-
Posts
6,470 -
Joined
-
Last visited
Posts posted by Winapp2.ini
-
-
WinappDebug has been updated to detect invalid command lines to avoid regressions like the one with SlimCleaner.
-
1 hour ago, hazelnut said:
Wonder why Intel CEO sold a lot of his shares a month ago?
https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx
most likely a common tax practice here in the states called a Non-Qualified Stock Option.
It'll be interesting to see what happens to cloud providers who almost universally run on Intel Xeons as a result of this. The security implications from what I understand are pretty extreme.
-
1 hour ago, SMalik said:
Revised Entry
Changed name from [ACDSee Standard Registry *] to [ACDSee Standard *].
Changed LangSecRef=3021 to LangSecRef=3023
Removed:
Detect1=HKCU\Software\ACD Systems\ACDSee
Detect2=HKCU\Software\ACD Systems\ACDSee Standard
HKU\S-1-5-21-1202660629-854245398-1801674531-1003\Software\ACD Systems\ACDSee\60|HistMCFDestFolder
HKU\S-1-5-21-1202660629-854245398-1801674531-1003\Software\ACD Systems\ACDSee\60|HistPaths
HKU\S-1-5-21-1202660629-854245398-1801674531-1003\Software\ACD Systems\ACDSee\60|LastOptionPageName
HKU\S-1-5-21-1202660629-854245398-1801674531-1003\Software\ACD Systems\ACDSee\60|OpenFolder
HKU\S-1-5-21-1202660629-854245398-1801674531-1003\Software\ACD Systems\ACDSee\60\PrintOptions\OutputContactSheet|ContactSheetFN
HKU\S-1-5-21-1202660629-854245398-1801674531-1003\Software\ACD Systems\ACDSee\60\PrintOptions\OutputContactSheet|ImageMapFNAdded:
Detect=HKCU\Software\ACD Systems\ACDSee\60
%LocalAppData%\ACD Systems\ICMCache|*.*|RECURSE
%LocalAppData%\ACD Systems\SavedSearches|*.*|RECURSE[ACDSee Standard *]
LangSecRef=3023
Detect=HKCU\Software\ACD Systems\ACDSee\60
Default=False
FileKey1=%LocalAppData%\ACD Systems\ICMCache|*.*|RECURSE
FileKey2=%LocalAppData%\ACD Systems\SavedSearches|*.*|RECURSE
RegKey1=HKCU\Software\ACD Systems\ACDSee\60|HistMCFDestFolder
RegKey2=HKCU\Software\ACD Systems\ACDSee\60|HistPaths
RegKey3=HKCU\Software\ACD Systems\ACDSee\60|LastOptionPageName
RegKey4=HKCU\Software\ACD Systems\ACDSee\60|OpenFolder
RegKey5=HKCU\Software\ACD Systems\ACDSee\60\PrintOptions\OutputContactSheet|ContactSheetFN
RegKey6=HKCU\Software\ACD Systems\ACDSee\60\PrintOptions\OutputContactSheet|ImageMapFNI assume that the removal of the HKU\ regkeys is due to the S-1-5-.... path being machine specific? Likewise for K-Lite
-
55 minutes ago, SMalik said:
Revised Entry
Changed name from [Adobe Photoshop *] to [Adobe Photoshop 5.5 *]
Changed Detect from HKCU\Software\Adobe\Photoshop to HKCU\Software\Adobe\Photoshop\5.5
Changed LangSecRef from 3021 to 3023[Adobe Photoshop 5.5 *]
LangSecRef=3023
Detect=HKCU\Software\Adobe\Photoshop\5.5
Default=False
FileKey1=%AppData%\Adobe\Adobe Photoshop*\Generator\logs|*.*
FileKey2=%AppData%\Adobe\Bridge*\Cache\Thumbnails|*.*|RECURSE
FileKey3=%AppData%\Adobe\CameraRaw\Cache|*.*|RECURSE
FileKey4=%AppData%\Adobe\FileBrowser\PhotoshopCS|*.*
FileKey5=%AppData%\Adobe\Photoshop Album\*.*|Logse*.txt
FileKey6=%Pictures%|.BridgeSort|RECURSE
RegKey1=HKCU\Software\Adobe\Photoshop\5.5\VisitedDirsI don't think these paths are specific to version 5.5, as I have seen these paths on a machine running Photoshop CC 2015
This iteration of the entry is partially the result of merging several others as well:
[Adobe Photoshop 5.5*] LangSecRef=3021 Detect=HKCU\Software\Adobe\Photoshop\5.5 Default=False RegKey1=HKCU\Software\Adobe\Photoshop\5.5\VisitedDirs [Adobe Photoshop Album Logs*] LangSecRef=3021 Detect=HKCU\Software\Adobe\Photoshop Album Default=False FileKey1=%AppData%\Adobe\Photoshop Album\*.*|Logse*.txt [Adobe Photoshop CS2 More*] LangSecRef=3021 Detect=HKCU\Software\Adobe\Photoshop\9.0 DetectFile1=%AppData%\Adobe\CameraRaw\Cache DetectFile2=%AppData%\Adobe\Bridge\Cache Default=False FileKey1=%AppData%\Adobe\CameraRaw\Cache|*.*|RECURSE FileKey2=%AppData%\Adobe\Bridge\Cache\Thumbnails|*.*|RECURSE FileKey3=%Pictures%|.BridgeSort|RECURSE
[Photoshop CS Filebrowser*] LangSecRef=3021 Default=False Detect=HKLM\Software\Adobe\Photoshop FileKey1=%AppData%\Adobe\FileBrowser\PhotoshopCS|*.*
-
-
My experience with it is that it deletes the files associated with the apps, presumably from C:\Program Files\WindowsApps and C:\Users\<user>\AppData\Local\Packages
-
20 hours ago, siliconman01 said:
[SetRegistryKey Leftovers*] was added back on 1-Dec-2013
Please note the explanation for the justification of this new entry back then.
That explanation does suit it better. I think including it even as a volatile entry is fine as there's no expectation that this key exists under normal circumstances (based on that the original contributor said in their email)
-
A new entry making guide would be better hosted on the GitHub with a link to it from the master post in this thread. You are correct in that much of the first post has outdated or incomplete information.
-
2 hours ago, CSGalloway said:
Thoughts on deleting "C:\Users\Galloway\AppData\Local\Mozilla\Firefox\Profiles\yfqe01c0.default\ShutdownDuration.json.tmp" ?
I would imagine this to be part of Firefox telemetry
[Telemetry *]
LangSecRef=3026
SpecialDetect=DET_MOZILLA
Default=False
FileKey1=%AppData%\Mozilla\FireFox\Profiles\*|Telemetry*.*
FileKey2=%AppData%\Mozilla\Firefox\Profiles\*\datareporting\archived|*.jsonlz4|REMOVESELF
FileKey3=%AppData%\Mozilla\FireFox\Profiles\*\saved-telemetry-pings|*.*
FileKey4=%LocalAppData%\Mozilla\Firefox\Profiles\*|ShutdownDuration.*should work
-
I did overhear two strangers discussing that they were considering moving to the Google Pixel phones over this while I was out the other day.
-
6 hours ago, siliconman01 said:
Modified entry: [Samsung Magician *]
Added RegKey1
[Samsung Magician *] LangSecRef=3021 Detect=HKLM\Software\Samsung Magician Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Samsung\Samsung Magician|*.log;*.txt|RECURSE FileKey2=%LocalAppData%\VirtualStore\Program Files*\Samsung\Samsung Magician\Log*|*.* FileKey3=%ProgramFiles%\Samsung Magician\Logs|*.* FileKey4=%ProgramFiles%\Samsung\Samsung Magician\Log*|*.* RegKey1=HKCU\Software\Local AppWizard-Generated Applications
I discovered that Samsung Magician is causing the regeneration of the HKCU\Software\Local AppWizard-Generated Applications key on my systems. Therefore I added RegKey1 to Samsung Magician. Below is the registry export of this key. I see [SetRegistryKeys Leftovers *] is no longer included in Winapp2.ini. I do suspect that other third party programs that users may install also set this key, but SM is the only one I have on my system (that I have identified thus far).
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\SamsungMagician]
[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\SamsungMagician\Settings]
I googled that key and it seems largely related to PUPs in general (at least, forums posts about it seem related to PUPs
It might be better to target specifically the Magician key for this reason.
I think RegKey1=HKCU\Software\Local AppWizard-Generated Applications\SamsungMagician
would be more appropriate here
54 minutes ago, CSGalloway said:I think it might be a good idea to insert about line 704 that it's the start of non-browser entries..... Going to try that winapp2 later today...
That link gets the file as a web page - is there a link to get it as a text file?
Note: the link is:
https://raw.githubusercontent.com/MoscaDotTo/Winapp2/MoscaDotTo-patch-1/Winapp2.ini
Just remember that that link is transient and will not remain up-to-date with the master, and can be destroyed at any time. That branch is my patch branch where changes I make to winapp2.ini wait until they're merged into the public release.
-
10 hours ago, SMalik said:
You forgot to remove 'More' from [StarCraft II More *] entry.
There is already a StarCraft II * entry (and it does something different enough from More * that I think they should be kept separate)
If you have a better name suggestion though I will change it to that.
4 hours ago, CSGalloway said:I have "https://raw.githubusercontent.com/MoscaDotTo/Winapp2/master/Winapp2.ini"
to get the master winapp2.ini but if the brached winapp2.ini in good form so I can get it from what web address please?
You can find it here: https://github.com/MoscaDotTo/Winapp2/blob/MoscaDotTo-patch-1/Winapp2.ini
but it will be merged soon into the master branch
-
There is no guarantee that any of the addons above this point in the thread remain compatible with modern day versions of Firefox due to the transition from the addon-sdk to WebExtensions.
Here are some modern extensions that I've been using.
Decentraleyes: https://decentraleyes.org/ (also available for Firefox ESR)
Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.
Multi-Account Containers: https://addons.mozilla.org/en-GB/firefox/addon/multi-account-containers/
Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.
Neat URL:
https://addons.mozilla.org/en-US/firefox/addon/neat-url/
Removes "garbage" from URLS (mostly tracking flags and other non-essentials. Configurable)
Wikiwand: https://addons.mozilla.org/en-US/firefox/addon/wikiwand-wikipedia-modernized/
Redirects you from Wikipedia to Wikiwand, a modernized interface for reading Wiki articles.
-
4 hours ago, Willy2 said:
- Why did they implement that feature in the first place ? If I were Apple then I would remove that feature.
Probably a lose/lose. If they didn't throttle the phones with damaged batteries, and it either caused serious degradation of performance, early shutdowns, etc, there would have been equally vocal complaints. They should have publicized their facts and motivations for doing this, but from an engineering perspective, I mostly understand the why it was done. Transparency is key in situations like this.
-
-
6 hours ago, SMalik said:
This is not working.
Inserting a second space before the * seems to work
[Internet Explorer *]
vs
[Internet Explorer *]
-
37 minutes ago, SMalik said:
We should find a way to eliminate "More" in the [Internet Explorer More *] entry.
Would a trailing space suffice? Eg [Internet Explorer * ]
-
Based on your most recent removals, I assume some changes may need to be made to these entries?
[USB Safely Remove *] LangSecRef=3024 Detect=HKCU\Software\SafelyRemove Default=False FileKey1=%AppData%\USBSafelyRemove|*.txt FileKey2=%AppData%\USBSRService|*.txt FileKey3=%LocalAppData%\VirtualStore\Program Files*\USB Safely Remove|*.DIZ;*.rtf;*.url FileKey4=%ProgramFiles%\USB Safely Remove|*.DIZ;*.rtf;*.url [Santa's Rampage *] Section=Games DetectFile=%ProgramFiles%\*Santa* Rampage Default=False FileKey1=%ProgramFiles%\*Santa* Rampage|*.diz;*.nfo;*.txt;*.url;dotNetFx40_Full_setup.exe|RECURSE FileKey2=%ProgramFiles%\*Santa* Rampage\Redist|*.*|REMOVESELF FileKey3=%ProgramFiles%\*Santa* Rampage\UDKGame\Logs|*.*|REMOVESELF ExcludeKey1=FILE|%ProgramFiles%\*Santa* Rampage\UDKGame\CookedPC\|Manifest.txt ExcludeKey2=PATH|%ProgramFiles%\*Santa* Rampage\Binaries\Win32\|*.* ExcludeKey3=PATH|%ProgramFiles%\*Santa* Rampage\Binaries\Win64\|*.* ExcludeKey4=PATH|%ProgramFiles%\*Santa* Rampage\UDKGame\Script\|*.* [Christmas Adventure - Candy Storm *] Section=Games Detect1=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Adventure - Candy Storm1.1 Detect2=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Adventure - Candy Stormv1.3 DetectFile=%ProgramFiles%\Christmas Adventure - Candy Storm Default=False FileKey1=%AppData%\Argali|*.log|RECURSE FileKey2=%LocalAppData%\VirtualStore\Program Files*\Christmas Adventure - Candy Storm|*.nfo;*.txt FileKey3=%LocalAppData%\VirtualStore\Program Files*\Foxy Games\Christmas Adventure - Candy Storm|*.html;*.msi;*.nfo;*.txt;*.url FileKey4=%ProgramFiles%\Christmas Adventure - Candy Storm|*.nfo;*.txt FileKey5=%ProgramFiles%\Foxy Games\Christmas Adventure - Candy Storm|*.html;*.msi;*.nfo;*.txt;*.url [Christmas Griddlers 2014 *] Section=Games Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Griddlers 20141.1 Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\*\Christmas Griddlers*|*.ico;*.html;*msi;*.nfo;*.txt;*.url|RECURSE FileKey2=%LocalAppData%\VirtualStore\Program Files*\Christmas Griddlers*|*.ico;*.html;*msi;*.nfo;*.txt;*.url|RECURSE FileKey3=%ProgramFiles%\*\Christmas Griddlers*|*.ico;*.html;*msi;*.nfo;*.txt;*.url|RECURSE FileKey4=%ProgramFiles%\Christmas Griddlers*|*.ico;*.html;*msi;*.nfo;*.txt;*.url|RECURSE [Christmas Wonderland *] Section=Games Detect1=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Wonderland 2 Detect2=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Wonderland 3 1.0 Detect3=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Wonderland 4 1.0.4 Detect4=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Wonderland 21.0 Detect5=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Wonderland 31.0 Detect6=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Christmas Wonderland 41.1 Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Christmas Wonderland 3|*.nfo;*.url|RECURSE FileKey2=%LocalAppData%\VirtualStore\Program Files*\Christmas Wonderland 4|*.nfo;*.txt;*.url|RECURSE FileKey3=%LocalAppData%\VirtualStore\Program Files*\Foxy Games\Christmas Wonderland 2|*.url FileKey4=%LocalAppData%\VirtualStore\Program Files*\Foxy Games\Christmas Wonderland 3|*html FileKey5=%LocalAppData%\VirtualStore\Program Files*\Foxy Games\Christmas Wonderland 4|*html;*.nfo;*.txt;*.url|RECURSE FileKey6=%ProgramFiles%\Christmas Wonderland 3|*.nfo;*.url|RECURSE FileKey7=%ProgramFiles%\Christmas Wonderland 4|*.nfo;*.txt;*.url|RECURSE FileKey8=%ProgramFiles%\Foxy Games\Christmas Wonderland 2|*.url FileKey9=%ProgramFiles%\Foxy Games\Christmas Wonderland 3|*html FileKey10=%ProgramFiles%\Foxy Games\Christmas Wonderland 4|*html;*.nfo;*.txt;*.url|RECURSE FileKey11=%SystemDrive%\Games\Christmas Wonderland 3|*.nfo;*.url|RECURSE FileKey12=%SystemDrive%\Games\Christmas Wonderland 4|*.nfo;*.txt;*.url|RECURSE [Gardens Inc. 2 - The Road to Fame *] Section=Games Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BBB8E5A9-EE43-491D-9A2D-84172C3C9384}_is1 Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\*\Gardens Inc. 2*|*.html;*.nfo;*.txt|RECURSE FileKey2=%ProgramFiles%\*\Gardens Inc. 2*|*.ico;*.html;*msi;*.nfo;*.txt;*.url|RECURSE [HyperSnap 7 *] LangSecRef=3021 Detect=HKCU\Software\Hyperionics\HyperSnap 7 Default=False FileKey1=%ProgramFiles%\HyperSnap 7|*.url RegKey1=HKCU\Software\Hyperionics\HyperSnap 7\Recent File List| [Microsoft Flight Simulator X *] Section=Games Detect=HKLM\Software\Microsoft\Microsoft Games\Flight Simulator\10.0 Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Microsoft Games\Microsoft Flight Simulator X|*.log;*.rtf;*.html;*.URL FileKey2=%LocalAppData%\VirtualStore\Program Files*\Microsoft Games\Microsoft Flight Simulator X\Modules|*.log FileKey3=%ProgramFiles%\Microsoft Games\Microsoft Flight Simulator X|*.log;*.rtf;*.html;*.URL FileKey4=%ProgramFiles%\Microsoft Games\Microsoft Flight Simulator X\Modules|*.log ExcludeKey1=PATH|%ProgramFiles%\Microsoft Games\Microsoft Flight Simulator X\|*kiosk.rtf;*readme.rtf;*Readme.htm [My Riding Stables *] Section=Games Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyRidingStables Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\My Riding Stables*|*.txt;*.url FileKey2=%ProgramFiles%\My Riding Stables*|*.txt;*.url [Radialix 2 *] LangSecRef=3021 Detect=HKCU\Software\Radialix Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Radialix 2|*diz;*.txt;*.url FileKey2=%ProgramFiles%\Radialix 2|*diz;*.txt;*.url FileKey3=%ProgramFiles%\Radialix 2\Tools\UPX|COPYING;LICENSE [TVersity *] LangSecRef=3023 Detect=HKLM\Software\TVersity\Media Server Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\TVersity Codec Pack|*.exe;*.url FileKey2=%LocalAppData%\VirtualStore\Program Files*\TVersity\Media Server\logs|*.log;*.txt;*.xml;*.zip|RECURSE FileKey3=%ProgramFiles%\TVersity Codec Pack|*.exe;*.url FileKey4=%ProgramFiles%\TVersity\Media Server|*.rtf;*.url;*TVersityCodecPackSetup* FileKey5=%ProgramFiles%\TVersity\Media Server\logs|*.log;*.txt;*.xml;*.zip|RECURSE FileKey6=%WinDir%\System32|tversity.cookies;TVersityMediaServer.log;*.1;*.2;*.3 FileKey7=%WinDir%\System32\config\systemprofile\AppData\Local\Temp\TVersity Media Server|*.*|REMOVESELF FileKey8=%WinDir%\System32\config\systemprofile\Local Settings\Application Data\Temp\TVersity Media Server|*.*|REMOVESELF ExcludeKey1=FILE|%ProgramFiles%\TVersity Codec Pack\|uninst.exe ExcludeKey2=PATH|%ProgramFiles%\TVersity\Media Server\|*version.txt;*HOWTO Share Media.txt
-
32 minutes ago, gavsta said:
It's worrying to allow countless modifications via the registry by un-trusted members. Now just after a few posts the bat files, how can i say this....s**t :/
Regardless of not pinpointing said posts, that the admins will allow any member to post such files. It's almost like there is NO level of responsibility. Any member can post whatever code like they are a pro.
Come on piriform mods. You should no better, least take a level of professionalism when regarding Registry changes :/27 minutes ago, gavsta said:One of my teachers was a mod from here in the Malware section. That's actually how far back iv watched this forum. 8/9 years ago the malware section was closed here. Bleepingcomputer, geekstogo and so on. Malware & registry changes can only be made by qualified members. :/
Nothing in this thread is endorsed or supported by Piriform and they claim no liability for any damages resulting from the use of winapp2.ini
That being said, all modifications made to the registry through winapp2.ini are exclusively deletions. If you find an entry whose contents damage an application or Windows, you are welcome to point it out. The purpose of this thread and the GitHub review process is to ensure that nothing damaging makes it into the public release.
-
Is there no possible way to make this entry non volatile?
-
-
Happy holidays
-
5 minutes ago, CSGalloway said:
I looked
and it still has the same detects for the 3 ACDSee entries.
HKEY_CURRENT_USER\Software\ACD Systems\ACDSee
HKEY_CURRENT_USER\Software\ACD Systems\ACDSee 6.0
Please doublecheck. The ACDSee Pro entry no longer uses a Detect.
https://github.com/MoscaDotTo/Winapp2/blob/d2a330ad5c6ef14eda229e4211916080501d0d66/Winapp2.ini
[ACDSee Pro *] LangSecRef=3021 DetectFile=%ProgramFiles%\ACD Systems\ACDSee Pro Default=False FileKey1=%LocalAppData%\ACD Systems\Catalogs\*Pro\Default|*.* FileKey2=%LocalAppData%\ACD Systems\ICMCache|*.*|RECURSE FileKey3=%LocalAppData%\ACD Systems\SavedSearches|*.*|RECURSE
-
On 12/24/2017 at 01:52, rridgely said:
So I've been using this version of Firefox for a week now on both my iPhone and my desktops/laptops.
I'm not sure I'm going to transition to it permanently from chrome but I definitely could. I would say that this version of firefox is just as clean looking and just as fast. The mobile version is a vast improvement over the previous version and it is a viable alternative to safari and chrome on iOS. It used to have this really clunky interface and was really slow.I read somewhere that this version of firefox is the only browser that truly uses multicore processors. I have a core i7 in my main desktop so it is nice to think its being better utilized when doing something other than video encoding and gaming. I dont necessarily notice it being faster but it is definitely not slower. I also haven't had it crash a single time yet.
Apple requires browsers to use the Safari engine (webkit) under-the-hood in order to be listed on the Apple App Store, so engine performance should be comparable on all browsers when using iOS AFAIK.
As for multi-core use. Firefox owes this newfound concurrency to Rust. Stylo, the new CSS engine uplifted from Servo is the first/currently only major component to parallelize its tasks so far as I am aware. CSS parsing and computation performance should scale linearly with the number of cores on your machine.You should try giving Nightly a download on your desktop and investigate how well WebRender works for you.
'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign
in Software
Posted
Firefox 57.0.4 has been issued and attempts to address Meltdown and Spectre
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/