-
Posts
1,117 -
Joined
-
Last visited
Posts posted by siliconman01
-
-
I assume everyone is aware of the useful little tool named CCDump.exe at the link below.
http://singularlabs....cleaning-rules/
Here is some code to remove the 4 files from the CCleaner folder when you are through examining them.
[CCDump.exe files*] LangSecRef=3024 DetectFile=%ProgramFiles%\CCleaner\CCDump.exe Warning=This removes files winapp.ini, winsys.ini, winreg.ini and regkeys.output.txt from the CCleaner folder. These files are retrieved from CCleaner.exe via tool CCDump.exe. Default=False FileKey1=%ProgramFiles%\CCleaner\|winapp.ini FileKey2=%ProgramFiles%\CCleaner\|winreg.ini FileKey3=%ProgramFiles%\CCleaner\|winsys.ini FileKey4=%ProgramFiles%\CCleaner\|regkeys.output.txt
-
New entry for Ashampoo Burning Studio 12 which will be released on 14-Nov-2012
[Ashampoo Burning Studio 12*] LangSecRef=3024 Detect=HKCU\Software\Ashampoo\Ashampoo Burning Studio 12 Default=False FileKey1=%AppData%\Ashampoo\Ashampoo Burning Studio 12|backupmetainfo.xml FileKey2=%AppData%\Ashampoo\Ashampoo Burning Studio 12\Log|*.xml FileKey3=%AppData%\Ashampoo\Ashampoo Burning Studio 12\Log|*.txt FileKey4=%AppData%\Ashampoo\Log|*.txt
You can also delete the code below because it is in Winapp.ini
[Ashampoo Burning Studio 10 More*] LangSecRef=3023 Detect=HKCU\Software\Ashampoo\Ashampoo Burning Studio 10 Default=False FileKey1=%AppData%\Ashampoo|backupmetainfo.xml
-
I hope Winapp2.ini and family made it through hurricane Sandy safely. Probably is without electricity however.
-
Also, please change the LangSecRef=3024 to LangSecRef=3023 on [Nvidia Graphics Driver Installation Files*].
-
Also, I recommend that the section be changed on the new [NVIDIA Updates*] from LangSecRef=3021 to LangSecRef=3023 so that it matches the other Nvidia entries.
In addition, I'm pretty sure there is an error in [Nvidia Graphics Driver Installation Files*]. FileKey2=%ProgramFiles%\NVIDIA Corporation\Install2|*.*|RECURSE should be FileKey2=%ProgramFiles%\NVIDIA Corporation\Installer2|*.*|RECURSE
-
Did you decide against the discussion at?
http://forum.piriform.com/index.php?showtopic=32310&view=findpost&p=222634
Either removing the items or including DETECTOS=|5.1 in each of them?
-
ah HA! Thanks for the quick response/clarification.
Suggest that the explanation be included in your Spoiler SHOW for how to make winapp2.ini entries.
-
Technical question .....
Should it be DetectOS=|5.1 or DetectOS=5.1? In other words, is the | required in the DetectOS command?
DetectOS=5.1 does not seem to work. If it is supposed to be DetectOS=|5.1, then why are there so many DetectOS=6.0 entries in Winapp2.ini ?
-
The three codes below do NOT seem to apply to Windows 7; however, they show up in the Applications tab on Windows 7 systems. It appears to me that they are intended for Windows XP. They should either be modified to include Windows 7 (and probably Vista) or they should have a DetectOS=|5.1 added to the code.
[Windows Media Player (Album Art Cache)*]
LangSecRef=3023
Detect=HKCU\Software\Microsoft\MediaPlayer
Default=False
FileKey1=%WinDir%\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS|*.*|RECURSE
FileKey2=%SystemDrive%\Documents and Settings\NetworkService\Local Settings\Microsoft\Media Player\Art Cache\LocalMLS|*.*|RECURSE
FileKey3=%SystemDrive%\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Art Cache\LocalMLS|*.*|RECURSE
[Windows Media Player (Databases)*]
LangSecRef=3023
Detect=HKCU\Software\Microsoft\MediaPlayer
Warning=This will remove ratings, play counts, last played, etc.
Default=False
FileKey1=%WinDir%\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player|*.*|REMOVESELF
FileKey2=%SystemDrive%\Documents and Settings\NetworkService\Local Settings\Microsoft\Media Player|*.*|REMOVESELF
FileKey3=%SystemDrive%\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player|*.*|REMOVESELF
[Windows Media Player (MediaGuide)*]
LangSecRef=3023
Detect=HKCU\Software\Microsoft\MediaPlayer
Default=False
RegKey1=HKCU\Software\Microsoft\MediaPlayer\Preferences|CurrentBackgroundScanFolder
RegKey2=HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide|CachedIconPath
RegKey3=HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide|CachedLargeLogoPath
It actually looks like the three above codes can be removed because they are included in winapp.ini.
[Windows Media Player] ID=2033 LangSecRef=3023 Detect=HKCU\Software\Microsoft\MediaPlayer\Player Default=True RegKey1=HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList RegKey2=HKCU\Software\Microsoft\MediaPlayer\Player\RecentURLList RegKey3=HKCU\Software\Microsoft\MediaPlayer\Preferences|LastPlayList RegKey4=HKCU\Software\Microsoft\MediaPlayer\Preferences|LastPlayListIndex RegKey5=HKCU\Software\Microsoft\MediaPlayer\Player\Settings|SaveAsDir RegKey6=HKCU\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit RegKey7=HKCU\Software\Microsoft\MediaPlayer\Radio\MRUList RegKey8=HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide|CachedIconPath RegKey9=HKCU\Software\Microsoft\MediaPlayer\Services\MediaGuide|CachedLargeLogoPath FileKey1=%LocalAppData%\Microsoft\Media Player|lastplayed.wpl FileKey2=%LocalAppData%\Microsoft\Media Player|cacheentry*.*|RECURSE FileKey3=%LocalAppData%\Microsoft\Media Player\Art Cache\LocalMLS|*.*|RECURSE FileKey4=%LocalAppData%\Microsoft\Media Player\Transcoded Files Cache|*.*|RECURSE
-
Thanks for the update!
-
I recommend that the following codes be changed from LangSecRef=3025 to LangSecRef=3022 because they are Internet related.
[LocalService Cookies*]
[LocalService History*]
[LocalService Temporary Internet Files*]
[iETldCache*]
[NetworkService Cookies*]
[NetworkService History*]
[NetworkService Temporary Internet Files*]
[iE7pro*] probably should be changed from 3024 to 3022 as well.
-
I honestly do not feel that winapp2.ini should be permitted to remove "quarantined" files of security programs. All security programs have their own option to remove one or all quarantined files. The potential of a CCleaner user deleting a false positive in quarantine by having winapp2.ini code such as {superantispyware quarantine*] check marked is pretty great in my opinion. Obviously this would prevent the user from returning a valid file (flagged as false positive) to its normal location. I feel the user should have to "think twice" by having to use the security program's option to empty quarantined files. Most security companies recommend that a quarantined file should not be dumped for at least a week.
And I continue to feel that Piriform should fix the winapp.ini code for Malwarebytes so that it does NOT delete quarantined items. JMO...
-
winapp2.ini,
please consider removing the code below. it is not really the proper or best way to handle the ctfmon.exe running issue.
[ctfmon.exe (disable startup)*] langsecref=3021 detect1=hkcu\software\microsoft\office detect2=hklm\software\microsoft\office default=false warning=this will only temporarily disable the microsoft office installed file ctfmon.exe from starting with windows. ctfmon.exe is known to cause severe system slow downs and can be permanently disabled using the free ctfmon-remover: http://www.gerhard-schlager.at/en/projects/ctfmonremover/ regkey1=hklm\software\microsoft\windows\currentversion\run|ctfmon.exe regkey2=hkcu\software\microsoft\windows\currentversion\run|ctfmon.exe regkey3=hku\.default\software\microsoft\windows\currentversion\run|ctfmon.exe
-
Personally, I think the ctfmon.exe code should be removed from Winapp2.ini. If a person is having an issue with ctfmon running, then links such as the ones below will assist in correcting the problem.
http://www.howtogeek.com/howto/windows-vista/what-is-ctfmonexe-and-why-is-it-running/
http://support.microsoft.com/kb/823586
and many others that can be viewed by googling Office XP ctfmon.exe or Office 2003 ctfmon.exe, Office 2007 ctfmon.exe or Office 2010 ctfmon.exe
-
Why not replace the three detects with one detectFile
DetectFile=%Windir%
The original coder of ctfmon.exe is attempting to stop ctfmon.exe from starting up on system reboot. ctfmon.exe can be present on the system, but its the continuous running of the it that has caused many users problems. There are procedures to totally deactivate it, but the original coder just wants to stop it from starting up. A DetectFile will still show the code even if it is not in the RUN keys to start up.
-
Does that work like that?
I assume you are referring to the ctfmon.exe code. And the answer is "No". I put in a test ctfmon.exe string in the registry and my modification did not detect it. Ugggh. Any suggestions as to how to make it detect if there is an active RUN string that needs to be deleted? But once deleted the code should no longer be visible.
-
Modified ctfmon.exe to include Detect1/2/3 which prevents this code from showing up on systems where ctfmon.exe has been properly deactivated already.
[ctfmon.exe (Disable Startup)*] LangSecRef=3021 Detect1=HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe Detect2=HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe Detect3=HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe Default=False Warning=This will only temporarily disable the Microsoft Office installed file ctfmon.exe from starting with Windows. ctfmon.exe is known to cause severe system slow downs and can be permanently disabled using the free CTFMON-Remover: http://www.gerhard-schlager.at/en/projects/ctfmonremover/ RegKey1=HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe RegKey2=HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe RegKey3=HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe
-
When upgrading versions of MS Office, some registry keys are left over that show previous versions of MS Office that have been installed on the user's computer. The code below cleans out these registry keys based on the highest MS Office version currently installed on the user computer. This helps prevent third party programs from misinterpreting which Office version is on a user's computer.
MS Office 2010
[MS Office 2010 Upgrade: MS Office XP/2003/2007 Registry Cleanup*] LangSecRef=3021 Detect1=HKCU\Software\Microsoft\Office\14.0 Detect2=HKLM\Software\Microsoft\Office\14.0 Default=False Warning=This cleans out registry entries/remnants of Microsoft Office XP/2003/2007 after Microsoft Office 2010 is installed. RegKey1=HKCU\Software\Microsoft\Office\12.0 RegKey2=HKLM\Software\Microsoft\Office\12.0 RegKey3=HKCU\Software\Microsoft\Office\11.0 RegKey4=HKLM\Software\Microsoft\Office\11.0 RegKey5=HKCU\Software\Microsoft\Office\10.0 RegKey6=HKLM\Software\Microsoft\Office\10.0 RegKey7=HKLM\Software\Wow6432Node\Microsoft\Office\12.0 RegKey8=HKLM\Software\Wow6432Node\Microsoft\Office\11.0 RegKey9=HKLM\Software\Wow6432Node\Microsoft\Office\10.0
MS Office 2007
[MS Office 2007 Upgrade: MS Office XP/2003 Registry Cleanup*] LangSecRef=3021 Detect1=HKCU\Software\Microsoft\Office\12.0 Detect2=HKLM\Software\Microsoft\Office\12.0 Default=False Warning=This cleans out registry entries/remnants of Microsoft Office XP/2003 after Microsoft Office 2007 is installed. RegKey1=HKCU\Software\Microsoft\Office\11.0 RegKey2=HKLM\Software\Microsoft\Office\11.0 RegKey3=HKCU\Software\Microsoft\Office\10.0 RegKey4=HKLM\Software\Microsoft\Office\10.0 RegKey5=HKLM\Software\Wow6432Node\Microsoft\Office\11.0 RegKey6=HKLM\Software\Wow6432Node\Microsoft\Office\10.0
MS Office 2003
[MS Office 2003 Upgrade: MS Office XP Registry Cleanup*] LangSecRef=3021 Detect1=HKCU\Software\Microsoft\Office\11.0 Detect2=HKLM\Software\Microsoft\Office\11.0 Default=False Warning=This cleans out registry entries/remnants of Microsoft Office XP after Microsoft Office 2003 is installed. RegKey1=HKCU\Software\Microsoft\Office\10.0 RegKey2=HKLM\Software\Microsoft\Office\10.0 RegKey3=HKLM\Software\Wow6432Node\Microsoft\Office\10.0
-
NEW ENTRY
[Corel PaintShop Pro X5*]
LangSecRef=3023
Detect=HKCU\Software\Corel\PaintShop Pro\X5
Default=False
FileKey1=%LocalAppData%\Corel PaintShop Pro\15.0\Database|*.db
FileKey2=%LocalAppData%\Corel PaintShop Pro\15.0\Thumbs|*.*|RECURSE
I don't have PaintShop on my system. Should the existing [Corel PaintShop Pro X4 More*] be modified to include
FileKey2=%LocalAppData%\Corel PaintShop Pro\14.0\Thumbs|*.*|RECURSE
[Corel PaintShop Pro X4 More*] LangSecRef=3023 Detect=HKCU\Software\Corel\PaintShop Pro\X4 Default=False FileKey1=%LocalAppData%\Corel PaintShop Pro\14.0\Database|*.db
-
Recommended modification to TuneUp Utilities*. Changed name and added warning messages.
[TuneUp Utilities (Backups)*] LangSecRef=3024 Detect=HKCU\Software\TuneUp Warning=This removes ALL backups created by TuneUp Utilities during its registry and other cleaning activities. Default=False FileKey1=%AppData%\TuneUp Software\*\Backups|*.rcb
-
TuneUp Utilities 2013 support? Or is it 2012 version working with 2013 too?
See the post below:
http://forum.pirifor...ndpost&p=221121
TuneUp Utilities* applies to 2013 as it is currently coded for previous versions of TuneUp
-
It looks to me like Avira More* needs to be deleted because it is covered in winapp.ini
winapp.ini Avira Desktop code
[AntiVir Desktop] ID=2138 LangSecRef=3024 Detect=HKLM\SOFTWARE\Avira\AntiVir Desktop Default=True FileKey1=%CommonAppData%\Avira\AntiVir Desktop\TEMP|*.* FileKey2=%CommonAppData%\Avira\Antivir Desktop\BACKUP\FAILSAFE\*.tmp FileKey3=%CommonAppData%\Avira\AntiVir Desktop|*.old FileKey4=%CommonAppData%\Avira\AntiVir Desktop|*.tmp FileKey5=%ProgramFiles%\Avira\AntiVir Desktop|*.old FileKey6=%ProgramFiles%\Avira\AntiVir Desktop|*.tmp FileKey7=%ProgramFiles%\Avira\AntiVir Desktop\FAILSAFE|*.tmp FileKey8=%CommonAppData%\Avira\AntiVir Desktop\LOGFILES|*.*
Winapp2.ini Avira More* code
[Avira More*] LangSecRef=3024 Detect=HKLM\SOFTWARE\Avira Default=False FileKey1=%CommonAppData%\Avira|*.tmp|RECURSE FileKey2=%CommonAppData%\Avira|*.log|RECURSE FileKey3=%ProgramFiles%\Avira|*.tmp|RECURSE FileKey4=%ProgramFiles%\Avira|*.log|RECURSE FileKey5=%ProgramFiles%\Avira GmbH|*.log|RECURSE
Avira More* looks like it is outdated and applies to old versions of Avira. It certainly does not apply to Avira Internet Security 2010/11/12/13
-
Modification to TuneUp Utilities Reg Defrag Cleanup for TuneUp Utilities 2013. Modified name and added Detect3.
[TuneUp Utilities 2011/12/13 Reg Defrag Cleanup*] LangSecRef=3024 Detect1=HKCU\Software\TuneUp\Utilities\10.0 Detect2=HKCU\Software\TuneUp\Utilities\12.0 Detect3=HKCU\Software\TuneUp\Utilities\13.0 Default=False FileKey1=%WinDir%\System32\config|SECURITY_tureg_old FileKey2=%WinDir%\System32\config|SOFTWARE_tureg_old FileKey3=%WinDir%\System32\config|SYSTEM_tureg_old FileKey4=%WinDir%\System32\config|DEFAULT_tureg_new.LOG* FileKey5=%WinDir%\System32\config|SAM_tureg_new.LOG* FileKey6=%WinDir%\System32\config|SECURITY_tureg_new.LOG* FileKey7=%WinDir%\System32\config|SOFTWARE_tureg_new.LOG* FileKey8=%WinDir%\System32\config|SYSTEM_tureg_new.LOG* FileKey9=%WinDir%\System32\config|DEFAULT_tureg_old FileKey10=%WinDir%\System32\config|SAM_tureg_old FileKey11=%WinDir%\ServiceProfiles\LocalService|NTUSER.DAT_tureg_old FileKey12=%WinDir%\ServiceProfiles\LocalService|NTUSER.DAT_tureg_new.LOG* FileKey13=%WinDir%\ServiceProfiles\NetworkService|NTUSER.DAT_tureg_old FileKey14=%WinDir%\ServiceProfiles\NetworkService|NTUSER.DAT_tureg_new.LOG* FileKey15=%WinDir%\System32\config|COMPONENTS_tureg_old FileKey16=%WinDir%\System32\config|COMPONENTS_tureg_new.LOG* FileKey17=%LocalAppData%\Microsoft\Windows|USRCLASS.DAT_tureg_old FileKey18=%UserProfile%|NTUSER.DAT_tureg_new.LOG* FileKey19=%UserProfile%|NTUSER.DAT_tureg_old FileKey20=%SystemDrive%\Boot|BCD_tureg_new.LOG* FileKey21=%SystemDrive%\Boot|BCD_tureg_old FileKey22=%LocalAppData%\Microsoft\Windows|USRCLASS.DAT_tureg_new.LOG*
-
Some of the names are a bit shy of explanation as to what they affect or are associated with. This may make it difficult for non-experts to decide whether they should use them.
Perhaps:
[urlclassifier3.sqlite*] = [Firefox/Pale Moon urlclassifier3.sqlite*]
[implicitAppShortcuts*] = [Windows QuickLaunch ImplicitAppShortcuts*]
[DiagnosedApplications*]= [Windows QuickLaunch DiagnosedApplications*]
JMO
Winapp2.ini additions
in CCleaner
Posted
Modified entry
Added FileKey2 and FileKey3 to [DisplayFusion TroubleShooting Logs*]