Jump to content

Winapp2.ini additions


Winapp2.ini

Recommended Posts

  • Moderators

While I appreciate, neverbloom, your contributions, many of them are far too aggressive for the public template. Especially, prefetch, software distribution folder and the wholesale cleaning of Advanced Backup Files.

On the first two I've spoken many times of the subject throughout this thread. As for the ABF entriy, more specific entries are much more appropriate for ccleaner; and warnings really ought to be used sparingly. I feel that we, as the gatekeepers of many additions to ccleaner, need to remember that many users just click through warnings.

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

I know its kind of aggressive maybe can add some of these options to the public template and i keep a "private version" for forensics targets and add that version to my signature for more advanced cleanings(:

 

 

but ther are never come into the normal winapp2.ini

 

I collect so entries from this forum  threat^^  and collect a bad list...... :ph34r:

 

https://www.dropbox.com/s/tu0yc4dt10hy6ds/Winsys2.ini?dl=0

Link to comment
Share on other sites

  • Moderators

I also maintain a separate winsys2 but it's all entries from the template in this thread

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

  • Moderators

Readers may notice some dropped parts of the above conversation, the user involved was removed from the community for forum abuse

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

New Entry:  [Western Digital Firmware Updater Log*]

[Western Digital Firmware Updater Log*]
LangSecRef=3024
DetectFile=%CommonAppData%\Western Digital
Default=False
FileKey1=%CommonAppData%\Western Digital\Logs\WD Firmware Updater\|*.*|REMOVESELF

Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA Nvidia GeForce 980 Titan card (Home Built System);  Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet.  ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2019 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system):   Kaspersky Internet Security 2021, Malwarebytes 4, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD20, MSI Burner, Rainmeter, Windows Sidebar, WD Smartware and many more.

Link to comment
Share on other sites

I had a Winapp2.ini with just one entry that added a new key for cleaning thumbs.db in Windows XP. I accidentally deleted it and can't recover it for some reason. I download the full Winapp2.ini file from the Winapp2.com site but it doesn't add a special key in XP like my old one did. I can't even remember how I ended up with it in the first place and have no idea how to make a new file. Does anyone happen to know how I can get it back, it was sure a handy.

Link to comment
Share on other sites

I finally remember where I got my previous file, I made it using the instructions at the beginning of this thread. I tried to make a new one but I've hit a snag. Here's what I've got:

 

[Thumbnails]
LangSecRef=3025
DetectPath=%HomeDrive%
Default=False

 

This creates a new key in Applications Tab>Windows but I can't figure out how to point it to the Thumbs.db files. I tried

 

DetectFile=%HomeDrive%\Thumbs.db

 

but then the new key doesn't show up in CC. Can somone see what I need to do to make it work? Much appreciated.

 

 



 

Link to comment
Share on other sites

Hey Winnapp, the key did show up but it didn't delete any files. Nothing in the analysis window on analyze. Ideally I'd like to get it to find every Thumbs.db file on C drive but I'm not sure it can be done. I think the last time I did it I pointed it to a specific derectory but I can't really remember.

Link to comment
Share on other sites

  • Moderators
[Thumbnails]

LangSecRef=3025

DetectFile=%HomeDrive%

Default=False

FileKey1=%HomeDrive%\|Thumbs.db

Needs a recurse

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

Some new/misplaced language entries.
 

[GoodSync*]
Section=Language Files
Detect=HKLM\SOFTWARE\Siber Systems\GoodSync
Default=False
Warning=This will delete all language files excluding the Default language.
Filekey1=%ProgramFiles%\Siber Systems\GoodSync|*.rfi
ExcludeKey1=FILE|%ProgramFiles%\Siber Systems\GoodSync\default.rfi

[Revo Uninstaller Pro]
Section=Language Files
Detect=HKCU\Software\VS Revo Group\Revo Uninstaller Pro
Default=False
Warning=This will delete all language files excluding English. 
Filekey1=%ProgramFiles%\VS Revo Group\Revo Uninstaller Pro\lang|*.ini
ExcludeKey1=FILE|%ProgramFiles%\VS Revo Group\Revo Uninstaller Pro\lang\english.ini

[WinMerge*]
Section=Language Files
Detect=HKCU\Software\Thingamahoochie\WinMerge
Default=False
Warning=This will delete all languages files excluding the Default language.
FileKey1=%ProgramFiles%\WinMerge\Languages|*.*|REMOVESELF


 
*Rename
*fixed FileKey path

[DAEMON Tools Lite*]
Section=Language Files
Detect=HKCU\Software\Disc Soft
Default=False
Warning=This will delete all language files excluding English.
FileKey1=%ProgramFiles%\DAEMON Tools Lite\Lang|*.*
ExcludeKey1=FILE|%ProgramFiles%\DAEMON Tools Lite\Lang\ENU.dll

Every line of code written by man can be undone by man

.

"A loser in the real world is still a loser in the net!" - .hack//SIGN

.
Getting old is inevitable,  growing up is optional !!

Link to comment
Share on other sites

These are some of the entries that Neverbloom had before he was removed off the forums. I thought that these were ok to add. They are only log files. I didn't edit any of these, so some of them might need name changes or warning messages changed.

 

ADD:

 

[Downloaded Program Files*]  <----- Questioning this one.
LangSecRef=3025
Default=False
DetectFile=%WINDIR%\Downloaded Program Files\
FileKey1=%WINDIR%\Downloaded Program Files\|*.*|REMOVESELF
 
[Task Scheduler Job Files*]
LangSecRef=3025
Default=False
DetectFile=%WINDIR%\Tasks\
FileKey1=%WINDIR%\Tasks\|*.JOB|RECURSE
 
[Microsoft Event Trace Log Files*]
LangSecRef=3025
Default=False
Warning=Log files created by Microsoft Tracelog, a program that creates logs using the events from the kernel in Microsoft operating systems.
DetectFile1=%WINDIR%\System32\WDI\
DetectFile2=%WINDIR%\System32\Performance\
FileKey1=%WINDIR%\System32\WDI\|*.ETL*|RECURSE
FileKey2=%WINDIR%\System32\Performance\|*.ETL*|RECURSE
 
[service Control Manager Trace*] <------ These are just log files
LangSecRef=3025
Default=False
Warning=The service control manager (SCM) is started at system boot. It is a remote procedure call (RPC) server.
DetectFile=%WINDIR%\system32\LogFiles\Scm\
FileKey1=%WINDIR%\system32\LogFiles\Scm\|SCM.EVM*|RECURSE
 
[Container.dat Files*] <----- Also questioning this one.
LangSecRef=3022
Default=False
FileKey1=%USERPROFILE%\AppData\|Container.dat|RECURSE
 
[Windows Event Viewer Log Files*]
LangSecRef=3025
Default=False
Warning=Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error.
DetectFile=%WINDIR%\System32\winevt\Logs\
FileKey1=%WINDIR%\System32\winevt\Logs\|*.EVT*

[Windows Setup Log Files*]
LangSecRef=3025
Default=False
Warning=Delete the leftovers from Windows installations and upgrades.
DetectFile=%WINDIR%\PANTHER\
FileKey1=%WINDIR%\PANTHER\|*.*|RECURSE
FileKey2=%WINDIR%\INF\|setupapi.dev.log
FileKey3=%WINDIR%\INF\|setupapi.app.log
FileKey4=%WINDIR%\Performance\Winsat\|winsat.log
 
[Flash Local Shared Object Files*] <------ These are just flash cookies. The same cookies Flash Player deletes when you use the delete cookies setting.
Section=File Extensions
Default=False
Warning=Also known as "Flash cookies".
FileKey1=%SYSTEMDRIVE%\|*.SOL|RECURSE
 
[Log Files*]
Section=File Extensions
Default=False
FileKey1=%SYSTEMDRIVE%\|*.LOG|RECURSE
 
[Registry Transaction Log Files*]
Section=File Extensions
Default=False
Warning=Log files created by the Common Log File System (CLFS), a Microsoft Windows component used for creating transaction logs.
FileKey1=%SYSTEMDRIVE%\|*.REGTRANS-MS|RECURSE
FileKey2=%SYSTEMDRIVE%\|*.BLF|RECURSE

[Gather Log Files*]
Section=File Extensions
Default=False
Warning=Log files created after each file indexing process.
FileKey1=%SYSTEMDRIVE%\|*.GTHR|RECURSE
 
[Windows Binary Performance Log Files*]
Section=File Extensions
Default=False
Warning=Log files created by Windows performance tracking tools.
FileKey1=%SYSTEMDRIVE%\|*.BLG|RECURSE
 
[Exchange Reserve Transaction Log Files*]
Section=File Extensions
Default=False
Warning=Transaction log files created by Microsoft Exchange.
FileKey1=%WINDIR%\|*.JRS|RECURSE
 
[Windows Registry Hive Log Files*]
Section=File Extensions
Default=False
FileKey1=%WINDIR%\|*.LOG1|RECURSE
FileKey1=%WINDIR%\|*.LOG2|RECURSE
 
[Error Log Files*]
Section=File Extensions
Default=False
FileKey1=%SYSTEMDRIVE%\|*.ERR|RECURSE

 

EDIT:

 

[Windows CBS Logs*]
LangSecRef=3025
Detect=HKLM\Software\Microsoft\Windows
FileKey1=%WinDir%\Logs\CBS|cbs.log;*.cab
FileKey2=%WINDIR%\logs\CBS\|CbsPersist_*.cab

 

Added FileKey 2

 

 

[Windows Log Files More*]
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows
FileKey1=%WinDir%\inf|setupapi.offline.log
FileKey2=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html
FileKey3=%WinDir%\winsxs|poqexec.log
FileKey4=%WinDir%\debug\WIA|*.log
FileKey5=%WinDir%|SIGVERIF.TXT
FileKey6=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml
FileKey7=%WinDir%\Panther|PostGatherPnPList.log;PreGatherPnPList.log
FileKey8=%WinDir%\Panther\UnattendGC|diagerr.xml;diagwrn.xml
FileKey9=%WINDIR%\INF\|setupapi.app.log;setupapi.dev.log
FileKey10=%WINDIR%\Performance\Winsat\|winsat.log

 

Added FileKeys 9 and 10

I am a maintainer for Winapp2. I also have a open-source group on Steam.

http://steamcommunity.com/groups/opencommunity

Link to comment
Share on other sites

I searched my C: drive for folders that were named *backup*, *temp*, *tmp*, edited the files to also include the best guess for the registry key to check for existence, then removed the folders I tohiuhgt were unsafe.  Would be nice if someone would check the files in the folders listed and write necessary Warnings to the new rules...

 

Due to the lines in the 3 files - I have just attached them....

 

backup.txt

temp.txt

tmp.txt

Link to comment
Share on other sites

AVG PC TuneUp 2015 has been released. I do hope that you include the code at the link below in the next update of Winapp2.ini.

 

http://forum.piriform.com/index.php?showtopic=32310&p=252610

Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA Nvidia GeForce 980 Titan card (Home Built System);  Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet.  ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2019 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system):   Kaspersky Internet Security 2021, Malwarebytes 4, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD20, MSI Burner, Rainmeter, Windows Sidebar, WD Smartware and many more.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.