A new build of R-Wipe & Clean is available for download.
New features
+ The Mozilla Maintenance Service Logs item has been added to the Mozilla Firefox section.
The following items have been added to the User's section:
+ Feeds Cache to the Caches part;
+ WebView to the Miscellaneous Traces part.
+ The Setting Synchronization Events Log item has been added to the Logs part of the System's Own Traces sections.
+ The XnView program and Ice Age Adventures game have been added to the Program Data section.
Improvements:
Display and deletion have been improved for the following items:
* Update Orchestrator Events Logs tab in the Program Data part of the System's Own Traces section;
* Stored Timestamps tab in the Mozilla Firefox section;
Bug-fixes:
- Some items may have not been displayed on the Customize dialog box on the Classic interface. Fixed.
R-Wipe & Clean 20.0.2253
Forum rules
Discussion on the R-Wipe & Clean and R-Crypto software
Discussion on the R-Wipe & Clean and R-Crypto software
Re: R-Wipe & Clean 20.0.2253
Please R-TT Team, more items for r-wipe
Registry Transaction Logs
-Registry Transaction Logs (.LOG)
*.LOG
*.LOG1
*.LOG2
-Transactional Registry Transaction Logs (.TxR)
Transactional registry logs use the Common Log File Sytstem (CLFS) format. The logs are stored to files of the form .TxR..regtrans-ms. For user hives these files are stored in the same directory as the hive and are cleared on user logout. However, for system hives logs are stored in %SystemRoot%\System32\config\TxR, and the logs are not automatically cleared.
-Registry Backups
Windows includes a simple mechanism to backup system registry hives periodically. The hives are backed up with a scheduled task called RegIdleBackup, which is scheduled to run every 10 days by default. Backed up hives are stored to %SystemRoot%\System32\config\RegBack. Only the most recent backup is stored in this location. This can be useful for investigating recent activity on a system.
MORE INFO
https://www.fireeye.com/blog/threat-res ... sited.html
Tracing keys Traces
All tracing keys are located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing
These keys are deleted by Malwarebytes' AdwCleaner. They claim that malware sometimes target these keys and they can safely be removed.
Removes from the device tree non present
USB hubs
USB mass storage devices
USB Disk devices
USB CDROM devices
USB Floppy devices
USB Storage Volumes
USB WPD devices (Vista, Win7, Win8, Win10)
and their registry items under
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\UsbFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume
Registry Transaction Logs
-Registry Transaction Logs (.LOG)
*.LOG
*.LOG1
*.LOG2
-Transactional Registry Transaction Logs (.TxR)
Transactional registry logs use the Common Log File Sytstem (CLFS) format. The logs are stored to files of the form .TxR..regtrans-ms. For user hives these files are stored in the same directory as the hive and are cleared on user logout. However, for system hives logs are stored in %SystemRoot%\System32\config\TxR, and the logs are not automatically cleared.
-Registry Backups
Windows includes a simple mechanism to backup system registry hives periodically. The hives are backed up with a scheduled task called RegIdleBackup, which is scheduled to run every 10 days by default. Backed up hives are stored to %SystemRoot%\System32\config\RegBack. Only the most recent backup is stored in this location. This can be useful for investigating recent activity on a system.
MORE INFO
https://www.fireeye.com/blog/threat-res ... sited.html
Tracing keys Traces
All tracing keys are located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing
These keys are deleted by Malwarebytes' AdwCleaner. They claim that malware sometimes target these keys and they can safely be removed.
Removes from the device tree non present
USB hubs
USB mass storage devices
USB Disk devices
USB CDROM devices
USB Floppy devices
USB Storage Volumes
USB WPD devices (Vista, Win7, Win8, Win10)
and their registry items under
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\UsbFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume
Re: R-Wipe & Clean 20.0.2253
Thank you for your suggestions. I've passed them to our developers.rwiper wrote: ↑Tue Oct 22, 2019 3:42 pmPlease R-TT Team, more items for r-wipe
Registry Transaction Logs
Tracing keys Traces
Removes from the device tree non present
and their registry items under
Re: R-Wipe & Clean 20.0.2253
rwiper wrote: ↑Tue Oct 22, 2019 3:42 pm
Registry Transaction Logs
This item has been included into Build 2260.