x86)\Logitech\Desktop Messenger\8876480\clasid.bak 2 KB[PKWARE PKZIP Logs*]LangSecRef=3024Detect1=HKCU\Software\PKWARE\PKZIP for WindowsDetect2=HKCU\Software\PKWARE\ZIPReader 0Detect3=HKCU\Software\PKWARE\PKZIP70Default=FalseFileKey1=%ProgramFiles%\PKWARE\PKZIPW|*.logFound these:HKEY_CURRENT_USER\Software\PKWARE\PKZIP for WindowsHKEY_CURRENT_USER\Software\PKWARE\ZIPReader 0HKEY_CURRENT_USER\Software\PKWARE\PKZIP70C:\Program Files (x86)\PKWARE\PKZIPW\pkware.log 0 KBC:\Program Files (x86)\PKWARE\PKZIPW\pkware.log 0 KBC:\Program Files\PKWARE\PKZIPW\pkware.log 0 KBC:\Program Files\PKWARE\PKZIPW\pkware.log 0 KB[Geek Unistaller*]LangSecRef=3024Detect=HKCU\Software\Geek UninstallerDefault=FalseFileKey1=%AppData%\Geek Uninstaller|*.log;*cache.datFound these:HKEY_CURRENT_USER\Software\Geek UninstallerC:\Users\Boss\AppData\Roaming\Geek Uninstaller\cache.dat 51 KBC:\Users\Boss\AppData\Roaming\Geek Uninstaller\cache.dat 51 KB[Hex Chat Logs*]LangSecRef=3024DetectFile=%AppData%\HexChatDefault=FalseFileKey1=%AppData%\HexChat\logs|*.*|REMOVESELFFound these:C:\Users\Boss\AppData\Roaming\HexChat\logs\NETWORK\.log[Dexpot Logs*]LangSecRef=3024Detect=HKCU\Software\DexpotDefault=FalseFileKey1=%AppData%\Dexpot|*.logFound these:HKEY_CURRENT_USER\Software\DexpotC:\Users\Boss\AppData\Roaming\Dexpot\dexpot.log[AllDup Logs*]LangSecRef=3024DetectFile=%AppData%\AllDupDefault=FalseFileKey1=%AppData%\AllDup|*.logFound these:C:\Users\Boss\AppData\Roaming\AllDup\AllDup.log[seagate SeaTools for Windows Logs*]LangSecRef=3024Detect1=HKLM\SOFTWARE\Wow6432Node\SeaToolsforWindowsDetect2=HKLM\SOFTWARE\SeaToolsforWindowsDefault=FalseFileKey1=%AppData%\Dexpot|*.logFound these:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SeaToolsforWindowsC:\Program Files (x86)\Seagate\SeaTools for Windows\98TIT4GMT.log[GhostMouse*]LangSecRef=3024DetectFile=%ProgramFiles%\GhostMouseDefault=FalseFileKey1=%Documents%\AutomaticSolution Software\GhostMouse\conf\temp|*.tmpFound these:C:\Program Files (x86)\GhostMouseC:\Users\Boss\Documents\AutomaticSolution Software\GhostMouse\conf\temp\file.temp 1 KBC:\Users\Boss\Documents\AutomaticSolution Software\GhostMouse\conf\temp\file.temp 1 KB[TrendMicro RUBotted Logs*]LangSecRef=3024Detect1=HKLM\SOFTWARE\Wow6432Node\TrendMicro\RUBottedDetect2=HKLM\SOFTWARE\TrendMicro\RUBottedDefault=FalseFileKey1=%ProgramFiles%\Trend Micro\RUBotted\DebugLogs|*.*|REMOVESELFProbably this software has more log folders, but I don't have malware on my pc to find, if thisis true.Found these:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\RUBottedC:\Program Files (x86)\Trend Micro\RUBotted\DebugLogs--------------------------------------------------------------------------------------------The rest:[FossaMail Corrupt SQLites*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%AppData%\FossaMail\Profiles|*.corrupt|RECURSE[FossaMail Crash Reports*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%AppData%\FossaMail\Crash Reports|*.*|REMOVESELF[FossaMail Extensions Log*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%AppData%\FossaMail\Profiles\*|extensions.log[FossaMail Log*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%ProgramFiles%\FossaMail|*.log[FossaMail Maintenance Service*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%CommonAppData%\Mozilla*\logs|*.*|REMOVESELFFileKey2=%LocalAppData%\VirtualStore\ProgramData\Mozilla*\logs|*.*|REMOVESELF[FossaMail Minidumps*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%AppData%\FossaMail\Profiles\*\Minidumps|*.*[FossaMail Net Predictions*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%AppData%\FossaMail\Profiles\*|seer.sqlite;netpredictions.sqlite[FossaMail Startup Cache*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%LocalAppData%\FossaMail\Profiles\*\startupCache|*.*[FossaMail TestPilot Error Logs*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%AppData%\FossaMail\Profiles\*|TestPilotErrorLog.*|RECURSE[FossaMail Update Logs*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%LocalAppData%\FossaMail\Mozilla\*\Updates|*.log|RECURSE[FossaMail webappsstore.sqlite*]LangSecRef=3030Detect1=HKLM\SOFTWARE\Mozilla\FossaMailDetect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMailDefault=FalseFileKey1=%AppData%\FossaMail\Profiles\*|webappsstore.sqliteFound these:HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\FossaMailHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\FossaMailC:\Program Files (x86)\FossaMail\freebl3.chk 1 KBC:\Program Files (x86)\FossaMail\nssdbm3.chk 1 KBC:\Program Files (x86)\FossaMail\softokn3.chk 1 KBC:\Program Files (x86)\FossaMail\install.log 22 KBC:\Program Files (x86)\FossaMail\freebl3.chk 1 KBC:\Program Files (x86)\FossaMail\nssdbm3.chk 1 KBC:\Program Files (x86)\FossaMail\softokn3.chk 1 KBC:\Program Files (x86)\FossaMail\install.log 22 KBC:\Users\Boss\AppData\Local\FossaMail\Profiles\x834gg7n.default\startupCache\startupCache.4.little 1.178 KBC:\Users\Boss\AppData\Local\FossaMail\Profiles\x834gg7n.default\startupCache\startupCache.4.little 1.178 KBC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads\BIT97BD.tmp 79 KBC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads\BIT9ABA.tmp 935 KBC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads\BIT9B47.tmp 2,205 KBC:\Windows\SysWOW64\DOErrors.log 1 KBC:\Windows\SysWOW64\DOErrors.log 1 KBC:\Users\Galloway\AppData\Roaming\ACD Systems\ACDSee\Cache\TNCB1E8.tmp 0 KBC:\Users\Boss\AppData\Local\Microsoft\VisualStudio\10.0\ComponentModelCache\Microsoft.VisualStudio.Default.cache 336 KBC:\Users\Administrator\AppData\Local\Microsoft\Messenger\ContactsLog.txt 4 KBC:\Users\Galloway\AppData\Roaming\V\V.log 2 KBC:\Users\Galloway\Documents\log.txt 436 KBC:\Windows\System32\InstallPackage_ETW.Log 30 KBC:\Windows\System32\PT_OTP_Install_Error.log 1 KBC:\Windows\security\database\tmp.edb 1.032 KBC:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat 96 KBC:\Windows\System32\lpremove.exe.bak 70 KBC:\Windows\System32\CodeIntegrity\bootcat.cache 6.076 KBC:\Program Files (x86)\Copernic Agent\INSTALL.LOG 7 KBC:\Program Files (x86)\Copernic Agent\INSTALL2.LOG 3 KBC:\Program Files (x86)\ToniArts\EasyCleaner\File_id.diz 1 KBC:\Program Files (x86)\Fliptoast\lib\base\Cacher.js 21 KBC:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat 45 KBC:\ProgramData\Microsoft\OFFICE\DATA\OPA11.BAK 9 KBC:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt.bak 32,769 KBC:\Program Files (x86)\WallPaperChanger\File_id.diz 2 KBC:\PMAIL\Programs\WPMSETUP.LOG 13 KBC:\Users\Galloway\AppData\Roaming\CBS Interactive\Download App\console.log 1 KBC:\Users\Galloway\AppData\Roaming\CBS Interactive\Download App\console.log 1 KBC:\Users\Galloway\AppData\Roaming\IMVUClient\GeckoBin\freebl3.chk 1 KBC:\Users\Galloway\AppData\Roaming\IMVUClient\GeckoBin\nssdbm3.chk 1 KBC:\Users\Galloway\AppData\Roaming\IMVUClient\GeckoBin\softokn3.chk 1 KBC:\Mercury\Mercury DDK\readme.bak 5 KBC:\Mercury\Mercury DDK\DDK Samples\DDK Samples.ncb 163 KBC:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\History Provider Cache 2 KBC:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\Session Storage\LOG.old 1 KBC:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\Session Storage\000063.log 1 KBC:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\Session Storage\000063.log 1 KBC:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\Session Storage\000066.logC:\Users\Boss\AppData\Local\360Browser\Browser\User Data\v3update\download\~114.cab0.~p2s 0 KBC:\Users\Boss\AppData\Local\360Browser\Browser\User Data\v3update\download\~91CF.cab.~p2s 0 KBC:\Users\Boss\AppData\Local\360Browser\Browser\User Data\v3update\download\~91EE.cab.~p2s 0 KBC:\Program Files (x86)\Postbox\freebl3.chk 1 KBC:\Program Files (x86)\Postbox\nssdbm3.chk 1 KBC:\Program Files (x86)\Postbox\softokn3.chk 1 KBC:\Program Files (x86)\Postbox\install.log 22 KBC:\Users\Boss\AppData\Local\Postbox\Profiles\7xd5cwy0.default\startupCache\startupCache.4.little 1.032 KBC:\Users\Galloway\AppData\Local\GCC\Chrome-bin\debug.log 3 KBC:\Users\Galloway\AppData\Local\GCC\Chrome-bin\debug.log 3 KBC:\Program Files (x86)\HTMASC\File_id.diz 1 KBC:\Program Files (x86)\HTMASC\INSTALL.LOG 2 KBC:\Program Files (x86)\Postbox\freebl3.chk 1 KBC:\Program Files (x86)\Postbox\nssdbm3.chk 1 KBC:\Program Files (x86)\Postbox\softokn3.chk 1 KBC:\Program Files (x86)\Postbox\install.log 22 KBC:\Program Files (x86)\Postbox\uninstall\uninstall.log 3 KBC:\Users\Boss\AppData\LocalLow\EmailTray\sokODS.log 13 KBC:\Users\Boss\AppData\Local\Mailbird\Log.log 1 KB-------------------------------------------------------------------------------------------1.)[Amazon Cloud Player Logs*]LangSecRef=3024Detect1=HKCU\Software\Default=FalseFileKey1=%LocalAppData%\Amazon Cloud Player\Logs|*.*Found these:C:\Users\Galloway\AppData\Local\Amazon Cloud Player\Logs\cef_log.txt 2 KBC:\Users\Galloway\AppData\Local\Amazon Cloud Player\Logs\AmazonCloudPlayer.log 280 KBC:\Users\Galloway\AppData\Local\Amazon Cloud Player\Logs\AmazonCloudPlayer.log 280 KBCould some please check, what is the registry key for this Software.2.) Please check the program "Amazon Cloud Drive" and "Amazon MP3 Downloader".3.) Please check the Program FRST, which is deleting viruses. It leaves a few logs.(I can't check it, because my internet is very slow to download it all and install the programs)4.) Shouldn't we add all other Mailprograms based on Thunderbird or Browser based on Chrome like 360 Browser? winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators Nergal Posted June 20, 2014 Moderators Share Posted June 20, 2014 Lol anonymous email not anonymous when user name included in body @CSGalloway ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
JDPower Posted June 20, 2014 Share Posted June 20, 2014 Lol anonymous email not anonymous when user name included in body @CSGalloway I noticed that last time too Link to comment Share on other sites More sharing options...
Winapp2.ini Posted June 21, 2014 Author Share Posted June 21, 2014 the email address comes in as asdf@..com, which I think is the primary purpose of the anonymizer winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Winapp2.ini Posted June 22, 2014 Author Share Posted June 22, 2014 email (No, this email's not real, it's http://deadfake.com)"got this email today, with the most meta entry ever"I think this should be the most meta entry:[Winapp2.ini File*]LangSecRef=3024DetectFile=%ProgramFiles%\CCleaner\winapp2. IniWarning=It's deleting itself. Default=FalseFileKey1=%ProgramFiles%\CCleaner|winapp2.iniYeah its deleting itself... Ha.. Ha.. By the way I'm not csgalloway. I just took his entries to add them. Whatever, Nergal and Jdpower, you both should run useless extensions too and help the project too. Perhaps we find something. I would appreciate your help. the CCleaner entry has been outmeta'd winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators Nergal Posted June 22, 2014 Moderators Share Posted June 22, 2014 Dear anonymous, I plan to run it when I next boot my PC, though, in all honesty, it's been a few months since the last time I did that...personal stuff... ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 22, 2014 Moderators Share Posted June 22, 2014 the CCleaner entry has been outmeta'd The file just couldn't take it anymore, it gained so many bytes over the years (especially near the mid-section) it decided to finally deleted itself. That reminded me of an old bug that's now squashed in CCleaner that would cause it to axe itself, that however wasn't funny. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now