[Winapp2.ini additions]

I get it now...

I was looking at the entries in the Winapp2.ini release.

Not realizing it had been altered from %AllUsersProfile% to the incorrect %CommonAppData%

 

In the changelog and on my PC it is as originally posted and is the correct entry

[Winapp2.ini additions]

Hi again. Can someone edit these entries for me in winapp2. They should go like this:

 

[Clam Sentinel*]

LangSecRef=3021

Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1

Default=False

FileKey1=%AllUsersProfile%\.clamwin\log|*.*|REMOVESELF

FileKey2=%ProgramFiles%\ClamSentinel|*.txt

 

[ClamWin*]

LangSecRef=3021

Detect=HKLM\SOFTWARE\ClamWin

Default=False

FileKey1=%AllUsersProfile%\.clamwin\log|*.*|REMOVESELF

FileKey2=%ProgramFiles%\ClamWin\bin|*.txt

I wrote these entries for the latest releases at the time of posting:

[Clam Sentinel**]
LangSecRef=3021
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1
Default=False
FileKey1=%AllUsersProfile%\.clamwin\log|*.*|REMOVESELF
FileKey2=%ProgramFiles%\ClamSentinel|*.txt

[ClamWin**]
LangSecRef=3021
Detect=HKLM\SOFTWARE\ClamWin
Default=False
FileKey1=%AllUsersProfile%\.clamwin\log|*.*|REMOVESELF
FileKey2=%ProgramFiles%\ClamWin\bin|*.txt

Somehow %AllUsersProfile% has been replaced with %CommonAppData% in Winapp2.ini

The original posting is correct; There are no files at %CommonAppData%.

[Winapp2.ini additions]

updated

Thank-you!

[Winapp2.ini additions]

Modified:

[FileLocator Pro*]
LangSecRef=3024
Detect=HKCU\Software\Mythicsoft\FileLocatorPro
Detect2=HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\61998E0EC8628684CBDA6355E18D8A3E
Default=False
FileKey1=%AppData%\Mythicsoft\FileLocatorPro\CrashReports|*.*|REMOVESELF
FileKey2=%AppData%\Mythicsoft\FileLocatorPro\logs|*.*|REMOVESELF
FileKey3=%AppData%\Mythicsoft\FileLocatorPro|history.xml|RECURSE
FileKey4=%ProgramFiles%\*\FileLocator*|*.log;history.xml|RECURSE
FileKey5=%ProgramFiles%\FileLocator*|*.log;history.xml|RECURSE
FileKey6=%ProgramFiles%\FileLocator*\CrashReports|*.*|REMOVESELF
FileKey7=%ProgramFiles%\FileLocator*\logs|*.*|REMOVESELF
RegKey1=HKCU\Software\Mythicsoft\FileLocatorPro\RecentContains
RegKey2=HKCU\Software\Mythicsoft\FileLocatorPro\RecentFileName
RegKey3=HKCU\Software\Mythicsoft\FileLocatorPro\RecentFolders

- Added Detect2

- Added FileKey1 through 7

[Winapp2.ini additions]

New entry:

[GEAR DIFx Installers*]
LangSecRef=3023
Detect1=HKCR\Installer\Products\CACFC38969C58104B8CE6D8561446C45
Detect2=HKLM\SOFTWARE\GEAR Software\DIFx
Detect3=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EC13FCAF38E85F44B0F1137C7FB5037
Default=False
FileKey1=%AppData%\188F1432-103A-4ffb-80F1-36B633C5C9E1|*.*|REMOVESELF
FileKey2=%AppData%\34BE82C4-E596-4e99-A191-52C6199EBF69|*.*|REMOVESELF
FileKey3=%AppData%\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B|*.*|REMOVESELF
FileKey4=%AppData%\Downloaded Installations|*.*|REMOVESELF
FileKey5=%CommonAppData%\188F1432-103A-4ffb-80F1-36B633C5C9E1|*.*|REMOVESELF
FileKey6=%CommonAppData%\34BE82C4-E596-4e99-A191-52C6199EBF69|*.*|REMOVESELF
FileKey7=%CommonAppData%\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B|*.*|REMOVESELF
FileKey8=%CommonAppData%\9727E41D-AD6A-47cd-B9BC-CF630B6013FD|*.*|REMOVESELF
FileKey9=%CommonAppData%\A73B37F8-7A4D-41f4-98A8-7F608CE8B98F|*.*|REMOVESELF
FileKey10=%LocalAppData%\Downloaded Installations|*.*|REMOVESELF
FileKey11=%ProgramFiles%\188F1432-103A-4ffb-80F1-36B633C5C9E1|*.*|REMOVESELF
FileKey12=%ProgramFiles%\34BE82C4-E596-4e99-A191-52C6199EBF69|*.*|REMOVESELF
FileKey13=%ProgramFiles%\38FDB89C-1EBD-4366-84B2-336D12CC3209|*.*|REMOVESELF
FileKey14=%ProgramFiles%\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B|*.*|REMOVESELF
FileKey15=%ProgramFiles%\93E26451-CD9A-43A5-A2FA-C42392EA4001|*.*|REMOVESELF
FileKey16=%ProgramFiles%\9727E41D-AD6A-47cd-B9BC-CF630B6013FD|*.*|REMOVESELF

[Winapp2.ini additions]

Not sure it's even possible after WinXP is it as the system volume info folder is locked?

You may require 'Permission'.

[Winapp2.ini additions]

Not sure about messing with System Restore.

 

Tracking.log and 'Chkdsk' folder and log, though generated into the relevant drive's System Volume Information folder, have nothing to do with System Restore:

They coincidentally share the same folder.

- FileKey1: Tracking.log regenerates when the drive is accessed.

- FileKey2:  'Chkdsk' folder and log is only generated if Chkdsk.exe is run; and are cumulative.

 

Technet MS library:

The Distributed Link Tracking Client service monitors activity on NTFS volumes and stores maintenance information in a file called Tracking.log, which is located at the root of each volume in a hidden folder called System Volume Information.

 

MountPointManagerRemoteDatabase file (0 byte system file associated with Dynamic Disks/Volumes), Content Indexing Service databases, Volume Shadow Copy Service (Volume Snapshot) so you can back up files on a live system, Efs0.log files created by the Encrypting File System generated during the encryption and decryption process, and restore point folders created by the System Restore service all share the System Volume Information folder and are untouched

 

I've been running the entry several times a day for a week without any issue.

 

The entry could be broken down into two:

Chkdisk Logs and Distributed Link Tracking Client Log.

[Winapp2.ini additions]

I've edited new entry posted above

 

Revised new entry:

[System Volume Information Logs*]
LangSecRef=3025
Detect=HKLM\SYSTEM\CurrentControlSet\Control\ContentIndex\Catalogs\System
Default=False
FileKey1=%SystemDrive%\System Volume Information|tracking.log
FileKey2=%SystemDrive%\System Volume Information\Chkdsk|*.*|REMOVESELF

- Improved Detect

[Firefox Extensions REBOOTED]

HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.

https://www.eff.org/https-everywhere

[Fingerprint site]

Nice post... however intimidating.

[Winapp2.ini additions]

New entry:

[System Volume Information Logs*]
LangSecRef=3025
Detect=HKLM\SYSTEM\CurrentControlSet\Control\ContentIndex\Catalogs\System
Default=False
FileKey1=%SystemDrive%\System Volume Information|tracking.log
FileKey2=%SystemDrive%\System Volume Information\Chkdsk|*.*|REMOVESELF

- FileKey1 regenerates when the drive is accessed.
- FileKey2 'Chkdsk' folder and log is only generated when Chkdsk.exe is run.

If you have additional partitions you will need to list as shown in the example below, as there is no wildcard for drives.

FileKey3=M:\System Volume Information|tracking.log
FileKey4=M:\System Volume Information\Chkdsk|*.*|REMOVESELF
FileKey5=S:\System Volume Information|tracking.log
FileKey6=S:\System Volume Information\Chkdsk|*.*|REMOVESELF

Modified:

[Windows XP MUICache*]
DetectOS=|5.1
LangSecRef=3025
Detect1=HKCU\Software\Microsoft\Windows\ShellNoRoam
Detect2=HKCU\Software\Microsoft\Windows\Shell
Default=False
RegKey1=HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
RegKey2=HKCU\Software\Microsoft\Windows\Shell\MUICache

- Removed previous 'RegKey2=HKCU\Software\Microsoft\Windows\ShellNoRoam\DUIBags'
It was deleting Details Pane settings.

[Winapp2.ini additions]

New entries:

[Maxprog iCash (Dumps)*]
LangSecRef=3021
Detect=HKCR\iCash
Default=False
FileKey1=%Documents%\Maxprog\iCash\XML Dumps|*.*|REMOVESELF

[Maxprog iCash (Logs)*]
LangSecRef=3021
Detect=HKCR\iCash
Default=False
FileKey1=%Documents%\Maxprog\iCash\Database Logs|*.*|REMOVESELF
FileKey2=%Documents%\Maxprog\iCash\Error Logs|*.*|REMOVESELF
FileKey3=%ProgramFiles%\iCash\vlogs|*.*|REMOVESELF

[USB Redirector*]
LangSecRef=3022
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB9376AC-5253-42a5-AC0A-D306F32FFAD2}
Default=False
FileKey1=%ProgramFiles%\USB Redirector|*.log;*.txt

Modified:

[Learn2 Player*]
LangSecRef=3023
DetectFile=%AppData%\Learn2.com
Default=False
FileKey1=%AppData%\Learn2.com\strunner\StCache|*.*|RECURSE
FileKey2=%LocalAppData%\Learn2.com\strunner\StCache|*.*|RECURSE

- Removed one asterisk from name (was Learn2 Player**)

[Syncovery*]
LangSecRef=3024
Detect=HKCU\Software\Syncovery
Default=False
FileKey1=%CommonAppData%\Syncovery\Logs|*.*|REMOVESELF

- Removed one asterisk from name (was Syncovery**)
- FileKey1 edit... Logs are stored as .log and .txt, and 'Logs' folder regenerates.

[TCP Optimizer Backup File*]
Warning=This will delete you SG TCP Optimizer backup files in their normal order.
LangSecRef=3024
Detect=HKCU\Software\TCP Optimizer
Default=False
FileKey1=%Documents%|*.spg
FileKey2=%Documents%\downloads|*.spg

- Removed one asterisk from name (was TCP Optimizer Backup File**)

[TeraCopy*]
LangSecRef=3024
Detect=HKCU\Software\Code Sector\TeraCopy
Default=False
FileKey1=%AppData%\TeraCopy|FileList.dat;Transfer.log
FileKey2=%ProgramFiles%\TeraCopy|FileList.dat;Transfer.log
RegKey1=HKCU\Software\Code Sector\TeraCopy|LastTargetFolder

- Added FileKey2

[Winapp2.ini additions]

Disregard previous Intuit TurboTax new entry posted above @ http://forum.piriform.com/index.php?showtopic=32310&page=190&do=findComment&comment=244340

 

Revised new entry:

[Intuit TurboTax*]
LangSecRef=3021
DetectFile=%ProgramFiles%\TurboTax*
FileKey1=%AppData%\Intuit*|*.log|RECURSE
FileKey2=%CommonAppData%|*.bc
FileKey3=%CommonAppData%\Intuit*|*.log|RECURSE
FileKey4=%CommonAppData%\Intuit\Common\Metrix\*\Logs|*.*
FileKey5=%CommonAppData%\Intuit\Common\Update Service\*\Logs|*.*
FileKey6=%CommonAppData%\Intuit\Common\QuickBaseClient\*\Logs|*.*
FileKey7=%CommonAppData%\Intuit\TurboTax\MSI\*\Logs|*.*
FileKey8=%CommonProgramFiles%\Intuit\Internet Client|Msdun13.exe
FileKey9=%ProgramFiles%\TurboTax*|*.txt

- Added new FileKeys 4, 5, 6, and 7

Modified entries:

[Foxit PhantomPDF 6 More*]
LangSecRef=3021
Detect=HKCU\Software\Foxit Software\Foxit PhantomPDF 6.0
Default=False
FileKey1=%AppData%\Foxit Software\RMS|FXRMS_Log.txt
RegKey1=HKCU\Software\Foxit Software\Foxit PhantomPDF 6.0\Preferences\History
RegKey2=HKCU\Software\Foxit Software\Foxit PhantomPDF 6.0\RecentFiles

- Added FileKey1

[GameSave Manager*]
LangSecRef=3021
Detect1=HKCR\GSM_gsba
Detect2=HKCR\GSM_gsdu
Detect3=HKCR\GSM_gsms
Default=False
FileKey1=%AppData%\GameSave Manager*\TaskLogs|*.*
FileKey2=%AppData%\GameSave Manager*\TaskCache|*.*
FileKey3=%AppData%\GameSave Manager*\GameCache|*.*
FileKey4=%AppData%\GameSave Manager*\$$ CacheDir $$|*.*|REMOVESELF
FileKey5=%ProgramFiles%\GameSave Manager*\settings|*.log;ScanResults.txt|RECURSE

- Added FileKey4 and 5

[Winapp2.ini additions]

New entry:

[FileMind QuickFix*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92789900-80D0-4B61-B742-7897964A69AB}_is1
Default=False
FileKey1=%ProgramFiles%\Metability Software\FileMindQuickFix|*.log|RECURSE

Modified:

[Exifer*]
LangSecRef=3024
Detect=HKCU\Software\Exifer
Default=False
RegKey1=HKCU\Software\Exifer\Browse\History

- Changed LangSecRef to 3024 to group image Exif metadata utilities together.

[ExifPro*]
LangSecRef=3024
Detect=HKCU\Software\MKowalski\ExifPro
Default=False
FileKey1=%CommonAppData%\MiK\ExifPro|Cache*
RegKey1=HKCU\Software\MKowalski\ExifPro\1.0\Browser\View 0|LastPath
RegKey2=HKCU\Software\MKowalski\ExifPro\1.0\HTMLAlbumGen\RecentDestPaths
RegKey3=HKCU\Software\MKowalski\ExifPro\1.0\RecentPaths
RegKey4=HKCU\Software\MKowalski\ExifPro\1.0\ResizeDlg\RecentDestPaths

- Changed LangSecRef to 3024 to group image Exif metadata utilities together.

[Winapp2.ini additions]

If the [Office 2010 More*] code above is okay, then it also applies to Office 2013 as shown below.

Re:

[Office 2010 More*]

LangSecRef=3021

Detect=HKCU\Software\Microsoft\Office\14.0\Common

Default=False

FileKey1=%LocalAppData%\Microsoft\Office\14.0\OfficeFileCache|*.*|RECURSE

FileKey2=%LocalAppData%\Microsoft\Office\14.0|OneNoteOfflineCache.onecache

FileKey3=%LocalAppData%\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files|*.*|RECURSE

FileKey4=%AppData%\Microsoft\OneNote\14.0|Preferences.dat

 

[Office 2013 More*]

LangSecRef=3021

Detect=HKCU\Software\Microsoft\Office\15.0\Common

Default=False

FileKey1=%LocalAppData%\Microsoft\Office\15.0\OfficeFileCache|*.*|RECURSE

FileKey2=%LocalAppData%\Microsoft\Office\15.0|OneNoteOfflineCache.onecache

FileKey3=%LocalAppData%\Microsoft\OneNote\15.0\OneNoteOfflineCache_Files|*.*|RECURSE

FileKey4=%AppData%\Microsoft\OneNote\15.0|Preferences.dat

 

An alternative:

[MS Office More*]
LangSecRef=3021
Detect1=HKCU\Software\Microsoft\Office\14.0\Common
Detect2=HKCU\Software\Microsoft\Office\15.0\Common
Default=False
FileKey1=%LocalAppData%\Microsoft\Office\*\OfficeFileCache|*.*|RECURSE
FileKey2=%LocalAppData%\Microsoft\Office\*|OneNoteOfflineCache.onecache
FileKey3=%LocalAppData%\Microsoft\OneNote\*\OneNoteOfflineCache_Files|*.*|RECURSE
FileKey4=%AppData%\Microsoft\OneNote\*|Preferences.dat

[Winapp2.ini additions]

Modified:

[K-Lite Codec Pack*]
LangSecRef=3023
Detect=HKLM\Software\KLCodecPack
Default=False
FileKey1=%ProgramFiles%\K-Lite*|*.log;*.txt;*.zip|RECURSE
FileKey2=%SystemDrive%|*klcp_itp_*.tmp
RegKey1=HKU\S-1-5-21-1409082233-152049171-725345543-500\Software\Gabest\vsfilter\DefTextPathes|Path0
RegKey2=HKU\S-1-5-21-1409082233-152049171-725345543-500\Software\Gabest\vsfilter\DefTextPathes|Path1
RegKey3=HKU\S-1-5-21-1409082233-152049171-725345543-500\Software\Gabest\vsfilter\DefTextPathes|Path2

- Improved FileKey1 detection

- Removed previous FileKey2

[Winapp2.ini additions]

New entries:

[Active@ File Recovery*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1
Default=False
FileKey1=%ProgramFiles%\LSoft Technologies\Active@ File Recovery*|Active File Recovery Log.txt;he_log.txt;*.scn;*.xml

[Firefox Console Log*]
LangSecRef=3026
SpecialDetect=DET_MOZILLA
Default=False
FileKey1=%AppData%\Mozilla\Firefox|console.log

[Intuit TurboTax*]
LangSecRef=3021
DetectFile=%ProgramFiles%\TurboTax*
FileKey1=%AppData%\Intuit*|*.log|RECURSE
FileKey2=%CommonAppData%|*.bc
FileKey3=%CommonAppData%\Intuit*|*.log|RECURSE
FileKey4=%CommonProgramFiles%\Intuit\Internet Client|Msdun13.exe
FileKey5=%ProgramFiles%\TurboTax*|*.txt

[Real Network Monitor*]
LangSecRef=3022
Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Real Network Monitor
Default=False
FileKey1=%ProgramFiles%\Real Network Monitor|*.xml

[SysTracer*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysTracer
Default=False
FileKey1=%ProgramFiles%\SysTracer|SysTracerLog.txt
FileKey2=%ProgramFiles%\SysTracer\tmp|*.*|REMOVESELF

Modified:

[Cameyo*]
LangSecRef=3021
Detect=HKCU\Software\VOS
Default=False
RegKey1=HKCU\Software\VOS
FileKey1=%AppData%\VOS|*.*|REMOVESELF

- Edited FileKey1 to REMOVESELF. Folder will regenerate.

[Conceiva Mezzmo*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Conceiva\Mezzmo
Default=False
FileKey1=%CommonAppData%\Conceiva\*|*.bat;*.exe;*.txt
FileKey2=%LocalAppData%\Conceiva\Logs|*.*|REMOVESELF
FileKey3=%LocalAppData%\Conceiva\Mezzmo|DebugCERwrite.txt
FileKey4=%LocalAppData%\Conceiva\Mezzmo\Temporary_Dlna_Files|*.*|REMOVESELF
FileKey5=%LocalAppData%\Conceiva\Mezzmo\Temporary_Subtitle_Files|*.*|REMOVESELF
FileKey6=%LocalAppData%\Conceiva\Mezzmo\Temporary_Thumbnail_Files|*.*|REMOVESELF
FileKey7=%ProgramFiles%\Conceiva\Mezzmo|*.txt
FileKey8=%ProgramFiles%\Conceiva\Mezzmo\Third\OGMDemuxer\doc|*.*|REMOVESELF
FileKey9=%ProgramFiles%\Conceiva\Mezzmo\Third\MKVToolNix|*.txt
RegKey1=HKCU\Software\Conceiva\Mezzmo\General|LastWatchFolder

- Added FileKey1 through 6
- Improved Detect

[Winapp2.ini additions]

New entries:

[BB TestAssistant 4*]
LangSecRef=3023
Detect1=HKLM\SOFTWARE\Blueberry Software\BB TestAssistant Expert 4
Detect2=HKLM\SOFTWARE\Blueberry Software\BB TestAssistant Pro 4
Default=False
FileKey1=%AppData%\Blueberry|ExportToAVIStat.txt;ExportToQTStat.txt;ExportToSWFStat.txt;ExportToWMVStat.txt;TAExpert4 CrashTracking.xml;TestAssistant4 CrashTracking.xml;TAExpert4 UsageTracking.xml;TestAssistant4 UsageTracking.xml;RecorderStat.txt;RecorderStaticStat.txt
FileKey2=%AppData%\LogSys|*.*|REMOVESELF
FileKey3=%CommonProgramFiles%\Blueberry Software|*.log
FileKey4=%ProgramFiles%\Blueberry Software\*|drvinstlog.txt;*.log
FileKey5=%WinDir%\system32\MTSLog|*.*|REMOVESELF

[ComboFix*]
LangSecRef=3024
DetectFile=%SystemDrive%\ComboFix
Default=False
Warning=This will delete ComboFix History. Do not delete until you have reviewed these logs.
FileKey1=%SystemDrive%\Qoobox|*.txt
FileKey2=%SystemDrive%\Qoobox\Quarantine|*.log
FileKey3=%SystemDrive%\CE.tmp|*.*|REMOVESELF
FileKey4=%SystemDrive%\D6.tmp|*.*|REMOVESELF
FileKey5=%SystemDrive%\Qoobox\LastRun|*.*|REMOVESELF
FileKey6=%SystemDrive%\Qoobox\Test|*.*|REMOVESELF
FileKey7=%SystemDrive%\Qoobox\TestC|*.*|REMOVESELF

[Winapp2.ini additions]

New entries:

[Anvisoft Cloud System Booster*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Anvisoft\Cloud System Booster
Default=False
FileKey1=%LocalAppData%\Anvisoft\Anvi Slim Toolbar\FFToobar\tmp|*.*|REMOVESELF
FileKey2=%ProgramFiles%\Anvisoft\Cloud System Booster|*.log;*.txt
FileKey3=%ProgramFiles%\Anvisoft\Cloud System Booster\logs|*.*
FileKey4=%ProgramFiles%\Anvisoft\Cloud System Booster\reports|*.*
FileKey5=%ProgramFiles%\Anvisoft\Cloud System Booster\VLog|*.*

[Anvisoft Cloud System Booster (Backups)*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Anvisoft\Cloud System Booster
Default=False
Warning=This will delete your backups. You will be unable to undo any changes made with Cloud System Booster.
FileKey1=%LocalAppData%\Anvisoft\Anvi Slim Toolbar\IEToobar|*.*|REMOVESELF
FileKey2=%LocalAppData%\Anvisoft\Anvi Slim Toolbar\FFToobar|*.*|REMOVESELF
FileKey3=%ProgramFiles%\Anvisoft\Cloud System Booster\bak|*.*

[BB FlashBack 4*]
LangSecRef=3023
Detect1=HKLM\SOFTWARE\Blueberry Software\BB FlashBack Express
Detect2=HKLM\SOFTWARE\Blueberry Software\BB FlashBack Pro 4
Detect3=HKLM\SOFTWARE\Blueberry Software\BB FlashBack Standard 4
Default=False
FileKey1=%AppData%\Blueberry|ExportToAVIStat.txt;ExportToQTStat.txt;ExportToSWFStat.txt;ExportToWMVStat.txt;FBExpress2 CrashTracking.xml;FlashBack4 CrashTracking.xml;FBStandard4 CrashTracking.xml;FBExpress2 UsageTracking.xml;FlashBack4 UsageTracking.xml;FBStandard4 UsageTracking.xml;RecorderStat.txt;RecorderStaticStat.txt
FileKey2=%AppData%\LogSys|*.*|REMOVESELF
FileKey3=%CommonProgramFiles%\Blueberry Software|*.log
FileKey4=%ProgramFiles%\Blueberry Software\*|drvinstlog.txt;*.log
FileKey5=%WinDir%\system32\MTSLog|*.*|REMOVESELF

[Blumentals Easy GIF Animator*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy GIF Animator_is1
Default=False
FileKey1=%ProgramFiles%\Easy GIF Animator|*.txt|RECURSE

[Winapp2.ini additions]

Modified:

[AnyDVD*]
LangSecRef=3023
Detect=HKCU\Software\SlySoft\AnyDVD
Default=False
FileKey1=%Documents%\AnyDVD_logs|*.*|REMOVESELF

- Renamed to AnyDVD. Detect line detects AnyDVD classic and AnyDVDHD
- Changed LangSecRef to 3023 to group with other decryption, disc ripper software.

[DVD-Cloner*]
LangSecRef=3023
Detect1=HKCU\Software\Dvd-cloner
Detect2=HKCU\Software\DVD-Cloner Gold
Detect3=HKCU\Software\iPod-Cloner
Default=False
FileKey1=%AppData%\DVD-Cloner*|*.log
FileKey2=%CommonAppData%\DVD-Cloner*|*.log
FileKey3=%Documents%|Smart.log;Smart_result.log
FileKey4=%ProgramFiles%\DVD-Cloner*|*.log|RECURSE
FileKey5=%ProgramFiles%\DVD-Cloner Platinum\*\readcache|*.*
FileKey6=%SystemDrive%|dtdlog.txt
FileKey7=%WinDir%\system32|dvdtest10024.dat

- Added FileKey5

[Listary*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Listary_is1
Default=False
FileKey1=%AppData%\Listary\CrashRpt|*.*|REMOVESELF
FileKey2=%ProgramFiles%\Listary|*.log

- Corrected FileKey2 directory

[Winapp2.ini additions]

Got 'em fine here...

Thanks for the update Winapp2.ini!

[Winapp2.ini additions]

New entries:

[Blue-Cloner*]
LangSecRef=3023
Detect=HKCU\Software\Blue-cloner
Default=False
FileKey1=%AppData%\Blue-Cloner|*.log
FileKey2=%AppData%\Blue-Cloner\ReadCache|*.*|REMOVESELF
FileKey3=%ProgramFiles%\Blue-Cloner|*.log;*.txt

[iPod-Cloner*]
LangSecRef=3023
Detect=HKCU\Software\iPod-Cloner
Default=False
FileKey1=%ProgramFiles%\iPod-Cloner|*.log
FileKey2=%ProgramFiles%\iPod-Cloner\ReadCache|*.*
FileKey3=%SystemDrive%|dtdlog.txt

[MusicBee*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MusicBee
Default=False
FileKey1=%AppData%\MusicBee|*.dat
FileKey2=%AppData%\MusicBee\InternalCache|*.*|REMOVESELF

[Open Blu-ray Ripper*]
LangSecRef=3023
Detect=HKCU\Software\OpenCloner\BDRipper
Default=False
FileKey1=%AppData%\Open Blu-ray Ripper|OBR_LOG_FILE.txt
FileKey2=%AppData%\Open Blu-ray Ripper\ReadCache|*.*|REMOVESELF

[Open Blu-ray to DVD*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Blu-ray to DVD Pro_is1
Default=False
FileKey1=%ProgramFiles%\Blu-ray to DVD*|*.log;*.txt
FileKey2=%ProgramFiles%\Blu-ray to DVD*\ReadCache|*.*

[Open DVD Ripper*]
LangSecRef=3023
Detect=HKCU\Software\OpenCloner\DVDRipper
Default=False
FileKey1=%AppData%\Open DVD Ripper|ODR_LOG_FILE.txt
FileKey2=%AppData%\Open DVD Ripper\ReadCache|*.*|REMOVESELF

[Trojan Remover*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Simply Super Software\Trojan Remover
Default=False
FileKey1=%CommonAppData%\Logs|*.*|REMOVESELF
FileKey2=%Documents%\Simply Super Software|*.*|REMOVESELF

Modified:

[dvdcss*]
LangSecRef=3023
DetectFile=%AppData%\dvdcss
Default=False
FileKey1=%AppData%\dvdcss|*.*|REMOVESELF
FileKey2=%UserProfile%\.dvdcss|*.*|REMOVESELF

- Edited FileKey1 and 2 to REMOVESELF from RECURSE. Folder regenerates when utilized.

[Stream-Cloner*]
LangSecRef=3023
Detect=HKCU\Software\Stream-Cloner
Default=False
FileKey1=%AppData%\Stream-Cloner|*.log;IeRecentVisit.txt
FileKey2=%AppData%\Stream-Cloner\Cap_images|*.*|REMOVESELF
FileKey3=%AppData%\Stream-Cloner\thumbs|*.*|REMOVESELF

- Improved FileKey1
- Added FileKey2 and 3

[Winapp2.ini additions]

New entries:

[Aegisub*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Aegisub
Default=False
FileKey1=%AppData%\Aegisub|mru.json
FileKey2=%AppData%\Aegisub\log|*.*|REMOVESELF
FileKey3=%AppData%\Aegisub\recovered|*.*|REMOVESELF
FileKey4=%LocalAppData%\Aegisub\ffms2cache|*.*|REMOVESELF
FileKey5=%ProgramFiles%\Aegisub|*.txt

[Aegisub (Autosaves)*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Aegisub
Default=False
Warning=Aegisub automatically saves a copy of each script you are working on. This will delete them.
FileKey1=%AppData%\Aegisub\autosave|*.*|REMOVESELF

[Aegisub (Auto Backups)*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Aegisub
Default=False
Warning=Aegisub automatically saves a backup copy of each script you open. This will delete them.
FileKey1=%AppData%\Aegisub\autoback|*.*|REMOVESELF

[DVD-Cloner*]
LangSecRef=3023
Detect1=HKCU\Software\Dvd-cloner
Detect2=HKCU\Software\DVD-Cloner Gold
Detect3=HKCU\Software\iPod-Cloner
Default=False
FileKey1=%AppData%\DVD-Cloner*|*.log
FileKey2=%CommonAppData%\DVD-Cloner*|*.log
FileKey3=%Documents%|Smart.log;Smart_result.log
FileKey4=%ProgramFiles%\DVD-Cloner*|*.log|RECURSE
FileKey5=%ProgramFiles%\DVD-Cloner Platinum\*\readcache|*.*
FileKey6=%SystemDrive%|dtdlog.txt
FileKey7=%WinDir%\system32|dvdtest10024.dat

[WinToUSB*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinToUSB_is1
Default=False
FileKey1=%ProgramFiles%\WinToUSB\bin|*.log

[Winapp2.ini additions]

New entries:

[Active@ KillDisk*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F62EFB8-3C1C-4EE6-B6EF-9593007F9B03}_is1
Default=False
FileKey1=%ProgramFiles%\LSoft Technologies\Active@ KillDisk*|*.log;*.pdf;*.xml
ExcludeKey1=FILE|%ProgramFiles%\LSoft Technologies\Active@ KillDisk*|BootDisk.pdf
ExcludeKey2=FILE|%ProgramFiles%\LSoft Technologies\Active@ KillDisk*|KillDisk.pdf

[Active@ UNDELETE (Logs)*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F0B916A-F7DD-4335-923E-397979C6AE1B}_is1
FileKey1=%ProgramFiles%\LSoft Technologies\Active@ UNDELETE*|*.log;*.scan;*.txt
FileKey1=%ProgramFiles%\LSoft Technologies\Active@ UNDELETE*\sessions|*.log
FileKey2=%SystemDrive%\Documents and Settings\Administrator\scan_results|*.*|REMOVESELF

[Active@ UNDELETE (Images)*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F0B916A-F7DD-4335-923E-397979C6AE1B}_is1
Warning=This will delete all saved disk images.
FileKey1=%ProgramFiles%\LSoft Technologies\Active@ UNDELETE*\disk_images|*.*|REMOVESELF

[Active@ UNDELETE (Recovered Files)*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F0B916A-F7DD-4335-923E-397979C6AE1B}_is1
Warning=This will delete all recovered data.
FileKey1=%ProgramFiles%\LSoft Technologies\Active@ UNDELETE*\recovered|*.*|REMOVESELF

[Active@ UNDELETE (Sessions)*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F0B916A-F7DD-4335-923E-397979C6AE1B}_is1
Warning=This will delete all saved sessions.
FileKey1=%ProgramFiles%\LSoft Technologies\Active@ UNDELETE*|*.usf|RECURSE

[My Riding Stables*]
Section=Games
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyRidingStables
Default=False
FileKey1=%ProgramFiles%\My Riding Stables*|*.txt;*.url

[My Singing Monsters*]
Section=Games
Detect1=HKLM\SOFTWARE\Big Fish Games\Persistence\Install\F7664T1L1
Detect2=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Singing Monsters1.1
DetectFile=%ProgramFiles%\My Singing Monsters
Default=False
FileKey1=%ProgramFiles%\My Singing Monsters|dotnetfx35setup.exe;vcredist_x86.exe
FileKey2=%ProgramFiles%\My Singing Monsters|*.log;*.txt|RECURSE
FileKey3=%ProgramFiles%\*\My Singing Monsters|dotnetfx35setup.exe;*.html;*.PNG;vcredist_x86.exe
FileKey4=%ProgramFiles%\*\My Singing Monsters|*.log;*.txt|RECURSE

[Ranch Rush*]
Section=Games
Detect1=HKLM\SOFTWARE\Big Fish Games\Persistence\Install\F2580T1L1
Detect2=HKLM\SOFTWARE\Big Fish Games\Persistence\Install\F5659T1L1
Detect3=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ranch Rush1.0
DetectFile=%ProgramFiles%\Ranch Rush
Default=False
FileKey1=%CommonAppData%\FreshGames\RanchRush\*|*.log;temp_data.ssp
FileKey2=%ProgramFiles%\Ranch Rush*|*.html;*.nfo
FileKey3=%WinDir%|Ranch Rush Setup Log.txt

[Ride!*]
Section=Games
Detect1=HKLM\SOFTWARE\Big Fish Games\Persistence\Install\F2440T1L1
Detect2=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Ride!
DetectFile=%ProgramFiles%\Ride!
Default=False
FileKey1=%ProgramFiles%\Ride!|*.log;*.txt|RECURSE
FileKey2=%ProgramFiles%\Ride!\DirectX9|*.*|REMOVESELF
FileKey3=%WinDir%|DirectX.log

[Winapp2.ini additions]

New entries:

[Nancy Drew - Secret of Shadow Ranch*]
Section=Games
Detect1=HKLM\SOFTWARE\Big Fish Games\Persistence\Install\F7041T1L1
Detect2=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nancy Drew - Secret of Shadow Ranch - Plus Guide1.0
DetectFile=%ProgramFiles%\Nancy Drew*
Default=False
FileKey1=%ProgramFiles%\Nancy Drew*|dxwebsetup.exe;*.html
FileKey2=%ProgramFiles%\*\Nancy Drew*|dxwebsetup.exe;*.html

[Paragon Hard Disk Manager 14 Suite*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1138529294AEED1169C70005650C0080
Default=False
FileKey1=%CommonAppData%\clonehdd|*.log
FileKey2=%CommonAppData%\createpart|*.log
FileKey3=%CommonAppData%\deletepart|*.log
FileKey4=%CommonAppData%\explauncher|*.log
FileKey5=%CommonAppData%\ftw|*.log
FileKey6=%CommonAppData%\launcher|*.log
FileKey7=%CommonAppData%\logsaver|*.log
FileKey8=%CommonAppData%\migrateos|*.log
FileKey9=%CommonAppData%\redistpart|*.log
FileKey10=%CommonAppData%\vmadjust|*.log
FileKey11=%CommonAppData%\vmcreate|*.log
FileKey12=%CommonAppData%\wipe|*.log
FileKey13=%ProgramFiles%\Paragon Software\Hard Disk Manager 14 Suite\*|BioNtLog.txt;cdb.log;fdisk.txt;pwlog.txt;stubact.log
FileKey14=%ProgramFiles%\Paragon Software\Hard Disk Manager 14 Suite\*\symmpi*|*.txt
FileKey15=%SystemDrive%\Documents and Settings\LocalService|objsrv.log
FileKey16=%WinDir%\Logs\Paragon\Client|*.log
FileKey17=%WinDir%\Logs\Paragon Software\UimSetup|*.log
FileKey18=%WinDir%\Logs\Paragon Software\VssRequester|*.log

[Paragon Partition Manager 2014*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8855E740A3CED1189750005650C0080
Default=False
FileKey1=%CommonAppData%\converthfs|*.log
FileKey2=%CommonAppData%\createpart|*.log
FileKey3=%CommonAppData%\deletepart|*.log
FileKey4=%CommonAppData%\explauncher|*.log
FileKey5=%CommonAppData%\formatpart|*.log
FileKey6=%CommonAppData%\launcher|*.log
FileKey7=%CommonAppData%\logsaver|*.log
FileKey8=%CommonAppData%\redistpart|*.log
FileKey9=%ProgramFiles%\Paragon Software\*\program|BioNtLog.txt;cdb.log;fdisk.txt;pwlog.txt;stubact.log
FileKey10=%SystemDrive%\Documents and Settings\LocalService|objsrv.log
FileKey11=%WinDir%\Logs\Paragon\Client|*.log
FileKey12=%WinDir%\Logs\Paragon Software\VssRequester|*.log