Jump to content

SMalik

Experienced Members
  • Posts

    1,747
  • Joined

  • Last visited

Everything posted by SMalik

  1. Revised Entry [Windows Logs *] LangSecRef=3025 Detect=HKLM\Software\Microsoft\Windows FileKey1=%CommonAppData%\Microsoft\Diagnosis\DownloadedSettings|*.json.bk FileKey2=%CommonAppData%\Microsoft\Network\Downloader|*.*|RECURSE FileKey3=%CommonAppData%\Microsoft\WDF|*.*|RECURSE FileKey4=%CommonAppData%\Microsoft\Windows Security Health\Logs|*.*|RECURSE FileKey5=%CommonAppData%\USOShared\Logs|*.*|RECURSE FileKey6=%LocalAppData%\ConnectedDevicesPlatform|*.log FileKey7=%LocalAppData%\Diagnostics|*.*|RECURSE FileKey8=%ProgramFiles%\UNP\*Logs|*.* FileKey9=%SystemDrive%\PerfLogs\System\Diagnostics|*.*|RECURSE FileKey10=%SystemDrive%\PerfLogs\System\Performance|*.*|RECURSE FileKey11=%WinDir%\AppCompat\Programs|*.txt;*.xml FileKey12=%WinDir%\AppCompat\Programs\Install|*.txt;*.xml FileKey13=%WinDir%\debug\WIA|*.log FileKey14=%WinDir%\inf|*.log* FileKey15=%WinDir%\Logs\CBS|*.cab FileKey16=%WinDir%\Logs\dosvc|*.*|RECURSE FileKey17=%WinDir%\Logs\NetSetup|*.*|RECURSE FileKey18=%WinDir%\Logs\SIH|*.*|RECURSE FileKey19=%WinDir%\Logs\WindowsBackup|*.etl FileKey20=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html;PostGatherPnPList.log;PreGatherPnPList.log FileKey21=%WinDir%\Panther\FastCleanup|*.log FileKey22=%WinDir%\Panther\Rollback|*.txt FileKey23=%WinDir%\Panther\UnattendGC|diagerr.xml;diagwrn.xml FileKey24=%WinDir%\repair|setup.log FileKey25=%WinDir%\security\logs|*.*|RECURSE FileKey26=%WinDir%\System32\CatRoot|*.tmp FileKey27=%WinDir%\System32\catroot2|*.chk;*.log;*.jrs;*.txt FileKey28=%WinDir%\System32\LogFiles\HTTPERR|*.log FileKey29=%WinDir%\System32\LogFiles\Scm|*.*|RECURSE FileKey30=%WinDir%\System32\LogFiles\setupcln|*.*|RECURSE FileKey31=%WinDir%\System32\LogFiles\Srt|*.*|RECURSE FileKey32=%WinDir%\System32\LogFiles\WMI|*.*|RECURSE FileKey33=%WinDir%\System32\SleepStudy|*.etl FileKey34=%WinDir%\System32\SleepStudy\ScreenOn|*.etl FileKey35=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml;*.log FileKey36=%WinDir%\System32\WDI\*|snapshot.etl|REMOVESELF FileKey37=%WinDir%\System32\WDI\LogFiles\StartupInfo|*.*|RECURSE RegKey1=HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications RegKey2=HKLM\Software\Microsoft\Tracing RegKey3=HKLM\Software\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications RegKey4=HKLM\Software\Wow6432Node\Microsoft\Tracing Added: %CommonAppData%\Microsoft\Diagnosis\DownloadedSettings|*.json.bk %CommonAppData%\Microsoft\WDF|*.*|RECURSE %WinDir%\System32\CatRoot|*.tmp
  2. Revised Entry [Snagit *] LangSecRef=3021 Detect=HKCU\Software\TechSmith\Snagit Warning=This will delete the backups of the captures. FileKey1=%CommonAppData%\TechSmith\Uploader|*.log FileKey2=%Documents%|SnagitDebug.log FileKey3=%LocalAppData%\TechSmith\Logs|*.log FileKey4=%LocalAppData%\TechSmith\Snagit|Tray.bin FileKey5=%LocalAppData%\TechSmith\Snagit\CrashDumps|*.*|RECURSE FileKey6=%LocalAppData%\TechSmith\Snagit\DataStore\AppIcons|*.ico FileKey7=%LocalAppData%\TechSmith\Snagit\DataStore\WebSiteIcons|*.ico FileKey8=%LocalAppData%\TechSmith\Snagit\Thumbnails|*.*|RECURSE FileKey9=%LocalAppData%\TechSmith\Snagit\TrackerbirdFiles|*.log;*.logtmp RegKey1=HKCU\Software\TechSmith\Snagit\9|StampCustomFolder RegKey2=HKCU\Software\TechSmith\Snagit\10|StampCustomFolder RegKey3=HKCU\Software\TechSmith\Snagit\11|CaptureCount RegKey4=HKCU\Software\TechSmith\Snagit\11|CaptureOpenCount RegKey5=HKCU\Software\TechSmith\Snagit\11|OutputDirLastUsed RegKey6=HKCU\Software\TechSmith\Snagit\11|VidOutputDirLastUsed RegKey7=HKCU\Software\TechSmith\Snagit\11\SnagItEditor\Tray|Thumbnailsize RegKey8=HKCU\Software\TechSmith\Snagit\12|CaptureCount RegKey9=HKCU\Software\TechSmith\Snagit\12|CaptureOpenCount RegKey10=HKCU\Software\TechSmith\Snagit\12|OutputDirLastUsed RegKey11=HKCU\Software\TechSmith\Snagit\12|VidOutputDirLastUsed RegKey12=HKCU\Software\TechSmith\Snagit\12\SnagItEditor\Tray|Thumbnailsize RegKey13=HKCU\Software\TechSmith\Snagit\13|CaptureCount RegKey14=HKCU\Software\TechSmith\Snagit\13|CaptureOpenCount RegKey15=HKCU\Software\TechSmith\Snagit\13|OutputDirLastUsed RegKey16=HKCU\Software\TechSmith\Snagit\13|VidOutputDirLastUsed RegKey17=HKCU\Software\TechSmith\Snagit\13\Recent Captures RegKey18=HKCU\Software\TechSmith\Snagit\13\SnagitEditor\Recent File List RegKey19=HKCU\Software\TechSmith\Snagit\13\SnagItEditor\Tray|Thumbnailsize RegKey20=HKCU\Software\TechSmith\Snagit\18|CaptureCount RegKey21=HKCU\Software\TechSmith\Snagit\18|CaptureOpenCount RegKey22=HKCU\Software\TechSmith\Snagit\18|OutputDirLastUsed RegKey23=HKCU\Software\TechSmith\Snagit\18|VidOutputDirLastUsed RegKey24=HKCU\Software\TechSmith\Snagit\18\Recent Captures RegKey25=HKCU\Software\TechSmith\Snagit\18\SnagitEditor\Recent File List RegKey26=HKCU\Software\TechSmith\Snagit\18\SnagItEditor\Tray|Thumbnailsize RegKey27=HKCU\Software\TechSmith\Snagit\19|CaptureCount RegKey28=HKCU\Software\TechSmith\Snagit\19|CaptureOpenCount RegKey29=HKCU\Software\TechSmith\Snagit\19|OutputDirLastUsed RegKey30=HKCU\Software\TechSmith\Snagit\19|VidOutputDirLastUsed RegKey31=HKCU\Software\TechSmith\Snagit\19\Recent Captures RegKey32=HKCU\Software\TechSmith\Snagit\19\SnagitEditor\Recent File List RegKey33=HKCU\Software\TechSmith\Snagit\19\SnagItEditor\Tray|Thumbnailsize RegKey34=HKCU\Software\TechSmith\Snagit\20|CaptureCount RegKey35=HKCU\Software\TechSmith\Snagit\20|CaptureOpenCount RegKey36=HKCU\Software\TechSmith\Snagit\20|OutputDirLastUsed RegKey37=HKCU\Software\TechSmith\Snagit\20|VidOutputDirLastUsed RegKey38=HKCU\Software\TechSmith\Snagit\20\Recent Captures RegKey39=HKCU\Software\TechSmith\Snagit\20\SnagitEditor\Recent File List RegKey40=HKCU\Software\TechSmith\Snagit\20\SnagItEditor\Tray|Thumbnailsize RegKey41=HKCU\Software\TechSmith\Snagit\21|CaptureCount RegKey42=HKCU\Software\TechSmith\Snagit\21|CaptureOpenCount RegKey43=HKCU\Software\TechSmith\Snagit\21|OutputDirLastUsed RegKey44=HKCU\Software\TechSmith\Snagit\21|VidOutputDirLastUsed RegKey45=HKCU\Software\TechSmith\Snagit\21\Recent Captures RegKey46=HKCU\Software\TechSmith\Snagit\21\SnagitEditor\Recent File List RegKey47=HKCU\Software\TechSmith\Snagit\21\SnagItEditor\Tray|Thumbnailsize RegKey48=HKCU\Software\TechSmith\Snagit\Stamps|StampCustomFolder Removed: %AppData%\TechSmith\Snagit *\Identity|*.* Sign in file %LocalAppData%\TechSmith\Snagit\DataStore|*.SNAG;*.SNAGundo;*.MP4 *.SNAG;*.MP4 are Snagit Editor Library files *.SNAGundo are unsaved files https://support.techsmith.com/hc/en-us/community/posts/360071706912-Can-I-delete-files-on-my-pc-with-the-Snagit-file-type-snagundo-without-losing-any-data- Added: Support for Snagit 2021
  3. Revised Entry [Snagit *] LangSecRef=3021 Detect=HKCU\Software\TechSmith\Snagit Warning=This will delete the backups of the captures. FileKey1=%CommonAppData%\TechSmith\Uploader|*.log FileKey2=%Documents%|SnagitDebug.log FileKey3=%LocalAppData%\TechSmith\Logs|*.log FileKey4=%LocalAppData%\TechSmith\Snagit|Tray.bin FileKey5=%LocalAppData%\TechSmith\Snagit\CrashDumps|*.*|RECURSE FileKey6=%LocalAppData%\TechSmith\Snagit\DataStore|*.SNAGundo FileKey7=%LocalAppData%\TechSmith\Snagit\DataStore\AppIcons|*.ico FileKey8=%LocalAppData%\TechSmith\Snagit\DataStore\WebSiteIcons|*.ico FileKey9=%LocalAppData%\TechSmith\Snagit\Thumbnails|*.*|RECURSE FileKey10=%LocalAppData%\TechSmith\Snagit\TrackerbirdFiles|*.log;*.logtmp RegKey1=HKCU\Software\TechSmith\Snagit\9|StampCustomFolder RegKey2=HKCU\Software\TechSmith\Snagit\10|StampCustomFolder RegKey3=HKCU\Software\TechSmith\Snagit\11|CaptureCount RegKey4=HKCU\Software\TechSmith\Snagit\11|CaptureOpenCount RegKey5=HKCU\Software\TechSmith\Snagit\11|OutputDirLastUsed RegKey6=HKCU\Software\TechSmith\Snagit\11|VidOutputDirLastUsed RegKey7=HKCU\Software\TechSmith\Snagit\11\SnagItEditor\Tray|Thumbnailsize RegKey8=HKCU\Software\TechSmith\Snagit\12|CaptureCount RegKey9=HKCU\Software\TechSmith\Snagit\12|CaptureOpenCount RegKey10=HKCU\Software\TechSmith\Snagit\12|OutputDirLastUsed RegKey11=HKCU\Software\TechSmith\Snagit\12|VidOutputDirLastUsed RegKey12=HKCU\Software\TechSmith\Snagit\12\SnagItEditor\Tray|Thumbnailsize RegKey13=HKCU\Software\TechSmith\Snagit\13|CaptureCount RegKey14=HKCU\Software\TechSmith\Snagit\13|CaptureOpenCount RegKey15=HKCU\Software\TechSmith\Snagit\13|OutputDirLastUsed RegKey16=HKCU\Software\TechSmith\Snagit\13|VidOutputDirLastUsed RegKey17=HKCU\Software\TechSmith\Snagit\13\Recent Captures RegKey18=HKCU\Software\TechSmith\Snagit\13\SnagitEditor\Recent File List RegKey19=HKCU\Software\TechSmith\Snagit\13\SnagItEditor\Tray|Thumbnailsize RegKey20=HKCU\Software\TechSmith\Snagit\18|CaptureCount RegKey21=HKCU\Software\TechSmith\Snagit\18|CaptureOpenCount RegKey22=HKCU\Software\TechSmith\Snagit\18|OutputDirLastUsed RegKey23=HKCU\Software\TechSmith\Snagit\18|VidOutputDirLastUsed RegKey24=HKCU\Software\TechSmith\Snagit\18\Recent Captures RegKey25=HKCU\Software\TechSmith\Snagit\18\SnagitEditor\Recent File List RegKey26=HKCU\Software\TechSmith\Snagit\18\SnagItEditor\Tray|Thumbnailsize RegKey27=HKCU\Software\TechSmith\Snagit\19|CaptureCount RegKey28=HKCU\Software\TechSmith\Snagit\19|CaptureOpenCount RegKey29=HKCU\Software\TechSmith\Snagit\19|OutputDirLastUsed RegKey30=HKCU\Software\TechSmith\Snagit\19|VidOutputDirLastUsed RegKey31=HKCU\Software\TechSmith\Snagit\19\Recent Captures RegKey32=HKCU\Software\TechSmith\Snagit\19\SnagitEditor\Recent File List RegKey33=HKCU\Software\TechSmith\Snagit\19\SnagItEditor\Tray|Thumbnailsize RegKey34=HKCU\Software\TechSmith\Snagit\20|CaptureCount RegKey35=HKCU\Software\TechSmith\Snagit\20|CaptureOpenCount RegKey36=HKCU\Software\TechSmith\Snagit\20|OutputDirLastUsed RegKey37=HKCU\Software\TechSmith\Snagit\20|VidOutputDirLastUsed RegKey38=HKCU\Software\TechSmith\Snagit\20\Recent Captures RegKey39=HKCU\Software\TechSmith\Snagit\20\SnagitEditor\Recent File List RegKey40=HKCU\Software\TechSmith\Snagit\20\SnagItEditor\Tray|Thumbnailsize RegKey41=HKCU\Software\TechSmith\Snagit\21|CaptureCount RegKey42=HKCU\Software\TechSmith\Snagit\21|CaptureOpenCount RegKey43=HKCU\Software\TechSmith\Snagit\21|OutputDirLastUsed RegKey44=HKCU\Software\TechSmith\Snagit\21|VidOutputDirLastUsed RegKey45=HKCU\Software\TechSmith\Snagit\21\Recent Captures RegKey46=HKCU\Software\TechSmith\Snagit\21\SnagitEditor\Recent File List RegKey47=HKCU\Software\TechSmith\Snagit\21\SnagItEditor\Tray|Thumbnailsize RegKey48=HKCU\Software\TechSmith\Snagit\Stamps|StampCustomFolder Removed: %AppData%\TechSmith\Snagit *\Identity|*.* Sign in file %LocalAppData%\TechSmith\Snagit\DataStore|*.SNAG;*.SNAGundo;*.MP4 *.SNAG;*.MP4 are Snagit Editor Library files Added: Support for Snagit 2021
  4. Revised Entry Changed DetectFile to Detect [OpenVPN *] LangSecRef=3024 Detect=HKLM\SOFTWARE\OpenVPN FileKey1=%ProgramFiles%\OpenVPN\Log|*.log FileKey2=%UserProfile%\OpenVPN\log|*.*|RECURSE
  5. That is correct. I am sorry.
  6. Revised Entry Changed: %ProgramFiles%\OpenVPN\Log|*.* to %ProgramFiles%\OpenVPN\Log|*.log There is README.txt file here as well. Added: %UsersProfile%\OpenVPN\log|*.*|RECURSE [OpenVPN *] LangSecRef=3024 DetectFile=%ProgramFiles%\OpenVPN FileKey1=%ProgramFiles%\OpenVPN\Log|*.log FileKey2=%UsersProfile%\OpenVPN\log|*.*|RECURSE
  7. One entry for Aimersoft Video Converter and Aimersoft Video Converter Ultimate [Aimersoft Video Converter *] LangSecRef=3023 Detect1=HKLM\Software\Aimersoft\Aimersoft Video Converter Detect2=HKLM\Software\Aimersoft\Aimersoft Video Converter Ultimate FileKey1=%CommonAppData%\Aimersoft\ProductFeatures\*Logs|*.*|RECURSE FileKey2=%CommonAppData%\Aimersoft\RemoteLogs\*Logs|*.*|RECURSE FileKey3=%Documents%\Aimersoft MediaServer\log|*.*|RECURSE FileKey4=%ProgramFiles%\Aimersoft\Video Converter\TempThumbDir|*.*|RECURSE FileKey5=%ProgramFiles%\Aimersoft\Video Converter Ultimate\TempThumbDir|*.*|RECURSE FileKey6=%Public%\Documents\Aimersoft|*.*|REMOVESELF Added: Detect2 %Documents%\Aimersoft MediaServer\log|*.*|RECURSE %Public%\Documents\Aimersoft|*.*|REMOVESELF
  8. Revised Entries [Aimersoft Helper Compact *] LangSecRef=3023 Detect=HKLM\Software\Aimersoft\Aimersoft Helper Compact FileKey1=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact|ProductUpdateLists.xml;ASHelper.exe_temp;ASHelperSetup.exe_temp FileKey2=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\DATADICT|*.*|RECURSE FileKey3=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\Log|*.*|RECURSE FileKey4=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\Temp|*.*|RECURSE Changed DetectFile to Detect Removed unnecessary RegKey1 and RegKey2 [Aimersoft Video Converter Ultimate *] LangSecRef=3023 Detect1=HKLM\Software\Aimersoft\Aimersoft Video Converter Ultimate Detect2=HKLM\Software\Wondershare\Aimersoft Video Converter Ultimate FileKey1=%CommonAppData%\Aimersoft\ProductFeatures\*Logs|*.*|RECURSE FileKey2=%CommonAppData%\Aimersoft\RemoteLogs\*Logs|*.*|RECURSE FileKey3=%Documents%\Aimersoft MediaServer\log|*.*|RECURSE FileKey4=%ProgramFiles%\Aimersoft\Video Converter Ultimate\TempThumbDir|*.*|RECURSE FileKey5=%Public%\Documents\Aimersoft|*.*|REMOVESELF Added: Detect2 %Documents%\Aimersoft MediaServer\log|*.*|RECURSE %Public%\Documents\Aimersoft|*.*|REMOVESELF [Aimersoft Video Editor *] LangSecRef=3023 Detect=HKLM\SOFTWARE\Aimersoft\Aimersoft Video Editor FileKey1=%CommonAppData%\Aimersoft\ProductFeatures\*Logs|*.*|RECURSE FileKey2=%CommonAppData%\Aimersoft\RemoteLogs\*Logs|*.*|RECURSE FileKey3=%ProgramFiles%\Aimersoft\Video Editor\\log|*.*|RECURSE FileKey4=%Public%\Documents\Aimersoft|*.*|REMOVESELF Changed DetectFile to Detect AddEd: FileKey1 and FileKey2 Removed unnecessary %ProgramFiles%\Video Editor\Log|*.log [Wondershare Filmora *] LangSecRef=3023 Detect1=HKLM\SOFTWARE\Wondershare\Wondershare Filmora Detect2=HKLM\SOFTWARE\Wondershare\Wondershare FilmoraPro FileKey1=%CommonAppData%\Wondershare\ProductFeatures\*Logs|*.*|RECURSE FileKey2=%CommonAppData%\Wondershare\RemoteLogs\*Logs|*.*|RECURSE FileKey3=%ProgramFiles%\Wondershare\Wondershare Filmora\log|*.*|RECURSE FileKey4=%Public%\Documents\Wondershare|*.*|REMOVESELF Changed name from [Wondershare Filmora 9 *] to [Wondershare Filmora *] Changed DetectFile to Detect [Wondershare SafeEraser *] I think this should be removed. It is a prt of Wondershare Dr.Fone
  9. Revised Entry [Adobe Reader DC *] LangSecRef=3021 Detect=HKLM\Software\Adobe\Acrobat Reader\DC FileKey1=%AppData%\Adobe\Acrobat\DC\Security\CRLCache|*.*|RECURSE FileKey2=%LocalAppData%\Adobe\Acrobat\DC|IconCacheRdr*.dat;UserCache.bin FileKey3=%LocalAppData%\Adobe\Acrobat\DC\ToolsSearchCacheRdr|*.*|RECURSE FileKey4=%LocalLowAppData%\Adobe\Acrobat\DC|ReaderMessages FileKey5=%LocalLowAppData%\Adobe\Acrobat\DC\ConnectorIcons|*.*|RECURSE FileKey6=%LocalLowAppData%\Adobe\AcroCef\DC\Acrobat\Cache|*.*|RECURSE RegKey1=HKCU\Software\Adobe\Acrobat Reader\DC\AVConnector\cIconCache RegKey2=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionFromPDF RegKey3=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionToPDF RegKey4=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral|iNumOfAVDocsOpened RegKey5=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral|iNumReaderLaunches RegKey6=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cDockables RegKey7=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentToolsList RegKey8=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cToolbars RegKey9=HKCU\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles RegKey10=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent RegKey11=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsPrev RegKey12=HKCU\Software\Adobe\Acrobat Reader\DC\ShareIdentity RegKey13=HKCU\Software\Adobe\Adobe Synchronizer\DC Added: Usage Stats HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral|iNumOfAVDocsOpened HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral|iNumReaderLaunches
  10. Revised Entries [Wondershare UniConverter *] LangSecRef=3023 Detect=HKLM\Software\Wondershare\Wondershare UniConverter FileKey1=%CommonAppData%\Wondershare\ProductFeatures\*Logs|*.*|RECURSE FileKey2=%CommonAppData%\Wondershare\UniConverter\DataTrack|tmp;*.bak;*.log FileKey3=%CommonAppData%\Wondershare\UniConverter\TempThumbDir|*.*|RECURSE FileKey4=%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE FileKey5=%ProgramFiles%\Wondershare\UniConverter\Log|*.*|RECURSE FileKey6=%Public%\Documents\Wondershare|*.*|REMOVESELF FileKey7=%SystemDrive%\|logWSVCUUpdateHelper.log FileKey8=%SystemDrive%\Wondershare UniConverter\Downloaded\temp|*.*|REMOVESELF FileKey9=%UserProfile%\.cache|*.*|REMOVESELF Removed: %CommonAppData%\Wondershare MediaServer|*.txt MediaServer is not a part of UniConverter Added: %Public%\Documents\Wondershare|*.*|REMOVESELF %SystemDrive%\|logWSVCUUpdateHelper.log [Wondershare Video Converter *] LangSecRef=3023 Detect1=HKLM\Software\Wondershare\Wondershare Video Converter Pro Detect2=HKLM\Software\Wondershare\Wondershare Video Converter Ultimate FileKey1=%CommonAppData%\Wondershare MediaServer|*.txt FileKey2=%CommonAppData%\Wondershare\ProductFeatures\*Logs|*.*|RECURSE FileKey3=%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE FileKey4=%Documents%\Wondershare MediaServer\log|*.*|RECURSE FileKey5=%ProgramFiles%\Wondershare Video Converter Ultimate\TempThumbDir|*.*|RECURSE FileKey6=%Public%\Documents\Wondershare|*.*|REMOVESELF FileKey7=%SystemDrive%\|logWSVCUUpdateHelper.log FileKey8=%UserProfile%\.cache|*.*|REMOVESELF Added: %CommonAppData%\Wondershare MediaServer|*.txt %CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE %SystemDrive%\|logWSVCUUpdateHelper.log %UserProfile%\.cache|*.*|REMOVESELF
  11. I think we should change the name of [Windows ShellBags *] to [Folders View Settings *]
  12. Revised Entry [Windows Defender *] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows Defender FileKey1=%CommonAppData%\Microsoft\Windows Defender\Network Inspection System\Support|*.txt;NisLog.txt.bak FileKey2=%CommonAppData%\Microsoft\Windows Defender\Scans\BackupStore|*.*|RECURSE FileKey3=%CommonAppData%\Microsoft\Windows Defender\Scans\History\CacheManager|*.*|RECURSE FileKey4=%CommonAppData%\Microsoft\Windows Defender\Scans\MetaStore|*.*|RECURSE FileKey5=%CommonAppData%\Microsoft\Windows Defender\Scans\RtSigs\Data|*.*|RECURSE FileKey6=%CommonAppData%\Microsoft\Windows Defender\Support|*.*|RECURSE Removed: %CommonAppData%\Microsoft\Windows Defender\Scans\History\Service|*.log There are no log files here. Windows Defender stores detection history here: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory If we add detection history, then we should add quarantine files locations as well. %CommonAppData%\Microsoft\Windows Defender\Quarantine\Entries %CommonAppData%\Microsoft\Windows Defender\Quarantine\ResourceData %CommonAppData%\Microsoft\Windows Defender\Quarantine\Resources %CommonAppData%\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory Added: %CommonAppData%\Microsoft\Windows Defender\Scans\RtSigs\Data|*.*|RECURSE
  13. I think these entries should be moved to Winapp3.ini [Apple MobileSync Backups *] [iTunes Previous Libraries *]
  14. CCleaner deletes files from "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick". After I restart the system, Windows Defender asks to run a quick scan again. I think deleting of these files should be excluded.
  15. Revised Entry [Windows Defender *] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows Defender FileKey1=%CommonAppData%\Microsoft\Windows Defender\Network Inspection System\Support|*.txt;NisLog.txt.bak FileKey2=%CommonAppData%\Microsoft\Windows Defender\Scans\BackupStore|*.* FileKey3=%CommonAppData%\Microsoft\Windows Defender\Scans\History\CacheManager|*.*|RECURSE FileKey4=%CommonAppData%\Microsoft\Windows Defender\Scans\History\Service|*.log FileKey5=%CommonAppData%\Microsoft\Windows Defender\Scans\MetaStore|*.*|RECURSE FileKey6=%CommonAppData%\Microsoft\Windows Defender\Support|*.*|RECURSE Removed. These files should not be deleted. %CommonAppData%\Microsoft\Windows Defender\Scans|*.bin* %CommonAppData%\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency|*.*|RECURSE
  16. New Entry [Krita *] LangSecRef=3023 Detect=HKLM\SOFTWARE\Krita FileKey1=%LocalAppData%\krita\cache|*.*|RECURSE FileKey2=%LocalAppData%\|krita.log;krita-sysinfo.log
  17. Revised Entry [Norton *] LangSecRef=3024 DetectFile=%CommonAppData%\Norton FileKey1=%CommonAppData%\Norton|*.log;*.txt FileKey2=%CommonAppData%\Norton\LocalDumps|*.dmp FileKey3=%CommonAppData%\NortonInstaller\Logs|*.*|RECURSE FileKey4=%CommonAppData%\VPNService|*.log Added: %CommonAppData%\VPNService|*.log
  18. License file. This should not be added. %ProgramFiles%\R-Wipe & Clean|*.txt
  19. Looks like there is no option to edit the posts after a certain time.
  20. R-Wipe & Clean stores custom wipe lists here. %AppData%\R-TT\RWC\WL
  21. Please change the entry name of [Xbox *] to [Xbox Console Companion *] and [Game Bar *] to [Xbox Game Bar *]
  22. Revised Entry [MS Office *] LangSecRef=3021 Detect1=HKCU\Software\Microsoft\Office\11.0 Detect2=HKCU\Software\Microsoft\Office\12.0 Detect3=HKCU\Software\Microsoft\Office\14.0 Detect4=HKCU\Software\Microsoft\Office\15.0 Detect5=HKCU\Software\Microsoft\Office\16.0 FileKey1=%AppData%\Microsoft\Document Building Blocks|*.*|RECURSE FileKey2=%AppData%\Microsoft\Office|*.tmp|RECURSE FileKey3=%AppData%\Microsoft\OIS|Toolbars.dat FileKey4=%AppData%\Microsoft\UProof|*.bin;*.XML FileKey5=%Documents%|~*.ppt;~*.pptx;~*.doc;~*.docx|RECURSE FileKey6=%LocalAppData%\Microsoft Help|*.* FileKey7=%LocalAppData%\Microsoft\Office\*|OneNoteOfflineCache.onecache FileKey8=%LocalAppData%\Microsoft\Office\*\WebServiceCache\AllUsers\officeclient.microsoft.com|*.*|RECURSE FileKey9=%LocalAppData%\Microsoft\Office\OTele|*.*|RECURSE FileKey10=%LocalAppData%\Microsoft\OneNote\*|OneNoteOfflineCache.onecache FileKey11=%LocalAppData%\Microsoft\OneNote\*\cache|*.*|RECURSE FileKey12=%LocalAppData%\Microsoft\OneNote\*\OneNoteOfflineCache_Files|*.*|RECURSE FileKey13=%LocalAppData%\Packages\oice_*\AC\Temp|*.*|RECURSE FileKey14=%SystemDrive%|propfix.log FileKey15=%WinDir%\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele|*.*|RECURSE FileKey16=%WinDir%\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Office\OTele|*.*|RECURSE RegKey1=HKCU\Software\Microsoft\Office\11.0\MSE|LastLoadedSolution RegKey2=HKCU\Software\Microsoft\Office\11.0\MSE\FileMRUList RegKey3=HKCU\Software\Microsoft\Office\11.0\MSE\ProjectMRUList RegKey4=HKCU\Software\Microsoft\Office\11.0\MSE\SolutionMRUList RegKey5=HKCU\Software\Microsoft\Office\12.0\Common\Internet|UseRWHlinkNavigation RegKey6=HKCU\Software\Microsoft\Office\12.0\Word\Reading Locations RegKey7=HKCU\Software\Microsoft\Office\14.0\Common\Internet|UseRWHlinkNavigation RegKey8=HKCU\Software\Microsoft\Office\14.0\Word\Reading Locations RegKey9=HKCU\Software\Microsoft\Office\15.0\Common\Internet|UseRWHlinkNavigation RegKey10=HKCU\Software\Microsoft\Office\15.0\Word\Reading Locations RegKey11=HKCU\Software\Microsoft\Office\16.0\Common\Internet|UseRWHlinkNavigation RegKey12=HKCU\Software\Microsoft\Office\16.0\Word\Reading Locations RegKey13=HKCU\Software\Microsoft\Office\Common|FontBmpCache RegKey14=HKCU\Software\Microsoft\OfficeCustomizeWizard\12.0\RecentFileList RegKey15=HKCU\Software\Microsoft\OfficeCustomizeWizard\14.0\RecentFileList RegKey16=HKCU\Software\Microsoft\OfficeCustomizeWizard\15.0\RecentFileList RegKey17=HKCU\Software\Microsoft\OfficeCustomizeWizard\16.0\RecentFileList Added: %LocalAppData%\Microsoft\Office\*\WebServiceCache\AllUsers\officeclient.microsoft.com|*.*|RECURSE
  23. New Entry [Media Playback History *] LangSecRef=3029 DetectFile=%LocalAppData%\Google\Chrome* FileKey1=%LocalAppData%\Chrome*\User Data\*|Media History
  24. Revised Entries [Adobe Reader DC *] LangSecRef=3021 Detect=HKLM\Software\Adobe\Acrobat Reader\DC FileKey1=%AppData%\Adobe\Acrobat\DC\Security\CRLCache|*.*|RECURSE FileKey2=%CommonAppData%\Adobe\ARM|*.*|RECURSE FileKey3=%LocalAppData%\Adobe\Acrobat\DC|IconCacheRdr*.dat;UserCache.bin FileKey4=%LocalAppData%\Adobe\Acrobat\DC\ToolsSearchCacheRdr|*.*|RECURSE FileKey5=%LocalAppData%\Adobe\ARM|*.*|RECURSE FileKey6=%LocalLowAppData%\Adobe\Acrobat\DC|ReaderMessages FileKey7=%LocalLowAppData%\Adobe\Acrobat\DC\ConnectorIcons|*.*|RECURSE FileKey8=%LocalLowAppData%\Adobe\AcroCef\DC\Acrobat\Cache|*.*|RECURSE RegKey1=HKCU\Software\Adobe\Acrobat Reader\DC\AVConnector\cIconCache RegKey2=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionFromPDF RegKey3=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionToPDF RegKey4=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cDockables RegKey5=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentToolsList RegKey6=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cToolbars RegKey7=HKCU\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles RegKey8=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent RegKey9=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsPrev RegKey10=HKCU\Software\Adobe\Acrobat Reader\DC\ShareIdentity RegKey11=HKCU\Software\Adobe\Adobe Synchronizer\DC Added: HKCU\Software\Adobe\Acrobat Reader\DC\AVConnector\cIconCache [Ashampoo PDF Pro *] LangSecRef=3021 Detect1=HKCU\Software\Ashampoo\Ashampoo PDF Detect2=HKCU\Software\Ashampoo\Ashampoo PDF Pro 2 FileKey1=%LocalAppData%\Ashampoo PDF\*|lastFileOpenned.txt RegKey1=HKCU\Software\Ashampoo\Ashampoo PDF\Find Replace RegKey2=HKCU\Software\Ashampoo\Ashampoo PDF\Recent File List Added: HKCU\Software\Ashampoo\Ashampoo PDF\Find Replace [Windows Logs *] LangSecRef=3025 Detect=HKLM\Software\Microsoft\Windows FileKey1=%CommonAppData%\Microsoft\Network\Downloader|*.*|RECURSE FileKey2=%CommonAppData%\Microsoft\Windows Security Health\Logs|*.*|RECURSE FileKey3=%CommonAppData%\USOShared\Logs|*.*|RECURSE FileKey4=%LocalAppData%\ConnectedDevicesPlatform|*.log FileKey5=%LocalAppData%\Diagnostics|*.*|RECURSE FileKey6=%ProgramFiles%\UNP\*Logs|*.* FileKey7=%SystemDrive%\PerfLogs\System\Diagnostics|*.*|RECURSE FileKey8=%SystemDrive%\PerfLogs\System\Performance|*.*|RECURSE FileKey9=%WinDir%\AppCompat\Programs|*.txt;*.xml FileKey10=%WinDir%\AppCompat\Programs\Install|*.txt;*.xml FileKey11=%WinDir%\debug\WIA|*.log FileKey12=%WinDir%\inf|*.log* FileKey13=%WinDir%\Logs\CBS|*.cab FileKey14=%WinDir%\Logs\DPX|*.log FileKey15=%WinDir%\Logs\dosvc|*.*|RECURSE FileKey16=%WinDir%\Logs\MoSetup|UpdateAgent.log FileKey17=%WinDir%\Logs\NetSetup|*.*|RECURSE FileKey18=%WinDir%\Logs\SIH|*.*|RECURSE FileKey19=%WinDir%\Logs\WindowsBackup|*.etl FileKey20=%WinDir%\Logs\WinREAgent|*.log FileKey21=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html;PostGatherPnPList.log;PreGatherPnPList.log FileKey22=%WinDir%\Panther\FastCleanup|*.log FileKey23=%WinDir%\Panther\Rollback|*.txt FileKey24=%WinDir%\Panther\UnattendGC|diagerr.xml;diagwrn.xml FileKey25=%WinDir%\repair|setup.log FileKey26=%WinDir%\security\logs|*.*|RECURSE FileKey27=%WinDir%\System32\catroot2|*.chk;*.log;*.jrs;*.txt FileKey28=%WinDir%\System32\LogFiles\HTTPERR|*.log FileKey29=%WinDir%\System32\LogFiles\Scm|*.*|RECURSE FileKey30=%WinDir%\System32\LogFiles\setupcln|*.*|RECURSE FileKey31=%WinDir%\System32\LogFiles\Srt|*.*|RECURSE FileKey32=%WinDir%\System32\LogFiles\WMI|*.*|RECURSE FileKey33=%WinDir%\System32\SleepStudy|*.etl FileKey34=%WinDir%\System32\SleepStudy\ScreenOn|*.etl FileKey35=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml;*.log FileKey36=%WinDir%\System32\WDI\*|snapshot.etl|REMOVESELF FileKey37=%WinDir%\System32\WDI\LogFiles\StartupInfo|*.*|RECURSE RegKey1=HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications RegKey2=HKLM\Software\Microsoft\Tracing RegKey3=HKLM\Software\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications RegKey4=HKLM\Software\Wow6432Node\Microsoft\Tracing Added: %WinDir%\Logs\DPX|*.log %WinDir%\Logs\MoSetup|UpdateAgent.log %WinDir%\Logs\WinREAgent|*.log
  25. Revised Entry Added: FileKey8, RegKey7 and RegKey8 [Adobe Reader DC *] LangSecRef=3021 Detect=HKLM\Software\Adobe\Acrobat Reader\DC FileKey1=%AppData%\Adobe\Acrobat\DC\Security\CRLCache|*.*|RECURSE FileKey2=%LocalAppData%\Adobe\Acrobat\DC|IconCacheRdr*.dat;UserCache.bin FileKey3=%LocalAppData%\Adobe\Acrobat\DC\ToolsSearchCacheRdr|*.*|RECURSE FileKey4=%LocalAppData%\Adobe\ARM|*.*|RECURSE FileKey5=%LocalLowAppData%\Adobe\Acrobat\DC|ReaderMessages FileKey6=%LocalLowAppData%\Adobe\Acrobat\DC\ConnectorIcons|*.*|RECURSE FileKey7=%LocalLowAppData%\Adobe\AcroCef\DC\Acrobat\Cache|*.*|RECURSE FileKey8=%CommonAppData%\Adobe\ARM|*.*|RECURSE RegKey1=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionFromPDF RegKey2=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionToPDF RegKey3=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cDockables RegKey4=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentToolsList RegKey5=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cToolbars RegKey6=HKCU\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles RegKey7=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent RegKey8=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsPrev RegKey9=HKCU\Software\Adobe\Acrobat Reader\DC\ShareIdentity RegKey10=HKCU\Software\Adobe\Adobe Synchronizer\DC
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.