Removing all the RecentMovie that was used in the Flashplayer.
I don't know how to only remove RecentMovie1,2,3,4 and so on inside the register.
But it works to clear the whole FlashPlayer registry too.
[Macromedia Flashplayer*] LangSecRef=3023 Detect=HKCU\Software\Macromedia\FlashPlayer Default=False RegKey1=HKCU\Software\Macromedia\FlashPlayer
Tested with Windows 7. Should work in other Windows versions i guess.
Try
[Macromedia Flashplayer*] LangSecRef=3023 Detect=HKCU\Software\Macromedia\FlashPlayer Default=False RegKey1=HKCU\Software\Macromedia\FlashPlayer|RecentMovie1 RegKey2=HKCU\Software\Macromedia\FlashPlayer|RecentMovie2 RegKey3=HKCU\Software\Macromedia\FlashPlayer|RecentMovie3 RegKey4=HKCU\Software\Macromedia\FlashPlayer|RecentMovie4
[Toshiba BluetoothStack*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\Toshiba\BluetoothStack
Default=False
FileKey1=C:\Users\Admin\AppData\Local\Toshiba\BluetoothStack\V1.0\tosOBEX\Temp|*.*
I know that the filekey is to long but i can't shorten it. xD
wow you are fast xD
[Toshiba BluetoothStack*] LangSecRef=3024 Detect=HKLM\SOFTWARE\Toshiba\BluetoothStack Default=False FileKey1=%LocalAppData%\Toshiba\BluetoothStack\V1.0\tosOBEX\Temp|*.*
fixed
[Downloaded Installations*] LangSecRef=3025 DetectFile=C:\Users\Admin\AppData\Local\Downloaded Installations Default=False FileKey1=C:\Users\Admin\AppData\Local\Downloaded Installations|*.*|REMOVESELF[samsung Kies*]
LangSecRef=3023
Detect=HKCU\Software\Samsung\Kies2.0
Default=False
FileKey1=C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateLog.txt
Would it be better with |*.txt ?
[Downloaded Installations*]
LangSecRef=3025
DetectFile=%LocalAppData%\Downloaded Installations
Default=False
FileKey1=%LocalAppData%\Downloaded Installations|.|REMOVESELF
fixed
[samsung Kies*] LangSecRef=3023 Detect=HKCU\Software\Samsung\Kies2.0 Default=False FileKey1=%AppData%\Samsung\Kies|UpdateLog.txt
Will work fine if UpdateLog.txt is the only text file that needs to be deleted.
[PDF-XChange Viewer*] LangSecRef=3021 Detect=HKCU\Software\Tracker Software\PDFViewer Default=False RegKey1=HKCU\Software\Tracker Software\PDFViewer\Documents\LastOpened RegKey2=HKCU\Software\Tracker Software\PDFViewer\Documents\LatestView\Bars RegKey3=HKCU\Software\Tracker Software\PDFViewer\Documents\LatestView\Panes FileKey1=%LocalAppData%\Tracker Software\LiveUpdate\Updates\|*.*
Found old downloaded update in Updates folder, thus the addition of FileKey1 is needed.
New entries, fully tested and works on Windows XP.
[Freemake Video Converter (Logs)*] LangSecRef=3023 Detect=HKCU\Software\Freemake\FreemakeVideoConverter Detect2=HKLM\Software\Freemake\FreemakeVideoConverter DetectFile=%ProgramFiles%\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe Default=False FileKey1=%CommonAppData%\Freemake\FreemakeVideoConverter|*.txt
[Freemake Video Downloader (Logs)*] LangSecRef=3023 Detect=HKCU\Software\Freemake\FreemakeVideoDownloader Detect2=HKLM\Software\Freemake\FreemakeVideoDownloader DetectFile=%ProgramFiles%\Freemake\FreemakeVideoDownloader\FreemakeVideoDownloader.exe Default=False FileKey1=%CommonAppData%\Freemake\FreemakeVideoDownloader|*.txt
Try
[Macromedia Flashplayer*] LangSecRef=3023 Detect=HKCU\Software\Macromedia\FlashPlayer Default=False RegKey1=HKCU\Software\Macromedia\FlashPlayer|RecentMovie1 RegKey2=HKCU\Software\Macromedia\FlashPlayer|RecentMovie2 RegKey3=HKCU\Software\Macromedia\FlashPlayer|RecentMovie3 RegKey4=HKCU\Software\Macromedia\FlashPlayer|RecentMovie4
It's more then 4, i had 12 last time. I don't know how many RecentMovie you can have inside that registry.
Thats why i added the whole folder. Doesn't RecentMovie* work?
Add this please
[Microsoft Security Essentials*] LangSecRef=3024 DetectFile=%ProgramData%\Microsoft\Microsoft Antimalware Default=False FileKey1=%ProgramData%\Microsoft\Microsoft Antimalware\LocalCopy|*.*|RECURSE
Add this please
[Microsoft Security Essentials*] LangSecRef=3024 DetectFile=%ProgramData%\Microsoft\Microsoft Antimalware Default=False FileKey1=%ProgramData%\Microsoft\Microsoft Antimalware\LocalCopy|*.*|RECURSE
what exactly is removed in this?
Add this please
[Microsoft Security Essentials*] LangSecRef=3024 DetectFile=%ProgramData%\Microsoft\Microsoft Antimalware Default=False FileKey1=%ProgramData%\Microsoft\Microsoft Antimalware\LocalCopy|*.*|RECURSE
You should probably PM the official Piriform bug fixer MrT with this addition since Microsoft AntiMalware is already included in CCleaner by default and can be updated if he deems it safe.
Also that location to clean in WinXP would need this added as a FileKey2 path (albeit that LocalCopy folder is empty on my system and I haven't a clue what it's for):
%CommonAppData%\Microsoft\Microsoft Antimalware\LocalCopy
In that folder located malware detected by MSE. I think only malware for transferring into Microsoft Malware Protection Center, cuz quarantine is located in %ProgramData%\Microsoft\Microsoft Antimalware\Quarantine. It's safe to delete.
CCleaner v3.09 * Added wildcard support to folders.
Here is what Local copy is
The LocalCopy directory is a working directory that holds a local copy of detected threats. For instance when I downloaded the eicar.com test file, the detailed information for the detection specified:
file:C:\Documents and Settings\Greg\Desktop\eicar.com
filelocalcopy:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\<GUID>-eicar.com
webfile:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\<GUID>-eicar.com|http://www.eicar.org/download/eicar.com
webfile:C:\Documents and Settings\Greg\Desktop\eicar.com|http://www.eicar.org/download/eicar.com
The file specified as the local copy was present in the LocalCopy folder after the detection, but was removed upon cleaning the eicar.com file on the desktop. To test whether the local copy was an active copy of the file, I saved it in another folder, and then scanned it after the desktop file had been cleaned. The local copy was detected as eicar.com. So in this case it looks like some glitch or bug prevented the local copies from being removed along with the originals as they should have been.
I have several other files in this directory that I suspect might be local copies of heuristic detections that were saved for submission to the Dynamic Signature Service, but that?s only speculation on my part. The only detection I?ve had in this folder was by the Kaspersky Online Scanner, when I did some double-checking for things that Security Essentials might have missed. That detection would also tend to confirm that the local copies are active.
I will update the file today to include all of the above!
I am incredibly excited for the wildcard folder support.
re : ; Application Cleaning files
; Version: v1.0.110727
[secunia PSI*]
LangSecRef=3021
DetectFile=%ProgramFiles%\Secunia\PSIsua.exe
Detect=HKCU\Software\Secunia\PSI
Default=False
FileKey1=%ProgramFiles%SecuniaPSI|sualog.txt
FileKey2=%ProgramFiles%SecuniaPSI|psialog.txt
FileKey3=%ProgramFiles%\Secunia\PSI|psialog.txt2
should be:
[secunia PSI*]
LangSecRef=3021
DetectFile=%ProgramFiles%\Secunia\PSIsua.exe
Detect=HKCU\Software\Secunia\PSI
Default=False
FileKey1=%ProgramFiles%\Secunia\PSI|sualog.txt
FileKey2=%ProgramFiles%\Secunia\PSI|psialog.txt
FileKey3=%ProgramFiles%\Secunia\PSI|psialog.txt2
leaving out the "\" in the FileKeys...
Also what happens if the DetectFile= is false and the Detect= is true = will the File and Reg Keys be executed?
It looks for either / or so if one is true the entry shows
I use Windows XP and recently tried to remove Windows Live Essentials. The uninstall EXE could not be found. I usually run CCleaner with [Windows Live Messenger More*] selected. I looked in the registry and saw the pertinent files for the uninstall are in:
%ProgramFiles%\Common Files\Windows Live\.cache|*.*
%LocalLowAppData%\Microsoft\Windows Live\Setup|*.*
folders. Can a warning be added to he entry warning that if selected the user will no longer be able top remove any Windows Live Essential product? Or if not delete the two entries in the Winapp2.ini please?
Also can the revised file be posted soon - at least for4 the Secunia PSI modification I posted a few hours earlier? Thank you.
Add the following line to: [Windows Live Messenger More*]
ExcludeKey1=FILE|%ProgramFiles%\Common Files\Windows Live\.cache|*.msi|RECURSE
to correct the problem I was having and posted about a little while ago.