diff --git a/malwaresh.pl b/malwaresh.pl
index a17c626..e282fef 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -26,13 +26,8 @@ print "Content-type: text/html\n\n";
 my $user = $ARGV[0];
 
 my @regexen = (
-    qr/<\?php\s+\/\*\*\s+\* WordPress DB Class.+?\$_REQUEST = array_merge\(\$_GET, \$_POST, \$_COOKIE\);\s+\$auth = \"([A-z0-9_]{1,40})\";\s+\$sname = \@session_name\(\);.+?\$method = \"create\" \. \"_\" \. \"function\";\s+\$decode = \"base\" \. \"64_de\" \. \"code\";\s+\$reverse = \"str\" \. \"rev\";\s+\$decompress = \"gzun\" \. \"compress\";.+?\$action = \$method\(\'\'\, \$data\);\s+\$action\(\);\s+\}\s+\}\s+\}/is,
-    qr/<\?php  \/\*([A-z0-9_]{1,50})\*\/ \?><\?php \$([A-z0-9_]{1,20}) = \".+?\'\' \)  , \$([A-z0-9_]{1,20})   \)\)\.\"\'.+?\'\"\.([A-z0-9_]{1,20})\( \$([A-z0-9_]{1,20})\[([A-z0-9_]{1,20})\],\$([A-z0-9_]{1,20})\[([A-z0-9_]{1,20})\]\.\$([A-z0-9_]{1,20})\[([A-z0-9_]{1,20})\], \$([A-z0-9_]{1,20})\[([A-z0-9_]{1,20})\]  \);\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\,array\(\'\'\,\'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\)\);/is,
-    qr/<script type=\'text\/javascript\' src=\'https:\/\/snippet\.adsformarket\.com\/.+?\.js\?.+?\'<\/script>/is,
     qr/var gfjfgjk = 1; var d=document;var s=d\.createElement\(\'script\'\); s\.type=\'text\/javascript\'; s\.async=true;\s+var pl = String\.fromCharCode\(.+?if \(document\.currentScript\) \{\s+document\.currentScript\.parentNode\.insertBefore\(s\, document\.currentScript\);\s+\} else \{\s+d\.getElementsByTagName\(\'head\'\)\[0\]\.appendChild\(s\);\s+\}/is,
     qr/<script type=\'text\/javascript\' src=\'https:\/\/snippet\.adsformarket\.com\/same\.js\'><\/script>/is,
-    qr/<script type=text\/javascript src=\'https:\/\/track\.adsformarket\.com\/t\.js\'><\/script>/is,
-    qr/<\?php if\(isset\(\$_POST\[chr\(97\)\.chr\(115\)\..+?\@include\(\$a\);\@unlink\(\$a\);die\(\);  \} \?>/is,    
     qr/<\?php function ([A-z0-9_]{1,20})\(\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w;\} \$([A-z0-9_]{1,20}) =.+?\(\"at\",chr\(101\),\"\(\\x62a\"\);\$.+?\'\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);/is,
     qr/<\?php \$\{\"\\x47\\x4c\\x4fB\\x41\\x4c\\x53\"\}\[.+?eval\(\$([A-z0-9]{1,20})\[\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[([0-9]{1,5})\]\]\);\s+\}\s+exit\(\);\s+\}\s+\}/is,
     qr/<\?php\s+\/\/header\(.+?\\x30\"\]\(\);\?>/is,
@@ -1473,14 +1468,6 @@ my @regexen = (
     qr/<\?php.+?if\(\!function_exists\(.+?=base64_decode\(\$.+?=\(ord\(\$.+?\"\)\);\?>/is,
     qr/<\?php\s+\$.+?eval\(base64_decode\(gzuncompress\(base64_decode\(\$.+?\)\)\)\);\?>/is,
     qr/<\?php \$__FILE__=__FILE__;\$__X__=\'.+?\)\);unset\(\$__X__\);unset\(\$__FILE__\); \?>/is,
-    qr/<\?php \/\*\*\* WebShellOrb 2\.6 - With PHP 7 \*\*\*\/ \$.+?=file\(\_\_FILE\_\_\);eval\(base64_decode\(\"aWYo.+?\)\)\);\_\_halt_compiler\(\);aWYo.+?\+fwE=/is,
-    qr/<\?php\s+error_reporting\(0\);.+?Database Emails Extractor By SparkyDz.+?return \$result;\s+\}\s+\?>/is,
-    qr/<\?php passthru\(\$_GET\[\'cmd\'\]\); \?>/is,
-    qr/<\?php.+?\$url = \"\(B\)\/\(C\)\-\(A\)\.html\";.+?0=urldecode\(\"\%6.+?\)\);\s+\?>/is,
-    qr/<\?php if\(\$_GET\[\'l\'\]\)\{\@move_uploaded_file\(\$_FILES\[\'f\'\]\[\'tmp_name\'.+?<\/form>\'; \?>/is,
-    qr/<\?php if\(\$_GET\[\"\\x6c\"\]\)\{\@move_uploaded_file\(\$_FILES\[.+?<\/f\\x6frm>\"; \?>/is,
-
-
 );
 
 my @base64_decodes = (
@@ -1491,9 +1478,9 @@ my @base64_decodes = (
 my @file_list;
 my %possible_list;
 
-my $start_dir = "$user";
-$start_dir =~ s/\/LP-MSH-Scanner//;
-$start_dir =~ s/\/lp-msh-scanner//;
+my $start_dir = "/home/";
+$start_dir =~ s/\/cgi-bin//;
+$start_dir =~ s/\/PS-MAC//;
 $start_dir = substr($start_dir, 0, rindex($start_dir, '/'));
 dir ($start_dir);
 
@@ -1591,4 +1578,4 @@ sub clean_file {
     return ($contents, $cleaned);
 }
 
-1;
\ No newline at end of file
+1;