[Winapp2.ini additions]

Updated: https://github.com/MoscaDotTo/Winapp2/commit/856ea0a45d587e6c433d98965fa413a2c6fbbd3b

 

Probably better to keep the old entries for awhile longer, because I heard v3 was pretty buggy, so people might stick with the old versions until v3 is more stable.

 

Yep!  It will be awhile before V3 is fully functional.  Was surprised that it got released so quickly during the beta testing cycle.

[Winapp2.ini additions]

New Entry:  [Malwarebytes V3 Logs*]

 

-  Malwarebytes Version 3 combines and replaces Malwarebytes Anti-Malware, Anti-Exploit, and Anti-Ransomware.  

[Malwarebytes V3 Logs*]
LangSecRef=3024
Detect=HKCU\Software\Malwarebytes
Default=False
Warning=You must manually and temporarily turn off Malwarebytes "self-protection" to remove the logs.
FileKey1=%CommonAppData%\Malwarebytes\MBAMService|*.log;*.bak
FileKey2=%CommonAppData%\Malwarebytes\MBAMService\logs|*.*

[Winapp2.ini additions]

 

Modified Entry: [samsung Magician Logs*]

 

Added FileKey5 for Samsung Magician V5.0

[Samsung Magician Logs*]
LangSecRef=3021
Detect1=HKLM\Software\Samsung Magician
Detect2=HKLM\Software\Wow6432Node\Samsung Magician
Default=False
FileKey1=%LocalAppData%\VirtualStore\Program Files*\Samsung\Samsung Magician|*.log;*.txt|RECURSE
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Samsung\Samsung Magician\Logs|*.*
FileKey3=%ProgramFiles%\Samsung Magician\Logs|*.*
FileKey4=%ProgramFiles%\Samsung\Samsung Magician\Logs|*.*
FileKey5=%ProgramFiles%\Samsung\Samsung Magician\Log|*.*

 

Please don't forget this entry for Winapp2.ini

[Winapp2.ini additions]

Modified Entry: [samsung Magician Logs*]

 

Added FileKey5 for Samsung Magician V5.0

[Samsung Magician Logs*]
LangSecRef=3021
Detect1=HKLM\Software\Samsung Magician
Detect2=HKLM\Software\Wow6432Node\Samsung Magician
Default=False
FileKey1=%LocalAppData%\VirtualStore\Program Files*\Samsung\Samsung Magician|*.log;*.txt|RECURSE
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Samsung\Samsung Magician\Logs|*.*
FileKey3=%ProgramFiles%\Samsung Magician\Logs|*.*
FileKey4=%ProgramFiles%\Samsung\Samsung Magician\Logs|*.*
FileKey5=%ProgramFiles%\Samsung\Samsung Magician\Log|*.*

[Winapp2.ini additions]

New Entry:  [Ashampoo Burning Studio 18*]

[Ashampoo Burning Studio 18*]
LangSecRef=3024
Detect=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18
Default=False
FileKey1=%AppData%\Ashampoo\Ashampoo Burning Studio 18\log|*.xml;*.txt
RegKey1=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Audio Disc Project\SaveDialog_CPlaylistDlgEx|InitialDirectory
RegKey2=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Backup Project\BackupOptions|CustomLocation
RegKey3=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\BDMV Disc Project\SelectBDMVFolder|BdmvPath
RegKey4=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Browse Image Project\BrowseImageFile|ImagePath
RegKey5=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Browse Image Project\SaveDialog_SelectImageBrowse|InitialDirectory
RegKey6=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Burn Image Project\SaveDialog_SelectImageBrowse|InitialDirectory
RegKey7=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Burn Image Project\SelectImage|ImagePath
RegKey8=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Data Disc Project\SaveDialog_AddFilesAndDirs|InitialDirectory
RegKey9=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Data Disc Project\DumpImage|ImagePath
RegKey10=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\DVD-Video Disc Project\MoviesPage|Path
RegKey11=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\DVD-Video Disc Project\SaveDialog_authed.CMoviesPage.Movies|InitialDirectory
RegKey12=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Logs
RegKey13=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\tempFiles
RegKey14=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\Unknown Project
RegKey15=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\VCD Project\SaveDialog_OnAddMovies|InitialDirectory
RegKey16=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\VIDEO_TS Disc Project\DumpImage|ImagePath
RegKey17=HKCU\Software\Ashampoo\Ashampoo Burning Studio 18\VIDEO_TS Disc Project\SelectVideoTSFolder|VideoTSPath

[Winapp2.ini additions]

Keep in mind that the Malwarebytes Anti-Malware cleaner code that is part of winapp.ini removes all files that have been quarantined by MBAM.  This could be hazardous if MBAM quarantined a false positive and then you run CCleaner...you would lose the quarantined file and could not restore the false positive file.  Particularly hazardous if you have MBAM to automatically quarantine files.  

[Winapp2.ini additions]

Modified Entry:  [belarc Advisor*]

 

Added FileKey13

[Belarc Advisor*]
LangSecRef=3024
Detect=HKCU\Software\Belarc
Default=False
FileKey1=%LocalAppData%\VirtualStore\Program Files*\Belarc\Advisor\System|Progress.Log
FileKey2=%LocalAppData%\VirtualStore\Program Files*\Belarc\Advisor\System\Security\BelNotify|BelNotify.log;History.log;HistoryHF.log
FileKey3=%LocalAppData%\VirtualStore\Program Files*\Belarc\Advisor\System\Tmp|*.*
FileKey4=%LocalAppData%\VirtualStore\Program Files*\Belarc\BelArcAdvisor\System|Progress.Log
FileKey5=%LocalAppData%\VirtualStore\Program Files*\Belarc\BelArcAdvisor\System\Security\BelNotify|BelNotify.log;History.log;HistoryHF.log
FileKey6=%LocalAppData%\VirtualStore\Program Files*\Belarc\BelArcAdvisor\System\Tmp|*.*
FileKey7=%ProgramFiles%\Belarc\Advisor\System|Progress.Log
FileKey8=%ProgramFiles%\Belarc\Advisor\System\Security\BelNotify|BelNotify.log;History.log;HistoryHF.log
FileKey9=%ProgramFiles%\Belarc\Advisor\System\Tmp|*.*
FileKey10=%ProgramFiles%\Belarc\BelArcAdvisor\System|Progress.Log
FileKey11=%ProgramFiles%\Belarc\BelArcAdvisor\System\Security\BelNotify|BelNotify.log;History.log;HistoryHF.log
FileKey12=%ProgramFiles%\Belarc\BelArcAdvisor\System\Tmp|*.*
FileKey13=%ProgramFiles%\Belarc\BelarcAdvisor\|install.log

[Winapp2.ini additions]

Modified Entry:  [NVIDIA Logs*]

Added *.log; to FileKey3

Added FileKey8/9/10/11/12

[NVIDIA Logs*]
LangSecRef=3024
Detect=HKLM\Software\NVIDIA Corporation
Default=False
FileKey1=%CommonAppData%\NVIDIA|*.log;*.log_backup1|RECURSE
FileKey2=%CommonAppData%\NVIDIA\NvBackend|*.log|RECURSE
FileKey3=%LocalAppData%\NVIDIA\NvBackend|*.log;*.bak
FileKey4=%LocalAppData%\VirtualStore\Program Files*\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs|*.*
FileKey5=%LocalAppData%\VirtualStore\ProgramData\NVIDIA|*.log;*.log_backup1|RECURSE
FileKey6=%LocalAppData%\VirtualStore\ProgramData\NVIDIA\NvBackend|*.log|RECURSE
FileKey7=%ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs|*.*
FileKey8=%CommonAppData%\NVIDIA Corporation\|*.log
FileKey9=%LocalAppData%\NVIDIA Corporation\NvProfileUpdater|*.log;*.bak
FileKey10=%LocalAppData%\NVIDIA Corporation\NvTmMon|*.log;*.bak
FileKey11=%LocalAppData%\NVIDIA Corporation\NvTmRep|*.log;*.bak
FileKey12=%CommonAppData%\NVIDIA Corporation\Nvstapisvr|*.log;*.old

[Winapp2.ini additions]

Modified Entries:  [Avira System Speedup Error Reports*] and [Avira System Speedup Logs*]

 

Added Detect2:

[Avira System Speedup Error Reports*]
LangSecRef=3024
Detect1=HKLM\Software\AviraSpeedup
Detect2=HKLM\Software\Avira\Speedup
Default=False
FileKey1=%CommonAppData%\Avira\SystemSpeedup\Errors|*.*

[Avira System Speedup Logs*]
LangSecRef=3024
Detect1=HKLM\Software\AviraSpeedup
Detect2=HKLM\Software\Avira\Speedup
Default=False
FileKey1=%CommonAppData%\Avira\SystemSpeedup\Logs|*.*
FileKey2=%LocalAppData%\AviraSpeedup\logs|*.*

[Winapp2.ini additions]

My vote is to remove the 3 Quicklaunch entries.  I run CCleaner with them unchecked at the present time.

[Winapp2.ini additions]

New Entry:  [Trusteer Rapport Logs*]  

[Trusteer Rapport Logs*]
LangSecRef=3022
Detect=HKCU\Software\Trusteer\Rapport
Default=False
FileKey1=%Windir%\System32\config\systemprofile\AppData\Local\Trusteer\Rapport\user\logs|*.*
FileKey2=%LocalAppData%\Trusteer\Rapport\user\logs|*.*
FileKey3=%CommonAppData%\Trusteer\Rapport\logs|*.*

[Winapp2.ini additions]

Modified entry:  [AdwCleaner*]

 

Added DetectFile

[AdwCleaner*]
LangSecRef=3024
Detect=HKLM\Software\AdwCleaner
DetectFile=%SystemDrive%\AdwCleaner
Default=False
FileKey1=%SystemDrive%|AdwCleaner*.txt
FileKey2=%SystemDrive%\AdwCleaner|*.txt
RegKey1=HKLM\Software\AdwCleaner|DeleteCount
RegKey2=HKLM\Software\AdwCleaner|SearchCount
RegKey3=HKLM\Software\Wow6432node\AdwCleaner|DeleteCount
RegKey4=HKLM\Software\Wow6432node\AdwCleaner|SearchCount

[Winapp2.ini additions]

These 2 blocks of code should be removed from Winapp2.ini because they remove backups and quarantined items.  

 

[AdwCleaner 3 Backup*]

[AdwCleaner 3 Quarantine*]

[AdwCleaner 3 Backup*]
LangSecRef=3024
Warning=You will not be able to undo your changes after running this.
Detect=HKLM\Software\AdwCleaner
Default=False
FileKey1=%SystemDrive%\AdwCleaner\backup|*.*|RECURSE

[AdwCleaner 3 Quarantine*]
LangSecRef=3024
Warning=You will not be able to undo your changes after running this.
Detect=HKLM\Software\AdwCleaner
Default=False
FileKey1=%SystemDrive%\AdwCleaner\Quarantine|*.*|RECURSE

[Winapp2.ini additions]

Modified entry:  [Quicken Logs*]

 

Added FileKey8 and FileKey9  

[Quicken Logs*]
LangSecRef=3021
Detect=HKLM\Software\Intuit\Quicken
Default=False
FileKey1=%AppData%\Intuit\Quicken\Log|*.txt;*.log
FileKey2=%CommonAppData%\Intuit\Quicken\Log|*.log
FileKey3=%CommonAppData%\Intuit\Quicken\Log\installer|*.*|REMOVESELF
FileKey4=%CommonAppData%\Intuit\SendError|*.log
FileKey5=%LocalAppData%\Intuit\Common\Authorization\V1\Logs|*.txt
FileKey6=%LocalAppData%\VirtualStore\ProgramData\Intuit\Quicken\Log|*.log
FileKey7=%LocalAppData%\VirtualStore\ProgramData\Intuit\SendError|*.log
FileKey8=%LocalAppData%\Quicken\Common\Authorization\V1\Logs|*.txt
FileKey9=%ProgramFiles%\Quicken\PDFDrv\|install.log;InstallPDFConverter.log

[Winapp2.ini additions]

Modified Entry:  [CyberLink PowerDVD 16*]

 

Fixed Detect

[CyberLink PowerDVD 16*]
LangSecRef=3023
Detect=HKCU\Software\CyberLink\PowerDVD16
Default=False
FileKey1=%LocalAppData%\Cyberlink\PowerDVD*\cache\|*.*
FileKey2=%CommonAppData%\Cyberlink\Evoparser\|*.xml

Good catch, SMalik 

[MBAM Quarantined files Deleted by CCleaner]

I urge the developers of CCleaner to not remove the Quarantined files from Malwarebytes Anti-Malware security software's Quarantine folder.  This prevents users from recovering from a false positive if MBAM has incorrectly quarantined a file and the user executes CCleaner before they know that MBAM has made an error.  Please remove FileKey2 and FileKey4 from the winapp.ini code.  Users of MBAM should have total control over when Quarantined files are removed.  

[Malwarebytes Anti-Malware]
ID=2162
LangSecRef=3024
Detect=HKLM\Software\Malwarebytes' Anti-Malware
DetectFile1=%ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe
DetectFile2=%ProgramFiles%\Malwarebytes Anti-Malware\mbam.exe
Default=False
FileKey1=%appdata%\Malwarebytes\Malwarebytes' Anti-Malware\Logs|*.txt
FileKey2=%appdata%\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine|*.*
FileKey3=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Malware\Logs|*.xml
FileKey4=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Malware\Quarantine|*.*

[SuperAntiSpyware cleaning code needs updated.]

The cleaning code for SuperAntiSpyware is either inaccurate or incomplete.  The existing code in winapp.ini is:

[SUPERAntiSpyware]
ID=2263
LangSecRef=3024
Detect=HKLM\Software\SUPERAntiSpyware.com\SUPERAntiSpyware
Default=True
FileKey1=%AppData%\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs|*.log
FileKey2=%AppData%\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs|*.dmp;*.SDB

On my Windows 10 x64 Pro Build 14393.321 systems with SAS PRO (lifetime license and latest version 6.0.1224) the Applogs folder is located at %CommonAppData%\SUPERAntiSpyware.com\SUPERAntiSpyware instead of %AppData%.  I recommend that FileKey2 be changed to 

 

FileKey2=%CommonAppData%\SUPERAntiSpyware.com\SUPERAntiSpyware\Applogs|*.dmp;*.SDB;*.ZIP

 

In addition, I recommend that FileKey3 as shown below be added to the code.

 

FileKey3=%ProgramFiles%\SUPERAntiSpyware|*.tmp

[Winapp2.ini additions]

Updated Superantispyware even more:  [sUPERAntiSpyware More*]

 

Changed Detect to Detect1

Added Detect2   (HKCU not found in Windows 10 x64 Pro Build 14933.321)

[SUPERAntiSpyware More*]
LangSecRef=3024
Detect1=HKCU\Software\SUPERAntiSpyware.com\SUPERAntiSpyware
Detect2=HKLM\Software\SUPERAntiSpyware.com\SUPERAntiSpyware
Default=False
FileKey1=%CommonAppData%\!SASCORE\AppLogs|*.dmp;*.SDB
FileKey2=%CommonAppData%\SUPERAntiSpyware.com\SUPERAntiSpyware\Applogs|*.dmp;*.SDB;*.ZIP
FileKey3=%LocalAppData%\VirtualStore\ProgramData\!SASCORE\AppLogs|*.dmp;*.SDB
FileKey4=%LocalAppData%\VirtualStore\ProgramData\SUPERAntiSpyware\Applogs|*.dmp;*.SDB;*.ZIP
FileKey5=%ProgramFiles%\SUPERAntiSpyware|*.tmp

[Winapp2.ini additions]

Modified Entry:  [Malwarebytes Anti-Exploit*]

 

Changed DetectFile, FileKey1, FileKey2.   (File location was incorrectly specified as \Malwarebytes\Malwarebytes Anti-Exploit...which was used in much earlier versions of this program)

[Malwarebytes Anti-Exploit*]
LangSecRef=3024
Detect=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc
DetectFile=%CommonAppData%\Malwarebytes Anti-Exploit
Default=False
FileKey1=%CommonAppData%\Malwarebytes Anti-Exploit|*.log;mbae-default.log.bak;mbae-protector.xpe.bak
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Malwarebytes Anti-Exploit|*.log;mbae-default.log.bak;mbae-protector.xpe.bak
FileKey3=%ProgramFiles%\Malwarebytes Anti-Exploit|mbae-uninstall.log;changelog.txt

[Winapp2.ini additions]

New Entry:  [CyberLink PowerDVD 16*]

[CyberLink PowerDVD 16*]
LangSecRef=3023
Detect=HKCU\Software\CyberLink
Default=False
FileKey1=%LocalAppData%\Cyberlink\PowerDVD*\cache\|*.*
FileKey2=%CommonAppData%\Cyberlink\Evoparser\|*.xml

[Winapp2.ini additions]

New Entry:  [user Benchmark*]

[User Benchmark*]
LangSecRef=3024
DetectFile=%ProgramFiles%\User Benchmark\UserBenchMark.exe
Default=False
FileKey1=%SystemDrive%\UserBenchmark|*.*|REMOVESELF

[Winapp2.ini additions]

Modified Entry:  [AVG PC TuneUp & TuneUp Utilities Logs*]

 

Added FileKey6,7,8,9,10

[AVG PC TuneUp & TuneUp Utilities Logs*]
LangSecRef=3024
Detect1=HKCU\Software\TuneUp
Detect2=HKCU\Software\AVG\AWL\RegistryCleaner
Default=False
FileKey1=%CommonAppData%\TuneUp Software\TuneUp Utilities *|*.log|RECURSE
FileKey2=%LocalAppData%\AvgSetupLog|*.*|REMOVESELF
FileKey3=%LocalAppData%\Avg\AWL*\Log|*.log
FileKey4=%LocalAppData%\Avg\Log|*.log;zappapi.log.1|RECURSE
FileKey5=%LocalAppData%\TuneUp Software|*.log|RECURSE
FileKey6=%LocalAppData%\Avg\log\tu16|*.log
FileKey7=%WinDir%\System32\config\systemprofile\AppData\Local\Avg\Log\fmw1|*.log
FileKey8=%WinDir%\System32\config\systemprofile\AppData\Local\Avg\Log\tu16|*.log
FileKey9=%SystemDrive%\Users\Default\AppData\Local\Avg\Log\tu16|*.log
FileKey10=%LocalAppData%\Avg\log\fmw1|*.log

[Winapp2.ini additions]

Modified Entry:  [Tweaking.com Windows Repair*]

 

1.  Changed DetectFile to DetectFile1

2.  Added DetectFile2

[Tweaking.com Windows Repair*]
LangSecRef=3024
Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Tweaking.com - Windows Repair (All in One)
DetectFile1=%SystemDrive%\Tweaking.com_Windows_Repair_Logs
DetectFile2=%ProgramFiles%\Tweaking.com
Default=False
FileKey1=%LocalAppData%\VirtualStore\Program Files*\Tweaking.com\Windows Repair (All in One)\Logs|*.*|REMOVESELF
FileKey2=%ProgramFiles%\Tweaking.com\Windows Repair (All in One)\Logs|*.*|REMOVESELF
FileKey3=%SystemDrive%\Tweaking.com_Windows_Repair_Logs|*.*|REMOVESELF

[Winapp2.ini additions]

Modified Entry:  [Malwarebytes Anti-Exploit*]

 

Added ;mbae-default.log.bak;mbae-protector.xpe.bak  to FileKey1 and FileKey2 

[Malwarebytes Anti-Exploit*]
LangSecRef=3024
Detect=HKLM\SYSTEM\CurrentControlSet\Services\MbaeSvc
DetectFile=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit
Default=False
FileKey1=%CommonAppData%\Malwarebytes\Malwarebytes Anti-Exploit|*.log;mbae-default.log.bak;mbae-protector.xpe.bak
FileKey2=%LocalAppData%\VirtualStore\ProgramData\Malwarebytes\Malwarebytes Anti-Exploit|*.log;mbae-default.log.bak;mbae-protector.xpe.bak
FileKey3=%ProgramFiles%\Malwarebytes Anti-Exploit|mbae-uninstall.log;changelog.txt

[Winapp2.ini additions]

Modified Entry:  [installShield Installation Information Logs*]

 

1.  Changed name to include the word "Logs"

2.  Added DetectFile   (Detect=HKCU\Software\InstallShield  not present in Windows 10 x64 Pro)

[InstallShield Installation Information Logs*]
LangSecRef=3024
Detect=HKCU\Software\InstallShield
DetectFile=%ProgramFiles%\Installshield Installation Information
Default=False
FileKey1=%LocalAppData%\VirtualStore\Program Files*\InstallShield Installation Information|*.log|RECURSE
FileKey2=%ProgramFiles%\InstallShield Installation Information|*.log|RECURSE