The Windows XP spy machine - CCleaner Cache Exposed Here it is folks - the Windows XP spy machine - CCleaner_Cache_Exposed Windows XP Hidden Cache (Updated) This was a copy taken from modified CCleaner registry , if installed you can find it within HKEY_CURRENT_USERSoftwarePiriformCCleaner using regedit.exe from C:WINDOWS Owner = whatever user name you have. Mine is “Owner” Note ; Mozilla “.default” ID censored due to security. The full path remains exposed. Every Mozilla Firefox user has a different .default ID, so consider it xxxxxxxx.default - the paths shown is what you need to know. C:\Program Files\Mozilla Firefox\ updater.exe"C:\Program Files\Mozilla Firefox\ updater.ini"C:\Program Files\Mozilla Firefox\ update.locale"C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\ brndlog.bak"C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\ brndlog.txt"C:\Documents and Settings\Default User\Cookies\ index.dat"C:\Documents and Settings\Default User\Local Settings\ History"C:\Documents and Settings\Default User\Local Settings\History\History.IE5\ *.*"C:\Documents and Settings\Default User\Local Settings\Temp\ *.*"C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\ *.*"C:\Documents and Settings\Default User\NetHood\ *.*"C:\Documents and Settings\Default User\Cookies\ *.*"C:\Documents and Settings\Owner\Recent\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\OfflineCache\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\ *.*"C:\Program Files\Mozilla Firefox\components\ nsSessionStore.js"C:\Program Files\Mozilla Firefox\components\ aboutSessionRestore.js"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds\ *.*"C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\ *.*"C:\Documents and Settings\All Users\Application Data\MFAData\ *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\bookmarkbackups\ *.*"C:\Documents and Settings\Owner\Favorites\Microsoft Websites\ *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP\ *.*"C:\Documents and Settings\Default User\Recent\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\OfflineCache\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\ *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ *.*"C:\Program Files\Mozilla Firefox\searchplugins\ *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\ extensions.cache"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\ cookies.sqlite"C:\Program Files\Mozilla Firefox\components\ nsUpdateService.js"C:\Program Files\Mozilla Firefox\components\ nsUrlClassifierLib.js"C:\Program Files\Mozilla Firefox\components\ nsUrlClassifierListManager.js"C:\Documents and Settings\Owner\Local Settings\Temp\ *.*"C:\Documents and Settings\Owner\ avgui.log"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\ XPC.mfl"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\ XUL.mfl"C:\Program Files\Mozilla Firefox\components\ nsFormAutoComplete.js"C:\Program Files\Mozilla Firefox\components\ GPSDGeolocationProvider.js"C:\Program Files\Mozilla Firefox\components\ nsPlacesAutoComplete.js"C:\Documents and Settings\Owner\Application Data\.purple\logs\ *.*"C:\Documents and Settings\Default User\Templates\ *.*"C:\Documents and Settings\Owner\ .recently-used.xbel"C:\Documents and Settings\Owner\Local Settings\Temp\ ~DF2AA8.tmp"C:\Documents and Settings\Owner\Local Settings\Temp\ nss61.tmp"C:\Documents and Settings\Owner\Local Settings\Temp\nsx62.tmp\ i"C:\Documents and Settings\Owner\Local Settings\Temp\nsx62.tmp\ D"C:\Program Files\Mozilla Firefox\extensions\ *.*"C:\Program Files\Mozilla Firefox\chrome\ pippki.jar"C:\Program Files\Mozilla Firefox\chrome\ pippki.manifest" C:\Documents and Settings\Owner\Local Settings\Temp\WER896d.dir00\"C:\Documents and Settings\Owner\Local Settings\Temp\ ~DFD751.tmp"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\ urlclassifier3.sqlite"C:\Documents and Settings\Owner\Local Settings\Temp\WERe82a.dir00\ *.*"C:\Documents and Settings\Owner\Local Settings\Temp\WERec2d.dir00\ *.*"C:\Documents and Settings\All Users\Application Data\AVG2012\SetupBackup\ Emailsx.cab"C:\Documents and Settings\All Users\Application Data\AVG2012\SetupBackup\ *.*"C:\C:\WINDOWS\system32\ netdde.exe"C:\Documents and Settings\Owner\Application Data\Identities\{1F25A10D-203D-4411-9884-6CBBA98EB1EE}\ *.*"C:\Documents and Settings\Owner\Desktop\ wiaservc.dll"C:\Documents and Settings\Owner\Local Settings\Application Data\4kdownload.com\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\ IconCache.db"C:\Documents and Settings\Owner\Local Settings\Application Data\ GDIPFONTCACHEV1.DAT"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\ *.*"C:\Documents and Settings\Owner\My Documents\SnowFox Total Video Converter\ *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\ secmod.db"C:\Documents and Settings\Owner\Local Settings\Application Data\Xilisoft\Online Video Downloader\ *.*"C:\WINDOWS\l2schemas\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Infacta\GroupMail\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\MPlayer\ *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\ MSIMGSIZ.DAT"C:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\ *.*"C:\WINDOWS\system32\ mnmsrvc.exe"C:\Documents and Settings\Owner\Application Data\SumatraPDF\ *.*"C:\Documents and Settings\Owner\IECompatCache\ *.*"C:\Documents and Settings\Owner\IETld\ *.*"C:\Documents and Settings\Owner\PrivacIE\ *.*"C:\Documents and Settings\Owner\Temporary Internet Files\ *.*"C:\Documents and Settings\Owner\Feeds Cache\Local Settings\Application Data\Microsoft\Feeds Cache\ *.*"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ *.*"C:\Documents and Settings\NetworkService\Cookies\ *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\ *.*"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ *.*"C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\ *.*"C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\OfflineCache\ *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\bookmarkbackups\ *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\OfflineCache\ *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\ extensions.cache"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\ cookies.sqlite"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\ XPC.mfl"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\ XUL.mfl"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\ urlclassifier3.sqlite"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\ secmod.db"C:\WINDOWS\inf\ iis.inf"C:\WINDOWS\inf\ iis.PNF"C:\Program Files\Internet Explorer\Connection Wizard\ phone.icw"C:\Program Files\Internet Explorer\Connection Wizard\ phone.ver"C:\Documents and Settings\Owner\Local Settings\Application Data\4Media\YouTube HD Video Converter\cache\ http*.*"C:\Documents and Settings\Owner\Local Settings\Application Data\4Media\ YouTube HD Video Converter*.*"C:\Program Files\Common Files\Microsoft Shared\web server extensions\ *.*" C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\webappsstore.sqlite"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\HelpCtr\ *.*"C:\Documents and Settings\Owner\Application Data\Macromedia\ *.*"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\ *.*"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\ *.*"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\ *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\ localstore.rdf"C:\WINDOWS\system32\Macromed\Flash\ *.*"C:\WINDOWS\system32\Macromed\Flash\ NPSWF32.dll"C:\Documents and Settings\Owner\Application Data\Adobe\ *.*"C:\Documents and Settings\Owner\Application Data\Adobe\Flash Player\AssetCache\ *.*" Here it is folks - the Windows XP spy machine. This list exposes where all the cookies are stored, all the user history logs, web cache, useless system cache, including where evercookie is planted - EVERYTHING is here. Total exposé. Alot of these files and cache paths will re-generate too, so you need something like CCleaner.exe to target and wipe this shit out at the very least once per day. And btw, those new systems are far worse! - NOBODY Tor Browser Cache \Tor Browser\FirefoxPortable\App\Firefox\ removed-files"\Tor Browser\FirefoxPortable\App\Firefox\ updater.exe"\Tor Browser\FirefoxPortable\App\Firefox\ updater.ini"\Tor Browser\FirefoxPortable\App\Firefox\ update-settings.ini"\Tor Browser\FirefoxPortable\App\Firefox\searchplugins\ *.*"\Tor Browser\FirefoxPortable\Data\profile\ cookies.sqlite"\Tor Browser\FirefoxPortable\Data\profile\ cookies.sqlite-shm"\Tor Browser\FirefoxPortable\Data\profile\ cookies.sqlite-wal"\Tor Browser\FirefoxPortable\Data\profile\ formhistory.sqlite"\Tor Browser\FirefoxPortable\Data\profile\ places.sqlite-shm"\Tor Browser\FirefoxPortable\Data\profile\ places.sqlite"\Tor Browser\FirefoxPortable\Data\profile\ places.sqlite-wal"\Tor Browser\FirefoxPortable\Data\profile\bookmarkbackups\ *.*"\Tor Browser\FirefoxPortable\Data\profile\ signons.sqlite"\Tor Browser\FirefoxPortable\Data\profile\startupCache\ *.*" Tor stinks? http://cryptome.org/2013/10/nsa-tor-stinks.pdf “Use cookies to identify Tor users when they are not using Tor.” “Investigate Evercookie persistence.” Evercookie can be found within Windows systems and can be wiped out here ; C:Documents and SettingsOwnerApplication DataMacromedia Here is evercookie.sol found from an old bleach log. C:Documents and SettingsOwnerApplication Data MacromediaFlash Player#SharedObjectsED5YHQQU bbcdn-bbnaut.ibillboard.comserver-static-files bbnaut.swfevercookie.sol - NOBODY Pidgin OTR Hidden Logs in Linux System Delete 4.1kB /home/User/.purple/logs/jabber/xxxxxxxxxx@hot-chilli.net/xxxxxxxx@hot-chilli.net/2015-01-02.110156-0700MST.html Delete 4.1kB /home/User/.purple/logs/jabber/xxxxxxxxxx@hot-chilli.net/xxxxxxxx@hot-chilli.net/2015-01-08.192023-0700MST.html Pidgin OTR-encrypted chat ... NOT so safe after all, it still logs you're chats ... EVEN when you tell it not too. Here is where to bleach the logs: Delete 4.1kB /home/User/.purple/logs/jabber/xxxxxxxxxx@hot-chilli.net/xxxxxxxx@hot-chilli.net/2015-01-14.122132-0700MST.html Delete 4.1kB /home/User/.purple/logs/jabber/xxxxxxxxxx@hot-chilli.net/xxxxxxxx@hot-chilli.net/2015-01-16.198200-0700MST.html Delete 8.2kB /home/User/.purple/logs/jabber/xxxxxxxxxx@hot-chilli.net/xxxxxxxx@hot-chilli.net/2015-01-17.170908-0700MST.html Delete 4.1kB /home/User/.purple/logs/jabber/xxxxxxxxxx@hot-chilli.net/hot-chilli.net/2015-01-18.115805-0700MST.html Delete 4.1kB /home/User/.purple/logs/jabber/xxxxxxxxxx@hot-chilli.net/xxxxxxxxx@hot-chilli.net Delete 4.1kB /home/User/.purple/logs/jabber/xxxxxxxxxx@hot-chilli.net/hot-chilli.net /User/ * this name depends on you're default user name. - NOBODY Tor Hidden Cache in Linux Systems /Tor Browser/Browser/.local/share/ /Tor Browser/Browser/.local/share/gvfs-metadata/ /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackups/ /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/cookies.sqlite /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/formhistory.sqlite /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/places.sqlite /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/startupCache/ /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/webappsstore.sqlite Read more at http://www.liveleak.com/view?i=3a2_1422235201#vjwgrTYipto6Vaxi.99