PICPro Posted February 8, 2018 Share Posted February 8, 2018 I'd like to be able to use WinApp2ool.exe however it crashes on startup when used on a Windows 7 computer that has no internet connection. Hopefully Robert can make a note to adjust this behavior the next time he is able to work on this program. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted February 8, 2018 Author Share Posted February 8, 2018 6 hours ago, PICPro said: I'd like to be able to use WinApp2ool.exe however it crashes on startup when used on a Windows 7 computer that has no internet connection. Hopefully Robert can make a note to adjust this behavior the next time he is able to work on this program. I have this fixed on my side, I'm hoping to have some time within the next week to clean up and push the next update winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
SMalik Posted February 9, 2018 Share Posted February 9, 2018 Revised Entries Removed %CommonAppData%|StreamingMediaTechnologyLog.txt from [Adobe Premiere Elements *] and added into [Adobe Elements Organizer *]. [Adobe Premiere Elements *] LangSecRef=3021 Detect=HKCU\Software\Adobe\Premiere Elements Default=False FileKey1=%AppData%\Adobe\LogTransport2\Logs|*.*|RECURSE FileKey2=%AppData%\Adobe\Premiere Elements\*|Plugin Loading.log FileKey3=%AppData%\Adobe\Premiere Elements\*\logs|*.*|RECURSE FileKey4=%Documents%\Adobe\Premiere Elements\*|*.log FileKey5=%Documents%\NewBlueFX\Logs|*.txt RegKey1=HKCU\Software\Adobe\Premiere Elements\11.0\MRUDocuments RegKey2=HKCU\Software\Adobe\Premiere Elements\12.0\MRUDocuments RegKey3=HKCU\Software\Adobe\Premiere Elements\13.0\MRUDocuments RegKey4=HKCU\Software\Adobe\Premiere Elements\14.0\MRUDocuments RegKey5=HKCU\Software\Adobe\Premiere Elements\15.0\MRUDocuments [Adobe Elements Organizer *] LangSecRef=3021 Detect=HKCU\Software\Adobe\Elements Organizer Default=False FileKey1=%AppData%\Adobe\amecommand\6.0|Plugin Loading.log FileKey2=%AppData%\Adobe\Elements Organizer\*\Organizer|*.txt;status.dat FileKey3=%AppData%\Adobe\Elements Smart Tag Agent\*\Logs|*.log FileKey4=%AppData%\Adobe\LogTransport2\Logs|*.*|RECURSE FileKey5=%CommonAppData%|StreamingMediaTechnologyLog.txt FileKey6=%CommonAppData%\Adobe\Elements Organizer\Catalogs\My Catalog|face.thumb.9.cache;thumb.5.cache FileKey7=%CommonAppData%\Adobe\Elements Organizer\Catalogs\My Catalog\WaldoData|waldo.cache FileKey8=%CommonAppData%\Adobe\Elements Organizer\Catalogs\My Catalog\Watch Folder|*.txt;*.xml RegKey1=HKCU\Software\Adobe\Elements Organizer\11.0\CurrentMediaFilePath RegKey2=HKCU\Software\Adobe\Elements Organizer\12.0\CurrentMediaFilePath RegKey3=HKCU\Software\Adobe\Elements Organizer\13.0\CurrentMediaFilePath RegKey4=HKCU\Software\Adobe\Elements Organizer\14.0\CurrentMediaFilePath RegKey5=HKCU\Software\Adobe\Elements Organizer\15.0\CurrentMediaFilePath Link to comment Share on other sites More sharing options...
ROCKNROLL Posted February 9, 2018 Share Posted February 9, 2018 Updates: https://github.com/MoscaDotTo/Winapp2/commit/0b011c15de164b196574d6c7c262f650f45a9611 https://github.com/MoscaDotTo/Winapp2/commit/f491a99a6e2d9a7c4d60f97a354f9e671343027b I am a maintainer for Winapp2. I also have a open-source group on Steam. http://steamcommunity.com/groups/opencommunity Link to comment Share on other sites More sharing options...
SMalik Posted February 10, 2018 Share Posted February 10, 2018 Revised Entry Removed: HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings Removing traces from here is causing issues for Norton Security. Another thing I have noticed is that the traces of the removed programs get cleared automatically from here after the next system boot. [Windows Subsystems *] LangSecRef=3025 Detect=HKCU\Software\Microsoft\Windows Default=False FileKey1=%CommonAppData%\Microsoft\PlayReady|*.hds FileKey2=%CommonAppData%\Microsoft\PlayReady\Cache|*.* FileKey3=%CommonAppData%\Microsoft\RAC\PublishedData|*.log;*.jrs FileKey4=%CommonAppData%\Microsoft\RAC\StateData|*.log;*.jrs FileKey5=%CommonAppData%\Microsoft\RAC\Temp|*.* FileKey6=%CommonAppData%\Microsoft\Windows\DRM|*.log FileKey7=%CommonAppData%\Microsoft\Windows\DRM\Cache|*.*|RECURSE FileKey8=%CommonAppData%\Microsoft\Windows\DRM\PreUpgrade|*.log FileKey9=%CommonAppData%\Microsoft\Windows\Sqm\Manifest|*.bin FileKey10=%CommonAppData%\Microsoft\Windows\Sqm\Sessions|*.psqm;*.sqm FileKey11=%LocalAppData%\Microsoft\Windows\PRICache|*.*|RECURSE FileKey12=%LocalAppData%\Microsoft\Windows\SettingSync\metastore|*.jrs FileKey13=%LocalAppData%\Microsoft\Windows\SettingSync\remotemetastore\*|*.jrs FileKey14=%LocalAppData%\VirtualStore\ProgramData\Microsoft\PlayReady|*.hds FileKey15=%LocalAppData%\VirtualStore\ProgramData\Microsoft\PlayReady\Cache|*.* FileKey16=%LocalAppData%\VirtualStore\ProgramData\Microsoft\RAC\PublishedData|*.log;*.jrs FileKey17=%LocalAppData%\VirtualStore\ProgramData\Microsoft\RAC\StateData|*.log;*.jrs FileKey18=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Windows\DRM|*.log FileKey19=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Windows\DRM\Cache|*.*|RECURSE FileKey20=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Windows\DRM\PreUpgrade|*.log FileKey21=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Windows\Sqm\Manifest|*.bin FileKey22=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Windows\Sqm\Sessions|*.psqm;*.sqm FileKey23=%SystemDrive%\spoolerlogs|spooler.xml FileKey24=%WinDir%\ehome|PRDMOWrapper.log FileKey25=%WinDir%\System32|PRDMOWrapper.log FileKey26=%WinDir%\system32\spool|spooler.xml FileKey27=%WinDir%\System32\sru|*.*|RECURSE RegKey1=HKCU\Software\Classes\VirtualStore\MACHINE\Software\Microsoft\DirectDraw\MostRecentApplication RegKey2=HKCU\Software\Classes\VirtualStore\MACHINE\Software\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication RegKey3=HKCU\Software\Microsoft\Direct3D\MostRecentApplication RegKey4=HKLM\Software\Microsoft\Direct3D\MostRecentApplication RegKey5=HKLM\Software\Microsoft\DirectDraw\MostRecentApplication RegKey6=HKLM\Software\Microsoft\Windows\CurrentVersion\Setup|Installation Sources RegKey7=HKLM\Software\Wow6432Node\Microsoft\Direct3D\MostRecentApplication RegKey8=HKLM\Software\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication Link to comment Share on other sites More sharing options...
SMalik Posted February 10, 2018 Share Posted February 10, 2018 Revised Entry Added: %LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalCache\PlayReady\Cache|*.*|RECURSE [Groove Music *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\PRICache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\Temp|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalCache\PlayReady\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\*Cache*|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\Database\*|*.log FileKey11=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\navigationHistory|*.*|RECURSE FileKey12=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\PlayReady|*.*|RECURSE FileKey13=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\INetCache\|container.dat Link to comment Share on other sites More sharing options...
SMalik Posted February 11, 2018 Share Posted February 11, 2018 What happened to this entry? It is not there anymore. [Adobe Media Cache*] LangSecRef=3021 DetectFile=%AppData%\Adobe\Common\Media Cache Default=False FileKey1=%AppData%\Adobe\Common\Media Cache|*.*|RECURSE FileKey2=%AppData%\Adobe\Common\Media Cache Files|*.*|RECURSE FileKey3=%AppData%\Adobe\Common\Thumbnail Cache|*.*|RECURSE Link to comment Share on other sites More sharing options...
APMichael Posted February 11, 2018 Share Posted February 11, 2018 On 11.2.2018 at 01:39, SMalik said: What happened to this entry? It is not there anymore. [Adobe Media Cache*] After the overhaul it was still there as a merged version: [Adobe Media Cache *] LangSecRef=3023 DetectFile=%AppData%\Adobe\Common\Media Cache Default=False FileKey1=%AppData%\Adobe\Common\* Cache*|*.*|RECURSE But then it got accidentally lost here: https://github.com/MoscaDotTo/Winapp2/commit/2ff56e7f8e472d07e3726179bab11d3219774bd5 Link to comment Share on other sites More sharing options...
SMalik Posted February 12, 2018 Share Posted February 12, 2018 (edited) Here is a revised entry for Adobe Media Cache. [Adobe Media Cache *] LangSecRef=3021 DetectFile=%AppData%\Adobe\Common\Media Cache Default=False FileKey1=%AppData%\Adobe\Common\Media Cache|*.*|RECURSE FileKey2=%AppData%\Adobe\Common\Media Cache Files|*.*|RECURSE FileKey3=%AppData%\Adobe\Common\Peak Files|*.*|RECURSE FileKey4=%AppData%\Adobe\Common\Team Projects Cache|*.*|RECURSE FileKey5=%AppData%\Adobe\Common\Thumbnail Cache|*.*|RECURSE Edited February 13, 2018 by SMalik Link to comment Share on other sites More sharing options...
SMalik Posted February 12, 2018 Share Posted February 12, 2018 New Entry Merged [MAGIX *], [MAGIX Backups *] and [MAGIX Driver Downloads *] into [MAGIX Installation manager *]. [MAGIX Installation manager *] LangSecRef=3023 Detect=HKCU\Software\Magix\MAGIX Installation manager Default=False FileKey1=%CommonAppData%\MAGIX\*|*.log;*.reg FileKey2=%CommonAppData%\MAGIX\*\download|*.*|RECURSE FileKey3=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*|*.log;*.reg FileKey4=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*\download|*.*|RECURSE Link to comment Share on other sites More sharing options...
siliconman01 Posted February 12, 2018 Share Posted February 12, 2018 1 hour ago, SMalik said: New Entry Merged [MAGIX *], [MAGIX Backups *] and [MAGIX Driver Downloads *] into [MAGIX Installation manager *]. [MAGIX Installation manager *] LangSecRef=3023 Detect=HKCU\Software\Magix\MAGIX Installation manager Default=False FileKey1=%CommonAppData%\MAGIX\*|*.log;*.reg FileKey2=%CommonAppData%\MAGIX\*\download|*.*|RECURSE FileKey3=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*|*.log;*.reg FileKey4=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*\download|*.*|RECURSE For overall consistency, you may wish to capitalize "manager"...[MAGIX Installation Manager *] Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
SMalik Posted February 13, 2018 Share Posted February 13, 2018 Revised Entry Changed FileKey11 to REMOVESELF [Microsoft Edge *] LangSecRef=3022 Detect=HKCU\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\#!00*\INetCookies|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\#!00*\Microsoft\Cryptnet*Cache|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\#!00*\MicrosoftEdge\Cookies|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\Microsoft\Cryptnet*Cache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\MicrosoftEdge\Cookies|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\MicrosoftEdge\User\Default\Datastore\Data\nouser1\*\Favorites|*.ico FileKey7=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\MicrosoftEdge\User\Default\DataStore\Indexed\Data\nouser1\*|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\MicrosoftEdge\User\Default\ImageStore|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\Temp|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AppData\User\Default\Indexed DB|*.*|RECURSE FileKey11=%UserProfile%\MicrosoftEdgeBackups\backups\*|*.*|REMOVESELF Link to comment Share on other sites More sharing options...
SMalik Posted February 13, 2018 Share Posted February 13, 2018 I think we should have one entry for all Adobe CC applications. I use some of the Adobe CC applications like Photoshop, Premiere Pro and Media Encoder. Here is an entry based on these three applications. We might be able to make this work with the previous versions of Adobe CC applications by replacing CC 2018 with an asterisk and same with the application version numbers. [Adobe CC *] LangSecRef=3021 Detect=HKCU\Software\Adobe\CreativeCloud Default=False FileKey1=%CommonProgramFiles%\Adobe\Installers|CoreSyncInstall.log;Install.log FileKey2=%AppData%\Adobe\Adobe Media Encoder\12.0\logs|*.*|RECURSE FileKey3=%AppData%\Adobe\Adobe Photoshop CC 2018\Adobe Photoshop CC 2018 Settings\CrashLogs|*.*|RECURSE FileKey4=%AppData%\Adobe\Adobe Photoshop CC 2018\Adobe Photoshop CC 2018 Settings\web-cache-temp|*.*|RECURSE FileKey5=%AppData%\Adobe\Adobe Photoshop CC 2018\Logs|*.*|RECURSE FileKey6=%AppData%\Adobe\CRLogs|*.*|RECURSE FileKey7=%AppData%\Adobe\dynamiclinkmanager\12.0\logs|*.*|RECURSE FileKey8=%AppData%\Adobe\Extension Manager CC\Log|*.*|RECURSE FileKey9=%AppData%\Adobe\Extension Manager CC\Temp|*.*|RECURSE FileKey10=%AppData%\Adobe\LogTransport2CC\Logs|*.*|RECURSE FileKey11=%AppData%\Adobe\Lumetri\9.0\logs|*.*|RECURSE FileKey12=%AppData%\Adobe\Premiere Pro\12.0\logs|*.*|RECURSE FileKey13=%AppData%\Adobe\Premiere Pro\12.0|Plugin Loading.log FileKey14=%Documents%\Adobe|*.log FileKey15=%Documents%\Adobe\Adobe Media Encoder\12.0\logs|*.*|RECURSE FileKey16=%Documents%\Adobe\Premiere Pro\12.0|Plugin Loading.log Please remove the entries listed below. Some of them are dangerous. [Adobe CC *], [Adobe CS *], [Adobe Dreamweaver *], [Adobe My Digital Editions *], [Adobe Photoshop *] and [Adobe Premiere Pro *]. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted February 13, 2018 Author Share Posted February 13, 2018 There is a new version of winapp2ool (v0.6) available for testing. Most of the changes are under-the-hood but you should see a little more prevention against loading files that don't exist or contain no content (eg. loading an empty file will present an error that the file is empty instead of just attempting to do whatever module work with an empty file under some circumstances.) There's also a new menu/output design that's fit to the size of the console window and consistent throughout the modules. The WinappDebug module's alphabetization checking has been tweaked a bit to organize entries that belong in the browser sections differently (via langsecref instead of specialdetect) Known issues: There may be some places where entering 0 to return to the menu fails to properly do so. I think I've caught all these but let me know if you find one. There may be some inconsistent grammar throughout menus. Again, if anything jumps out, do let me know. Diff might throw some exceptions under some circumstances, I'm currently looking into the cause of this. Bug reports are best left through GitHub but comments here are fine too. On 2/7/2018 at 19:18, PICPro said: I'd like to be able to use WinApp2ool.exe however it crashes on startup when used on a Windows 7 computer that has no internet connection. Hopefully Robert can make a note to adjust this behavior the next time he is able to work on this program. This should be fixed now. Opening winapp2ool.exe without an internet connection should produce an error against the update checker before printing the menu instead of simply crashing. winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
ROCKNROLL Posted February 13, 2018 Share Posted February 13, 2018 Many updates: https://github.com/MoscaDotTo/Winapp2/commit/3ef6d3686d301aacfea1b0a234115f052825312e https://github.com/MoscaDotTo/Winapp2/commit/4242988eedbece19871839ca4872bd34166ce06e https://github.com/MoscaDotTo/Winapp2/commit/d033e930372c3a39ffcd900efdf6b9879ab9aa4c I am a maintainer for Winapp2. I also have a open-source group on Steam. http://steamcommunity.com/groups/opencommunity Link to comment Share on other sites More sharing options...
ROCKNROLL Posted February 13, 2018 Share Posted February 13, 2018 Just for the record, several Anti-virus are detecting Winapp2ool as false positives. I am in the process of getting this resolved. The AVs that are detecting Winapp2ool as malicious are Endgame, Crowdstrike Falcon, and Zemana. You can keep track of this issue here: https://github.com/MoscaDotTo/Winapp2/issues/199 I am a maintainer for Winapp2. I also have a open-source group on Steam. http://steamcommunity.com/groups/opencommunity Link to comment Share on other sites More sharing options...
siliconman01 Posted February 13, 2018 Share Posted February 13, 2018 3 hours ago, Winapp2.ini said: There is a new version of winapp2ool (v0.6) available for testing. Most of the changes are under-the-hood but you should see a little more prevention against loading files that don't exist or contain no content (eg. loading an empty file will present an error that the file is empty instead of just attempting to do whatever module work with an empty file under some circumstances.) There's also a new menu/output design that's fit to the size of the console window and consistent throughout the modules. The WinappDebug module's alphabetization checking has been tweaked a bit to organize entries that belong in the browser sections differently (via langsecref instead of specialdetect) Known issues: There may be some places where entering 0 to return to the menu fails to properly do so. I think I've caught all these but let me know if you find one. There may be some inconsistent grammar throughout menus. Again, if anything jumps out, do let me know. Diff might throw some exceptions under some circumstances, I'm currently looking into the cause of this. Bug reports are best left through GitHub but comments here are fine too. This should be fixed now. Opening winapp2ool.exe without an internet connection should produce an error against the update checker before printing the menu instead of simply crashing. I assume that the sorting function is still in the works for sorting and alphabetizing winapp2.ini + user custom additions during the TRIM process, eh? Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted February 13, 2018 Author Share Posted February 13, 2018 1 minute ago, siliconman01 said: I assume that the sorting function is still in the works for sorting and alphabetizing winapp2.ini + user custom additions during the TRIM process, eh? Yes. They're on my radar (and indeed some of the scaffolding is completed for WinappDebug's upcoming autocorrect functionality). Most of this release's front end changes were concerned with setting up a consistent menu system and exception handling. winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
SMalik Posted February 14, 2018 Share Posted February 14, 2018 Revised Entries Changed the name from [Downloaded Installations *] to [Paragon Setup Files *] and LangSecRef from 3025 to 3024 [Paragon Setup Files *] LangSecRef=3024 DetectFile=%LocalAppData%\Downloaded Installations Default=False FileKey1=%LocalAppData%\Downloaded Installations|*.*|REMOVESELF Changed the name from [Paragon Hard Disk Manager 12 *] to [Paragon Hard Disk Manager 12 Suite *] [Paragon Hard Disk Manager 12 Suite *] LangSecRef=3024 DetectFile=%ProgramFiles%\Paragon Software\Hard Disk Manager 12 Suite Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Paragon Software\Hard Disk Manager 12 Suite|*.log FileKey2=%ProgramFiles%\Paragon Software\Hard Disk Manager 12 Suite|*.log Changed Detect to DetectFile [Paragon Hard Disk Manager 14 Suite *] LangSecRef=3024 DetectFile=%ProgramFiles%\Paragon Software\Hard Disk Manager 12 Suite Default=False FileKey1=%CommonAppData%\clonehdd|*.log FileKey2=%CommonAppData%\createpart|*.log FileKey3=%CommonAppData%\deletepart|*.log FileKey4=%CommonAppData%\explauncher|*.log FileKey5=%CommonAppData%\ftw|*.log FileKey6=%CommonAppData%\launcher|*.log FileKey7=%CommonAppData%\logsaver|*.log FileKey8=%CommonAppData%\migrateos|*.log FileKey9=%CommonAppData%\redistpart|*.log FileKey10=%CommonAppData%\vmadjust|*.log FileKey11=%CommonAppData%\vmcreate|*.log FileKey12=%CommonAppData%\wipe|*.log FileKey13=%LocalAppData%\VirtualStore\Program Files*\Paragon Software\Hard Disk Manager 14 Suite\*|BioNtLog.txt;cdb.log;fdisk.txt;pwlog.txt;stubact.log FileKey14=%LocalAppData%\VirtualStore\Program Files*\Paragon Software\Hard Disk Manager 14 Suite\*\symmpi*|*.txt FileKey15=%LocalAppData%\VirtualStore\ProgramData\clonehdd|*.log FileKey16=%LocalAppData%\VirtualStore\ProgramData\createpart|*.log FileKey17=%LocalAppData%\VirtualStore\ProgramData\deletepart|*.log FileKey18=%LocalAppData%\VirtualStore\ProgramData\explauncher|*.log FileKey19=%LocalAppData%\VirtualStore\ProgramData\ftw|*.log FileKey20=%LocalAppData%\VirtualStore\ProgramData\launcher|*.log FileKey21=%LocalAppData%\VirtualStore\ProgramData\logsaver|*.log FileKey22=%LocalAppData%\VirtualStore\ProgramData\migrateos|*.log FileKey23=%LocalAppData%\VirtualStore\ProgramData\redistpart|*.log FileKey24=%LocalAppData%\VirtualStore\ProgramData\vmadjust|*.log FileKey25=%LocalAppData%\VirtualStore\ProgramData\vmcreate|*.log FileKey26=%ProgramFiles%\Paragon Software\Hard Disk Manager 14 Suite\*|BioNtLog.txt;cdb.log;fdisk.txt;pwlog.txt;stubact.log FileKey27=%ProgramFiles%\Paragon Software\Hard Disk Manager 14 Suite\*\symmpi*|*.txt FileKey28=%SystemDrive%\Documents and Settings\LocalService|objsrv.log FileKey29=%WinDir%\Logs\Paragon Software\UimSetup|*.log FileKey30=%WinDir%\Logs\Paragon Software\VssRequester|*.log FileKey31=%WinDir%\Logs\Paragon\Client|*.log Changed Detect to DetectFile [Paragon Partition Manager 2014 *] LangSecRef=3024 DetectFile=%ProgramFiles%\Paragon Software\Partition Manager 2014 Default=False FileKey1=%CommonAppData%\converthfs|*.log FileKey2=%CommonAppData%\createpart|*.log FileKey3=%CommonAppData%\deletepart|*.log FileKey4=%CommonAppData%\explauncher|*.log FileKey5=%CommonAppData%\formatpart|*.log FileKey6=%CommonAppData%\launcher|*.log FileKey7=%CommonAppData%\logsaver|*.log FileKey8=%CommonAppData%\redistpart|*.log FileKey9=%LocalAppData%\VirtualStore\Program Files*\Paragon Software\*\program|BioNtLog.txt;cdb.log;fdisk.txt;pwlog.txt;stubact.log FileKey10=%LocalAppData%\VirtualStore\ProgramData\converthfs|*.log FileKey11=%LocalAppData%\VirtualStore\ProgramData\createpart|*.log FileKey12=%LocalAppData%\VirtualStore\ProgramData\deletepart|*.log FileKey13=%LocalAppData%\VirtualStore\ProgramData\explauncher|*.log FileKey14=%LocalAppData%\VirtualStore\ProgramData\formatpart|*.log FileKey15=%LocalAppData%\VirtualStore\ProgramData\launcher|*.log FileKey16=%LocalAppData%\VirtualStore\ProgramData\logsaver|*.log FileKey17=%LocalAppData%\VirtualStore\ProgramData\redistpart|*.log FileKey18=%ProgramFiles%\Paragon Software\*\program|BioNtLog.txt;cdb.log;fdisk.txt;pwlog.txt;stubact.log FileKey19=%SystemDrive%\Documents and Settings\LocalService|objsrv.log FileKey20=%WinDir%\Logs\Paragon Software\VssRequester|*.log FileKey21=%WinDir%\Logs\Paragon\Client|*.log Link to comment Share on other sites More sharing options...
siliconman01 Posted February 14, 2018 Share Posted February 14, 2018 (edited) Quote Revised Entries Changed the name from [Downloaded Installations *] to [Paragon Setup Files *] and LangSecRef from 3025 to 3024 [Paragon Setup Files *] LangSecRef=3024 DetectFile=%LocalAppData%\Downloaded Installations Default=False FileKey1=%LocalAppData%\Downloaded Installations|*.*|REMOVESELF The folder "Downloaded Installations" is not unique to Paragon. I have this folder and I do not have nor have ever had any Paragon products on my systems. Therefore I do not feel that this should be renamed from [Downloaded Installations *] to [Paragon Setup Files *]. Reference the link below: http://shouldicleanit.com/apps/downloaded-installations Edited February 14, 2018 by siliconman01 added link reference for %LocalAppData%\Downloaded Installations Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
APMichael Posted February 14, 2018 Share Posted February 14, 2018 On 14.2.2018 at 02:47, SMalik said: Revised Entries ... Changed Detect to DetectFile [Paragon Hard Disk Manager 14 Suite *] LangSecRef=3024 DetectFile=%ProgramFiles%\Paragon Software\Hard Disk Manager 12 Suite Default=False ... I think the correct DetectFile should be: [Paragon Hard Disk Manager 14 Suite *] LangSecRef=3024 DetectFile=%ProgramFiles%\Paragon Software\Hard Disk Manager 14 Suite Default=False On 14.2.2018 at 06:22, siliconman01 said: The folder "Downloaded Installations" is not unique to Paragon. I have this folder and I do not have nor have ever had any Paragon products on my systems. Therefore I do not feel that this should be renamed from [Downloaded Installations *] to [Paragon Setup Files *]... You're absolutely right. It's a common folder used by various applications. (On my system it's used by a banking software.) Link to comment Share on other sites More sharing options...
Winapp2.ini Posted February 14, 2018 Author Share Posted February 14, 2018 (edited) I fixed a small bug in winapp2ool that was causing the diff module to print exceptions under some circumstances. Here is the changeset between my previous post (2018-01-25) and the current master file at the time of this post ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Changes made between Version: 180125 and Version: 180213 ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Extensions State * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Extensions State *] LangSecRef=3029 SpecialDetect=DET_CHROME Detect1=HKCU\Software\7Star Detect2=HKCU\Software\Chromium Detect3=HKCU\Software\Coowon Detect4=HKCU\Software\SuperBird Detect5=HKCU\Software\Torch Detect6=HKCU\Software\Vivaldi Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\*\Extension State|*.*|RECURSE FileKey2=%LocalAppData%\Amigo\User Data\*\Extension State|*.*|RECURSE FileKey3=%LocalAppData%\Chrome Plus\User Data\*\Extension State|*.*|RECURSE FileKey4=%LocalAppData%\Chromium\User Data\*\Extension State|*.*|RECURSE FileKey5=%LocalAppData%\Coowon\Coowon\User Data\*\Extension State|*.*|RECURSE FileKey6=%LocalAppData%\Flock\User Data\*\Extension State|*.*|RECURSE FileKey7=%LocalAppData%\Google\Chrome*\User Data\*\Extension State|*.*|RECURSE FileKey8=%LocalAppData%\Rockmelt\User Data\*\Extension State|*.*|RECURSE FileKey9=%LocalAppData%\SRWare Iron\User Data\*\Extension State|*.*|RECURSE FileKey10=%LocalAppData%\SuperBird\User Data\*\Extension State|*.*|RECURSE FileKey11=%LocalAppData%\Torch\User Data\*\Extension State|*.*|RECURSE FileKey12=%LocalAppData%\Vivaldi\User Data\*\Extension State|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ GPU Cache * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [GPU Cache *] LangSecRef=3029 SpecialDetect=DET_CHROME Detect1=HKCU\Software\7Star Detect2=HKCU\Software\Chromium Detect3=HKCU\Software\Coowon Detect4=HKCU\Software\SuperBird Detect5=HKCU\Software\Torch Detect6=HKCU\Software\Vivaldi DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%AppData%\Brave\*\GPUCache|*.* FileKey2=%LocalAppData%\7Star\7Star\User Data\*\GPUCache|*.* FileKey3=%LocalAppData%\Amigo\User Data\*\GPUCache|*.* FileKey4=%LocalAppData%\Chrome Plus\User Data\*\GPUCache|*.* FileKey5=%LocalAppData%\Chromium\User Data\*\GPUCache|*.* FileKey6=%LocalAppData%\Coowon\Coowon\User Data\*\GPUCache|*.* FileKey7=%LocalAppData%\Flock\User Data\*\GPUCache|*.* FileKey8=%LocalAppData%\Google\Chrome*\User Data\*\GPUCache|*.* FileKey9=%LocalAppData%\Rockmelt\User Data\*\GPUCache|*.* FileKey10=%LocalAppData%\SlimJet\User Data\*\GPUCache|*.* FileKey11=%LocalAppData%\SRWare Iron\User Data\*\GPUCache|*.* FileKey12=%LocalAppData%\SuperBird\User Data\*\GPUCache|*.* FileKey13=%LocalAppData%\Torch\User Data\*\GPUCache|*.* FileKey14=%LocalAppData%\Vivaldi\User Data\*\GPUCache|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ History * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [History *] LangSecRef=3029 SpecialDetect=DET_CHROME Detect1=HKCU\Software\7Star Detect2=HKCU\Software\360Browser Detect3=HKCU\Software\Chromium Detect4=HKCU\Software\Coowon Detect5=HKCU\Software\SuperBird Detect6=HKCU\Software\Torch Detect7=HKCU\Software\Vivaldi DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\*|History FileKey2=%LocalAppData%\7Star\7Star\User Data\*\JumpListIcons*|*.*|RECURSE FileKey3=%LocalAppData%\360Browser\Browser\User Data\*|History FileKey4=%LocalAppData%\360Browser\Browser\User Data\*\JumpListIcons*|*.*|RECURSE FileKey5=%LocalAppData%\Amigo\User Data\*|History FileKey6=%LocalAppData%\Amigo\User Data\*\JumpListIcons*|*.*|RECURSE FileKey7=%LocalAppData%\Chrome Plus\User Data\*|History FileKey8=%LocalAppData%\Chrome Plus\User Data\*\JumpListIcons*|*.*|RECURSE FileKey9=%LocalAppData%\Chromium\User Data\*|History FileKey10=%LocalAppData%\Chromium\User Data\*\JumpListIcons*|*.*|RECURSE FileKey11=%LocalAppData%\Coowon\Coowon\User Data\*|History FileKey12=%LocalAppData%\Coowon\Coowon\User Data\*\JumpListIcons*|*.*|RECURSE FileKey13=%LocalAppData%\Flock\User Data\*|History FileKey14=%LocalAppData%\Flock\User Data\*\JumpListIcons*|*.*|RECURSE FileKey15=%LocalAppData%\Google\Chrome*\User Data\*|History FileKey16=%LocalAppData%\Google\Chrome*\User Data\*\JumpListIcons*|*.*|RECURSE FileKey17=%LocalAppData%\Rockmelt\User Data\*|History FileKey18=%LocalAppData%\Rockmelt\User Data\*\JumpListIcons*|*.*|RECURSE FileKey19=%LocalAppData%\SlimJet\User Data\*|History FileKey20=%LocalAppData%\SlimJet\User Data\*\JumpListIcons*|*.*|RECURSE FileKey21=%LocalAppData%\SRWare Iron\User Data\*|History FileKey22=%LocalAppData%\SRWare Iron\User Data\*\JumpListIcons*|*.*|RECURSE FileKey23=%LocalAppData%\SuperBird\User Data\*|History FileKey24=%LocalAppData%\SuperBird\User Data\*\JumpListIcons*|*.*|RECURSE FileKey25=%LocalAppData%\Torch\User Data\*|History FileKey26=%LocalAppData%\Torch\User Data\*\JumpListIcons*|*.*|RECURSE FileKey27=%LocalAppData%\Vivaldi\User Data\*|History FileKey28=%LocalAppData%\Vivaldi\User Data\*\JumpListIcons*|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ JumpListIconsRecentClosed * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [JumpListIconsRecentClosed *] LangSecRef=3029 SpecialDetect=DET_CHROME Default=False FileKey1=%LocalAppData%\Google\Chrome\User Data\Default\JumpListIconsRecentClosed|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Local Storage * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Local Storage *] LangSecRef=3029 SpecialDetect=DET_CHROME Detect1=HKCU\Software\7Star Detect2=HKCU\Software\360Browser Detect3=HKCU\Software\Chromium Detect4=HKCU\Software\Coowon Detect5=HKCU\Software\SuperBird Detect6=HKCU\Software\Torch Detect7=HKCU\Software\Vivaldi Default=False FileKey1=%AppData%\Brave\*\Local Storage|http*.*|RECURSE FileKey2=%LocalAppData%\7Star\7Star\User Data\*\Local Storage|http*.*|RECURSE FileKey3=%LocalAppData%\360Browser\Browser\User Data\*\Local Storage|http*.*|RECURSE FileKey4=%LocalAppData%\Amigo\User Data\*\Local Storage|http*.*|RECURSE FileKey5=%LocalAppData%\Chrome Plus\User Data\*\Local Storage|http*.*|RECURSE FileKey6=%LocalAppData%\Chromium\User Data\*\Local Storage|http*.*|RECURSE FileKey7=%LocalAppData%\Coowon\Coowon\User Data\*\Local Storage|http*.*|RECURSE FileKey8=%LocalAppData%\Flock\User Data\*\Local Storage|http*.*|RECURSE FileKey9=%LocalAppData%\Google\Chrome*\User Data\*\Local Storage|http*.*|RECURSE FileKey10=%LocalAppData%\Rockmelt\User Data\*\Local Storage|http*.*|RECURSE FileKey11=%LocalAppData%\SRWare Iron\User Data\*\Local Storage|http*.*|RECURSE FileKey12=%LocalAppData%\SuperBird\User Data\*\Local Storage|http*.*|RECURSE FileKey13=%LocalAppData%\Torch\User Data\*\Local Storage|http*.*|RECURSE FileKey14=%LocalAppData%\Vivaldi\User Data\*\Local Storage|http*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Logs * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Logs *] LangSecRef=3029 SpecialDetect=DET_CHROME Detect1=HKCU\Software\7Star Detect2=HKCU\Software\Chromium Detect3=HKCU\Software\Coowon Detect4=HKCU\Software\SuperBird Detect5=HKCU\Software\Torch Detect6=HKCU\Software\Vivaldi Default=False FileKey1=%AppData%\Brave\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey2=%LocalAppData%\7Star\7Star\Application|debug.log FileKey3=%LocalAppData%\7Star\7Star\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey4=%LocalAppData%\Amigo\Application|debug.log FileKey5=%LocalAppData%\Amigo\User Data\*\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey6=%LocalAppData%\Chrome Plus\Application|debug.log FileKey7=%LocalAppData%\Chrome Plus\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey8=%LocalAppData%\Chromium\Application|debug.log FileKey9=%LocalAppData%\Chromium\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey10=%LocalAppData%\Coowon\Coowon\Application|debug.log FileKey11=%LocalAppData%\Coowon\Coowon\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey12=%LocalAppData%\Flock\Application|debug.log FileKey13=%LocalAppData%\Flock\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey14=%LocalAppData%\Google\Chrome Cleanup Tool|*.log FileKey15=%LocalAppData%\Google\Chrome*\Application|debug.log FileKey16=%LocalAppData%\Google\Chrome*\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey17=%LocalAppData%\Google\Software Reporter Tool|*.log FileKey18=%LocalAppData%\Rockmelt\Application|debug.log FileKey19=%LocalAppData%\Rockmelt\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey20=%LocalAppData%\SRWare Iron\Application|debug.log FileKey21=%LocalAppData%\SRWare Iron\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey22=%LocalAppData%\SuperBird\Application|debug.log FileKey23=%LocalAppData%\SuperBird\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey24=%LocalAppData%\Torch\Application|debug.log FileKey25=%LocalAppData%\Torch\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey26=%LocalAppData%\VirtualStore\Program Files*\Google\Chrome*\Application|debug.log FileKey27=%LocalAppData%\VirtualStore\Program Files*\SRWare Iron|debug.log FileKey28=%LocalAppData%\Vivaldi\Application|debug.log FileKey29=%LocalAppData%\Vivaldi\User Data\*|*LOG.*;Log;*.log;*.old|RECURSE FileKey30=%ProgramFiles%\Google\Chrome*\Application|debug.log FileKey31=%ProgramFiles%\SRWare Iron|debug.log ExcludeKey1=PATH|%LocalAppData%\7Star\7Star\User Data\*\Extensions\|*.* ExcludeKey2=PATH|%LocalAppData%\7Star\7Star\User Data\*\File System\|*.* ExcludeKey3=PATH|%LocalAppData%\7Star\7Star\User Data\*\Local App Settings\|*.* ExcludeKey4=PATH|%LocalAppData%\7Star\7Star\User Data\*\Local Extension Settings\|*.* ExcludeKey5=PATH|%LocalAppData%\Amigo\User Data\*\Extensions\|*.* ExcludeKey6=PATH|%LocalAppData%\Amigo\User Data\*\File System\|*.* ExcludeKey7=PATH|%LocalAppData%\Amigo\User Data\*\Local App Settings\|*.* ExcludeKey8=PATH|%LocalAppData%\Amigo\User Data\*\Local Extension Settings\|*.* ExcludeKey9=PATH|%LocalAppData%\Chrome Plus\User Data\*\Extensions\|*.* ExcludeKey10=PATH|%LocalAppData%\Chrome Plus\User Data\*\File System\|*.* ExcludeKey11=PATH|%LocalAppData%\Chrome Plus\User Data\*\Local App Settings\|*.* ExcludeKey12=PATH|%LocalAppData%\Chrome Plus\User Data\*\Local Extension Settings\|*.* ExcludeKey13=PATH|%LocalAppData%\Chromium\User Data\*\Extensions\|*.* ExcludeKey14=PATH|%LocalAppData%\Chromium\User Data\*\File System\|*.* ExcludeKey15=PATH|%LocalAppData%\Chromium\User Data\*\Local App Settings\|*.* ExcludeKey16=PATH|%LocalAppData%\Chromium\User Data\*\Local Extension Settings\|*.* ExcludeKey17=PATH|%LocalAppData%\Coowon\Coowon\User Data\*\Extensions\|*.* ExcludeKey18=PATH|%LocalAppData%\Coowon\Coowon\User Data\*\File System\|*.* ExcludeKey19=PATH|%LocalAppData%\Coowon\Coowon\User Data\*\Local App Settings\|*.* ExcludeKey20=PATH|%LocalAppData%\Coowon\Coowon\User Data\*\Local Extension Settings\|*.* ExcludeKey21=PATH|%LocalAppData%\Flock\User Data\*\Extensions\|*.* ExcludeKey22=PATH|%LocalAppData%\Flock\User Data\*\File System\|*.* ExcludeKey23=PATH|%LocalAppData%\Flock\User Data\*\Local App Settings\|*.* ExcludeKey24=PATH|%LocalAppData%\Flock\User Data\*\Local Extension Settings\|*.* ExcludeKey25=PATH|%LocalAppData%\Google\Chrome*\User Data\*\Extensions\|*.* ExcludeKey26=PATH|%LocalAppData%\Google\Chrome*\User Data\*\File System\|*.* ExcludeKey27=PATH|%LocalAppData%\Google\Chrome*\User Data\*\Local App Settings\|*.* ExcludeKey28=PATH|%LocalAppData%\Google\Chrome*\User Data\*\Local Extension Settings\|*.* ExcludeKey29=PATH|%LocalAppData%\Google\Chrome*\User Data\*\Local Storage\leveldb\|*.* ExcludeKey30=PATH|%LocalAppData%\Rockmelt\User Data\*\Extensions\|*.* ExcludeKey31=PATH|%LocalAppData%\Rockmelt\User Data\*\File System\|*.* ExcludeKey32=PATH|%LocalAppData%\Rockmelt\User Data\*\Local App Settings\|*.* ExcludeKey33=PATH|%LocalAppData%\Rockmelt\User Data\*\Local Extension Settings\|*.* ExcludeKey34=PATH|%LocalAppData%\SRWare Iron\User Data\*\Extensions\|*.* ExcludeKey35=PATH|%LocalAppData%\SRWare Iron\User Data\*\File System\|*.* ExcludeKey36=PATH|%LocalAppData%\SRWare Iron\User Data\*\Local App Settings\|*.* ExcludeKey37=PATH|%LocalAppData%\SRWare Iron\User Data\*\Local Extension Settings\|*.* ExcludeKey38=PATH|%LocalAppData%\Superbird\User Data\*\Extensions\|*.* ExcludeKey39=PATH|%LocalAppData%\Superbird\User Data\*\File System\|*.* ExcludeKey40=PATH|%LocalAppData%\Superbird\User Data\*\Local App Settings\|*.* ExcludeKey41=PATH|%LocalAppData%\Superbird\User Data\*\Local Extension Settings\|*.* ExcludeKey42=PATH|%LocalAppData%\Torch\User Data\*\Extensions\|*.* ExcludeKey43=PATH|%LocalAppData%\Torch\User Data\*\File System\|*.* ExcludeKey44=PATH|%LocalAppData%\Torch\User Data\*\Local App Settings\|*.* ExcludeKey45=PATH|%LocalAppData%\Torch\User Data\*\Local Extension Settings\|*.* ExcludeKey46=PATH|%LocalAppData%\Vivaldi\User Data\*\Extensions\|*.* ExcludeKey47=PATH|%LocalAppData%\Vivaldi\User Data\*\File System\|*.* ExcludeKey48=PATH|%LocalAppData%\Vivaldi\User Data\*\Local App Settings\|*.* ExcludeKey49=PATH|%LocalAppData%\Vivaldi\User Data\*\Local Extension Settings\|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Session Storage * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Session Storage *] LangSecRef=3029 SpecialDetect=DET_CHROME Detect1=HKCU\Software\7Star Detect2=HKCU\Software\Chromium Detect3=HKCU\Software\Coowon Detect4=HKCU\Software\SuperBird Detect5=HKCU\Software\Torch Detect6=HKCU\Software\Vivaldi Default=False FileKey1=%AppData%\Brave\*\Session Storage|*.*|RECURSE FileKey2=%LocalAppData%\7Star\7Star\User Data\*\Session Storage|*.*|RECURSE FileKey3=%LocalAppData%\Amigo\User Data\*\Session Storage|*.*|RECURSE FileKey4=%LocalAppData%\Chrome Plus\User Data\*\Session Storage|*.*|RECURSE FileKey5=%LocalAppData%\Chromium\User Data\*\Session Storage|*.*|RECURSE FileKey6=%LocalAppData%\Coowon\Coowon\User Data\*\Session Storage|*.*|RECURSE FileKey7=%LocalAppData%\Flock\User Data\*\Session Storage|*.*|RECURSE FileKey8=%LocalAppData%\Google\Chrome*\User Data\*\Session Storage|*.*|RECURSE FileKey9=%LocalAppData%\Rockmelt\User Data\*\Session Storage|*.*|RECURSE FileKey10=%LocalAppData%\SRWare Iron\User Data\*\Session Storage|*.*|RECURSE FileKey11=%LocalAppData%\SuperBird\User Data\*\Session Storage|*.*|RECURSE FileKey12=%LocalAppData%\Torch\User Data\*\Session Storage|*.*|RECURSE FileKey13=%LocalAppData%\Vivaldi\User Data\*\Session Storage|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SuperBird - Internet Traces * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SuperBird - Internet Traces *] LangSecRef=3029 Detect=HKCU\Software\SuperBird Default=False FileKey1=%LocalAppData%\SuperBird\User Data\*|Cookies*;Current Tabs;Current session;Last Tabs;Last Session;Login Data;Archived History*;History*;visited links;Favicons* FileKey2=%LocalAppData%\SuperBird\User Data\*\Cache|*.*|RECURSE FileKey3=%LocalAppData%\SuperBird\User Data\*\JumpListIcons*|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bookmark Backups * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bookmark Backups *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\bookmarkbackups|*.json* FileKey2=%AppData%\Mozilla\Firefox\Profiles\*\bookmarkbackups|*.json* FileKey3=%AppData%\Mozilla\SeaMonkey\Profiles\*\bookmarkbackups|*.json* FileKey4=%AppData%\Waterfox\Profiles\*\bookmarkbackups|*.json* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Corrupt SQLites * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Corrupt SQLites *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles|*.corrupt|RECURSE FileKey2=%AppData%\Mozilla\Firefox\Profiles|*.corrupt|RECURSE FileKey3=%AppData%\Mozilla\SeaMonkey\Profiles|*.corrupt|RECURSE FileKey4=%AppData%\Waterfox\Profiles|*.corrupt|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Crash Files * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Crash Files *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Crash Reports|*.*|RECURSE FileKey2=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\minidumps|*.* FileKey3=%AppData%\Mozilla\Firefox\Crash Reports|*.*|RECURSE FileKey4=%AppData%\Mozilla\Firefox\Profiles\*\minidumps|*.* FileKey5=%AppData%\Mozilla\SeaMonkey\Crash Reports|*.*|RECURSE FileKey6=%AppData%\Mozilla\SeaMonkey\Profiles\*\minidumps|*.* FileKey7=%AppData%\Waterfox\Crash Reports|*.*|RECURSE FileKey8=%AppData%\Waterfox\Profiles\*\minidumps|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Firefox HTML5 Storage * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Firefox HTML5 Storage *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\storage|*.*|RECURSE FileKey2=%AppData%\Mozilla\Firefox\Profiles\*\storage|*.*|RECURSE FileKey3=%AppData%\Mozilla\SeaMonkey\Profiles\*\storage|*.*|RECURSE FileKey4=%AppData%\Waterfox\Profiles\*\storage|*.*|RECURSE ExcludeKey1=PATH|%AppData%\Moonchild Productions\Pale Moon\Profiles\*\storage\default\moz-extension*\|*.* ExcludeKey2=PATH|%AppData%\Mozilla\Firefox\Profiles\*\storage\default\moz-extension*\|*.* ExcludeKey3=PATH|%AppData%\Mozilla\SeaMonkey\Profiles\*\storage\default\moz-extension*\|*.* ExcludeKey4=PATH|%AppData%\Waterfox\Profiles\*\storage\default\moz-extension*\|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Firefox Logs * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Firefox Logs *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon|*.log|RECURSE FileKey2=%AppData%\Moonchild Productions\Pale Moon\Profiles|TestPilotErrorLog.*|RECURSE FileKey3=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\weave\logs|*.* FileKey4=%AppData%\Mozilla\Firefox|*.log|RECURSE FileKey5=%AppData%\Mozilla\Firefox\Profiles|TestPilotErrorLog.*|RECURSE FileKey6=%AppData%\Mozilla\Firefox\Profiles\*\weave\logs|*.* FileKey7=%AppData%\Mozilla\SeaMonkey|*.log|RECURSE FileKey8=%AppData%\Mozilla\SeaMonkey\Profiles|TestPilotErrorLog.*|RECURSE FileKey9=%AppData%\Mozilla\SeaMonkey\Profiles\*\weave\logs|*.* FileKey10=%AppData%\Waterfox|*.log|RECURSE FileKey11=%AppData%\Waterfox\Profiles|TestPilotErrorLog.*|RECURSE FileKey12=%AppData%\Waterfox\Profiles\*\weave\logs|*.* FileKey13=%CommonAppData%\Mozilla*\logs|*.* FileKey14=%LocalAppData%\Moonchild Productions\Pale Moon\*\updates|*.*|RECURSE FileKey15=%LocalAppData%\Mozilla\Firefox\*\updates|*.*|RECURSE FileKey16=%LocalAppData%\Mozilla\SeaMonkey\*\updates|*.*|RECURSE FileKey17=%LocalAppData%\Mozilla\Updates|*.*|RECURSE FileKey18=%LocalAppData%\Waterfox\*\updates|*.*|RECURSE FileKey19=%ProgramFiles%\Mozilla Firefox|*.log FileKey20=%ProgramFiles%\Mozilla Maintenance Service\logs|*.log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Lock Files * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Lock Files *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|*.lock FileKey2=%AppData%\Mozilla\Firefox\Profiles\*|*.lock FileKey3=%AppData%\Mozilla\SeaMonkey\Profiles\*|*.lock FileKey4=%AppData%\Waterfox\Profiles\*|*.lock ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Startup Cache * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Startup Cache *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%LocalAppData%\Moonchild Productions\Pale Moon\Profiles\*\startupCache|*.* FileKey2=%LocalAppData%\Mozilla\Firefox\Profiles\*\startupCache|*.* FileKey3=%LocalAppData%\Mozilla\SeaMonkey\Profiles\*\startupCache|*.* FileKey4=%LocalAppData%\Waterfox\Profiles\*\startupCache|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Telemetry * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Telemetry *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|Telemetry*.* FileKey2=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\datareporting\archived|*.jsonlz4|RECURSE FileKey3=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\saved-telemetry-pings|*.* FileKey4=%AppData%\Mozilla\Firefox\Profiles\*|Telemetry*.* FileKey5=%AppData%\Mozilla\Firefox\Profiles\*\datareporting\archived|*.jsonlz4|RECURSE FileKey6=%AppData%\Mozilla\Firefox\Profiles\*\saved-telemetry-pings|*.* FileKey7=%AppData%\Mozilla\SeaMonkey\Profiles\*|Telemetry*.* FileKey8=%AppData%\Mozilla\SeaMonkey\Profiles\*\datareporting\archived|*.jsonlz4|RECURSE FileKey9=%AppData%\Mozilla\SeaMonkey\Profiles\*\saved-telemetry-pings|*.* FileKey10=%AppData%\Waterfox\Profiles\*|Telemetry*.* FileKey11=%AppData%\Waterfox\Profiles\*\datareporting\archived|*.jsonlz4|RECURSE FileKey12=%AppData%\Waterfox\Profiles\*\saved-telemetry-pings|*.* FileKey13=%LocalAppData%\Moonchild Productions\Pale Moon\Profiles\*|ShutdownDuration.* FileKey14=%LocalAppData%\Mozilla\Firefox\Profiles\*|ShutdownDuration.* FileKey15=%LocalAppData%\Mozilla\SeaMonkey\Profiles\*|ShutdownDuration.* FileKey16=%LocalAppData%\Waterfox\Profiles\*|ShutdownDuration.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Temps * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Temps *] LangSecRef=3026 SpecialDetect=DET_MOZILLA Default=False FileKey1=%ProgramFiles%\Mozilla*|*.tmp|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ urlclassifier3.sqlite * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [urlclassifier3.sqlite *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False Warning=This will delete urlclassifier3.sqlite. If you just want to reduce its size, select Compact Databases instead. FileKey1=%LocalAppData%\Moonchild Productions\Pale Moon\Profiles\*|urlclassifier3.sqlite FileKey2=%LocalAppData%\Mozilla\Firefox\Profiles\*|urlclassifier3.sqlite FileKey3=%LocalAppData%\Mozilla\SeaMonkey\Profiles\*|urlclassifier3.sqlite FileKey4=%LocalAppData%\Waterfox\Profiles\*|urlclassifier3.sqlite ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ webappsstore.sqlite * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [webappsstore.sqlite *] LangSecRef=3026 SpecialDetect=DET_MOZILLA DetectFile1=%AppData%\Moonchild Productions\Pale Moon DetectFile2=%AppData%\Mozilla\SeaMonkey DetectFile3=%AppData%\Waterfox Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|webappsstore.sqlite FileKey2=%AppData%\Mozilla\Firefox\Profiles\*|webappsstore.sqlite FileKey3=%AppData%\Mozilla\SeaMonkey\Profiles\*|webappsstore.sqlite FileKey4=%AppData%\Waterfox\Profiles\*|webappsstore.sqlite ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Email Index * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Email Index *] LangSecRef=3030 SpecialDetect=DET_THUNDERBIRD Detect=HKLM\Software\Mozilla\FossaMail Default=False Warning=This will cause your message index to be deleted, searching emails may be slow until it is rebuilt. FileKey1=%AppData%\FossaMail\Profiles|global-messages-db.sqlite|RECURSE FileKey2=%AppData%\Thunderbird\Profiles|global-messages-db.sqlite|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Filter Logs * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Filter Logs *] LangSecRef=3030 SpecialDetect=DET_THUNDERBIRD Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Profiles\*|filterlog.html|RECURSE FileKey2=%AppData%\Thunderbird\Profiles\*|filterlog.html|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Thunderbird Corrupt SQLites * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Thunderbird Corrupt SQLites *] LangSecRef=3030 SpecialDetect=DET_THUNDERBIRD Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Profiles|*.corrupt|RECURSE FileKey2=%AppData%\Thunderbird\Profiles|*.corrupt|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Thunderbird Crash Files * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Thunderbird Crash Files *] LangSecRef=3030 SpecialDetect=DET_THUNDERBIRD Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Crash Reports|*.*|RECURSE FileKey2=%AppData%\FossaMail\Profiles\*\Minidumps|*.* FileKey3=%AppData%\Thunderbird\Crash Reports|*.*|RECURSE FileKey4=%AppData%\Thunderbird\Profiles\*\Minidumps|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Thunderbird Logs * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Thunderbird Logs *] LangSecRef=3030 SpecialDetect=DET_THUNDERBIRD Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Profiles\*|extensions.log;TestPilotErrorLog.*|RECURSE FileKey2=%AppData%\Thunderbird\Profiles\*|extensions.log;TestPilotErrorLog.*|RECURSE FileKey3=%CommonAppData%\Mozilla*\logs|*.*|RECURSE FileKey4=%LocalAppData%\FossaMail\Mozilla\*\Updates|*.log|RECURSE FileKey5=%LocalAppData%\Thunderbird\Mozilla\*\Updates|*.log|RECURSE FileKey6=%ProgramFiles%\FossaMail|*.log FileKey7=%ProgramFiles%\Mozilla Thunderbird|*.log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Thunderbird Startup Cache * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Thunderbird Startup Cache *] LangSecRef=3030 SpecialDetect=DET_THUNDERBIRD Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%LocalAppData%\FossaMail\Profiles\*\startupCache|*.* FileKey2=%LocalAppData%\Thunderbird\Profiles\*\startupCache|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Thunderbird webappsstore.sqlite * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Thunderbird webappsstore.sqlite *] LangSecRef=3030 SpecialDetect=DET_THUNDERBIRD Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Profiles\*|webappsstore.sqlite FileKey2=%AppData%\Thunderbird\Profiles\*|webappsstore.sqlite ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ .NET Framework Temps * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [.NET Framework Temps *] LangSecRef=3025 Detect=HKLM\Software\Microsoft\.NETFramework Default=False FileKey1=%WinDir%\assembly\NativeImages_*\Temp|*.*|RECURSE FileKey2=%WinDir%\assembly\t*mp|*.*|REMOVESELF FileKey3=%WinDir%\Microsoft.NET\Framework*\*\*\Logs|*.*|RECURSE FileKey4=%WinDir%\Microsoft.NET\Framework*\*\Temporary ASP.NET Files|*.*|REMOVESELF FileKey5=%WinDir%\Microsoft.NET\Framework*\v4.0.30319\SetupCache|*.*|RECURSE FileKey6=%WinDir%\System32\URTTemp|*.*|RECURSE RegKey1=HKCU\Software\Microsoft\.NETFramework\SQM\Apps ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 3D Builder * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [3D Builder *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.3DBuilder_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.3DBuilder_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.3DBuilder_*\AC\Temp|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.3DBuilder_*\LocalCache|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.3DBuilder_*\LocalState\Cache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.3DBuilder_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.3DBuilder_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 7Star Browser - Cookies * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [7Star Browser - Cookies *] LangSecRef=3029 Detect=HKCU\Software\7Star Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\Default|Cookies;Cookies-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 7Star Browser - GPU Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [7Star Browser - GPU Cache *] LangSecRef=3029 Detect=HKCU\Software\7Star Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\Default\GPUCache|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 7Star Browser - Internet Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [7Star Browser - Internet Cache *] LangSecRef=3029 Detect=HKCU\Software\7Star Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\Default|Favicons;Favicons-journal FileKey2=%LocalAppData%\7Star\7Star\User Data\Default\Cache|*.*|REMOVESELF ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 7Star Browser - Internet History * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [7Star Browser - Internet History *] LangSecRef=3029 Detect=HKCU\Software\7Star Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\*|Archived History;Archived History-journal;History;History Provider Cache;History-journal;Visited Links;Top Sites;Top Sites-journal FileKey2=%LocalAppData%\7Star\7Star\User Data\*\JumpListIcons*|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 7Star Browser - Local Storage * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [7Star Browser - Local Storage *] LangSecRef=3029 Detect=HKCU\Software\7Star Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\*\Local Storage|http*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 7Star Browser - Login Data * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [7Star Browser - Login Data *] LangSecRef=3029 Detect=HKCU\Software\7Star Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\Default|Login Data;Login Data-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 7Star Browser - Logs * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [7Star Browser - Logs *] LangSecRef=3029 Detect=HKCU\Software\7Star Default=False FileKey1=%LocalAppData%\7Star\7Star\Application|debug.log FileKey2=%LocalAppData%\7Star\7Star\User Data\*\Extension State|LOG.*;*.log;Log FileKey3=%LocalAppData%\7Star\7Star\User Data\*\Session Storage|LOG.*;*.log;Log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 7Star Browser - Session * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [7Star Browser - Session *] LangSecRef=3029 Detect=HKCU\Software\7Star Default=False FileKey1=%LocalAppData%\7Star\7Star\User Data\*|Current Tabs;Current session;Last Tabs;Last Session ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 360 Browser - Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [360 Browser - Cache *] LangSecRef=3029 Detect=HKCU\Software\360Browser\Browser Default=False FileKey1=%LocalAppData%\360Browser\Browser\User Data\Default|*-journal* FileKey2=%LocalAppData%\360Browser\Browser\User Data\Default\Cache|*.* FileKey3=%LocalAppData%\360Browser\Browser\User Data\Default\Local Storage|*.* ExcludeKey1=FILE|%LocalAppData%\360Browser\Browser\User Data\Default\|Login data-journal ExcludeKey2=FILE|%LocalAppData%\360Browser\Browser\User Data\Default\|switcher-journal ExcludeKey3=FILE|%LocalAppData%\360Browser\Browser\User Data\Default\|Web data-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 360 Browser - Cookies * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [360 Browser - Cookies *] LangSecRef=3029 Detect=HKCU\Software\360Browser\Browser Default=False FileKey1=%LocalAppData%\360Browser\Browser\User Data\Default|Cookies ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 360 Browser - History * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [360 Browser - History *] LangSecRef=3029 Detect=HKCU\Software\360Browser\Browser Default=False FileKey1=%LocalAppData%\360Browser\Browser\User Data\Default|Archived History;Current Tabs;History Provider Cache;Network Action Predictor;Top Sites;Visited Links ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ 360 Browser - Session * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [360 Browser - Session *] LangSecRef=3029 Detect=HKCU\Software\360Browser\Browser Default=False FileKey1=%LocalAppData%\360Browser\Browser\User Data\Default|Current* FileKey2=%LocalAppData%\360Browser\Browser\User Data\Default|Last* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Accounts Control * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Accounts Control *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.AccountsControl_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\Microsoft.AccountsControl_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.AccountsControl_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.AccountsControl_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.AccountsControl_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.AccountsControl_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.AccountsControl_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.AccountsControl_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.AccountsControl_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ AccuWeather * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [AccuWeather *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8 DetectFile=%LocalAppData%\Packages\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8 Default=False FileKey1=%LocalAppData%\Packages\AccuWeather.AccuWeatherforWindows8_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\AccuWeather.AccuWeatherforWindows8_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.log|RECURSE FileKey3=%LocalAppData%\Packages\AccuWeather.AccuWeatherforWindows8_*\AC\Temp|*.* FileKey4=%LocalAppData%\Packages\AccuWeather.AccuWeatherforWindows8_*\LocalState|*.tmp FileKey5=%LocalAppData%\Packages\AccuWeather.AccuWeatherforWindows8_*\TempState\Bing.Maps\Cache|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\AccuWeather.AccuWeatherforWindows8_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe CC * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe CC *] LangSecRef=3021 Detect=HKCU\Software\Adobe\CreativeCloud Default=False FileKey1=%AppData%\Adobe\Adobe Media Encoder\12.0\logs|*.*|RECURSE FileKey2=%AppData%\Adobe\Adobe Photoshop CC 2018\Adobe Photoshop CC 2018 Settings\CrashLogs|*.*|RECURSE FileKey3=%AppData%\Adobe\Adobe Photoshop CC 2018\Adobe Photoshop CC 2018 Settings\web-cache-temp|*.*|RECURSE FileKey4=%AppData%\Adobe\Adobe Photoshop CC 2018\Logs|*.*|RECURSE FileKey5=%AppData%\Adobe\CRLogs|*.*|RECURSE FileKey6=%AppData%\Adobe\dynamiclinkmanager\12.0\logs|*.*|RECURSE FileKey7=%AppData%\Adobe\Extension Manager CC\Log|*.*|RECURSE FileKey8=%AppData%\Adobe\Extension Manager CC\Temp|*.*|RECURSE FileKey9=%AppData%\Adobe\LogTransport2CC\Logs|*.*|RECURSE FileKey10=%AppData%\Adobe\Lumetri\9.0\logs|*.*|RECURSE FileKey11=%AppData%\Adobe\Premiere Pro\12.0|Plugin Loading.log FileKey12=%AppData%\Adobe\Premiere Pro\12.0\logs|*.*|RECURSE FileKey13=%CommonProgramFiles%\Adobe\Installers|CoreSyncInstall.log;Install.log FileKey14=%Documents%\Adobe|*.log FileKey15=%Documents%\Adobe\Adobe Media Encoder\12.0\logs|*.*|RECURSE FileKey16=%Documents%\Adobe\Premiere Pro\12.0|Plugin Loading.log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe CS * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe CS *] LangSecRef=3021 DetectFile=%AppData%\Adobe\CS*ServiceManager Default=False FileKey1=%AppData%\Adobe\CS*ServiceManager\Cache|*.*|RECURSE FileKey2=%AppData%\Adobe\CS*ServiceManager\Logs|*.*|RECURSE FileKey3=%AppData%\com.adobe.downloadassistant.AdobeDownloadAssistant|*.log|RECURSE FileKey4=%Documents%\Adobe\Adobe Media Encoder\6.0.0|*.log FileKey5=%LocalAppData%\Akamai\Cache|*.* FileKey6=%LocalAppData%\Akamai\Logs|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Dreamweaver * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Dreamweaver *] LangSecRef=3021 Detect=HKCU\Software\Adobe\MediaBrowser\MRU\Dreamweaver Default=False FileKey1=%AppData%\Adobe\Dreamweaver CS*\*\Configuration\logs|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Elements Organizer * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Elements Organizer *] LangSecRef=3021 Detect=HKCU\Software\Adobe\Elements Organizer Default=False FileKey1=%AppData%\Adobe\amecommand\6.0|Plugin Loading.log FileKey2=%AppData%\Adobe\Elements Organizer\*\Organizer|*.txt;status.dat FileKey3=%AppData%\Adobe\Elements Smart Tag Agent\*\Logs|*.log FileKey4=%AppData%\Adobe\LogTransport2\Logs|*.*|RECURSE FileKey5=%CommonAppData%|StreamingMediaTechnologyLog.txt FileKey6=%CommonAppData%\Adobe\Elements Organizer\Catalogs\My Catalog|face.thumb.9.cache;thumb.5.cache FileKey7=%CommonAppData%\Adobe\Elements Organizer\Catalogs\My Catalog\WaldoData|waldo.cache FileKey8=%CommonAppData%\Adobe\Elements Organizer\Catalogs\My Catalog\Watch Folder|*.txt;*.xml RegKey1=HKCU\Software\Adobe\Elements Organizer\11.0\CurrentMediaFilePath RegKey2=HKCU\Software\Adobe\Elements Organizer\12.0\CurrentMediaFilePath RegKey3=HKCU\Software\Adobe\Elements Organizer\13.0\CurrentMediaFilePath RegKey4=HKCU\Software\Adobe\Elements Organizer\14.0\CurrentMediaFilePath RegKey5=HKCU\Software\Adobe\Elements Organizer\15.0\CurrentMediaFilePath ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe My Digital Editions * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe My Digital Editions *] LangSecRef=3023 DetectFile=%Documents%\My Digital Editions Default=False FileKey1=%Documents%\My Digital Editions|import.log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Photoshop * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Photoshop *] LangSecRef=3021 Detect=HKCU\Software\Adobe\Photoshop Default=False FileKey1=%AppData%\Adobe\Adobe Photoshop*\Generator\logs|*.* FileKey2=%AppData%\Adobe\Bridge*\Cache\Thumbnails|*.*|RECURSE FileKey3=%AppData%\Adobe\CameraRaw\Cache|*.*|RECURSE FileKey4=%AppData%\Adobe\FileBrowser\PhotoshopCS|*.* FileKey5=%AppData%\Adobe\Photoshop Album\*.*|Logse*.txt FileKey6=%Pictures%|.BridgeSort|RECURSE RegKey1=HKCU\Software\Adobe\Photoshop\5.5\VisitedDirs RegKey2=HKCU\Software\Adobe\Photoshop\90.0\VisitedDirs ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Photoshop Elements * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Photoshop Elements *] LangSecRef=3021 Detect=HKCU\Software\Adobe\Photoshop Elements Default=False FileKey1=%AppData%\Adobe\LogTransport2\Logs|*.*|RECURSE FileKey2=%AppData%\Adobe\Photoshop Elements\*\Editor|*.txt FileKey3=%CommonAppData%\Adobe\Photoshop Elements\File Agent|WatchFolder.3.cache RegKey1=HKCU\Software\Adobe\Photoshop Elements\11.0\common\settings\Elements MRU RegKey2=HKCU\Software\Adobe\Photoshop Elements\11.0\CurrentMediaFilePath RegKey3=HKCU\Software\Adobe\Photoshop Elements\11.0\VisitedDirs|STARTUPIMAGEDIRECTORY RegKey4=HKCU\Software\Adobe\Photoshop Elements\12.0\common\settings\Elements MRU RegKey5=HKCU\Software\Adobe\Photoshop Elements\12.0\CurrentMediaFilePath RegKey6=HKCU\Software\Adobe\Photoshop Elements\12.0\VisitedDirs|STARTUPIMAGEDIRECTORY RegKey7=HKCU\Software\Adobe\Photoshop Elements\13.0\common\settings\Elements MRU RegKey8=HKCU\Software\Adobe\Photoshop Elements\13.0\CurrentMediaFilePath RegKey9=HKCU\Software\Adobe\Photoshop Elements\13.0\VisitedDirs|STARTUPIMAGEDIRECTORY RegKey10=HKCU\Software\Adobe\Photoshop Elements\14.0\common\settings\Elements MRU RegKey11=HKCU\Software\Adobe\Photoshop Elements\14.0\CurrentMediaFilePath RegKey12=HKCU\Software\Adobe\Photoshop Elements\14.0\VisitedDirs|STARTUPIMAGEDIRECTORY RegKey13=HKCU\Software\Adobe\Photoshop Elements\15.0\common\settings\Elements MRU RegKey14=HKCU\Software\Adobe\Photoshop Elements\15.0\CurrentMediaFilePath RegKey15=HKCU\Software\Adobe\Photoshop Elements\15.0\VisitedDirs|STARTUPIMAGEDIRECTORY ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Premiere Elements * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Premiere Elements *] LangSecRef=3021 Detect=HKCU\Software\Adobe\Premiere Elements Default=False FileKey1=%AppData%\Adobe\LogTransport2\Logs|*.*|RECURSE FileKey2=%AppData%\Adobe\Premiere Elements\*|Plugin Loading.log FileKey3=%AppData%\Adobe\Premiere Elements\*\logs|*.*|RECURSE FileKey4=%Documents%\Adobe\Premiere Elements\*|*.log FileKey5=%Documents%\NewBlueFX\Logs|*.txt RegKey1=HKCU\Software\Adobe\Premiere Elements\11.0\MRUDocuments RegKey2=HKCU\Software\Adobe\Premiere Elements\12.0\MRUDocuments RegKey3=HKCU\Software\Adobe\Premiere Elements\13.0\MRUDocuments RegKey4=HKCU\Software\Adobe\Premiere Elements\14.0\MRUDocuments RegKey5=HKCU\Software\Adobe\Premiere Elements\15.0\MRUDocuments ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Premiere Pro * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Premiere Pro *] LangSecRef=3021 Detect1=HKCU\Software\Adobe\Premiere Pro\2.0 Detect2=HKCU\Software\Adobe\Premiere Pro\7.0 Detect3=HKLM\Software\Adobe\Premiere Pro\7.0 Default=False FileKey1=%Documents%\Adobe\Premiere Pro\2.0|*.prproj FileKey2=%Documents%\Adobe\Premiere Pro\2.0\Adobe Premiere Pro Auto-Save|*.prproj FileKey3=%Documents%\Adobe\Premiere Pro\2.0\Adobe Premiere Pro Preview Files|*.*|RECURSE FileKey4=%Documents%\Adobe\Premiere Pro\2.0\Encoded Files|*.* FileKey5=%Documents%\Adobe\Premiere Pro\2.0\Media Cache Files|*.* FileKey6=%LocalAppData%\VirtualStore\Program Files*\Adobe\Adobe Premiere Pro CC\cache|*-*-*.cache FileKey7=%LocalAppData%\VirtualStore\Program Files*\Adobe\Adobe Premiere Pro CC\Required\data\cache|*.pcache ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Updater * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Updater *] LangSecRef=3021 Detect=HKCU\Software\Adobe Default=False FileKey1=%AppData%\Adobe\Acrobat\*\Updater|*.log FileKey2=%AppData%\Adobe\LogTransport*\Logs|ulog_*.tmp FileKey3=%CommonAppData%\Adobe\ARM|*.*|RECURSE FileKey4=%LocalAppData%\Adobe\AAMUpdater|*.Log|RECURSE FileKey5=%LocalAppData%\Adobe\Acrobat\*\Updater|*.log FileKey6=%LocalAppData%\Adobe\Updater*|*.log|RECURSE FileKey7=%ProgramFiles%\Common Files\Adobe\Installers|*.log.gz|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Angry Birds Space * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Angry Birds Space *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\1ED5AEA5.AngryBirdsSpace_p2gbknwb5d8r2 DetectFile=%LocalAppData%\Packages\1ED5AEA5.AngryBirdsSpace_p2gbknwb5d8r2 Default=False FileKey1=%LocalAppData%\Packages\*.AngryBirdsSpace_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*.AngryBirdsSpace_*\AC\Microsoft\CryptnetUrlCache\*|*.* ExcludeKey1=FILE|%LocalAppData%\Packages\*.AngryBirdsSpace_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Angry Birds Star Wars * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Angry Birds Star Wars *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\1ED5AEA5.AngryBirdsBlack_p2gbknwb5d8r2 DetectFile=%LocalAppData%\Packages\1ED5AEA5.AngryBirdsBlack_p2gbknwb5d8r2 Default=False FileKey1=%LocalAppData%\Packages\*.AngryBirdsBlack_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*.AngryBirdsBlack_*\AC\Microsoft\CryptnetUrlCache\*|*.* ExcludeKey1=FILE|%LocalAppData%\Packages\*.AngryBirdsBlack_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ AOL * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [AOL *] LangSecRef=3022 Detect=HKCU\Software\America Online Default=False FileKey1=%AppData%\AOL\C_AOL*|*.tmp|RECURSE FileKey2=%CommonAppData%\AOL Downloads|*.*|RECURSE FileKey3=%CommonAppData%\AOL\C_AOL*|*.tmp|RECURSE FileKey4=%CommonAppData%\AOL\C_AOL*\bart|*.*|RECURSE FileKey5=%CommonAppData%\AOL\C_AOL*\spool|*.*|RECURSE FileKey6=%LocalAppData%\VirtualStore\ProgramData\AOL Downloads|*.*|RECURSE FileKey7=%LocalAppData%\VirtualStore\ProgramData\AOL\C_AOL*|*.tmp|RECURSE FileKey8=%LocalAppData%\VirtualStore\ProgramData\AOL\C_AOL*\bart|*.*|RECURSE FileKey9=%LocalAppData%\VirtualStore\ProgramData\AOL\C_AOL*\spool|*.*|RECURSE RegKey1=HKCU\Software\America Online\AOL Instant Messenger T\CurrentVersion\recent IM ScreenNames RegKey2=HKCU\Software\America Online\AOL Instant Messenger T\CurrentVersion\recent ScreenNames RegKey3=HKCU\Software\America Online\AOL Instant Messenger T\CurrentVersion\Users ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Ashampoo Burning Studio * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Ashampoo Burning Studio *] LangSecRef=3021 Detect1=HKCU\Software\Ashampoo\Ashampoo Burning Studio 5 Detect2=HKCU\Software\Ashampoo\Ashampoo Burning Studio 6 Detect3=HKCU\Software\Ashampoo\Ashampoo Burning Studio 7 Detect4=HKCU\Software\Ashampoo\Ashampoo Burning Studio 8 Detect5=HKCU\Software\Ashampoo\Ashampoo Burning Studio 12 Detect6=HKCU\Software\Ashampoo\Ashampoo Burning Studio 14 Detect7=HKCU\Software\Ashampoo\Ashampoo Burning Studio 15 Detect8=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16 Detect9=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18 Detect10=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19 Detect11=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2007 Detect12=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016 Detect13=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017 Detect14=HKLM\Software\Ashampoo\Ashampoo Burning Studio 2009 Default=False FileKey1=%AppData%\Ashampoo|*.xml;*.txt|RECURSE FileKey2=%LocalAppData%\ashampoo\BaNT|*.*|RECURSE RegKey1=HKCU\Software\Ashampoo\Ashampoo Burning Studio 5\Burn Image Project\SelectImage RegKey2=HKCU\Software\Ashampoo\Ashampoo Burning Studio 5\Data Disc Project\AddDialog RegKey3=HKCU\Software\Ashampoo\Ashampoo Burning Studio 5\Data Disc Project\DumpImage RegKey4=HKCU\Software\Ashampoo\Ashampoo Burning Studio 5\Unknown Project\AddDialog RegKey5=HKCU\Software\Ashampoo\Ashampoo Burning Studio 6\Burn Image Project\SelectImage RegKey6=HKCU\Software\Ashampoo\Ashampoo Burning Studio 6\Data Disc Project\AddDialog RegKey7=HKCU\Software\Ashampoo\Ashampoo Burning Studio 6\Unknown Project\AddDialog RegKey8=HKCU\Software\Ashampoo\Ashampoo Burning Studio 7\Burn Image Project\SelectImage RegKey9=HKCU\Software\Ashampoo\Ashampoo Burning Studio 7\Data Disc Project\AddDialog RegKey10=HKCU\Software\Ashampoo\Ashampoo Burning Studio 7\Unknown Project\AddDialog RegKey11=HKCU\Software\Ashampoo\Ashampoo Burning Studio 8\Data Disc Project\AddDialog RegKey12=HKCU\Software\Ashampoo\Ashampoo Burning Studio 14\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory RegKey13=HKCU\Software\Ashampoo\Ashampoo Burning Studio 14\tempFiles RegKey14=HKCU\Software\Ashampoo\Ashampoo Burning Studio 15\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory RegKey15=HKCU\Software\Ashampoo\Ashampoo Burning Studio 15\tempFiles RegKey16=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Audio Disc Project\SaveDialog_CPlaylistDlgEx|InitialDirectory RegKey17=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Backup Project\BackupOptions|CustomLocation RegKey18=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\BDMV Disc Project\SelectBDMVFolder|BdmvPath RegKey19=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Browse Image Project\BrowseImageFile|ImagePath RegKey20=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Browse Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey21=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Burn Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey22=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Burn Image Project\SelectImage|ImagePath RegKey23=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Data Disc Project\DumpImage|ImagePath RegKey24=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory RegKey25=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\DVD-Video Disc Project\MoviesPage|Path RegKey26=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\DVD-Video Disc Project\SaveDialog_authed.CMoviesPage.Movies|InitialDirectory RegKey27=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Logs RegKey28=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\tempFiles RegKey29=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\Unknown Project RegKey30=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\VCD Project\SaveDialog_OnAddMovies|InitialDirectory RegKey31=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\VIDEO_TS Disc Project\DumpImage|ImagePath RegKey32=HKCU\Software\Ashampoo\Ashampoo Burning Studio 16\VIDEO_TS Disc Project\SelectVideoTSFolder|VideoTSPath RegKey33=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Audio Disc Project\SaveDialog_CPlaylistDlgEx|InitialDirectory RegKey34=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Backup Project\BackupOptions|CustomLocation RegKey35=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\BDMV Disc Project\SelectBDMVFolder|BdmvPath RegKey36=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Browse Image Project\BrowseImageFile|ImagePath RegKey37=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Browse Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey38=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Burn Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey39=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Burn Image Project\SelectImage|ImagePath RegKey40=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Data Disc Project\DumpImage|ImagePath RegKey41=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory RegKey42=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\DVD-Video Disc Project\MoviesPage|Path RegKey43=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\DVD-Video Disc Project\SaveDialog_authed.CMoviesPage.Movies|InitialDirectory RegKey44=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Logs RegKey45=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\tempFiles RegKey46=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Unknown Project RegKey47=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\VCD Project\SaveDialog_OnAddMovies|InitialDirectory RegKey48=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\VIDEO_TS Disc Project\DumpImage|ImagePath RegKey49=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\VIDEO_TS Disc Project\SelectVideoTSFolder|VideoTSPath RegKey50=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Audio Disc Project\SaveDialog_CPlaylistDlgEx|InitialDirectory RegKey51=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Backup Project\BackupOptions|CustomLocation RegKey52=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\BDMV Disc Project\SelectBDMVFolder|BdmvPath RegKey53=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Browse Image Project\BrowseImageFile|ImagePath RegKey54=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Browse Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey55=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Burn Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey56=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Burn Image Project\SelectImage|ImagePath RegKey57=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Data Disc Project\DumpImage|ImagePath RegKey58=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory RegKey59=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\DVD-Video Disc Project\MoviesPage|Path RegKey60=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\DVD-Video Disc Project\SaveDialog_authed.CMoviesPage.Movies|InitialDirectory RegKey61=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Logs RegKey62=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\tempFiles RegKey63=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\Unknown Project RegKey64=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\VCD Project\SaveDialog_OnAddMovies|InitialDirectory RegKey65=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\VIDEO_TS Disc Project\DumpImage|ImagePath RegKey66=HKCU\Software\Ashampoo\Ashampoo Burning Studio 19\VIDEO_TS Disc Project\SelectVideoTSFolder|VideoTSPath RegKey67=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2007\Burn Image Project\AddDialog RegKey68=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2007\Data Disc Project\AddDialog RegKey69=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2007\Dump Image Project\DumpImage RegKey70=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2007\Unknown Project\AddDialog RegKey71=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Audio Disc Project\SaveDialog_CPlaylistDlgEx|InitialDirectory RegKey72=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Backup Project\BackupOptions|CustomLocation RegKey73=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Browse Image Project\BrowseImageFile|ImagePath RegKey74=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Browse Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey75=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Burn Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey76=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Burn Image Project\SelectImage|ImagePath RegKey77=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Data Disc Project\DumpImage|ImagePath RegKey78=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory RegKey79=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Logs RegKey80=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\tempFiles RegKey81=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\Unknown Project RegKey82=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\VCD Project\SaveDialog_OnAddMovies|InitialDirectory RegKey83=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\VIDEO_TS Disc Project\DumpImage|ImagePath RegKey84=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2016\VIDEO_TS Disc Project\SelectVideoTSFolder|VideoTSPath RegKey85=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Audio Disc Project\SaveDialog_CPlaylistDlgEx|InitialDirectory RegKey86=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Backup Project\BackupOptions|CustomLocation RegKey87=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Browse Image Project\BrowseImageFile|ImagePath RegKey88=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Browse Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey89=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Burn Image Project\SaveDialog_SelectImageBrowse|InitialDirectory RegKey90=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Burn Image Project\SelectImage|ImagePath RegKey91=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Data Disc Project\DumpImage|ImagePath RegKey92=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory RegKey93=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Logs RegKey94=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\tempFiles RegKey95=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\Unknown Project RegKey96=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\VCD Project\SaveDialog_OnAddMovies|InitialDirectory RegKey97=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\VIDEO_TS Disc Project\DumpImage|ImagePath RegKey98=HKCU\Software\Ashampoo\Ashampoo Burning Studio 2017\VIDEO_TS Disc Project\SelectVideoTSFolder|VideoTSPath ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Ashampoo Snap * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Ashampoo Snap *] LangSecRef=3024 Detect1=HKCU\Software\Ashampoo\Ashampoo Snap 7 Detect2=HKCU\Software\Ashampoo\Ashampoo Snap 8 Detect3=HKCU\Software\Ashampoo\Ashampoo Snap 9 Detect4=HKCU\Software\Ashampoo\Ashampoo Snap 10 Default=False FileKey1=%AppData%\Ashampoo\Ashampoo Snap *|*.*|RECURSE FileKey2=%LocalAppData%\ashampoo\BaNT|*.*|RECURSE FileKey3=%LocalAppData%\CrashRpt\UnsentCrashReports|*.*|RECURSE FileKey4=%LocalAppData%\VirtualStore\Program Files*\Ashampoo\Ashampoo Snap *|_NLogMsg.txt FileKey5=%ProgramFiles%\Ashampoo\Ashampoo Snap *|_NLogMsg.txt ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Authhost * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Authhost *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windows.authhost.sso_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\microsoft.windows.authhost.sso_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\LocalState\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\LocalState\navigationHistory|*.*|RECURSE FileKey10=%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\microsoft.windows.authhost.sso_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Aviary Photo Editor * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Aviary Photo Editor *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\57AB5DD0.PhotoEditor_6hb943tstq5q8 DetectFile=%LocalAppData%\Packages\57AB5DD0.PhotoEditor_6hb943tstq5q8 Default=False FileKey1=%LocalAppData%\Packages\57AB5DD0.PhotoEditor_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\57AB5DD0.PhotoEditor_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\57AB5DD0.PhotoEditor_*\AC\Microsoft\CLR_v4.0*|*.log|RECURSE FileKey4=%LocalAppData%\Packages\57AB5DD0.PhotoEditor_*\AC\Microsoft\CLR_v4.0*\NativeImages\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\57AB5DD0.PhotoEditor_*\AC\Temp|*.* FileKey6=%LocalAppData%\Packages\57AB5DD0.PhotoEditor_*\LocalState|*.*|RECURSE FileKey7=%LocalAppData%\Packages\57AB5DD0.PhotoEditor_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\57AB5DD0.PhotoEditor_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing Finance * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing Finance *] DetectOS=6.2|6.3 LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFinance_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.BingFinance_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingFinance_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.BingFinance_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.BingFinance_*\AC\PRICache|*.* FileKey4=%LocalAppData%\Packages\Microsoft.BingFinance_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.BingFinance_*\TempState|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing Food and Drink * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing Food and Drink *] DetectOS=6.2|6.3 LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingFoodAndDrink_*\LocalState\Cache|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing Health and Fitness * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing Health and Fitness *] DetectOS=6.2|6.3 LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingHealthAndFitness_*\LocalState\Cache|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing Maps * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing Maps *] DetectOS=6.2|6.3 LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingMaps_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.BingMaps_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingMaps*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.BingMaps*\AC\Microsoft\CLR_v4.0|*.log|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.BingMaps*\AC\Microsoft\CLR_v4.0\NativeImages\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.BingMaps*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.BingMaps*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.BingMaps*\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\Microsoft.BingMaps*\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\Microsoft.BingMaps*\LocalState\Bing.Maps|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.BingMaps*\LocalState\MapInstrumentation|*.* RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingMaps_8wekyb3d8bbwe\SearchHistory ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing News * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing News *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.BingNews_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingNews_*\AC\Microsoft\CLR_v4.0|*.log|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.BingNews_*\AC\PRICache|*.* FileKey3=%LocalAppData%\Packages\Microsoft.BingNews_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.BingNews_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.BingNews_*\LocalState\navigationHistory|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe\SearchHistory ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing Search * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing Search *] DetectOS=6.2|6.3 LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.Bing_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Bing_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe\SearchHistory ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing Sports * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing Sports *] DetectOS=6.2|6.3 LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingSports_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.BingSports_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingSports_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.BingSports_*\AC\Microsoft\CLR_v4.0|*.log|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.BingSports_*\AC\PRICache|*.* FileKey4=%LocalAppData%\Packages\Microsoft.BingSports_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.BingSports_*\LocalState\navigationHistory|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.BingSports_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingSports_8wekyb3d8bbwe\SearchHistory ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing Travel * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing Travel *] DetectOS=6.2|6.3 LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingTravel_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.BingTravel_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingTravel_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.BingTravel_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.BingTravel_*\AC\PRICache|*.* FileKey4=%LocalAppData%\Packages\Microsoft.BingTravel_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingTravel_8wekyb3d8bbwe\SearchHistory ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Bing Weather * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Bing Weather *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.BingWeather_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\Microsoft\CLR_v4.0|*.log FileKey4=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\PRICache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\Temp|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.BingWeather_*\LocalState|*.tmp FileKey10=%LocalAppData%\Packages\Microsoft.BingWeather_*\LocalState\Cache|*.*|RECURSE FileKey11=%LocalAppData%\Packages\Microsoft.BingWeather_*\LocalState\navigationHistory|*.*|RECURSE FileKey12=%LocalAppData%\Packages\Microsoft.BingWeather_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe\SearchHistory ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Box * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Box *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\134D4F5B.Box_2qk4zy5s3qmee DetectFile=%LocalAppData%\Packages\134D4F5B.Box_2qk4zy5s3qmee Default=False FileKey1=%LocalAppData%\Packages\*Box_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*Box_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\*Box_*\AC\Microsoft\CLR_v4.0*|*.log|RECURSE FileKey4=%LocalAppData%\Packages\*Box_*\AC\Microsoft\CLR_v4.0*\NativeImages\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\*Box_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey6=%LocalAppData%\Packages\*Box_*\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\*Box_*\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\*Box_*\LocalState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\*Box_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Camera * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Camera *] LangSecRef=3031 Detect1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Camera_8wekyb3d8bbwe Detect2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsCamera_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft*Camera_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft*Camera_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft*Camera_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft*Camera_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\Microsoft*Camera_*\AC\PRICache|*.* FileKey6=%LocalAppData%\Packages\Microsoft*Camera_*\AC\Temp|*.* FileKey7=%LocalAppData%\Packages\Microsoft.WindowsCamera_*\LocalCache|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.WindowsCamera_*\LocalState\AppData|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.WindowsCamera_*\LocalState\Cache|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.WindowsCamera_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Camera_8wekyb3d8bbwe\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft*Camera_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ CNN * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [CNN *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\588E6FFA.CNNAppforWindows_cs8eyncph15zy DetectFile=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_cs8eyncph15zy Default=False FileKey1=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\Microsoft\CLR_v4.0|*.log FileKey3=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\Microsoft\CLR_v4.0*\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\PRICache|*.* FileKey5=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\Temp|*.* FileKey6=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Comms Phone * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Comms Phone *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.CommsPhone_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.CommsPhone_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.CommsPhone_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.CommsPhone_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.CommsPhone_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.CommsPhone_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.CommsPhone_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.CommsPhone_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.CommsPhone_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Connectivity Store * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Connectivity Store *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ConnectivityStore_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.ConnectivityStore_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.ConnectivityStore_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.ConnectivityStore_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.ConnectivityStore_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.ConnectivityStore_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.ConnectivityStore_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.ConnectivityStore_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.ConnectivityStore_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Contact Support * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Contact Support *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Windows.ContactSupport_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\Windows.ContactSupport_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Windows.ContactSupport_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Windows.ContactSupport_*\AC\Microsoft\CLR_v4.0*|*.log FileKey4=%LocalAppData%\Packages\Windows.ContactSupport_*\AC\Microsoft\CLR_v4.0*\NativeImages\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Windows.ContactSupport_*\AC\Microsoft\CLR_v4.0*\UsageLogs|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Windows.ContactSupport_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Windows.ContactSupport_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Windows.ContactSupport_*\AC\Temp|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Windows.ContactSupport_*\LocalCache|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Windows.ContactSupport_*\LocalState\Cache|*.*|RECURSE FileKey11=%LocalAppData%\Packages\Windows.ContactSupport_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Windows.ContactSupport_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Content Delivery Manager * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Content Delivery Manager *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\AC\BackgroundTransferApi|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\AC\INet*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\AC\Temp|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\LocalCache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\LocalState\Favicons|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\LocalState\MobilityExperience\ImageCache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\LocalState\OneSettingsResponseCache|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\LocalState\TargetedContentCache|*.*|RECURSE FileKey11=%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Windows.ContentDeliveryManager_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Coowon Browser - Cookies * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Coowon Browser - Cookies *] LangSecRef=3029 Detect=HKCU\Software\Coowon Default=False FileKey1=%LocalAppData%\Coowon\Coowon\User Data\*|Cookies;Cookies-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Coowon Browser - GPU Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Coowon Browser - GPU Cache *] LangSecRef=3029 Detect=HKCU\Software\Coowon Default=False FileKey1=%LocalAppData%\Coowon\Coowon\User Data\*\GPUCache|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Coowon Browser - Internet Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Coowon Browser - Internet Cache *] LangSecRef=3029 Detect=HKCU\Software\Coowon Default=False FileKey1=%LocalAppData%\Coowon\Coowon\User Data\*|Favicons;Favicons-journal FileKey2=%LocalAppData%\Coowon\Coowon\User Data\*\Cache|*.*|REMOVESELF ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Coowon Browser - Internet History * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Coowon Browser - Internet History *] LangSecRef=3029 Detect=HKCU\Software\Coowon Default=False FileKey1=%LocalAppData%\Coowon\Coowon\User Data\*|Archived History;Archived History-journal;History;History Provider Cache;History-journal;Visited Links;Top Sites;Top Sites-journal FileKey2=%LocalAppData%\Coowon\Coowon\User Data\*\JumpListIcons*|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Coowon Browser - Local Storage * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Coowon Browser - Local Storage *] LangSecRef=3029 Detect=HKCU\Software\Coowon Default=False FileKey1=%LocalAppData%\Coowon\Coowon\User Data\*\Local Storage|http*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Coowon Browser - Login Data * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Coowon Browser - Login Data *] LangSecRef=3029 Detect=HKCU\Software\Coowon Default=False FileKey1=%LocalAppData%\Coowon\Coowon\User Data\*|Login Data;Login Data-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Coowon Browser - Logs * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Coowon Browser - Logs *] LangSecRef=3029 Detect=HKCU\Software\Coowon Default=False FileKey1=%LocalAppData%\Coowon\Coowon\Application|debug.log FileKey2=%LocalAppData%\Coowon\Coowon\User Data\*\Extension State|LOG.*;*.log;Log FileKey3=%LocalAppData%\Coowon\Coowon\User Data\*\Session Storage|LOG.*;*.log;Log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Coowon Browser - Session * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Coowon Browser - Session *] LangSecRef=3029 Detect=HKCU\Software\Coowon Default=False FileKey1=%LocalAppData%\Coowon\Coowon\User Data\*|Current Tabs;Current session;Last Tabs;Last Session ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Cortana * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Cortana *] LangSecRef=3031 Detect1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Cortana_8wekyb3d8bbwe Detect2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Cortana_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\Microsoft*Cortana_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft*Cortana_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft*Cortana_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft*Cortana_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft*Cortana_*\AC\Temp|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft*Cortana_*\TempState|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.Windows.Cortana_*\LocalCache|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.Windows.Cortana_*\LocalState\*Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.Windows.Cortana_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Windows.Cortana_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Dr. Despicable?s Dastardly Deeds * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Dr. Despicable?s Dastardly Deeds *] Section=Games DetectFile=%AppData%\HitPoint Studios\DrD Default=False FileKey1=%AppData%\HitPoint Studios\DrD|logfile.txt ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ DxO Photo Suite * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [DxO Photo Suite *] LangSecRef=3021 Detect1=HKCU\Software\DxO Detect2=HKCU\Software\DxO Labs Detect3=HKCU\Software\DxOLabs Detect4=HKLM\Software\DxO Detect5=HKLM\Software\DxO Labs Detect6=HKLM\Software\DxOLabs Default=False FileKey1=%Documents%\DxO * crash*s|*.* FileKey2=%Documents%\DxO * logs|*.* FileKey3=%Documents%\DxO*\CrashReports|*.*|RECURSE FileKey4=%Documents%\DxO*\log|*.* FileKey5=%LocalAppData%\DxO*\DataCache|*.*|RECURSE FileKey6=%LocalAppData%\DxO*\DxO*\*Cache|*.*|RECURSE FileKey7=%LocalAppData%\DxO*\DxO*\CrashReports|*.*|RECURSE FileKey8=%LocalAppData%\DxO*\DxO*\Logs|*.* FileKey9=%LocalAppData%\DxO*\Logs|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ ESPN Cricinfo * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [ESPN Cricinfo *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma DetectFile=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma Default=False FileKey1=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\AC\Microsoft\CLR_v4.0|*.log|RECURSE FileKey3=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\AC\Microsoft\CLR_v4.0\NativeImages\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\LocalState|*.*|RECURSE FileKey9=%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\ESPNCricinfo.ESPNCricinfo_y1atfjxm9t5ma\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ ESPN FC * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [ESPN FC *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma DetectFile=%LocalAppData%\Packages\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma Default=False FileKey1=%LocalAppData%\Packages\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma\AC\Microsoft\CLR_v4.0|*.log|RECURSE FileKey3=%LocalAppData%\Packages\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma\AC\PRICache|*.* FileKey4=%LocalAppData%\Packages\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma\AC\Temp|*.* FileKey5=%LocalAppData%\Packages\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma\LocalState|*.*|RECURSE FileKey6=%LocalAppData%\Packages\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\ESPNCricinfo.ESPNFC_y1atfjxm9t5ma\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ FastStone Capture * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [FastStone Capture *] LangSecRef=3024 Detect=HKCU\Software\FastStone Capture DetectFile=%AppData%\FastStone\FSC Default=False FileKey1=%AppData%\FastStone\FSC|*.bak;fsc.db FileKey2=%LocalAppData%\FastStone\FSC|fsc.db RegKey1=HKCU\Software\FastStone|_LastClipPlayed RegKey2=HKCU\Software\FastStone|_LastRecordingFileName RegKey3=HKCU\Software\FastStone\APP.FSRecorder\Global|_GrbId RegKey4=HKCU\Software\FastStone\APP.FSRecorder\Global|_LastClipPlayed RegKey5=HKCU\Software\FastStone\APP.FSRecorder\Global|_LastRecordingFileName ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Feedback Hub * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Feedback Hub *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.WindowsFeedbackHub_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.WindowsFeedbackHub_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.WindowsFeedbackHub_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.WindowsFeedbackHub_*\LocalCache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.WindowsFeedbackHub_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.WindowsFeedbackHub_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ FilmOn * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [FilmOn *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\FilmOnLiveTVFree.FilmOnLiveTVFree_zx03kxexxb716 DetectFile=%LocalAppData%\Packages\FilmOnLiveTVFree.FilmOnLiveTVFree_zx03kxexxb716 Default=False FileKey1=%LocalAppData%\Packages\FilmOnLiveTVFree.FilmOnLiveTVFree_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\FilmOnLiveTVFree.FilmOnLiveTVFree_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey3=%LocalAppData%\Packages\FilmOnLiveTVFree.FilmOnLiveTVFree_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey4=%LocalAppData%\Packages\FilmOnLiveTVFree.FilmOnLiveTVFree_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\FilmOnLiveTVFree.FilmOnLiveTVFree_zx03kxexxb716\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\FilmOnLiveTVFree.FilmOnLiveTVFree_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ FossaMail * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [FossaMail *] LangSecRef=3030 Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Crash Reports|*.*|REMOVESELF FileKey2=%AppData%\FossaMail\Profiles\*|TestPilotErrorLog.*;extensions.log|RECURSE FileKey3=%CommonAppData%\Mozilla*\logs|*.*|REMOVESELF FileKey4=%LocalAppData%\FossaMail\Mozilla\*\Updates|*.log|RECURSE FileKey5=%LocalAppData%\VirtualStore\Program Files*\FossaMail|*.log FileKey6=%LocalAppData%\VirtualStore\ProgramData\Mozilla*\logs|*.*|REMOVESELF FileKey7=%ProgramFiles%\FossaMail|*.log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ FossaMail Corrupt SQLites * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [FossaMail Corrupt SQLites *] LangSecRef=3030 Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Profiles|*.corrupt|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ FossaMail Minidumps * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [FossaMail Minidumps *] LangSecRef=3030 Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Profiles\*\Minidumps|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ FossaMail Startup Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [FossaMail Startup Cache *] LangSecRef=3030 Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%LocalAppData%\FossaMail\Profiles\*\startupCache|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ FossaMail webappsstore.sqlite * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [FossaMail webappsstore.sqlite *] LangSecRef=3030 Detect=HKLM\Software\Mozilla\FossaMail Default=False FileKey1=%AppData%\FossaMail\Profiles\*|webappsstore.sqlite ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Foxit PhantomPDF * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Foxit PhantomPDF *] LangSecRef=3021 Detect1=HKCU\Software\Foxit Software\Foxit PhantomPDF 6.0 Detect2=HKCU\Software\Foxit Software\Foxit PhantomPDF 7.0 Detect3=HKCU\Software\Foxit Software\Foxit PhantomPDF 8.0 Detect4=HKCU\Software\Foxit Software\Foxit PhantomPDF 9.0 Default=False FileKey1=%AppData%\Foxit Software\Foxit PDF Creator\Creator-Log|*.*|RECURSE FileKey2=%AppData%\Foxit Software\Foxit PhantomPDF\FormFiller|AutoComplete.ds FileKey3=%AppData%\Foxit Software\RMS|FXRMS_Log.txt FileKey4=%LocalAppData%\Foxit PhantomPDF\msilog|*.log FileKey5=%WinDir%\System32\config\systemprofile\AppData\Roaming\Foxit Software\Foxit PDF Creator|*__foxittemp.xml|RECURSE RegKey1=HKCU\Software\Foxit Software Company\Foxit PDF Editor|Recent File List RegKey2=HKCU\Software\Foxit Software\Foxit PhantomPDF 6.0\Preferences\History RegKey3=HKCU\Software\Foxit Software\Foxit PhantomPDF 6.0\RecentFiles RegKey4=HKCU\Software\Foxit Software\Foxit PhantomPDF 7.0\MRU\File MRU RegKey5=HKCU\Software\Foxit Software\Foxit PhantomPDF 7.0\MRU\Place MRU RegKey6=HKCU\Software\Foxit Software\Foxit PhantomPDF 7.0\plugins\JSPlugins RegKey7=HKCU\Software\Foxit Software\Foxit PhantomPDF 7.0\Preferences\History RegKey8=HKCU\Software\Foxit Software\Foxit PhantomPDF 7.0\Recent File List RegKey9=HKCU\Software\Foxit Software\Foxit PhantomPDF 8.0\CommentPanel\Filter RegKey10=HKCU\Software\Foxit Software\Foxit PhantomPDF 8.0\Foxit PhantomPDF Advanced Editor\Recent File List RegKey11=HKCU\Software\Foxit Software\Foxit PhantomPDF 8.0\MRU\File MRU RegKey12=HKCU\Software\Foxit Software\Foxit PhantomPDF 8.0\MRU\Place MRU RegKey13=HKCU\Software\Foxit Software\Foxit PhantomPDF 8.0\plugins\JSPlugins RegKey14=HKCU\Software\Foxit Software\Foxit PhantomPDF 8.0\Preferences\History RegKey15=HKCU\Software\Foxit Software\Foxit PhantomPDF 8.0\Recent File List RegKey16=HKCU\Software\Foxit Software\Foxit PhantomPDF 9.0\CommentPanel\Filter RegKey17=HKCU\Software\Foxit Software\Foxit PhantomPDF 9.0\Foxit PhantomPDF Advanced Editor\Recent File List RegKey18=HKCU\Software\Foxit Software\Foxit PhantomPDF 9.0\MRU\File MRU RegKey19=HKCU\Software\Foxit Software\Foxit PhantomPDF 9.0\MRU\Place MRU RegKey20=HKCU\Software\Foxit Software\Foxit PhantomPDF 9.0\plugins\JSPlugins RegKey21=HKCU\Software\Foxit Software\Foxit PhantomPDF 9.0\Preferences\History RegKey22=HKCU\Software\Foxit Software\Foxit PhantomPDF 9.0\Recent File List ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ GasBuddy * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [GasBuddy *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\45351D82.GasBuddy-FindCheapGasPrices_932xwky9axss4 DetectFile=%LocalAppData%\Packages\45351D82.GasBuddy-FindCheapGasPrices_932xwky9axss4 Default=False FileKey1=%LocalAppData%\Packages\45351D82.GasBuddy-FindCheapGasPrices_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\45351D82.GasBuddy-FindCheapGasPrices_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey3=%LocalAppData%\Packages\45351D82.GasBuddy-FindCheapGasPrices_*\AC\PRICache|*.* FileKey4=%LocalAppData%\Packages\45351D82.GasBuddy-FindCheapGasPrices_*\AC\Temp|*.* FileKey5=%LocalAppData%\Packages\45351D82.GasBuddy-FindCheapGasPrices_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\45351D82.GasBuddy-FindCheapGasPrices_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Get Office * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Get Office *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\LocalState\AppData\Local\Office\16.0\WebServiceCache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\LocalState\Cache|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Get Started * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Get Started *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Getstarted_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Getstarted_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Getstarted_*\AC\Temp|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Getstarted_*\LocalCache|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Getstarted_*\LocalState\Cache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Getstarted_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Getstarted_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Gravity Guy * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Gravity Guy *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MiniclipSA.GravityGuy_gpanv85qtf6rc DetectFile=%LocalAppData%\Packages\MiniclipSA.GravityGuy_gpanv85qtf6rc Default=False FileKey1=%LocalAppData%\Packages\MiniclipSA.GravityGuy_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\MiniclipSA.GravityGuy_*\AC\Microsoft\CryptnetUrlCache\*|*.* ExcludeKey1=FILE|%LocalAppData%\Packages\MiniclipSA.GravityGuy_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Groove Music * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Groove Music *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\PRICache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\Temp|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalCache\PlayReady\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\*Cache*|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\Database\*|*.log FileKey11=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\navigationHistory|*.*|RECURSE FileKey12=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\LocalState\PlayReady|*.*|RECURSE FileKey13=%LocalAppData%\Packages\Microsoft.ZuneMusic_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.ZuneMusic_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Halo Spartan Assault * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Halo Spartan Assault *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.HaloSpartanAssault_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.HaloSpartanAssault_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.HaloSpartanAssault_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.HaloSpartanAssault_*\AC\Microsoft\CryptnetUrlCache\*|*.* ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.HaloSpartanAssault_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ HP Printer Control * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [HP Printer Control *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\AD2F1837.HPPrinterControl_v10z8vjag6ke6 DetectFile=%LocalAppData%\Packages\AD2F1837.HPPrinterControl_v10z8vjag6ke6 Default=False FileKey1=%LocalAppData%\Packages\*HPPrinterControl_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*HPPrinterControl_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\*HPPrinterControl_*\AC\Microsoft\CLR_v4.0*|*.log|RECURSE FileKey4=%LocalAppData%\Packages\*HPPrinterControl_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\*HPPrinterControl_*\AC\PRICache|*.* FileKey6=%LocalAppData%\Packages\*HPPrinterControl_*\AC\Temp|*.* FileKey7=%LocalAppData%\Packages\*HPPrinterControl_*\LocalState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\*HPPrinterControl_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ HP Scan and Capture * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [HP Scan and Capture *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\AD2F1837.HPScanandCapture_v10z8vjag6ke6 DetectFile=%LocalAppData%\Packages\AD2F1837.HPScanandCapture_v10z8vjag6ke6 Default=False FileKey1=%LocalAppData%\Packages\*HPScanandCapture_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*HPScanandCapture_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\*HPScanandCapture_*\AC\Microsoft\CLR_v4.0*|*.log|RECURSE FileKey4=%LocalAppData%\Packages\*HPScanandCapture_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\*HPScanandCapture_*\AC\PRICache|*.* FileKey6=%LocalAppData%\Packages\*HPScanandCapture_*\AC\Temp|*.* FileKey7=%LocalAppData%\Packages\*HPScanandCapture_*\LocalState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\*HPScanandCapture_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Hyper for Youtube * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Hyper for Youtube *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\19120CensoredUser.HyperforYouTube_c0tqyanwsgfn6 DetectFile=%LocalAppData%\Packages\19120CensoredUser.HyperforYouTube_c0tqyanwsgfn6 Default=False FileKey1=%LocalAppData%\Packages\*.HyperforYouTube_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*.HyperforYouTube_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey3=%LocalAppData%\Packages\*.HyperforYouTube_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey4=%LocalAppData%\Packages\*.HyperforYouTube_*\LocalState|*.*|RECURSE FileKey5=%LocalAppData%\Packages\*.HyperforYouTube_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\19120CensoredUser.HyperforYouTube_c0tqyanwsgfn6\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\*.HyperforYouTube_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Icon Cache * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Icon Cache *] LangSecRef=3025 Detect=HKCU\Software\Microsoft\Windows Default=False Warning=You may need to restart explorer.exe for this to take effect. FileKey1=%LocalAppData%|IconCache.db FileKey2=%LocalAppData%\Microsoft\Windows\Explorer|iconcache_*.db ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Immersive Control Panel * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Immersive Control Panel *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy DetectFile=%LocalAppData%\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\LocalState\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\LocalState\navigationHistory|*.*|RECURSE FileKey10=%LocalAppData%\Packages\windows.immersivecontrolpanel_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\windows.immersivecontrolpanel_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Internet Explorer * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Internet Explorer *] LangSecRef=3022 Detect=HKCU\Software\Microsoft\Internet Explorer Default=False FileKey1=%AppData%\Microsoft\Internet Explorer\UserData|*.*|RECURSE FileKey2=%LocalAppData%\Microsoft\Windows\AppCache|*.*|RECURSE FileKey3=%LocalAppData%\Microsoft\Windows\IECompatCache|*.*|RECURSE FileKey4=%LocalAppData%\Microsoft\Windows\IECompatUaCache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\windows_ie_ac_*\AC\AppCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\windows_ie_ac_*\AC\INet*|*.*|RECURSE FileKey7=%LocalAppData%\Packages\windows_ie_ac_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey8=%LocalAppData%\Packages\windows_ie_ac_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey9=%LocalAppData%\Packages\windows_ie_ac_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey10=%LocalAppData%\Packages\windows_ie_ac_*\AC\PRICache|*.* FileKey11=%LocalAppData%\Packages\windows_ie_ac_*\AC\Temp|*.* FileKey12=%LocalAppData%\Packages\windows_ie_ac_*\LocalState\Cache|*.*|RECURSE FileKey13=%LocalAppData%\Packages\windows_ie_ac_*\LocalState\navigationHistory|*.*|RECURSE FileKey14=%LocalAppData%\Packages\windows_ie_ac_*\TempState|*.*|RECURSE FileKey15=%WinDir%\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\INetCache|*.*|RECURSE RegKey1=HKCR\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage RegKey2=HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore RegKey3=HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage RegKey4=HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl RegKey5=HKCU\Software\Microsoft\Internet Explorer\Recovery\PendingDelete RegKey6=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats ExcludeKey1=FILE|%LocalAppData%\Packages\windows_ie_ac_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Kaspersky Now * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Kaspersky Now *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\KasperskyLab.KasperskyNow_8jx5e25qw3tdc Default=False FileKey1=%LocalAppData%\Packages\KasperskyLab.KasperskyNow_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\KasperskyLab.KasperskyNow_*\AC\Microsoft\CLR_v4.0_32|*.log FileKey3=%LocalAppData%\Packages\KasperskyLab.KasperskyNow_*\AC\Microsoft\CLR_v4.0_32\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\KasperskyLab.KasperskyNow_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\KasperskyLab.KasperskyNow_*\LocalCache|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\KasperskyLab.KasperskyNow_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ LifeCam * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [LifeCam *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.LifeCamDashboard_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.LifeCamDashboard_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.LifeCamDashboard_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.LifeCamDashboard_*\AC\PRICache|*.* FileKey3=%LocalAppData%\Packages\Microsoft.LifeCamDashboard_*\AC\Temp|*.* FileKey4=%LocalAppData%\Packages\Microsoft.LifeCamDashboard_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.LifeCamDashboard_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Lock App * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Lock App *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.LockApp_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\Microsoft.LockApp_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.LockApp_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.LockApp_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.LockApp_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.LockApp_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.LockApp_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.LockApp_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.LockApp_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ MAGIX * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [MAGIX *] LangSecRef=3023 Detect=HKCU\Software\Magix Default=False FileKey1=%CommonAppData%\MAGIX\*|*.log|RECURSE FileKey2=%LocalAppData%\VirtualStore\Program Files*\MAGIX\*|*.log|RECURSE FileKey3=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*|*.log|RECURSE FileKey4=%ProgramFiles%\MAGIX\*|*.log|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ MAGIX Backups * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [MAGIX Backups *] LangSecRef=3023 Detect=HKCU\Software\Magix Default=False FileKey1=%CommonAppData%\MAGIX\*|*.reg|RECURSE FileKey2=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*|*.reg|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ MAGIX Driver Downloads * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [MAGIX Driver Downloads *] LangSecRef=3023 Detect=HKCU\Software\Magix Default=False FileKey1=%CommonAppData%\MAGIX\*\download|*.*|REMOVESELF FileKey2=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*\download|*.*|REMOVESELF ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Maps * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Maps *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsMaps_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.WindowsMaps_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.WindowsMaps_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.WindowsMaps_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.WindowsMaps_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.WindowsMaps_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.WindowsMaps_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.WindowsMaps_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.WindowsMaps_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Media Play Ready Client * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Media Play Ready Client *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\LocalState\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\LocalState\navigationHistory|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Media.PlayReadyClient_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Messaging * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Messaging *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Messaging_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Messaging_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Messaging_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Messaging_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Messaging_*\LocalCache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Messaging_*\LocalState\Cache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Messaging_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Messaging_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Microsoft Edge * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Microsoft Edge *] LangSecRef=3022 Detect=HKCU\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\#!00*\INetCookies|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\#!00*\Microsoft\Cryptnet*Cache|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\#!00*\MicrosoftEdge\Cookies|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\Microsoft\Cryptnet*Cache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\MicrosoftEdge\Cookies|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\MicrosoftEdge\User\Default\Datastore\Data\nouser1\*\Favorites|*.ico FileKey7=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\MicrosoftEdge\User\Default\DataStore\Indexed\Data\nouser1\*|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\MicrosoftEdge\User\Default\ImageStore|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AC\Temp|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.MicrosoftEdge_*\AppData\User\Default\Indexed DB|*.*|RECURSE FileKey11=%UserProfile%\MicrosoftEdgeBackups\backups\*|*.*|REMOVESELF ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Microsoft Reader * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Microsoft Reader *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Reader_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.Reader_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Reader_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Reader_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Reader_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Reader_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\Microsoft.Reader_*\AC\PRICache|*.* FileKey6=%LocalAppData%\Packages\Microsoft.Reader_*\AC\Temp|*.* FileKey7=%LocalAppData%\Packages\Microsoft.Reader_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Reader_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Reader_8wekyb3d8bbwe\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Reader_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Microsoft.VCLibs * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Microsoft.VCLibs *] LangSecRef=3031 Detect1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.VCLibs.110.00_8wekyb3d8bbwe Detect2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.VCLibs.120.00_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.VCLibs.1*0.00_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\LocalState\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\LocalState\navigationHistory|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.VCLibs.*_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.VCLibs.*_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Movies & TV * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Movies & TV *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneVideo_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe* Default=False FileKey1=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\AC\PRICache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\AC\Temp|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\LocalCache\PlayReady\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\LocalState\*Cache*|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\LocalState\Database\anonymous|*.log FileKey11=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\LocalState\navigationHistory|*.*|RECURSE FileKey12=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\LocalState\PlayReady|*.*|RECURSE FileKey13=%LocalAppData%\Packages\Microsoft.ZuneVideo_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneVideo_8wekyb3d8bbwe\SearchHistory\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.ZuneVideo_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ MWConn * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [MWConn *] LangSecRef=3022 DetectFile1=%AppData%\Microsoft\Windows\Start Menu\Programs\MWconn DetectFile2=%AppData%\Microsoft\Windows\Startmenü\Programs\MWconn DetectFile3=%UserProfile%\Start Menu\Programs\MWconn DetectFile4=%UserProfile%\Startmenü\Programme\MWconn Default=False FileKey1=%AppData%\Microsoft\Windows\Start*\Program*\MWconn|connlog.txt FileKey2=%UserProfile%\Start*\Program*\MWconn|connlog.txt ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ MWConn SMS * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [MWConn SMS *] LangSecRef=3022 DetectFile1=%AppData%\Microsoft\Windows\Start Menu\Programs\MWconn DetectFile2=%AppData%\Microsoft\Windows\Startmenü\Programs\MWconn DetectFile3=%UserProfile%\Start Menu\Programs\MWconn DetectFile4=%UserProfile%\Startmenü\Programme\MWconn Default=False Warning=This will delete all of your SMS messages. FileKey1=%AppData%\Microsoft\Windows\Start*\Program*\MWconn\sms_*|*.*|RECURSE FileKey2=%UserProfile%\Start*\Program*\MWconn\sms_*|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ NBC News * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [NBC News *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\msnbc.comDigitalNetwork.msnbc.com_amdjbdaxqsje6 DetectFile=%LocalAppData%\Packages\msnbc.comDigitalNetwork.msnbc.com_amdjbdaxqsje6 Default=False FileKey1=%LocalAppData%\Packages\msnbc.comDigitalNetwork.msnbc.com_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\msnbc.comDigitalNetwork.msnbc.com_*\AC\Microsoft\CLR_v4.0|*.log FileKey3=%LocalAppData%\Packages\msnbc.comDigitalNetwork.msnbc.com_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\msnbc.comDigitalNetwork.msnbc.com_*\AC\PRICache|*.* FileKey5=%LocalAppData%\Packages\msnbc.comDigitalNetwork.msnbc.com_*\AC\Temp|*.* FileKey6=%LocalAppData%\Packages\msnbc.comDigitalNetwork.msnbc.com_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\msnbc.comDigitalNetwork.msnbc.com_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Netflix * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Netflix *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4DF9E0F8.Netflix_mcm4njqhnhss8 DetectFile=%LocalAppData%\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8 Default=False FileKey1=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey3=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey4=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\AC\PRICache|*.* FileKey5=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\AC\Temp|*.* FileKey6=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\AppData\Indexed DB|*.log FileKey7=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\LocalState|*.tmp|RECURSE FileKey8=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\LocalState\LiveTile|*.* FileKey9=%LocalAppData%\Packages\4DF9E0F8.Netflix_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4DF9E0F8.Netflix_mcm4njqhnhss8\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\4DF9E0F8.Netflix_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Network Speed Test * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Network Speed Test *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.NetworkSpeedTest_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.NetworkSpeedTest_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.NetworkSpeedTest_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.NetworkSpeedTest_*\AC\Microsoft\CLR_v4.0*\UsageLogs|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.NetworkSpeedTest_*\AC\PRICache|*.* FileKey4=%LocalAppData%\Packages\Microsoft.NetworkSpeedTest_*\AC\Temp|*.* FileKey5=%LocalAppData%\Packages\Microsoft.NetworkSpeedTest_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.NetworkSpeedTest_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ OneNote * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [OneNote *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Office.OneNote_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\LocalState\AppData\Local|msodata*.dat FileKey5=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\office*client.microsoft.com|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\LocalState\AppData\Local\Office\OTele|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\LocalState\AppData\Local\OneNote\16.0|*.onecache FileKey8=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\LocalState\AppData\Local\OneNote\16.0\OneNote*Cache_Files|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.Office.OneNote_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Office.OneNote_8wekyb3d8bbwe\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Office.OneNote_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Ookla Speed Test * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Ookla Speed Test *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Ookla.SpeedtestbyOokla_43tkc6nmykmb6 DetectFile=%LocalAppData%\Packages\Ookla.SpeedtestbyOokla_43tkc6nmykmb6 Default=False FileKey1=%LocalAppData%\Packages\Ookla.SpeedtestbyOokla_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Ookla.SpeedtestbyOokla_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey3=%LocalAppData%\Packages\Ookla.SpeedtestbyOokla_*\AC\Temp|*.* FileKey4=%LocalAppData%\Packages\Ookla.SpeedtestbyOokla_*\LocalState|*.tmp|RECURSE FileKey5=%LocalAppData%\Packages\Ookla.SpeedtestbyOokla_*\LocalState\Unity\Local.*\Analytics\ArchivedEvents\*|*.*|REMOVESELF FileKey6=%LocalAppData%\Packages\Ookla.SpeedtestbyOokla_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Ookla.SpeedtestbyOokla_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Adblock Backups * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Adblock Backups *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\adblock*|patterns-backup*.ini ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Bookmark Backups * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Bookmark Backups *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\bookmarkbackups|*.json* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Cache *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%LocalAppData%\Moonchild Productions\Pale Moon\Profiles\*\cache2|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Cookies * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Cookies *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|cookies.sqlite ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Corrupt SQLites * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Corrupt SQLites *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles|*.corrupt|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Crash Reports * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Crash Reports *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Crash Reports|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - extensions.log * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - extensions.log *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|extensions.log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Lock Files * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Lock Files *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|*.lock ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Minidumps * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Minidumps *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\minidumps|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Startup Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Startup Cache *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%LocalAppData%\Moonchild Productions\Pale Moon\Profiles\*\startupCache|startupCache.8.little ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Telemetry * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Telemetry *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|Telemetry*.* FileKey2=%AppData%\Moonchild Productions\Pale Moon\Profiles\*\saved-telemetry-pings|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - Updates * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - Updates *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%LocalAppData%\Moonchild Productions\Pale Moon\Pale Moon\updates|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pale Moon - webappsstore.sqlite * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pale Moon - webappsstore.sqlite *] LangSecRef=3026 Detect=HKLM\Software\Mozilla\Pale Moon DetectFile=%ProgramFiles%\Pale Moon\palemoon.exe Default=False FileKey1=%AppData%\Moonchild Productions\Pale Moon\Profiles\*|webappsstore.sqlite ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ People * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [People *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.People_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.People_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.People_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.People_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.People_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.People_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.People_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.People_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.People_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Phone * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Phone *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsPhone_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.WindowsPhone_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.WindowsPhone_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.WindowsPhone_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.WindowsPhone_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.WindowsPhone_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.WindowsPhone_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.WindowsPhone_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.WindowsPhone_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Photos * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Photos *] DetectOS=10.0| LangSecRef=3031 Default=False Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe FileKey1=%LocalAppData%\Packages\Microsoft.Windows.Photos_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Windows.Photos_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Windows.Photos_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Windows.Photos_*\LocalCache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Windows.Photos_*\LocalState|*.sqlite;*.sqlite-shm;*.sqlite-wal;*.xml FileKey6=%LocalAppData%\Packages\Microsoft.Windows.Photos_*\LocalState\PhotosAppTile|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.Windows.Photos_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedPickerData\Microsoft.Windows.Photos_8wekyb3d8bbwe!App\DefaultSaveFileSingle RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp RegKey3=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\MostRecentlyUsed ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Windows.Photos_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pokki * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pokki *] LangSecRef=3022 Detect=HKCU\Software\Pokki Default=False FileKey1=%LocalAppData%\Pokki|*.log|RECURSE FileKey2=%LocalAppData%\Pokki\PokkiIconCache|*.*|RECURSE FileKey3=%LocalAppData%\Pokki\UserData\*|*.bak|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Pokki Internet Traces * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Pokki Internet Traces *] LangSecRef=3022 Detect=HKCU\Software\Pokki Default=False FileKey1=%LocalAppData%\Pokki\UserData\*|Cookies*;Favicons*;*History*;Top Sites*;Visited Links;Web Data* FileKey2=%LocalAppData%\Pokki\UserData\*\Cache|*.*|RECURSE FileKey3=%LocalAppData%\Pokki\UserData\*\LocalStorage|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ QuizUp * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [QuizUp *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\QuizUp.QuizUp_n36z36qeaxk8a Default=False FileKey1=%LocalAppData%\Packages\QuizUp.QuizUp_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\QuizUp.QuizUp_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\QuizUp.QuizUp_*\AC\Microsoft\CLR_v4.0*|*.log|RECURSE FileKey4=%LocalAppData%\Packages\QuizUp.QuizUp_*\AC\Microsoft\CLR_v4.0*\NativeImages\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\QuizUp.QuizUp_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey6=%LocalAppData%\Packages\QuizUp.QuizUp_*\AC\Temp|*.*|RECURSE FileKey7=%LocalAppData%\Packages\QuizUp.QuizUp_*\LocalCache|*.*|RECURSE FileKey8=%LocalAppData%\Packages\QuizUp.QuizUp_*\LocalState\Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\QuizUp.QuizUp_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\QuizUp.QuizUp_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Realtek Logs * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Realtek Logs *] LangSecRef=3024 Detect=HKLM\Software\Realtek Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Realtek*|*.log;*.txt|RECURSE FileKey2=%ProgramFiles%\Realtek*|*.*log;*.txt|RECURSE FileKey3=%SystemDrive%|RHDSetup.log ExcludeKey1=FILE|%ProgramFiles%\Realtek\*\|InstCtrl.txt ExcludeKey2=FILE|%ProgramFiles%\Realtek\*\|setupctrl.txt ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Reckless Racing * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Reckless Racing *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Studios.RecklessRacingUltimate_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.Studios.RecklessRacingUltimate_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Studios.RecklessRacingUltimate_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Studios.RecklessRacingUltimate_*\AC\Microsoft\CryptnetUrlCache\*|*.* ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Studios.RecklessRacingUltimate_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Reddit To Go! * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Reddit To Go! *] LangSecRef=3031 DetectFile=%LocalAppData%\Packages\*.RedditToGo_* Default=False FileKey1=%LocalAppData%\Packages\*.RedditToGo_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*.RedditToGo_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\*.RedditToGo_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\*.RedditToGo_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\*.RedditToGo_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\*.RedditToGo_*\AC\Temp|*.* FileKey7=%LocalAppData%\Packages\*.RedditToGo_*\RoamingState|history.txt RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\55382ross456.RedditToGo_02dxdbb1qg9kw\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\*.RedditToGo_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Scan * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Scan *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsScan_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.WindowsScan_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.WindowsScan_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.WindowsScan_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.WindowsScan_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.WindowsScan_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.WindowsScan_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.WindowsScan_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.WindowsScan_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SdfBrowser * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SdfBrowser *] LangSecRef=3024 DetectFile=%AppData%\BokorBéla\SdfBrowser Default=False FileKey1=%AppData%\BokorBéla\SdfBrowser|*.log ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SeaMonkey * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SeaMonkey *] LangSecRef=3026 DetectFile=%AppData%\Mozilla\SeaMonkey Default=False FileKey1=%AppData%\Mozilla\SeaMonkey\Crash Reports|*.*|REMOVESELF FileKey2=%AppData%\Mozilla\SeaMonkey\Profiles|TestPilotErrorLog.*;*.corrupt|RECURSE FileKey3=%AppData%\Mozilla\SeaMonkey\Profiles\*|seer.sqlite;netpredictions.sqlite;sessionstore.bak;FlashGot.log;FlashGot.log.bak*;lazarus.sqlite;lazarus-backup.sqlite;Telemetry*.*;webappsstore.sqlite;*.lock FileKey4=%AppData%\Mozilla\SeaMonkey\Profiles\*\adblock*|patterns-backup*.ini;*.tmp FileKey5=%AppData%\Mozilla\SeaMonkey\Profiles\*\bookmarkbackups|*.json* FileKey6=%AppData%\Mozilla\SeaMonkey\Profiles\*\chatzilla|inputHistory.txt FileKey7=%AppData%\Mozilla\SeaMonkey\Profiles\*\datareporting\archived|*.jsonlz4|REMOVESELF FileKey8=%AppData%\Mozilla\SeaMonkey\Profiles\*\minidumps|*.* FileKey9=%AppData%\Mozilla\SeaMonkey\Profiles\*\saved-telemetry-pings|*.* FileKey10=%AppData%\Mozilla\SeaMonkey\Profiles\*\sessions\Deleted Sessions|*.session FileKey11=%AppData%\Mozilla\SeaMonkey\Profiles\*\storage|*.*|REMOVESELF FileKey12=%AppData%\Mozilla\SeaMonkey\Profiles\*\weave\logs|*.* FileKey13=%LocalAppData%\Mozilla\SeaMonkey\*\updates|*.*|RECURSE FileKey14=%LocalAppData%\Mozilla\SeaMonkey\Profiles\*|urlclassifier3.sqlite FileKey15=%LocalAppData%\Mozilla\SeaMonkey\Profiles\*\shortcutCache|*.* FileKey16=%LocalAppData%\Mozilla\SeaMonkey\Profiles\*\startupCache|*.* ExcludeKey1=PATH|%AppData%\Mozilla\SeaMonkey\Profiles\*\storage\default\moz-extension*\|*.* ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Shark Dash * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Shark Dash *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\GAMELOFTSA.SharkDashByGameloft_0pp20fcewvvtj DetectFile=%LocalAppData%\Packages\GAMELOFTSA.SharkDashByGameloft_0pp20fcewvvtj Default=False FileKey1=%LocalAppData%\Packages\GAMELOFTSA.SharkDashByGameloft_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\GAMELOFTSA.SharkDashByGameloft_*\AC\Microsoft\CryptnetUrlCache\*|*.* ExcludeKey1=FILE|%LocalAppData%\Packages\GAMELOFTSA.SharkDashByGameloft_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Shell Experience Host * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Shell Experience Host *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Windows.ShellExperienceHost_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Windows.ShellExperienceHost_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Windows.ShellExperienceHost_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Windows.ShellExperienceHost_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Windows.ShellExperienceHost_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Windows.ShellExperienceHost_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.Windows.ShellExperienceHost_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Windows.ShellExperienceHost_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Shuffle Party * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Shuffle Party *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ShuffleParty_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.ShuffleParty_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.ShuffleParty_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.ShuffleParty_*\AC\Microsoft\CryptnetUrlCache\*|*.* ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.ShuffleParty_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SkyDrive App * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SkyDrive App *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.microsoftskydrive_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\microsoft.microsoftskydrive_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\AC\PRICache|*.* FileKey6=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\AC\Temp|*.* FileKey7=%LocalAppData%\Packages\microsoft.microsoftskydrive_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.microsoftskydrive_8wekyb3d8bbwe\PersistedPickerData\microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive\DefaultOpenFileMultiple|LastLocation RegKey2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.microsoftskydrive_8wekyb3d8bbwe\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\microsoft.microsoftskydrive_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Skype Metro * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Skype Metro *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.SkypeApp_kzf8qxf38zg5c DetectFile=%LocalAppData%\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c Default=False FileKey1=%LocalAppData%\Packages\Microsoft.SkypeApp_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.SkypeApp_*\AC\Microsoft\CryptnetUrlCache\MetaData|*.* FileKey3=%LocalAppData%\Packages\Microsoft.SkypeApp_*\AC\PRICache|*.* FileKey4=%LocalAppData%\Packages\Microsoft.SkypeApp_*\LocalState|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.SkypeApp_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.SkypeApp_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SlimJet - Cookies * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SlimJet - Cookies *] LangSecRef=3029 DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%LocalAppData%\SlimJet\User Data\Default|Cookies;Cookies-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SlimJet - Favicons * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SlimJet - Favicons *] LangSecRef=3029 DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%LocalAppData%\SlimJet\User Data\Default|Favicons;Favicons-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SlimJet - GPU Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SlimJet - GPU Cache *] LangSecRef=3029 DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%LocalAppData%\SlimJet\User Data\Default\GPUCache|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SlimJet - Internet Cache * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SlimJet - Internet Cache *] LangSecRef=3029 DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%LocalAppData%\SlimJet\User Data\Default\Cache|*.*|REMOVESELF ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SlimJet - Internet History * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SlimJet - Internet History *] LangSecRef=3029 DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%LocalAppData%\SlimJet\User Data\Default|Archived History;Archived History-journal;History;History Provider Cache;History-journal;Visited Links;Top Sites;Top Sites-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SlimJet - Login Data * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SlimJet - Login Data *] LangSecRef=3029 DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%LocalAppData%\SlimJet\User Data\Default|Login Data;Login Data-journal ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ SlimJet - Session * has been removed. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [SlimJet - Session *] LangSecRef=3029 DetectFile=%LocalAppData%\SlimJet Default=False FileKey1=%LocalAppData%\SlimJet\User Data\Default|Last Session;Last Tabs;Current Session;Current Tabs ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Sound Recorder * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Sound Recorder *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.WindowsSoundRecorder_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.WindowsSoundRecorder_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.WindowsSoundRecorder_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.WindowsSoundRecorder_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.WindowsSoundRecorder_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.WindowsSoundRecorder_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.WindowsSoundRecorder_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.WindowsSoundRecorder_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Spybot Search and Destroy History * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Spybot Search and Destroy History *] LangSecRef=3024 Detect=HKLM\Software\Safer Networking Limited\SpybotSnD Default=False FileKey1=%CommonAppData%\Spybot - Search & Destroy\Backups|*.*|RECURSE FileKey2=%CommonAppData%\Spybot - Search & Destroy\Recovery|*.*|RECURSE FileKey3=%CommonAppData%\Spybot - Search & Destroy\Snapshots*|*.*|RECURSE FileKey4=%LocalAppData%\VirtualStore\ProgramData\Spybot - Search & Destroy\Backups|*.*|RECURSE FileKey5=%LocalAppData%\VirtualStore\ProgramData\Spybot - Search & Destroy\Recovery|*.*|RECURSE FileKey6=%LocalAppData%\VirtualStore\ProgramData\Spybot - Search & Destroy\Snapshots*|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Store * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Store *] LangSecRef=3031 Detect1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsStore_8wekyb3d8bbwe Detect2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\WinStore_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\*Win*Store_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*Win*Store_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\*Win*Store_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\*Win*Store_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\*Win*Store_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\*Win*Store_*\AC\Microsoft\Windows Store\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\*Win*Store_*\AC\Microsoft\Windows Store\Data|history.dat FileKey8=%LocalAppData%\Packages\*Win*Store_*\AC\PRICache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\*Win*Store_*\AC\Temp|*.*|RECURSE FileKey10=%LocalAppData%\Packages\*Win*Store_*\LocalState\Cache|*.*|RECURSE FileKey11=%LocalAppData%\Packages\*Win*Store_*\LocalState\navigationHistory|*.*|RECURSE FileKey12=%LocalAppData%\Packages\Microsoft.WindowsStore_*\LocalCache\*|*.*|RECURSE FileKey13=%LocalAppData%\Packages\WinStore_*\LocalState\LiveTile|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\WinStore_cw5n1h2txyewy\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.WindowsStore_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Sway * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Sway *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Office.Sway_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.Office.Sway_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Office.Sway_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Office.Sway_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Office.Sway_*\AC\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Office.Sway_*\LocalCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Office.Sway_*\LocalState\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.Office.Sway_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.Office.Sway_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Team Crossword * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Team Crossword *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.TeamCrossword_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.TeamCrossword_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.TeamCrossword_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.TeamCrossword_*\AC\Microsoft\CLR_v4.0_32\UsageLogs|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.TeamCrossword_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey4=%LocalAppData%\Packages\Microsoft.TeamCrossword_*\AC\PRICache|*.* FileKey5=%LocalAppData%\Packages\Microsoft.TeamCrossword_*\AC\Temp|*.* FileKey6=%LocalAppData%\Packages\Microsoft.TeamCrossword_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.TeamCrossword_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ The Quran * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [The Quran *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\57100Goheer.TheQuran_s6gg0ptmhrgye DetectFile=%LocalAppData%\Packages\57100Goheer.TheQuran_s6gg0ptmhrgye Default=False FileKey1=%LocalAppData%\Packages\*TheQuran_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*TheQuran_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\*TheQuran_*\AC\Microsoft\CLR_v4.0|*.log|RECURSE FileKey4=%LocalAppData%\Packages\*TheQuran_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\*TheQuran_*\AC\PRICache|*.* FileKey6=%LocalAppData%\Packages\*TheQuran_*\AC\Temp|*.* FileKey7=%LocalAppData%\Packages\*TheQuran_*\LocalState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\*TheQuran_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ The Weather Channel * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [The Weather Channel *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\TheWeatherChannel_t3yemqpq4kp7p DetectFile=%LocalAppData%\Packages\Weather.TheWeatherChannel_t3yemqpq4kp7p Default=False FileKey1=%LocalAppData%\Packages\Weather.TheWeatherChannel_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Weather.TheWeatherChannel_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.log|RECURSE FileKey3=%LocalAppData%\Packages\Weather.TheWeatherChannel_*\AC\Temp|*.* FileKey4=%LocalAppData%\Packages\Weather.TheWeatherChannel_*\LocalState|*.tmp FileKey5=%LocalAppData%\Packages\Weather.TheWeatherChannel_*\TempState\Bing.Maps\Cache|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Weather.TheWeatherChannel_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Tubebox! * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Tubebox! *] LangSecRef=3023 DetectFile1=%UserProfile%\Start Menu\Programs\TubeBox! DetectFile2=%UserProfile%\Startmenü\Programme\TubeBox! Default=False FileKey1=%UserProfile%\Start*\Program*\TubeBox!|TubeBox!-Log.txt ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Twitter Metro * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Twitter Metro *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\9E2F88E3.Twitter_wgeqdkkx372wm DetectFile=%LocalAppData%\Packages\9E2F88E3.Twitter_wgeqdkkx372wm Default=False FileKey1=%LocalAppData%\Packages\*Twitter_*\AC\INetC*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\*Twitter_*\AC\Microsoft\*|*.LOG|RECURSE FileKey3=%LocalAppData%\Packages\*Twitter_*\AC\PRICache|*.* FileKey4=%LocalAppData%\Packages\*Twitter_*\LocalState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\*Twitter_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ USA Today * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [USA Today *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\USATODAY.USATODAY_wy7mw3214mat8 DetectFile=%LocalAppData%\Packages\USATODAY.USATODAY_wy7mw3214mat8 Default=False FileKey1=%LocalAppData%\Packages\USATODAY.USATODAY_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\USATODAY.USATODAY_*\AC\Microsoft\CLR_v4.0|*.log FileKey3=%LocalAppData%\Packages\USATODAY.USATODAY_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\USATODAY.USATODAY_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey5=%LocalAppData%\Packages\USATODAY.USATODAY_*\AC\PRICache|*.* FileKey6=%LocalAppData%\Packages\USATODAY.USATODAY_*\AC\Temp|*.* FileKey7=%LocalAppData%\Packages\USATODAY.USATODAY_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\USATODAY.USATODAY_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Waterfox Installer * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Waterfox Installer *] LangSecRef=3026 DetectFile=%ProgramFiles%\Waterfox Default=False FileKey1=%AppData%\Waterfox*\Waterfox*\install|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Windows Feedback * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Windows Feedback *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsFeedback_cw5n1h2txyewy Default=False FileKey1=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\AC\Microsoft\CLR_v4.0*|*.log FileKey4=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\AC\Microsoft\CLR_v4.0*\NativeImages\Temp|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\AC\Microsoft\CLR_v4.0*\UsageLogs|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\AC\Temp|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\LocalCache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\LocalState\Cache|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.WindowsFeedback_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Windows Logs * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Windows Logs *] LangSecRef=3025 Detect=HKLM\Software\Microsoft\Windows Default=False FileKey1=%CommonAppData%\Microsoft\Network\Downloader|*.*|RECURSE FileKey2=%CommonAppData%\Microsoft\Windows Security Health\Logs|*.*|RECURSE FileKey3=%CommonAppData%\USOShared\Logs|*.*|RECURSE FileKey4=%LocalAppData%\ConnectedDevicesPlatform|*.log FileKey5=%LocalAppData%\Diagnostics|*.*|RECURSE FileKey6=%ProgramFiles%\UNP\Logs|*.* FileKey7=%SystemDrive%\PerfLogs\System\Diagnostics|*.*|RECURSE FileKey8=%SystemDrive%\PerfLogs\System\Performance|*.*|RECURSE FileKey9=%WinDir%\debug\WIA|*.log FileKey10=%WinDir%\inf|*.log* FileKey11=%WinDir%\Logs\CBS|*.cab FileKey12=%WinDir%\Logs\dosvc|*.*|RECURSE FileKey13=%WinDir%\Logs\NetSetup|*.*|RECURSE FileKey14=%WinDir%\Logs\SIH|*.*|RECURSE FileKey15=%WinDir%\Logs\WindowsBackup|*.etl FileKey16=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html;PostGatherPnPList.log;PreGatherPnPList.log FileKey17=%WinDir%\Panther\FastCleanup|*.log FileKey18=%WinDir%\Panther\Rollback|*.txt FileKey19=%WinDir%\Panther\UnattendGC|diagerr.xml;diagwrn.xml FileKey20=%WinDir%\repair|setup.log FileKey21=%WinDir%\System32\catroot2|*.chk;*.log;*.jrs;*.txt FileKey22=%WinDir%\System32\LogFiles\HTTPERR|*.log FileKey23=%WinDir%\System32\LogFiles\Scm|*.*|RECURSE FileKey24=%WinDir%\System32\LogFiles\Srt|*.*|RECURSE FileKey25=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml;*.log FileKey26=%WinDir%\System32\WDI\*|snapshot.etl|REMOVESELF FileKey27=%WinDir%\System32\WDI\LogFiles\StartupInfo|*.*|RECURSE RegKey1=HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications RegKey2=HKLM\Software\Microsoft\Tracing RegKey3=HKLM\Software\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications RegKey4=HKLM\Software\Wow6432Node\Microsoft\Tracing ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Windows Photos * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Windows Photos *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowsphotos_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\microsoft.windowsphotos_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\BackgroundTransferApi|*.down_data;*.up_meta FileKey3=%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\INet*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey5=%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey6=%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey7=%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\PRICache|*.* FileKey8=%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\Temp|*.* FileKey9=%LocalAppData%\Packages\microsoft.windowsphotos_*\LocalState|*.log;*.jpg FileKey10=%LocalAppData%\Packages\microsoft.windowsphotos_*\LocalState\bici|*.sqm FileKey11=%LocalAppData%\Packages\microsoft.windowsphotos_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowsphotos_8wekyb3d8bbwe\SearchHisto ExcludeKey1=FILE|%LocalAppData%\Packages\microsoft.windowsphotos_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ WinJS * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [WinJS *] LangSecRef=3031 Detect1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WinJS.1.0_8wekyb3d8bbwe Detect2=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WinJS.2.0_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.WinJS.*.0_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\LocalState\*Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\LocalState\navigationHistory|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.WinJS.*.*_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Xbox * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Xbox *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxApp_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.XboxApp_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.XboxApp_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.XboxApp_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.XboxApp_*\LocalCache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.XboxApp_*\LocalState|*.log;*.log*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.XboxApp_*\LocalState\*Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.XboxApp_*\LocalState\SmartGlass|*.log FileKey8=%LocalAppData%\Packages\Microsoft.XboxApp_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.XboxApp_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Xbox Identity Provider * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Xbox Identity Provider *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\AC\Microsoft\CLR_v4.0*|*.log FileKey3=%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\AC\Microsoft\CLR_v4.0*\NativeImages\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\AC\Microsoft\CLR_v4.0*\UsageLogs|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\AC\Temp|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\LocalCache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\LocalState\Cache|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\TempState|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.XboxIdentityProvider_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Xbox LIVE Games * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Xbox LIVE Games *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxLIVEGames_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey5=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\AC\PRICache|*.* FileKey7=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\AC\Temp|*.* FileKey8=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\LocalState\*Cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\LocalState\navigationHistory|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\LocalState\PlayReady|*.*|RECURSE FileKey11=%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxLIVEGames_8wekyb3d8bbwe\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.XboxLIVEGames_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ XnView * has been modified. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [XnView *] LangSecRef=3023 Detect1=HKCU\Software\XnView Detect2=HKCU\Software\XnView\XnViewMP Detect3=HKLM\Software\XnView Default=False FileKey1=%AppData%\XnView\cache|*.db FileKey2=%AppData%\XnViewMP|*.db;category.bak FileKey3=%LocalAppData%\VirtualStore\Program Files*\XnViewMP|category.bak;*.db FileKey4=%ProgramFiles%\XnViewMP|category.bak;*.db ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ .NET Framework * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [.NET Framework *] LangSecRef=3025 Detect=HKLM\Software\Microsoft\.NETFramework Default=False FileKey1=%WinDir%\assembly\NativeImages_*\Temp|*.*|RECURSE FileKey2=%WinDir%\assembly\t*mp|*.*|REMOVESELF FileKey3=%WinDir%\Microsoft.NET\Framework*\*\*\Logs|*.*|RECURSE FileKey4=%WinDir%\Microsoft.NET\Framework*\*\Temporary ASP.NET Files|*.*|REMOVESELF FileKey5=%WinDir%\Microsoft.NET\Framework*\v4.0.30319\SetupCache|*.*|RECURSE FileKey6=%WinDir%\System32\URTTemp|*.*|RECURSE RegKey1=HKCU\Software\Microsoft\.NETFramework\SQM\Apps ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Application Manager * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Application Manager *] LangSecRef=3021 Detect=HKCU\Software\Adobe Default=False FileKey1=%AppData%\Adobe\Acrobat\*\Updater|*.log FileKey2=%CommonAppData%\Adobe\ARM|*.*|RECURSE FileKey3=%LocalAppData%\Adobe\AAMUpdater|*.Log|RECURSE FileKey4=%LocalAppData%\Adobe\Acrobat\*\Updater|*.log FileKey5=%LocalAppData%\Adobe\Updater*|*.log|RECURSE FileKey6=%ProgramFiles%\Common Files\Adobe\Installers|*.log.gz|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Adobe Media Cache * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Adobe Media Cache *] LangSecRef=3021 DetectFile=%AppData%\Adobe\Common\Media Cache Default=False FileKey1=%AppData%\Adobe\Common\* Cache*|*.*|RECURSE FileKey2=%AppData%\Adobe\Common\Peak Files|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Dr. Despicable's Dastardly Deeds * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Dr. Despicable's Dastardly Deeds *] Section=Games DetectFile=%AppData%\HitPoint Studios\DrD Default=False FileKey1=%AppData%\HitPoint Studios\DrD|logfile.txt ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ MAGIX Installation Manager * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [MAGIX Installation Manager *] LangSecRef=3023 Detect=HKCU\Software\Magix\MAGIX Installation manager Default=False FileKey1=%CommonAppData%\MAGIX\*|*.log;*.reg FileKey2=%CommonAppData%\MAGIX\*\download|*.*|RECURSE FileKey3=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*|*.log;*.reg FileKey4=%LocalAppData%\VirtualStore\ProgramData\MAGIX\*\download|*.*|RECURSE ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ My Office * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [My Office *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\AC\INet*|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\LocalCache|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\LocalState\AppData\Local\Office\16.0\WebServiceCache|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\LocalState\Cache|*.*|RECURSE ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.MicrosoftOfficeHub_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ News * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [News *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.BingNews_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingNews_*\AC\Microsoft\CLR_v4.0|*.log|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.BingNews_*\AC\PRICache|*.* FileKey3=%LocalAppData%\Packages\Microsoft.BingNews_*\AC\Temp|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.BingNews_*\LocalState\navigationHistory|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe\SearchHistory ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Realtek * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Realtek *] LangSecRef=3024 Detect=HKLM\Software\Realtek Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Realtek*|*.log;*.txt|RECURSE FileKey2=%ProgramFiles%\Realtek*|*.*log;*.txt|RECURSE FileKey3=%ProgramFiles%\Temp|*.*|REMOVESELF FileKey4=%SystemDrive%|RHDSetup.log ExcludeKey1=FILE|%ProgramFiles%\Realtek\*\|InstCtrl.txt ExcludeKey2=FILE|%ProgramFiles%\Realtek\*\|setupctrl.txt ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Weather * has been added. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ [Weather *] LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe DetectFile=%LocalAppData%\Packages\Microsoft.BingWeather_8wekyb3d8bbwe Default=False FileKey1=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\Microsoft\CLR_v4.0|*.log FileKey4=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\PRICache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\Temp|*.*|RECURSE FileKey8=%LocalAppData%\Packages\Microsoft.BingWeather_*\LocalState|*.tmp FileKey9=%LocalAppData%\Packages\Microsoft.BingWeather_*\LocalState\Cache|*.*|RECURSE FileKey10=%LocalAppData%\Packages\Microsoft.BingWeather_*\LocalState\navigationHistory|*.*|RECURSE FileKey11=%LocalAppData%\Packages\Microsoft.BingWeather_*\TempState|*.*|RECURSE RegKey1=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe\SearchHistory ExcludeKey1=FILE|%LocalAppData%\Packages\Microsoft.BingWeather_*\AC\INetCache\|container.dat ╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Diff complete. ║ ╠════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╣ ║ Added entries: 9 ║ ║ Modified entries: 122 ║ ║ Removed entries: 63 ║ ║ ║ ║ Press any key to return to the winapp2ool menu. ║ ╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ Edited February 14, 2018 by Winapp2.ini fixed formatting by inserting a code block winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Winapp2.ini Posted February 14, 2018 Author Share Posted February 14, 2018 Since the forums formatting appears to be breaking the diff formatting, a more readable version can be found here: https://paste2.org/DGfHNUzy winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
PICPro Posted February 14, 2018 Share Posted February 14, 2018 On 13/02/2018 at 06:02, SMalik said: Please remove the entries listed below. Some of them are dangerous. [Adobe CC *], [Adobe CS *], [Adobe Dreamweaver *], [Adobe My Digital Editions *], [Adobe Photoshop *] and [Adobe Premiere Pro *]. [Adobe Photoshop *] was an amalgamation of several older Photoshop entries: CS1,CS2, CS3, etc. during the last refactor. I use this one with Photoshop CS2 and haven't had any issues. Could you please explain the "dangerous" a little? I can't comment on the other entries as I don't have any of the other programs. If it is something that causes problems for others, then I'll add this entry to my custom.ini. Link to comment Share on other sites More sharing options...
SMalik Posted February 15, 2018 Share Posted February 15, 2018 Revised Entry Built-in entry does not remove all of the cache files and cookies. Added: %LocalAppData%\Microsoft\Windows\INetCache|*.*|RECURSE %LocalAppData%\Microsoft\Windows\INetCookies|*.*|RECURSE [Internet Explorer *] LangSecRef=3022 Detect=HKCU\Software\Microsoft\Internet Explorer Default=False FileKey1=%AppData%\Microsoft\Internet Explorer\UserData|*.*|RECURSE FileKey2=%LocalAppData%\Microsoft\Windows\AppCache|*.*|RECURSE FileKey3=%LocalAppData%\Microsoft\Windows\IECompatCache|*.*|RECURSE FileKey4=%LocalAppData%\Microsoft\Windows\IECompatUaCache|*.*|RECURSE FileKey5=%LocalAppData%\Microsoft\Windows\INetCache|*.*|RECURSE FileKey6=%LocalAppData%\Microsoft\Windows\INetCookies|*.*|RECURSE FileKey7=%LocalAppData%\Packages\windows_ie_ac_*\AC\AppCache|*.*|RECURSE FileKey8=%LocalAppData%\Packages\windows_ie_ac_*\AC\INet*|*.*|RECURSE FileKey9=%LocalAppData%\Packages\windows_ie_ac_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey10=%LocalAppData%\Packages\windows_ie_ac_*\AC\Microsoft\CryptnetUrlCache\*|*.* FileKey11=%LocalAppData%\Packages\windows_ie_ac_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey12=%LocalAppData%\Packages\windows_ie_ac_*\AC\PRICache|*.* FileKey13=%LocalAppData%\Packages\windows_ie_ac_*\AC\Temp|*.* FileKey14=%LocalAppData%\Packages\windows_ie_ac_*\LocalState\Cache|*.*|RECURSE FileKey15=%LocalAppData%\Packages\windows_ie_ac_*\LocalState\navigationHistory|*.*|RECURSE FileKey16=%LocalAppData%\Packages\windows_ie_ac_*\TempState|*.*|RECURSE FileKey17=%WinDir%\System32\config\Systemprofile\AppData\Local\Microsoft\Windows\INetCache|*.*|RECURSE RegKey1=HKCR\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage RegKey2=HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore RegKey3=HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage RegKey4=HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl RegKey5=HKCU\Software\Microsoft\Internet Explorer\Recovery\PendingDelete RegKey6=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats ExcludeKey1=FILE|%LocalAppData%\Packages\windows_ie_ac_*\AC\INetCache\|container.dat Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now