Jump to content
CCleaner Community Forums
Winapp2.ini

Winapp2.ini additions

Recommended Posts

yeah the debugger throws a warning for things like %EnvVar%| too so i changed those to %EnvVar%\|

Share this post


Link to post
Share on other sites

New:  Malwarebytes Anti-Exploit Logs*

[Malwarebytes Anti-Exploit Logs*]
LangSecRef=3024
Detect1=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc
Default=False
FileKey1=%CommonAppData%\\Malwarebytes Anti-Exploit\|*.Log

Share this post


Link to post
Share on other sites

I think subkeys like those are denoted with a \ instead of a |

 

eg RegKey1=HKCU\Software\Paint.NET\File/MostRecent/Path0

 

nope,

 

it doesn't work....

 

I think it is a bug that ccleaner can't handle / in reg keys

 

 

 

 

 

New:  Malwarebytes Anti-Exploit Logs*

[Malwarebytes Anti-Exploit Logs*]

LangSecRef=3024

Detect1=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc

Default=False

FileKey1=%CommonAppData%\\Malwarebytes Anti-Exploit\|*.Log

 

 

 

why there are \\ ?

Share this post


Link to post
Share on other sites

I looked over the spoiler from a few entries above and wanted to make these suggestions:

 

NOTE: Search for "<==" or "==>"

 

[ESET NOD32 Antivirus Backups*]
LangSecRef=3021
Detect=HKLM\Software\ESET\ESET Security
Default=False
Warning=This will clean your Backup files.
FileKey1=%CommonAppData%\ESET\ESET NOD32 Antivirus\backup|*.*|RECURSE
<== change *.* to em__*-*.dat.bak
 

[MS Office 2013 SkyDrive/OneDrive Logs*]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\SkyDrive
Default=False
FileKey1=%LocalAppData%\Microsoft\SkyDrive\Setup\Logs|*.*
FileKey2=%LocalAppData%\Microsoft\SkyDrive\logs|*.*
<== change *.* to be *.log above
 

[HP Install Logs*] <== I would likely not use this entry - not bloat logs - sicne done by manufacturer
LangSecRef=3021
Detect=HKCU\Software\HP
DetectFile=%CommonAppData%\HP
Default=False
FileKey1=%CommonAppData%|hpzinstall.log
FileKey2=%UserProfile%\All Users|hpzinstall.log
FileKey3=%LocalAppData%\VirtualStore\ProgramData|hpzinstall.log
FileKey4=%AppData%\HP\WebRegLogs|WebRegLog.txt
FileKey5=%SystemDrive%\hp\bin\logs|*.log
FileKey6=%CommonAppData%\Hewlett-Packard|*.log;*Log.txt|RECURSE
FileKey7=%SystemDrive%\SYSTEM.SAV|*.log;*Log.txt|RECURSE

Added Filekey 5-7

 

[HP Install Temps*]
LangSecRef=3021
Detect=HKCU\Software\HP
DetectFile=%CommonAppData%\HP
Default=False
FileKey1=%CommonAppData%\HP\Installer\Temp|*.*
FileKey2=%CommonAppData%\HP\Temp|*.*
FileKey3=%ProgramFiles%\HP\Temp|*.*|RECURSE
FileKey4=%UserProfile%\All Users\HP\Installer\Temp|*.*
FileKey5=%LocalAppData%\VirtualStore\Program Files*\HP\Temp|*.*|RECURSE
FileKey6=%LocalAppData%\VirtualStore\ProgramData\HP\Installer\Temp|*.*
FileKey7=%LocalAppData%\VirtualStore\ProgramData\HP\Temp|*.*
FileKey8=%WinDir%|*.dat.temp <== suggest changing to hp*.dat.tmp
 

[backup Assist*] <== This entry can be removed.  I used C:\z_UserFiles as a backup folder while I migrate them to the proper folders....  From another machine...
LangSecRef=3024
DetectFile=%SystemDrive%\Z_UserFiles
Default=False
FileKey1=%SystemDrive%\Z_UserFiles|*.err;*log.txt;*.log;*.diz;*.old;CHKLIST.MS|RECURSE
 

[MyDefrag Logs*]
LangSecRef=3021
Detect=HKCU\Software\MyDefrag
Default=False
FileKey1=%ProgramFiles%\MyDefrag *|*.log
FileKey2=%ProgramFiles%\MyDefrag *\LOGs|*.* <== I had moved logs here while I tested the scripts for the program...  This is notneeded
 

[Total Commander Logs*] <== JPSoft TakeCommand Command.com replacement =========
LangSecRef=3021
Detect1=HKCU\Software\Ghisler\Total Commander
Detect2=HKLM\SOFTWARE\Ghisler\Total Commander
Default=False
FileKey1=%SystemDrive%\TCMD\HowTo|*.err
FileKey2=%SystemDrive%\TCMD\MyLOGS|*.*
FileKey3=%SystemDrive%\TCMD\TCMDLogs|*.*
FileKey4=%ProgramFiles%\TCMD\HowTo|*.err
FileKey5=%ProgramFiles%\TCMD\MyLOGS|*.*
FileKey6=%ProgramFiles%\TCMD\TCMDLogs|*.*

 

<== change to Detect1 using "HKEY_CURRENT_USER\Software\JP Software"

 

[Forte*] <== Forte Agent Newsgroup reader ======================================
LangSecRef=3025
Detect1=HKLM\SOFTWARE\Forte
Detect2=HKLM\SOFTWARE\Wow6432Node\Forte
Default=False
FileKey1=%SystemDrive%\My Data\ForteAgent|*.bak;*.log
FileKey2=%AppData%\Forte\Agent|errorlog.xml;*.log|RECURSE
 

Share this post


Link to post
Share on other sites

I looked over the spoiler from a few entries above and wanted to make these suggestions:

 

NOTE: Search for "<==" or "==>"

 

[ESET NOD32 Antivirus Backups*]

LangSecRef=3021

Detect=HKLM\Software\ESET\ESET Security

Default=False

Warning=This will clean your Backup files.

FileKey1=%CommonAppData%\ESET\ESET NOD32 Antivirus\backup|*.*|RECURSE

<== change *.* to em__*-*.dat.bak

change to *.bak or is it still need em__*-*.dat?

 

[Paint.NET More*]

LangSecRef=3021

Detect=HKCU\Software\Paint.NET\

Default=False

FileKey1=%LocalAppData%\Paint.NET|*.*|RECURSE

RegKey1=HKCU\Software\Paint.NET\|LastFileDialogDirectory

RegKey2=HKCU\Software\Paint.NET\|File/MostRecent/Path0

RegKey3=HKCU\Software\Paint.NET\|File/MostRecent/Path1

RegKey4=HKCU\Software\Paint.NET\|File/MostRecent/Path2

RegKey5=HKCU\Software\Paint.NET\|File/MostRecent/Path3

RegKey6=HKCU\Software\Paint.NET\|File/MostRecent/Path4

RegKey7=HKCU\Software\Paint.NET\|File/MostRecent/Path5

RegKey8=HKCU\Software\Paint.NET\|File/MostRecent/Path6

RegKey9=HKCU\Software\Paint.NET\|File/MostRecent/Path7

RegKey10=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail0

RegKey11=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail1

RegKey12=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail2

RegKey13=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail3

RegKey14=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail4

RegKey15=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail5

RegKey16=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail6

RegKey17=HKCU\Software\Paint.NET\|File/MostRecent/Thumbnail7

can you try this?

i just add \ after HKCU\Software\Paint.NET

seem working for me

Share this post


Link to post
Share on other sites

change to *.bak or is it still need em__*-*.dat?

 

can you try this?

i just add \ after HKCU\Software\Paint.NET

seem working for me

 

I have found my problem I have to reopen regedit after cleaning .... :blink:

they worked with |

[Paint.NET More*]
LangSecRef=3021
Detect=HKCU\Software\Paint.NET
Default=False
FileKey1=%LocalAppData%\Paint.NET|*.*|RECURSE
RegKey1=HKCU\Software\Paint.NET|LastFileDialogDirectory
RegKey2=HKCU\Software\Paint.NET|File/MostRecent/Path0
RegKey3=HKCU\Software\Paint.NET|File/MostRecent/Path1
RegKey4=HKCU\Software\Paint.NET|File/MostRecent/Path2
RegKey5=HKCU\Software\Paint.NET|File/MostRecent/Path3
RegKey6=HKCU\Software\Paint.NET|File/MostRecent/Path4
RegKey7=HKCU\Software\Paint.NET|File/MostRecent/Path5
RegKey8=HKCU\Software\Paint.NET|File/MostRecent/Path6
RegKey9=HKCU\Software\Paint.NET|File/MostRecent/Path7
RegKey10=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail0
RegKey11=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail1
RegKey12=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail2
RegKey13=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail3
RegKey14=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail4
RegKey15=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail5
RegKey16=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail6
RegKey17=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail7

Share this post


Link to post
Share on other sites

change to *.bak or is it still need em__*-*.dat?

 

I would suggest changing it to em*_*-*.dat.bak

Had a typo in the first posting.... sorry.... 

Share this post


Link to post
Share on other sites

 

I have found my problem I have to reopen regedit after cleaning .... :blink:

they worked with |

[Paint.NET More*]
LangSecRef=3021
Detect=HKCU\Software\Paint.NET
Default=False
FileKey1=%LocalAppData%\Paint.NET|*.*|RECURSE
RegKey1=HKCU\Software\Paint.NET|LastFileDialogDirectory
RegKey2=HKCU\Software\Paint.NET|File/MostRecent/Path0
RegKey3=HKCU\Software\Paint.NET|File/MostRecent/Path1
RegKey4=HKCU\Software\Paint.NET|File/MostRecent/Path2
RegKey5=HKCU\Software\Paint.NET|File/MostRecent/Path3
RegKey6=HKCU\Software\Paint.NET|File/MostRecent/Path4
RegKey7=HKCU\Software\Paint.NET|File/MostRecent/Path5
RegKey8=HKCU\Software\Paint.NET|File/MostRecent/Path6
RegKey9=HKCU\Software\Paint.NET|File/MostRecent/Path7
RegKey10=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail0
RegKey11=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail1
RegKey12=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail2
RegKey13=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail3
RegKey14=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail4
RegKey15=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail5
RegKey16=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail6
RegKey17=HKCU\Software\Paint.NET|File/MostRecent/Thumbnail7

You can hit F5 to update regedit without needing to close it, for future reference :)

Share this post


Link to post
Share on other sites

why there are \\ ?

 

Oops.  :( Corrected below:

[Malwarebytes Anti-Exploit Logs*]
LangSecRef=3024
Detect1=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc
Default=False
FileKey1=%CommonAppData%\Malwarebytes Anti-Exploit\|*.Log

Share this post


Link to post
Share on other sites

Is Anti-Exploit out of Beta?

 

 

[Malwarebytes Anti-Exploit Beta*]
LangSecRef=3024
DetectFile=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit
Default=False
FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit|*.log
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Malwarebytes\Malwarebytes Anti-Exploit|*.log

Share this post


Link to post
Share on other sites

I have found my problem I have to reopen regedit after cleaning .... :blink:

they worked with |

weird..now, both are working

dunno why

 

I would suggest changing it to em*_*-*.dat.bak

Had a typo in the first posting.... sorry.... 

is there a reason why the entry need those em*_*-* when you can simply use * to replace em*_*-* ?

so that the entry become *.dat.bak instead of em*_*-*.dat.bak

or to make it simpler, *.bak  :) 

 

Is Anti-Exploit out of Beta?

[Malwarebytes Anti-Exploit Beta*]
LangSecRef=3024
DetectFile=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit
Default=False
FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit|*.log
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Malwarebytes\Malwarebytes Anti-Exploit|*.log

yes, it is

https://forums.malwarebytes.org/index.php?s=57484dc4fe808637b37cd93598665123&showtopic=150498

Share this post


Link to post
Share on other sites

[omit]

 

is there a reason why the entry need those em*_*-* when you can simply use * to replace em*_*-* ?

so that the entry become *.dat.bak instead of em*_*-*.dat.bak

or to make it simpler, *.bak  :)

 

I guess *.bak is ok - I don't use the program so I don't know.  Just think - from my standpoint - any thing more specific then *.bak would be better

Share this post


Link to post
Share on other sites

I guess *.bak is ok - I don't use the program so I don't know.  Just think - from my standpoint - any thing more specific then *.bak would be better

well, i don't use eset anymore so i don't know about this entry too

just asking incase the entry need that specific detection

sorry if you felt annoyed with the question

its just that i like to ask till i get/know the answer :P

Share this post


Link to post
Share on other sites

Found MDMP files in C:\Program Files (x86)\TeamViewer\Version9 - winapp2.ini entry needed please...

 

HKEY_CURRENT_USER\Software\TeamViewer\Version9 can be used for Detect.....

Edited by CSGalloway

Share this post


Link to post
Share on other sites
[NVIDIA GFExperience Updates*]
LangSecRef=3023
Detect=HKLM\Software\NVIDIA Corporation
Default=False
FileKey1=%CommonAppData%\NVIDIA\Updatus\DownloadManager|*.*
FileKey2=%CommonAppData%\NVIDIA\NvBackend\Updatus\DownloadManager|*.*
FileKey3=%CommonAppData%\NVIDIA Corporation\NetService|*.*|RECURSE
FileKey4=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\Updatus\DownloadManager|*.*
FileKey5=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\NvBackend\Updatus\DownloadManager|*.*
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA Corporation\NetService|*.*|RECURSE

add support for nvidia 340.

Filkey 3 and 6 add |RECURSE

Share this post


Link to post
Share on other sites

got this email today, with the most meta entry ever

 

 

 

(No, this email's not real, it's http://deadfake.com)

New Project

Ok Hi again,

[CCleaner*]
LangSecRef=3024
Detect=HKCU\Software\Piriform\CCleaner
Default=False
FileKey1=%ProgramFiles%\CCleaner|*.log;CCleaner_log*.txt
FileKey2=%LocalAppData%\VirtualStore\Program Files*\CCleaner|*.log;CCleaner_log*.txt
FileKey3=%UserProfile%|CCleaner_log*.txt

On Old Systems the debug mode Logs were saved as "CCleaner_log*.txt". Therefore I have added it.
And it was probably even saved in Userprofile, therefore I added Filekey3.

Found these:
C:\Program Files\CCleaner\CCleaner64_v4.14.4707_2014-06-15_01-59-02.log

[Defraggler*]
LangSecRef=3024
Detect=HKCU\Software\Piriform\Defraggler
Default=False
FileKey1=%ProgramFiles%\Defraggler|*.dmp;*statistics*;*.log;Defraggler*.txt
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Defraggler|*.dmp;*statistics*;*.log;Defraggler*.txt
FileKey3=%UserProfile%|Defraggler*.txt

Improved Filekey 1 and 2. Added Filekey3

Found these:
C:\Program Files\Defraggler\Defraggler64.exe.[2_18_945][2014-06-16_19-40].txt

[Recuva*]
LangSecRef=3024
Detect=HKCU\Software\Piriform\Recuva
Default=False
FileKey1=%ProgramFiles%\Recuva|*.log;Recuva_log*.txt
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Recuva|*.log;Recuva_log*.txt
FileKey3=%UserProfile%|Recuva_log*.txt

[speccy*]
LangSecRef=3024
Detect=HKCU\Software\Piriform\Speccy
Default=False
FileKey1=%ProgramFiles%\Speccy|*.log;Speccy_log*.txt
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Speccy|*.log;Speccy_log*.txt
FileKey3=%UserProfile%|Speccy_log*.txt

[Logitech Setpoint 6 (Logs)*]
LangSecRef=3024
Detect=HKCU\Software\Logitech\Setpoint
Default=False
FileKey1=%AppData%\Logishrd\sp6_Log|*.*|REMOVESELF
FileKey2=%WinDir%\System32|lvcoinst.log
FileKey3=%CommonAppData%\LogiShrd|*.log|RECURSE
FileKey4=%ProgramFiles%\Common Files\logishrd|*.log|RECURSE

Found these:
C:\Windows\System32\lvcoinst.log    11 KB
C:\ProgramData\LogiShrd\Updater\LuUpdater.log    0 KB
C:\ProgramData\LogiShrd\Updater\LuUpdater.log    0 KB
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.log    29 KB
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.log    29 KB

[Windows Live Mail*]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows Live Mail
Default=False
Warning=This will reset the read counts, which will be recalculated when WLMail is started.
FileKey1=%LocalAppData%\Microsoft\Windows*Mail|*.log;*.jrs;*.chk;*.rss|RECURSE
FileKey2=%LocalAppData%\Microsoft\Windows*Mail\Backup|*.*|REMOVESELF
FileKey3=%LocalAppData%\Microsoft\Windows*Mail\*\Backup|*.*|REMOVESELF
FileKey4=%LocalAppData%\Microsoft\Windows*Mail\Storage Folders|*.*|REMOVESELF
FileKey5=%LocalAppData%\Microsoft\Windows*Mail\*.tmp|*.*|RECURSE
FileKey6=%LocalAppData%\Microsoft\Windows*Mail\*|*.MSMessageStore|RECURSE
RegKey1=HKCU\Software\Microsoft\Windows Live Mail|SearchFolderVersion

[Windows Live Messenger More*]
LangSecRef=3022
Detect=HKLM\Software\Microsoft\Windows Live\Messenger
Default=False
FileKey1=%CommonProgramFiles%\Windows Live\.cache|*.*|RECURSE
FileKey2=%LocalAppData%\Microsoft\Messenger|*.uccapilog;*.bak;*.txt|RECURSE
FileKey3=%LocalAppData%\Microsoft\Windows Live|*.log;*.jrs;*.sqm|RECURSE
FileKey4=%LocalAppData%\Microsoft\Windows Live Contacts|*.log;*.jrs|RECURSE
FileKey5=%LocalAppData%\Microsoft\Windows Live Contacts\*\*\*\Backup|*.*|RECURSE
FileKey6=%ProgramFiles%\Windows Live\Messenger|*.bak|RECURSE
FileKey7=%WinDir%\System32\config\systemprofile\Documents|wlidsvctrace*.txt
FileKey8=%WinDir%\SysWOW64\config\systemprofile\Documents|wlidsvctrace*.txt
FileKey9=%LocalAppData%\VirtualStore\Program Files*\Windows Live\Messenger|*.bak|RECURSE
FileKey10=%LocalAppData%\VirtualStore\Program Files*\Common Files\Windows Live\.cache|*.*|RECURSE

Would you please add the below to the Winapp2.ini with entry I've send to you:

Found these:
C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA104.tmp    230 KB
C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA104.tmp    230 KB
C:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini    10 KB
C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc3B52.tmp    231 KB
C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc8B43.tmp    231 KB
C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA893.tmp    230 KB

[symantec SymSilent Logs*]
LangSecRef=3024
DetectFile=%Public%\Symantec\SymSilent
Default=False
FileKey1=%Public%\Symantec\SymSilent\ccLog|*.*

Found these:
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0630.log    4 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x072C.log    4 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0A90.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0A98.log    4 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AA8.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AEC.log    3 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AF0.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B10.log    3 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B44.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B8C.log    3 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B90.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0DCC.log    3 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x1234.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x123C.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x12EC.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0630.log    4 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x072C.log    4 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0A90.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0A98.log    4 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AA8.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AEC.log    3 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0AF0.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B10.log    3 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B44.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B8C.log    3 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0B90.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x0DCC.log    3 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x1234.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x123C.log    2 KB
C:\Users\Public\Symantec\SymSilent\ccLog\SymSilent-0x12EC.log    2 KB
C:\Users\Public\Symantec\SymSilent\SymSilent.log    1 KB
C:\Users\Public\Symantec\SymSilent\SymSilent.log    1 KB

[Copernic DesktopSearch4 Logs*]
LangSecRef=3024
Detect1=HKLM\SOFTWARE\Copernic\DesktopSearch4
Detect2=HKLM\SOFTWARE\Wow6432Node\Copernic\DesktopSearch4
Default=False
FileKey1=%AppData%\Copernic\DesktopSearch4\Logs|*.*|REMOVESELF

Found these:
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\Cds4Install.log    23 KB
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\Cds4Install.log    23 KB
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\CdsApp.log4    44 KB
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\CdsQueue.log4    243 KB
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\SP.0.log4    2 KB
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\SPP.0.log4    31 KB
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\CdsQueue.log4
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\Cds4Install.log
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\SP.0.log4
C:\Users\Boss\AppData\Local\Copernic\DesktopSearch4\Logs\SPP.0.log4

[Wallpaper Juggler*]
LangSecRef=3024
DetectFile=%ProgramFiles%\Wallpaper Juggler
Default=False
FileKey1=%ProgramFiles%\Wallpaper Juggler|*.log
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Wallpaper Juggler|*.log

Found these:
C:\Program Files (x86)\Wallpaper Juggler\INSTALL.LOG    8 KB
C:\Program Files (x86)\Wallpaper Juggler\INSTALL.LOG    8 KB

[serviio Logs*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Serviio
Default=False
FileKey1=%ProgramFiles%\Serviio\log|*.*
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Serviio\log|*.*

Found these:
C:\Program Files\Serviio\log\derby.log    1 KB
C:\Program Files\Serviio\log\serviio.log    2 KB
C:\Program Files\Serviio\log\derby.log    1 KB
C:\Program Files\Serviio\log\serviio.log    2 KB
C:\Program Files\Serviio\log\serviio.log
C:\Program Files\Serviio\log\derby.log

[JDownloader Logs*]
LangSecRef=3022
Detect=HKLM\Software\JDownloader
DetectFile=%ProgramFiles%\JDownloader
Default=False
FileKey1=%ProgramFiles%\JDownloader|*.log;updateLog.txt;*.lck|RECURSE
FileKey2=%UserProfile%\.jd_home|JDownloader.log
FileKey3=%UserProfile%\.jd_home\logs|*.0
FileKey4=%LocalAppData%\VirtualStore\Program Files*\JDownloader|*.log;updateLog.txt;*.lck

I've added RECURSE to Filekey1.

[JDownloader2 Logs*]
LangSecRef=3022
DetectFile1=%ProgramFiles%\JDownloader 2
DetectFile2=%ProgramFiles%\JDownloader2
Default=False
FileKey1=%ProgramFiles%\JDownloader 2|*.log;Updater_*-*-*.log;SessionInstallLog.json.*|RECURSE
FileKey2=%ProgramFiles%\JDownloader2|*.log;Updater_*-*-*.log;SessionInstallLog.json.*|RECURSE
FileKey3=%ProgramFiles%\JDownloader 2\logs|*.*|RECURSE
FileKey4=%LocalAppData%\VirtualStore\Program Files*\JDownloader 2|JDownloader.log;Updater_*-*-*.log;SessionInstallLog.json.*
FileKey5=%LocalAppData%\VirtualStore\Program Files*\JDownloader2|JDownloader.log;Updater_*-*-*.log;SessionInstallLog.json.*
FileKey6=%LocalAppData%\VirtualStore\Program Files*\JDownloader 2\logs|*.*|RECURSE

I've added DetectFile2, because Filekey2 would be unimportant. And I've improved Filekey1 and 2, because I've added *.log
and added RECURSE. Now the files below should get deleted.

Found these:
C:\Program Files (x86)\JDownloader\.install4j\files.log    220 KB
C:\Program Files (x86)\JDownloader\.install4j\installation.log    336 KB
C:\Program Files (x86)\JDownloader\.install4j\files.log    220 KB
C:\Program Files (x86)\JDownloader\.install4j\installation.log    336 KB

[Multi-Edit Logs*]
LangSecRef=3024
DetectFile1=%SystemDrive%\My Programs\Multi-Edit 2008
DetectFile2=%AppData%\Multi Edit Software
Default=False
FileKey1=%SystemDrive%\My Programs\Multi-Edit 2008|*.log
FileKey2=%AppData%\Multi Edit Software|*.log|RECURSE

Found these:
C:\My Programs\Multi-Edit 2008\INSTALL.LOG    293 KB
C:\My Programs\Multi-Edit 2008\INSTALL.LOG    293 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\EVOLVE.LOG    16 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\FILEPANE.LOG    2 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\INSTALL.LOG    309 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\POLYSTYLE.LOG    25 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\TMPLPANE.LOG    1 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\WINLIST.LOG    1 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\EVOLVE.LOG    16 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\FILEPANE.LOG    2 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\INSTALL.LOG    309 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\POLYSTYLE.LOG    25 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\TMPLPANE.LOG    1 KB
C:\Users\Galloway\AppData\Roaming\Multi Edit Software\Multi-Edit\11\Config.04\WINLIST.LOG    1 KB

[WRAL Desktop Alert Logs*]
LangSecRef=3024
DetectFile=%ProgramFiles%\WRAL Desktop Alert
Default=False
FileKey1=%ProgramFiles%\WRAL Desktop Alert|*.log
FileKey2=%LocalAppData%\VirtualStore\Program Files*\WRAL Desktop Alert|*.log

Found these:
C:\Users\Galloway\AppData\Local\VirtualStore\Program Files (x86)\WRAL Desktop Alert\Installer.log    1 KB
C:\Users\Galloway\AppData\Local\VirtualStore\Program Files (x86)\WRAL Desktop Alert\Installer.log    1 KB
C:\Program Files (x86)\WRAL Desktop Alert\Installer.log    2 KB
C:\Program Files (x86)\WRAL Desktop Alert\Installer.log    2 KB

[360 Internet Security Logs*]
LangSecRef=3024
Detect=HKCU\Software\360Safe
Default=False
FileKey1=%AppData%\360safe\360ScanLog|*.*
FileKey2=%ProgramFiles%\360\360 Internet Security\Log|*.log|RECURSE
FileKey3=%SystemDrive%\360SANDBOX|*.log*|RECURSE
FileKey2=%ProgramFiles%\360\360 Internet Security|*.log*|RECURSE

Found these:
C:\Users\Boss\AppData\Roaming\360safe\360ScanLog\360rp.exe.DEEPSCAN.2014-06-14.log    1 KB
C:\Users\Boss\AppData\Roaming\360safe\360ScanLog\360rp.exe.DEEPSCAN.2014-06-14.log    1 KB
C:\Program Files (x86)\360\360 Internet Security\Log (within this folder are two other folders.)
C:\360SANDBOX\360SandBox.sav.LOG1
C:\360SANDBOX\360SandBox.sav.LOG2
C:\Program Files\360\360 Internet Security\ipc\filecache\FileCache.dat.LOG1
C:\Program Files\360\360 Internet Security\ipc\filecache\FileCache.dat.LOG2

[A58-Easytune6 Logs*]
LangSecRef=3024
DetectFile=%ProgramFiles%\A58-Easytune6
Default=False
FileKey1=%ProgramFiles%\A58-Easytune6|*.log

Found these:
C:\Program Files (x86)\A58-Easytune6\setup.log    1 KB
C:\Program Files (x86)\A58-Easytune6\setup.log    1 KB
C:\Program Files (x86)\A58-Easytune6\setup.log    1 KB
C:\Program Files (x86)\A58-Easytune6\setup.log    1 KB

[CleanUp! Logs*]
LangSecRef=3024
Detect=HKCU\Software\stevengould.org\CleanUp!
Default=False
FileKey1=%AppData%|CleanUp!.log

Found these:
HKEY_CURRENT_USER\Software\stevengould.org\CleanUp!
C:\Users\Galloway\AppData\Roaming\CleanUp!.log    994 KB
C:\Users\Galloway\AppData\Roaming\CleanUp!.log    994 KB

[Cyberduck Logs*]
LangSecRef=3024
Detect=HKCR\.cyberducklicense
Default=False
FileKey1=%AppData%\Cyberduck|*.log

Found these:
HKEY_CLASSES_ROOT\Cyberduck Bookmark
HKEY_CLASSES_ROOT\.cyberducklicense
C:\Users\Boss\AppData\Roaming\Cyberduck\cyberduck.log    0 KB
C:\Users\Boss\AppData\Roaming\Cyberduck\cyberduck.log    0 KB

[TweetDeck Logs*]
LangSecRef=3024
DetectFile=%ProgramFiles%\Twitter\TweetDeck
Default=False
FileKey1=%ProgramFiles%\Twitter\TweetDeck|*.log

Found these:
C:\Program Files (x86)\Twitter\TweetDeck\console.log    16 KB
C:\Program Files (x86)\Twitter\TweetDeck\console.log    16 KB

[Windows Live Writer Logs*]
LangSecRef=3024
Detect1=HKLM\SOFTWARE\Microsoft\Windows Live Writer
Detect2=HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Live Writer
Default=False
FileKey1=%LocalAppData%\Windows Live Writer|*.log

Found these:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Live Writer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live Writer
C:\Users\Galloway\AppData\Local\Windows Live Writer\Windows Live Mail.log    1 KB
C:\Users\Galloway\AppData\Local\Windows Live Writer\Windows Live Mail.log    1 KB
C:\Users\Boss\AppData\Local\Windows Live Writer\Windows Live Writer.log

[Google Earth More*]
LangSecRef=3021
Detect1=HKLM\Software\Google\Google Earth Plus
Detect2=HKLM\Software\Google\Google Earth Pro
Detect3=HKCU\Software\Google\Google Earth Plus
Detect4=HKCU\Software\Google\Google Earth Pro
Default=False
FileKey1=%LocalLowAppData%\Google\GoogleEarth|*.tmp;*.log|RECURSE
FileKey2=%LocalLowAppData%\Google\GoogleEarth\unified_cache_leveldb_*|*.*|REMOVESELF
FileKey2=%ProgramFiles%\Google\GoogleEarth\client|*.log

Improved Filekey1

Found these:
HKEY_CURRENT_USER\Software\Google\Google Earth Plus
C:\Users\Galloway\AppData\LocalLow\Google\GoogleEarth\unified_cache_leveldb_leveldb2.0\000101.log    123 KB
C:\Users\Galloway\AppData\LocalLow\Google\GoogleEarth\unified_cache_leveldb_leveldb2.0\000101.log    123 KB
C:\Program Files (x86)\Google\Google Earth\client\debug.log (If you start in Debug mode.)

[Logitech Desktop Messenger*]
LangSecRef=3024
Detect1=HKCU\Software\Logitech\DesktopMessenger
Detect2=HKLM\SOFTWARE\Wow6432Node\Logitech\Logitech Desktop Messenger
Detect3=HKLM\SOFTWARE\Wow6432Node\Logitech\DesktopMessenger
Detect4=HKLM\SOFTWARE\Logitech\DesktopMessenger
Detect5=HKLM\SOFTWARE\Logitech\DesktopMessenger
Default=False
FileKey1=%ProgramFiles%\Logitech\Desktop Messenger|*.log;*.bak

Found these:
HKEY_CURRENT_USER\Software\Logitech\DesktopMessenger
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Logitech\Logitech Desktop Messenger
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Logitech\DesktopMessenger
C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\clasid.bak
C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Users\Boss\Data\main.log
C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\clasid.bak    2 KB

[PKWARE PKZIP Logs*]
LangSecRef=3024
Detect1=HKCU\Software\PKWARE\PKZIP for Windows
Detect2=HKCU\Software\PKWARE\ZIPReader 0
Detect3=HKCU\Software\PKWARE\PKZIP70
Default=False
FileKey1=%ProgramFiles%\PKWARE\PKZIPW|*.log

Found these:
HKEY_CURRENT_USER\Software\PKWARE\PKZIP for Windows
HKEY_CURRENT_USER\Software\PKWARE\ZIPReader 0
HKEY_CURRENT_USER\Software\PKWARE\PKZIP70
C:\Program Files (x86)\PKWARE\PKZIPW\pkware.log    0 KB
C:\Program Files (x86)\PKWARE\PKZIPW\pkware.log    0 KB
C:\Program Files\PKWARE\PKZIPW\pkware.log    0 KB
C:\Program Files\PKWARE\PKZIPW\pkware.log    0 KB

[Geek Unistaller*]
LangSecRef=3024
Detect=HKCU\Software\Geek Uninstaller
Default=False
FileKey1=%AppData%\Geek Uninstaller|*.log;*cache.dat

Found these:
HKEY_CURRENT_USER\Software\Geek Uninstaller
C:\Users\Boss\AppData\Roaming\Geek Uninstaller\cache.dat    51 KB
C:\Users\Boss\AppData\Roaming\Geek Uninstaller\cache.dat    51 KB

[Hex Chat Logs*]
LangSecRef=3024
DetectFile=%AppData%\HexChat
Default=False
FileKey1=%AppData%\HexChat\logs|*.*|REMOVESELF

Found these:
C:\Users\Boss\AppData\Roaming\HexChat\logs\NETWORK\.log

[Dexpot Logs*]
LangSecRef=3024
Detect=HKCU\Software\Dexpot
Default=False
FileKey1=%AppData%\Dexpot|*.log

Found these:
HKEY_CURRENT_USER\Software\Dexpot
C:\Users\Boss\AppData\Roaming\Dexpot\dexpot.log

[AllDup Logs*]
LangSecRef=3024
DetectFile=%AppData%\AllDup
Default=False
FileKey1=%AppData%\AllDup|*.log

Found these:
C:\Users\Boss\AppData\Roaming\AllDup\AllDup.log

[seagate SeaTools for Windows Logs*]
LangSecRef=3024
Detect1=HKLM\SOFTWARE\Wow6432Node\SeaToolsforWindows
Detect2=HKLM\SOFTWARE\SeaToolsforWindows
Default=False
FileKey1=%AppData%\Dexpot|*.log

Found these:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SeaToolsforWindows
C:\Program Files (x86)\Seagate\SeaTools for Windows\98TIT4GMT.log

[GhostMouse*]
LangSecRef=3024
DetectFile=%ProgramFiles%\GhostMouse
Default=False
FileKey1=%Documents%\AutomaticSolution Software\GhostMouse\conf\temp|*.tmp

Found these:
C:\Program Files (x86)\GhostMouse
C:\Users\Boss\Documents\AutomaticSolution Software\GhostMouse\conf\temp\file.temp    1 KB
C:\Users\Boss\Documents\AutomaticSolution Software\GhostMouse\conf\temp\file.temp    1 KB

[TrendMicro RUBotted Logs*]
LangSecRef=3024
Detect1=HKLM\SOFTWARE\Wow6432Node\TrendMicro\RUBotted
Detect2=HKLM\SOFTWARE\TrendMicro\RUBotted
Default=False
FileKey1=%ProgramFiles%\Trend Micro\RUBotted\DebugLogs|*.*|REMOVESELF

Probably this software has more log folders, but I don't have malware on my pc to find, if this
is true.

Found these:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\RUBotted
C:\Program Files (x86)\Trend Micro\RUBotted\DebugLogs
--------------------------------------------------------------------------------------------
The rest:
[FossaMail Corrupt SQLites*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%AppData%\FossaMail\Profiles|*.corrupt|RECURSE

[FossaMail Crash Reports*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%AppData%\FossaMail\Crash Reports|*.*|REMOVESELF

[FossaMail Extensions Log*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%AppData%\FossaMail\Profiles\*|extensions.log

[FossaMail Log*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%ProgramFiles%\FossaMail|*.log

[FossaMail Maintenance Service*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%CommonAppData%\Mozilla*\logs|*.*|REMOVESELF
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Mozilla*\logs|*.*|REMOVESELF

[FossaMail Minidumps*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%AppData%\FossaMail\Profiles\*\Minidumps|*.*

[FossaMail Net Predictions*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%AppData%\FossaMail\Profiles\*|seer.sqlite;netpredictions.sqlite

[FossaMail Startup Cache*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%LocalAppData%\FossaMail\Profiles\*\startupCache|*.*

[FossaMail TestPilot Error Logs*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%AppData%\FossaMail\Profiles\*|TestPilotErrorLog.*|RECURSE

[FossaMail Update Logs*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%LocalAppData%\FossaMail\Mozilla\*\Updates|*.log|RECURSE

[FossaMail webappsstore.sqlite*]
LangSecRef=3030
Detect1=HKLM\SOFTWARE\Mozilla\FossaMail
Detect2=HKLM\SOFTWARE\Wow6432Node\Mozilla\FossaMail
Default=False
FileKey1=%AppData%\FossaMail\Profiles\*|webappsstore.sqlite

Found these:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\FossaMail
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\FossaMail
C:\Program Files (x86)\FossaMail\freebl3.chk    1 KB
C:\Program Files (x86)\FossaMail\nssdbm3.chk    1 KB
C:\Program Files (x86)\FossaMail\softokn3.chk    1 KB
C:\Program Files (x86)\FossaMail\install.log    22 KB
C:\Program Files (x86)\FossaMail\freebl3.chk    1 KB
C:\Program Files (x86)\FossaMail\nssdbm3.chk    1 KB
C:\Program Files (x86)\FossaMail\softokn3.chk    1 KB
C:\Program Files (x86)\FossaMail\install.log    22 KB
C:\Users\Boss\AppData\Local\FossaMail\Profiles\x834gg7n.default\startupCache\startupCache.4.little    1.178 KB
C:\Users\Boss\AppData\Local\FossaMail\Profiles\x834gg7n.default\startupCache\startupCache.4.little    1.178 KB



C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads\BIT97BD.tmp    79 KB
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads\BIT9ABA.tmp    935 KB
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads\BIT9B47.tmp    2,205 KB

C:\Windows\SysWOW64\DOErrors.log    1 KB
C:\Windows\SysWOW64\DOErrors.log    1 KB

C:\Users\Galloway\AppData\Roaming\ACD Systems\ACDSee\Cache\TNCB1E8.tmp    0 KB
C:\Users\Boss\AppData\Local\Microsoft\VisualStudio\10.0\ComponentModelCache\Microsoft.VisualStudio.Default.cache    336 KB
C:\Users\Administrator\AppData\Local\Microsoft\Messenger\ContactsLog.txt    4 KB
C:\Users\Galloway\AppData\Roaming\V\V.log    2 KB
C:\Users\Galloway\Documents\log.txt    436 KB

C:\Windows\System32\InstallPackage_ETW.Log    30 KB
C:\Windows\System32\PT_OTP_Install_Error.log    1 KB
C:\Windows\security\database\tmp.edb    1.032 KB
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat    96 KB
C:\Windows\System32\lpremove.exe.bak    70 KB
C:\Windows\System32\CodeIntegrity\bootcat.cache    6.076 KB

C:\Program Files (x86)\Copernic Agent\INSTALL.LOG    7 KB
C:\Program Files (x86)\Copernic Agent\INSTALL2.LOG    3 KB
C:\Program Files (x86)\ToniArts\EasyCleaner\File_id.diz    1 KB
C:\Program Files (x86)\Fliptoast\lib\base\Cacher.js    21 KB

C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat    45 KB
C:\ProgramData\Microsoft\OFFICE\DATA\OPA11.BAK    9 KB

C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt.bak    32,769 KB

C:\Program Files (x86)\WallPaperChanger\File_id.diz    2 KB

C:\PMAIL\Programs\WPMSETUP.LOG    13 KB

C:\Users\Galloway\AppData\Roaming\CBS Interactive\Download App\console.log    1 KB
C:\Users\Galloway\AppData\Roaming\CBS Interactive\Download App\console.log    1 KB

C:\Users\Galloway\AppData\Roaming\IMVUClient\GeckoBin\freebl3.chk    1 KB
C:\Users\Galloway\AppData\Roaming\IMVUClient\GeckoBin\nssdbm3.chk    1 KB
C:\Users\Galloway\AppData\Roaming\IMVUClient\GeckoBin\softokn3.chk    1 KB

C:\Mercury\Mercury DDK\readme.bak    5 KB
C:\Mercury\Mercury DDK\DDK Samples\DDK Samples.ncb    163 KB

C:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\History Provider Cache    2 KB
C:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\Session Storage\LOG.old    1 KB
C:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\Session Storage\000063.log    1 KB
C:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\Session Storage\000063.log    1 KB
C:\Users\Boss\AppData\Local\360Browser\Browser\User Data\Default\Session Storage\000066.log
C:\Users\Boss\AppData\Local\360Browser\Browser\User Data\v3update\download\~114.cab0.~p2s    0 KB
C:\Users\Boss\AppData\Local\360Browser\Browser\User Data\v3update\download\~91CF.cab.~p2s    0 KB
C:\Users\Boss\AppData\Local\360Browser\Browser\User Data\v3update\download\~91EE.cab.~p2s    0 KB

C:\Program Files (x86)\Postbox\freebl3.chk    1 KB
C:\Program Files (x86)\Postbox\nssdbm3.chk    1 KB
C:\Program Files (x86)\Postbox\softokn3.chk    1 KB
C:\Program Files (x86)\Postbox\install.log    22 KB
C:\Users\Boss\AppData\Local\Postbox\Profiles\7xd5cwy0.default\startupCache\startupCache.4.little    1.032 KB

C:\Users\Galloway\AppData\Local\GCC\Chrome-bin\debug.log    3 KB
C:\Users\Galloway\AppData\Local\GCC\Chrome-bin\debug.log    3 KB

C:\Program Files (x86)\HTMASC\File_id.diz    1 KB
C:\Program Files (x86)\HTMASC\INSTALL.LOG    2 KB

C:\Program Files (x86)\Postbox\freebl3.chk    1 KB
C:\Program Files (x86)\Postbox\nssdbm3.chk    1 KB
C:\Program Files (x86)\Postbox\softokn3.chk    1 KB
C:\Program Files (x86)\Postbox\install.log    22 KB
C:\Program Files (x86)\Postbox\uninstall\uninstall.log    3 KB

C:\Users\Boss\AppData\LocalLow\EmailTray\sokODS.log    13 KB

C:\Users\Boss\AppData\Local\Mailbird\Log.log    1 KB
-------------------------------------------------------------------------------------------
1.)
[Amazon Cloud Player Logs*]
LangSecRef=3024
Detect1=HKCU\Software\
Default=False
FileKey1=%LocalAppData%\Amazon Cloud Player\Logs|*.*

Found these:
C:\Users\Galloway\AppData\Local\Amazon Cloud Player\Logs\cef_log.txt    2 KB
C:\Users\Galloway\AppData\Local\Amazon Cloud Player\Logs\AmazonCloudPlayer.log    280 KB
C:\Users\Galloway\AppData\Local\Amazon Cloud Player\Logs\AmazonCloudPlayer.log    280 KB

Could some please check, what is the registry key for this Software.

2.) Please check the program "Amazon Cloud Drive" and "Amazon MP3 Downloader".

3.) Please check the Program FRST, which is deleting viruses. It leaves a few logs.
(I can't check it, because my internet is very slow to download it all and install the programs)

4.) Shouldn't we add all other Mailprograms based on Thunderbird or Browser based on Chrome like 360 Browser?

Share this post


Link to post
Share on other sites

Lol anonymous email not anonymous when user name included in body @CSGalloway

Share this post


Link to post
Share on other sites

the email address comes in as asdf@..com, which I think is the primary purpose of the anonymizer

Share this post


Link to post
Share on other sites

email

 

 

 

(No, this email's not real, it's http://deadfake.com)


"got this email today, with the most meta entry ever"


I think this should be the most meta entry:

[Winapp2.ini File*]
LangSecRef=3024
DetectFile=
%ProgramFiles%\CCleaner\winapp2. Ini
Warning=It's deleting itself. 
Default=False
FileKey1=%ProgramFiles%\CCleaner|winapp2.ini


Yeah its deleting itself... Ha.. Ha.. 

By the way I'm not csgalloway. I just took his entries to add them. 

Whatever, Nergal and Jdpower, you both should run useless extensions too and help the project too. Perhaps we find something. I would appreciate your help. 



 
the CCleaner entry has been outmeta'd

Share this post


Link to post
Share on other sites

Dear anonymous, I plan to run it when I next boot my PC, though, in all honesty, it's been a few months since the last time I did that...personal stuff...

Share this post


Link to post
Share on other sites

 

the CCleaner entry has been outmeta'd

 

 

The file just couldn't take it anymore, it gained so many bytes over the years (especially near the mid-section) it decided to finally deleted itself. :lol: That reminded me of an old bug that's now squashed in CCleaner that would cause it to axe itself, that however wasn't funny.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...