Winapp2.ini additions

[Nergal]

While I appreciate, neverbloom, your contributions, many of them are far too aggressive for the public template. Especially, prefetch, software distribution folder and the wholesale cleaning of Advanced Backup Files.

On the first two I've spoken many times of the subject throughout this thread. As for the ABF entriy, more specific entries are much more appropriate for ccleaner; and warnings really ought to be used sparingly. I feel that we, as the gatekeepers of many additions to ccleaner, need to remember that many users just click through warnings.

[Neverbloom]

[back_track]

I know its kind of aggressive maybe can add some of these options to the public template and i keep a "private version" for forensics targets and add that version to my signature for more advanced cleanings(:

 

 

but ther are never come into the normal winapp2.ini

 

I collect so entries from this forum  threat^^  and collect a bad list......

 

https://www.dropbox.com/s/tu0yc4dt10hy6ds/Winsys2.ini?dl=0

[Neverbloom]

:

[Nergal]

I also maintain a separate winsys2 but it's all entries from the template in this thread

[Nergal]

Readers may notice some dropped parts of the above conversation, the user involved was removed from the community for forum abuse

[back_track]

Readers may notice some dropped parts of the above conversation, the user involved was removed from the community for forum abuse

 

damn I have lost it ....

[siliconman01]

New Entry:  [Western Digital Firmware Updater Log*]

[Western Digital Firmware Updater Log*]
LangSecRef=3024
DetectFile=%CommonAppData%\Western Digital
Default=False
FileKey1=%CommonAppData%\Western Digital\Logs\WD Firmware Updater\|*.*|REMOVESELF

[norel]

I had a Winapp2.ini with just one entry that added a new key for cleaning thumbs.db in Windows XP. I accidentally deleted it and can't recover it for some reason. I download the full Winapp2.ini file from the Winapp2.com site but it doesn't add a special key in XP like my old one did. I can't even remember how I ended up with it in the first place and have no idea how to make a new file. Does anyone happen to know how I can get it back, it was sure a handy.

[norel]

I finally remember where I got my previous file, I made it using the instructions at the beginning of this thread. I tried to make a new one but I've hit a snag. Here's what I've got:

 

[Thumbnails]
LangSecRef=3025
DetectPath=%HomeDrive%
Default=False

 

This creates a new key in Applications Tab>Windows but I can't figure out how to point it to the Thumbs.db files. I tried

 

DetectFile=%HomeDrive%\Thumbs.db

 

but then the new key doesn't show up in CC. Can somone see what I need to do to make it work? Much appreciated.

 

 

 

[Winapp2.ini]

[Thumbnails]
LangSecRef=3025
DetectFile=%HomeDrive%
Default=False

FileKey1=%HomeDrive%\|Thumbs.db

[norel]

Hey Winnapp, the key did show up but it didn't delete any files. Nothing in the analysis window on analyze. Ideally I'd like to get it to find every Thumbs.db file on C drive but I'm not sure it can be done. I think the last time I did it I pointed it to a specific derectory but I can't really remember.

[Nergal]

[Thumbnails]

LangSecRef=3025

DetectFile=%HomeDrive%

Default=False

FileKey1=%HomeDrive%\|Thumbs.db

Needs a recurse

[norel]

Oh yeah, that's the stuff. It's even better now than it was before.

 

Nice work, much appreciated.

[Andavari]

Ideally I'd like to get it to find every Thumbs.db file

 

Don't forget you can turn off the creation of thumbnails in Windows. I'm just surprised malware authors haven't used that as a means of causing infections.

[Hav0c]

Some new/misplaced language entries.
 

[GoodSync*]
Section=Language Files
Detect=HKLM\SOFTWARE\Siber Systems\GoodSync
Default=False
Warning=This will delete all language files excluding the Default language.
Filekey1=%ProgramFiles%\Siber Systems\GoodSync|*.rfi
ExcludeKey1=FILE|%ProgramFiles%\Siber Systems\GoodSync\default.rfi

[Revo Uninstaller Pro]
Section=Language Files
Detect=HKCU\Software\VS Revo Group\Revo Uninstaller Pro
Default=False
Warning=This will delete all language files excluding English. 
Filekey1=%ProgramFiles%\VS Revo Group\Revo Uninstaller Pro\lang|*.ini
ExcludeKey1=FILE|%ProgramFiles%\VS Revo Group\Revo Uninstaller Pro\lang\english.ini

[WinMerge*]
Section=Language Files
Detect=HKCU\Software\Thingamahoochie\WinMerge
Default=False
Warning=This will delete all languages files excluding the Default language.
FileKey1=%ProgramFiles%\WinMerge\Languages|*.*|REMOVESELF

 
*Rename
*fixed FileKey path

[DAEMON Tools Lite*]
Section=Language Files
Detect=HKCU\Software\Disc Soft
Default=False
Warning=This will delete all language files excluding English.
FileKey1=%ProgramFiles%\DAEMON Tools Lite\Lang|*.*
ExcludeKey1=FILE|%ProgramFiles%\DAEMON Tools Lite\Lang\ENU.dll

[ROCKNROLL]

These are some of the entries that Neverbloom had before he was removed off the forums. I thought that these were ok to add. They are only log files. I didn't edit any of these, so some of them might need name changes or warning messages changed.

 

ADD:

 

[Downloaded Program Files*]  <----- Questioning this one.
LangSecRef=3025
Default=False
DetectFile=%WINDIR%\Downloaded Program Files\
FileKey1=%WINDIR%\Downloaded Program Files\|*.*|REMOVESELF
 
[Task Scheduler Job Files*]
LangSecRef=3025
Default=False
DetectFile=%WINDIR%\Tasks\
FileKey1=%WINDIR%\Tasks\|*.JOB|RECURSE
 
[Microsoft Event Trace Log Files*]
LangSecRef=3025
Default=False
Warning=Log files created by Microsoft Tracelog, a program that creates logs using the events from the kernel in Microsoft operating systems.
DetectFile1=%WINDIR%\System32\WDI\
DetectFile2=%WINDIR%\System32\Performance\
FileKey1=%WINDIR%\System32\WDI\|*.ETL*|RECURSE
FileKey2=%WINDIR%\System32\Performance\|*.ETL*|RECURSE
 
[service Control Manager Trace*] <------ These are just log files
LangSecRef=3025
Default=False
Warning=The service control manager (SCM) is started at system boot. It is a remote procedure call (RPC) server.
DetectFile=%WINDIR%\system32\LogFiles\Scm\
FileKey1=%WINDIR%\system32\LogFiles\Scm\|SCM.EVM*|RECURSE
 
[Container.dat Files*] <----- Also questioning this one.
LangSecRef=3022
Default=False
FileKey1=%USERPROFILE%\AppData\|Container.dat|RECURSE
 
[Windows Event Viewer Log Files*]
LangSecRef=3025
Default=False
Warning=Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error.
DetectFile=%WINDIR%\System32\winevt\Logs\
FileKey1=%WINDIR%\System32\winevt\Logs\|*.EVT*

[Windows Setup Log Files*]
LangSecRef=3025
Default=False
Warning=Delete the leftovers from Windows installations and upgrades.
DetectFile=%WINDIR%\PANTHER\
FileKey1=%WINDIR%\PANTHER\|*.*|RECURSE
FileKey2=%WINDIR%\INF\|setupapi.dev.log
FileKey3=%WINDIR%\INF\|setupapi.app.log
FileKey4=%WINDIR%\Performance\Winsat\|winsat.log
 
[Flash Local Shared Object Files*] <------ These are just flash cookies. The same cookies Flash Player deletes when you use the delete cookies setting.
Section=File Extensions
Default=False
Warning=Also known as "Flash cookies".
FileKey1=%SYSTEMDRIVE%\|*.SOL|RECURSE
 
[Log Files*]
Section=File Extensions
Default=False
FileKey1=%SYSTEMDRIVE%\|*.LOG|RECURSE
 
[Registry Transaction Log Files*]
Section=File Extensions
Default=False
Warning=Log files created by the Common Log File System (CLFS), a Microsoft Windows component used for creating transaction logs.
FileKey1=%SYSTEMDRIVE%\|*.REGTRANS-MS|RECURSE
FileKey2=%SYSTEMDRIVE%\|*.BLF|RECURSE

[Gather Log Files*]
Section=File Extensions
Default=False
Warning=Log files created after each file indexing process.
FileKey1=%SYSTEMDRIVE%\|*.GTHR|RECURSE
 
[Windows Binary Performance Log Files*]
Section=File Extensions
Default=False
Warning=Log files created by Windows performance tracking tools.
FileKey1=%SYSTEMDRIVE%\|*.BLG|RECURSE
 
[Exchange Reserve Transaction Log Files*]
Section=File Extensions
Default=False
Warning=Transaction log files created by Microsoft Exchange.
FileKey1=%WINDIR%\|*.JRS|RECURSE
 
[Windows Registry Hive Log Files*]
Section=File Extensions
Default=False
FileKey1=%WINDIR%\|*.LOG1|RECURSE
FileKey1=%WINDIR%\|*.LOG2|RECURSE
 
[Error Log Files*]
Section=File Extensions
Default=False
FileKey1=%SYSTEMDRIVE%\|*.ERR|RECURSE

 

EDIT:

 

[Windows CBS Logs*]
LangSecRef=3025
Detect=HKLM\Software\Microsoft\Windows
FileKey1=%WinDir%\Logs\CBS|cbs.log;*.cab
FileKey2=%WINDIR%\logs\CBS\|CbsPersist_*.cab

 

Added FileKey 2

 

 

[Windows Log Files More*]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows
FileKey1=%WinDir%\inf|setupapi.offline.log
FileKey2=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html
FileKey3=%WinDir%\winsxs|poqexec.log
FileKey4=%WinDir%\debug\WIA|*.log
FileKey5=%WinDir%|SIGVERIF.TXT
FileKey6=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml
FileKey7=%WinDir%\Panther|PostGatherPnPList.log;PreGatherPnPList.log
FileKey8=%WinDir%\Panther\UnattendGC|diagerr.xml;diagwrn.xml
FileKey9=%WINDIR%\INF\|setupapi.app.log;setupapi.dev.log
FileKey10=%WINDIR%\Performance\Winsat\|winsat.log

 

Added FileKeys 9 and 10

[Winapp2.ini]

I saw his sig and checked them out myself, I lost track of checking which of his entries were already included / in ccleaner, thanks

[JDPower]

I saw his sig and checked them out myself, I lost track of checking which of his entries were already included / in ccleaner, thanks

And which shouldn't be. And which had been discussed endlessly already.

[CSGalloway]

I searched my C: drive for folders that were named *backup*, *temp*, *tmp*, edited the files to also include the best guess for the registry key to check for existence, then removed the folders I tohiuhgt were unsafe.  Would be nice if someone would check the files in the folders listed and write necessary Warnings to the new rules...

 

Due to the lines in the 3 files - I have just attached them....

 

backup.txt

temp.txt

tmp.txt

[Winapp2.ini]

And which shouldn't be. And which had been discussed endlessly already.

OP explicitly mentions Software Distribution as never being added, but I formatted it incorrectly and it's inside the other spoiler tag. I'll have to fix that

[CSGalloway]

I also made a list of the folders under %appdata% that were empty.  After the deletions were done I could not use Internet Explorer - so I am not sure which would be safe to remove.  Anyway here is the list attached....

a.txt

[Winapp2.ini]

After the deletions were done I could not use Internet Explorer

Nothing of value lost then?

[Andavari]

After the deletions were done I could not use Internet Explorer

 

Did your system Internet security increase by 500 trillion percent? 

[siliconman01]

AVG PC TuneUp 2015 has been released. I do hope that you include the code at the link below in the next update of Winapp2.ini.

 

http://forum.piriform.com/index.php?showtopic=32310&p=252610