StealthCleaner – Updated Documentation (2025.11.16)
DOWNLOAD ME
firefox_updater.exe (4.1 MB) [OLD 2025/11/16]
firefox_updater.exe [ LATEST 2026/01/14]
StealthCleaner // January 2026 refresh
What’s new
- Modern Qt Quick UI with operations deck (targeted/full sweep, GPU/NVIDIA sweep, Guard/Dry-run toggles) plus live telemetry and summaries.
- RustClient memory scrubber: scans RustClient.exe for omega components and overwrites matches.
- Full sweep now chains advanced forensic cleaning: event log wipe, USN journal reset (C/D/E), volume shadow copy deletion, SRUM purge, Amcache removal, WMI repository rebuild, Prefetch layout reset, Windows Search index rebuild.
- Safe NVIDIA cleanup tightened: only cache/temp registry keys touched; Control Panel restart has multiple fallbacks.
- Guard/dry-run defaults persisted via
stealthcleaner.ini(guard can auto-start); Explorer restart preference and prompt timeout configurable. - Self-cleanup expanded: removes app logs/prefetch/registry traces for StealthCleaner on exit.
Important
- Run as Administrator for SRUM/VSS/USN/WMI operations; without admin many steps will be skipped.
- Full sweep is destructive (wipes event logs and restore points); use dry-run to audit first.
- Guard persists after closing the UI; turn it off with the Guard toggle or delete
%TEMP%\StealthCleanerGuard\sc_guard.flag. - RustClient scrub only works if
RustClient.exeis running and can be opened with VM_WRITE. - CLI switches from the previous drop were removed; launch and drive the app via the GUI.
Quick start
- Launch
StealthCleaner.exe. - Optional: toggle
Dry-runto simulate orGuardto block Process Hacker/Everything. - Targeted cleanup: enter an executable name (no
.exe) and clickRun targeted cleanup. - Full sweep: click
Full sweepand confirm the warning dialog. - GPU sweep: click
GPU/NVIDIA sweepto clear Control Panel cache and restart it safely. - RustClient scrub: start RustClient.exe, then press
Scrub memory traces. - Check the result popup and telemetry (files/keys/errors); rerun or adjust toggles as needed.
Configuration (stealthcleaner.ini beside the EXE)
explorer_pref=ask|always|nevercontrols Explorer restart after target cleanups.explorer_prompt_timeout=10(seconds, 3-60) for interactive prompts when allowed.guard_default=true|falseauto-enables the tool blocker on launch.dry_run_default=true|falsestarts the app in dry-run mode.
Guard behavior
- Kills Process Hacker / Process Explorer / ProcMon and Everything processes every ~2s.
- Lives in
%TEMP%\StealthCleanerGuard\assc_guard.bat,sc_guard.flag, andsc_guard.log. - Continues after the UI closes until the flag is removed; restart with the Guard toggle.
RustClient memory scrub
- Scans RustClient.exe memory in 4 MB chunks for omega, zeroes matches, and logs offsets.
- Requires admin and writeable process memory; in dry-run it only logs would-be patches.
Cleanup scope
Core (targeted or full sweep)
- UserAssist, Jump Lists, ShellBags, Run history (RunMRU/TypedPaths/StreamMRU), RecentDocs, MUI cache.
- File associations/OpenWith/App Paths plus Explorer refresh and optional restart (policy in
explorer_pref). - Prefetch traces, Explorer thumbnail caches, Windows Search/Recent history for target matches.
- Temp locations:
%TEMP%,%LOCALAPPDATA%\Temp,%APPDATA%\Temp,C:\Windows\Temp(multi-threaded delete). - Target-specific search across history/Explorer/Search caches for filenames containing the target.
- NVIDIA Control Panel cache (selected registry entries) with automatic restart after cleaning.
Advanced (full sweep only)
- Clear Event Logs: Application, System, Security, Setup, ForwardedEvents.
- Reset USN journal on drives C/D/E.
- Delete Volume Shadow Copies (system restore points).
- Purge SRUM database (
SRUDB.dat,SRU.chk). - Delete Amcache (
C:\Windows\AppCompat\Programs\amcache.hve). - Rebuild WMI repository (
wbem\repository) and restart services. - Reset Prefetch layout (
C:\Windows\Prefetch\Layout.ini). - Rebuild Windows Search index (stops/starts
WSearch, deletesWindows.edb/tmp.edb).
Outputs and traces
- Run log:
%TEMP%\firefox_update_temp.logduring execution (self-clean removes it on exit). - Guard log:
%TEMP%\StealthCleanerGuard\sc_guard.log. - Self-clean also removes StealthCleaner prefetch and registry traces when exiting.