Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present


21 December 2010. Response:

http://cryptome.org/0003/security-hoot.htm

20 December 2010

Previous:

http://cryptome.org/0002/clsid-list-07.htm
http://cryptome.org/0002/clsid-list-06.htm http://cryptome.org/0002/clsid-list-05.htm
http://cryptome.org/0001/clsid-list-04.htm http://cryptome.org/0001/clsid-list-03.htm http://cryptome.org/0001/clsid-list-02.htm http://cryptome.org/0001/clsid-list-01.htm http://cryptome.org/isp-spy/ms-analysis.htm http://cryptome.org/0001/vista-clsids.htm


CLSID Shit List 9

A sends:

Every CLSID in these lists were tested and proven safe
to bleach. "Safe to bleach" meaning to bleach the provided
registry WILL NOT cause system damage, nor damage to the
basic internet protocol.

These shit lists contain CLSIDs required for interactive,
third-party communications. The CLSIDs can be bleached on
Windows XP to fortify system security from being breached.

The purpose of these lists is to clarify any ubiquitous
registry, as well, expose spyware, malware, rootkits,
or any other security risk to Windows XP.

Registry is easy to bleach on Windows XP.

click start / run / type regedit / enter / click edit /
click find / copy & paste a provided CLSID / it pops up;
right click it / permissions / advanced / remove inherit /
press apply, press OK / that removes that data / press delete /
an error pops up and its destroyed! [It takes 10 seconds.]

All irresponsible mistakes have been updated and provided,
incase someone wants to use these lists, to learn what not
to touch and why not.  Any criticism is appreciated.


AppleTalk Configuration Notify Object
HKEY_CLASSES_ROOT\CLSID\{962FFCF3-965F-11D0-A881-00C04FC99C9C}

AppleTalk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\
Parameters\AppleTalk
___________________
AppleTalk Guid Data Located Below

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
Winsock\Setup Migration\Well Known Guids  [DO NOT BLEACH]

ONLY DELETE APPLETALK GUID DATA!

a0 17 3b 2c df c6 cf 11 95 c8 00 80 5f 48 a1 92

(You may have to change permission set to full control,
in order to be able to edit or delete the GUID.)

DO NOT DELETE THE OTHER GUIDs!

Follow the same for the Current Control Set.

___________________


Yahoo Apps Update

HKEY_CLASSES_ROOT\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}

HKEY_CLASSES_ROOT\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}

HKEY_CLASSES_ROOT\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}

HKEY_CLASSES_ROOT\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}


HKEY_CLASSES_ROOT\.WebAllowBlockList

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebAllowBlockList_wpc


Backdoor Woozle

HKEY_CLASSES_ROOT\CLSID\{75215200-A2FE-30F6-A34B-8F1A1830358E}

HKEY_CLASSES_ROOT\System.UnauthorizedAccessException
{75215200-A2FE-30F6-A34B-8F1A1830358E}


WiaWoW Backdoor Trojan

HKEY_CLASSES_ROOT\AppID\{5E1395B2-B685-44e3-8AED-E2304D85ACD1}

WiaWow64
HKEY_CLASSES_ROOT\CLSID\{5E1395B2-B685-44e3-8AED-E2304D85ACD1}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\
{7BB68E65-F426-4698-A0B7-D2AF28B1BA81}

HKEY_CLASSES_ROOT\Interface\{7BB68E65-F426-4698-A0B7-D2AF28B1BA81}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\
{5E1395B2-B685-44e3-8AED-E2304D85ACD1}


PopCap Malware

HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a}


Hidden Digital Camera Connection Remote Control

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\
Events\Connected



"CAPICOM is a new 'security' technology from Microsoft that
allows Microsoft Visual Basic, Visual Basic Script, ASP, and
C++ programmers to easily incorporate digital signing and
encryption into their application."

CAPICOM Vulnerability? --


http://secunia.com/advisories/25185/

Bleaching CAPICOM may cause problems in new systems!

HKEY_CLASSES_ROOT\CAPICOM.Attribute

{54BA1E8F-818D-407F-949D-BAE1692C5C18}

HKEY_CLASSES_ROOT\CAPICOM.Certificate

{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}

HKEY_CLASSES_ROOT\CAPICOM.Certificate.2

{E38FD381-6404-4041-B5E9-B2739258941F}

HKEY_CLASSES_ROOT\CAPICOM.Certificate.3

{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}

HKEY_CLASSES_ROOT\CAPICOM.Certificates

{3605B612-C3CF-4ab4-A426-2D853391DB2E}

HKEY_CLASSES_ROOT\CAPICOM.Certificates.1

{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}

HKEY_CLASSES_ROOT\CAPICOM.Certificates.2

{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}

HKEY_CLASSES_ROOT\CAPICOM.Certificates.3

{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}

HKEY_CLASSES_ROOT\CAPICOM.Certificates.4

{3605B612-C3CF-4ab4-A426-2D853391DB2E}

HKEY_CLASSES_ROOT\CAPICOM.Chain

{550C8FFB-4DC0-4756-828C-862E6D0AE74F}

HKEY_CLASSES_ROOT\CAPICOM.Chain.1

{65104D73-BA60-4160-A95A-4B4782E7AA62}

HKEY_CLASSES_ROOT\CAPICOM.Chain.2

{65104D73-BA60-4160-A95A-4B4782E7AA62}

HKEY_CLASSES_ROOT\CAPICOM.Chain.3

{550C8FFB-4DC0-4756-828C-862E6D0AE74F}

HKEY_CLASSES_ROOT\CAPICOM.EncryptedData

{A440BD76-CFE1-4D46-AB1F-15F238437A3D}

HKEY_CLASSES_ROOT\CAPICOM.EnvelopedData

{F3A12E08-EDE9-4160-8B51-334D982A9AD0}

HKEY_CLASSES_ROOT\CAPICOM.ExtendedProperty

{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}

HKEY_CLASSES_ROOT\CAPICOM.HashedData

{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}

HKEY_CLASSES_ROOT\CAPICOM.OID

{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}

HKEY_CLASSES_ROOT\CAPICOM.PrivateKey

{03ACC284-B757-4B8F-9951-86E600D2CD06}

HKEY_CLASSES_ROOT\CAPICOM.Settings

{A996E48C-D3DC-4244-89F7-AFA33EC60679}

HKEY_CLASSES_ROOT\CAPICOM.SignedCode

{8C3E4934-9FA4-4693-9253-A29A05F99186}

HKEY_CLASSES_ROOT\CAPICOM.SignedData

{94AFFFCC-6C05-4814-B123-A941105AA77F}

HKEY_CLASSES_ROOT\CAPICOM.Signer

{60A9863A-11FD-4080-850E-A8E184FC3A3C}

HKEY_CLASSES_ROOT\CAPICOM.Store

{91D221C4-0CD4-461C-A728-01D509321556}

HKEY_CLASSES_ROOT\CAPICOM.Utilities

{22A85CE1-F011-4231-B9E4-7E7A0438F71B}

_________

Anyone who does not use wireless communications
to access the internet, who rather keep their
system offline when they choose, bleach these!

HKLM\SOFTWARE\Intel\Wireless\EvTrace

S24EvMon
HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\
API\{597CAE07-AD2B-4CF6-B536-42A7E2BD575F}

RegSrvc
HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\
API\{86F269E9-9BE5-4B0C-A0EE-FA95DBC61143}

iWA
HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\
API\{9EA18EFB-4C41-4534-972B-4E5DD32D1A7E}

S24
HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\
API\{C2500C19-B4BC-47C1-BA94-20899705002C}

AdHoc Wiz
HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\
API\{F2A6E98B-1D98-4608-9D20-A6CD4A71BA22}
____________________
S24 service ;

A transport for supporting WNMP over WLAN. [Interop]

A WNMP-client is a program that administers
or monitors a remote system. (Think Coffee)

Using the graphical WNMP-editor, the creation
of a model containing all relevant parameters is
both simple and quick. It is also possible to
import existing MIB-files from SNMP into the model
in order to get started quickly.
____________________
Hidden WiFi APIs

HKCR\Installer\Features\6A6C7A2588B61D7429E2F9A8E780E9A6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Installer\UserData\X-X-X-X\
Components\1BA3E2302375D014E982ED3A31DEE8C3 --

WiFiWMIP.mof value ;

6A6C7A2588B61D7429E2F9A8E780E9A6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Installer\UserData\X-X-X-X\
Components\1C511D903AAA5424A8192DED132CDA0E --

ZcSvcPTB.dll value ;

6A6C7A2588B61D7429E2F9A8E780E9A6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Installer\UserData\X-X-X-X\
Components\1CD1CCE8852B3ED42850A03F7137CE7A --

DrWfiPLK.dll value ;

6A6C7A2588B61D7429E2F9A8E780E9A6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Installer\UserData\X-X-X-X\
Components\1D03B38112780E441B224E82DC8CF2FC --

SsoGnHEB.dll value ;

6A6C7A2588B61D7429E2F9A8E780E9A6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Installer\UserData\X-X-X-X\
Components\1F94FA866294A25418FC19AD0697C266 --

wassistheb.chm value ;

6A6C7A2588B61D7429E2F9A8E780E9A6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Installer\UserData\X-X-X-X\
Components\311B4C0A3CD2A09458F34E6776B6AB5F --

Others [Values ; 6A6C7A2588B61D7429E2F9A8E780E9A6]

-- S24Trans.inf
-- PfWizELL.dll
-- PfWizNOR.dll
-- IntWAITA.dll
-- DrWfiELL.dll
-- LViewDEU.dll
-- SsoGnARA.dll
-- TraceSVE.mdb
-- SsoGnCHT.dll

ect...

BLEACH ALL WIFI ADAPTERS!

HKLM\SOFTWARE\Intel\Wireless\SupportedAdapters

-- 3945ABGADAPTER10
-- CALEXICO2ADAPTER11ABG
-- CALEXICO2ADAPTER11G
-- EBRONADAPTER
-- KEDRONADAPTER
-- SHILOHADAPTER


Corporate Video Service

RedBoxLite.RedBoxEvent
HKEY_CLASSES_ROOT\CLSID\{657C7A59-4FEC-4C06-A354-607B1EB184FB}

HKEY_CLASSES_ROOT\RedBoxLite.RedBoxESInternal
{C6A168A1-CF31-4351-95FD-40077E8A5A54}

HKEY_CLASSES_ROOT\RedBoxLite.RedBoxEvent
{657C7A59-4FEC-4C06-A354-607B1EB184FB}

HKEY_CLASSES_ROOT\RedBoxLite.RedBoxEventStore
{A7949A2D-4692-40CB-9A98-D4DB2B59872E}



Rootkits - BLEACH IT ALL!

HKEY_LOCAL_MACHINE\BCD00000000

Objects\\

{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{1afa9c49-16ab-4a5c-901b-212802da9460}
{4636856e-540f-4170-a130-a84776f4c654}
{466f5a88-0af2-4f76-9038-095b170dc21c}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
{572bcd55-ffa7-11d9-aae2-0007e994107d}
{6e015dd1-2921-11dd-8dd2-a4c6f03d903b}
{6e015dd2-2921-11dd-8dd2-a4c6f03d903b}
{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{9dea862c-5cdd-4e70-acc1-f32b344d4795}
{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
{ae5534e0-a924-466c-b836-758539a3ee3a}
{b2721d73-1db4-4c62-bf78-c548a880142d}

HKEY_LOCAL_MACHINE\COMPONENTS


SEVERAL SITES LABLE THESE CLSIDs AS TROJANS!

This trojan was hard to find. This trojan cloaked original
comctl32.ocx titles (which are mandatory for the system to
properly function.) These have nothing to do with comctl32.

Tested and safe to bleach.

HKEY_CLASSES_ROOT\CLSID\{c27cce32-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce33-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce34-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce35-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce36-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce37-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce38-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce39-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce3a-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce3b-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce3c-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce3d-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce3e-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce3f-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce40-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce41-8596-11d1-b16a-00c0f0283628}
HKEY_CLASSES_ROOT\CLSID\{c27cce42-8596-11d1-b16a-00c0f0283628}


Microsoft Remote Data Objects

HKEY_CLASSES_ROOT\MicrosoftRDO.RdoConnection
{E791964C-208A-11CF-8146-00AA00A40C25}

HKEY_CLASSES_ROOT\MicrosoftRDO.RdoConnection2.0
{E791964C-208A-11CF-8146-00AA00A40C25}

HKEY_CLASSES_ROOT\MicrosoftRDO.rdoEngine
{5E71F04C-551F-11CF-8152-00AA00A40C25}

HKEY_CLASSES_ROOT\MicrosoftRDO.rdoEngine2.0
{5E71F04C-551F-11CF-8152-00AA00A40C25}

HKEY_CLASSES_ROOT\MicrosoftRDO.RdoQuery
{5EBB68F5-3BF1-11CF-814C-00AA00A40C25}

HKEY_CLASSES_ROOT\MicrosoftRDO.RdoQuery2.0
{5EBB68F5-3BF1-11CF-814C-00AA00A40C25}

__________


Bluetooth Spyware Updated

..\Toshiba\Bluetooth Toshiba Stack\

Bluetooth Personal Area Connection
HKEY_CLASSES_ROOT\CLSID\{6FE54E0E-009F-4E3D-A830-EDFA71E1F306}

HKEY_CLASSES_ROOT\CLSID\{7071EC01-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC05-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC07-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC13-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC31-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC32-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC33-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC61-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC62-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC71-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC75-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071EC77-663B-4BC1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECA0-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECA3-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECA5-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECA7-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECA8-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECA9-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECAF-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECB0-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECB3-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECB4-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECB5-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECB6-663B-4BC1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECB7-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECB8-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECBF-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECD0-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECD5-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECE0-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECE5-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECF1-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECF7-663B-4bc1-A1FA-B97F3B917C55}
HKEY_CLASSES_ROOT\CLSID\{7071ECFA-663B-4bc1-A1FA-B97F3B917C55}

Bluetooth PAN Profile Class Manager
HKEY_CLASSES_ROOT\CLSID\{B4C8DF59-D16F-4042-80B7-3557A254B7C5}

Bluetooth Personal Area Connection Enumerator
HKEY_CLASSES_ROOT\CLSID\{CD5096A1-E7E7-4E09-8B12-CBF2790A87CF}

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\
Components\amd64_microsoft.windows.h..uetooth-
driverclass_31bf3856ad364e35_6.0.6000.16386
_none_decccxxxxxxxxxxx


Microsoft AutoComplete Updated

Microsoft AutoComplete
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}

Microsoft History AutoComplete List
HKEY_CLASSES_ROOT\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}

Microsoft Multiple AutoComplete List Container
HKEY_CLASSES_ROOT\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}

IE AutoComplete
HKEY_CLASSES_ROOT\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}


IE Microsoft History AutoComplete List
HKEY_CLASSES_ROOT\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}

Microsoft TipAutoCompleteClient Control
HKEY_CLASSES_ROOT\CLSID\{807C1E6C-1D00-453f-B920-B61BB7CDD997}

IE Microsoft Shell Folder AutoComplete List
HKEY_CLASSES_ROOT\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}

IE Microsoft Multiple AutoComplete List Container
HKEY_CLASSES_ROOT\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}

ITipAutoCompleteState
HKEY_CLASSES_ROOT\Interface\{2EC8EA69-8E64-4654-A177-E787D2F41FA1}

IAutoCompleteDropDown
HKEY_CLASSES_ROOT\Interface\{3CD141F4-3C6A-11D2-BCAA-00C04FD929DB}

ITipAutoCompleteStateSink
HKEY_CLASSES_ROOT\Interface\{46E4E7F0-B5C6-4863-B600-59887BB71965}

ITipAutoCompleteResultSink
HKEY_CLASSES_ROOT\Interface\{7465467B-2C47-463B-A3A1-F7F245358A73}

AsyncITipAutoCompleteStateSink
HKEY_CLASSES_ROOT\Interface\{88068FD0-69A1-4EA2-B9B9-0DB81CBF529A}

HKEY_CLASSES_ROOT\TipAutoCompleteClient.TipAutoCompleteClient
{807C1E6C-1D00-453f-B920-B61BB7CDD997}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{00BB2763-6A77-11D0-A535-00C04FD7D062}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{00BB2764-6A77-11D0-A535-00C04FD7D062}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{00BB2765-6A77-11D0-A535-00C04FD7D062}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{3028902F-6374-48b2-8DC6-9725E775B926}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{6038EF75-ABFC-4e59-AB6F-12D397F6568D}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{807C1E6C-1D00-453f-B920-B61BB7CDD997}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{B31C5FAE-961F-415b-BAF0-E697A5178B94}

DO NOT BLEACH ANY MRU CACHE! MRUs not listed.

__________


eHome [Home Networking] Spyware

http://www.advantech.com/solutions/eHome/scenario.asp?Category_ID=1-EDZ11

HKEY_CLASSES_ROOT\.mcl - eHome Index

HKEY_CLASSES_ROOT\.msrcincident - RemoteAssistance

MediaStatusAggregator Class
HKEY_CLASSES_ROOT\CLSID\{0228576F-6E6C-4E1A-B175-0E46A316AFE2}

EHomeC2RDropTarget Class
HKEY_CLASSES_ROOT\CLSID\{045EFB3B-3EC4-4D6D-99A5-E87E23AEE929}

TVThumb Class
HKEY_CLASSES_ROOT\CLSID\{069501DC-D776-4778-8C76-81D7A3DFFBB7}

Media Center Input Module
HKEY_CLASSES_ROOT\CLSID\{07461CC0-878C-4C0F-9255-7DDB269B363B}
HKEY_CLASSES_ROOT\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}
HKEY_CLASSES_ROOT\CLSID\{A96434FF-30F1-430E-B568-DCCCB831FFCE}

Wireless Setup Class (eHome)
HKEY_CLASSES_ROOT\CLSID\{0c98b8bc-273c-464d-938a-b9709607e137}

HtmlInput Class (eHome)
HKEY_CLASSES_ROOT\CLSID\{1989C694-3CF9-4a56-B1CC-2E3CB1D753D7}

korime.korinputmodule
[C:\Windows\eHome\ehkorime.dll]
HKEY_CLASSES_ROOT\CLSID\{26fa7c37-2cd3-4897-9499-33330e075cbd}

Microsoft TV Caption Decoder
HKEY_CLASSES_ROOT\CLSID\{2F7EE4B6-6FF5-4EB4-B24A-2BFC41117171}

eHome.DvrPlayer
HKEY_CLASSES_ROOT\CLSID\{2FABD29B-6A89-4497-9909-A486C9F7C273}

EHomeMCLDropTarget Class
HKEY_CLASSES_ROOT\CLSID\{4a8dbdfc-6c55-4c0d-9cb8-65bb711e4a4e}

EHomePhotosHandler Class
HKEY_CLASSES_ROOT\CLSID\{4b7601c1-d292-4902-89f4-583a5ce0c535}

EHomeVideosHandler Class
HKEY_CLASSES_ROOT\CLSID\{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}

TVThumbnailCache Class
HKEY_CLASSES_ROOT\CLSID\{509443A8-B499-4d72-9222-52B82980D8AB}

eHomeSchedulerService.ScanDispatcher
HKEY_CLASSES_ROOT\CLSID\{630D560F-6AAF-49bd-84A9-16CF87C937FF}

eHome.RemoteFilePlayer
HKEY_CLASSES_ROOT\CLSID\{64ffd390-efbc-43da-b89d-fd2b2d1c22d8}

EHomeDVRDropTarget Class
HKEY_CLASSES_ROOT\CLSID\{6e2822ca-f234-45da-8c4c-1408e18981d1}

MediaCenterSSO Class
HKEY_CLASSES_ROOT\CLSID\{6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03}

eHome.McxMediaController
HKEY_CLASSES_ROOT\CLSID\{7b6f5efb-45f0-4672-ab4d-4463c5957854}

eHomeSchedulerService.RecordingDispatcher
HKEY_CLASSES_ROOT\CLSID\{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}

RemoteBroadcastPlayer Class
HKEY_CLASSES_ROOT\CLSID\{804f7e8f-5430-42cf-80d1-de4e871a9615}

eHome.FMRadioPlayer
HKEY_CLASSES_ROOT\CLSID\{84283b18-61fd-4d49-9955-2934fa3bcbac}

eHome.WmpOcxPlayer
HKEY_CLASSES_ROOT\CLSID\{8E874F89-BE35-409C-B95B-2A7BD741DC00}

eHomeSchedulerService.MCEIRUser
HKEY_CLASSES_ROOT\CLSID\{95142bf8-5f09-452b-b384-44af84a500c6}

eHome.DvdPlayer
HKEY_CLASSES_ROOT\CLSID\{96EFF869-1551-4c34-9AAB-D175FFCB06C0}

Ehmsas.MediaStatusSession
HKEY_CLASSES_ROOT\CLSID\{A24BCC4A-448D-41CA-92BB-3DC15D81C16C}

EHomeVideoDropTarget Class
HKEY_CLASSES_ROOT\CLSID\{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}

eHomeSchedulerService.MCEMediaOutputDevice
HKEY_CLASSES_ROOT\CLSID\{a8298e0c-7201-470e-84d5-728cff85bcbf}

eHome.VCDPlayer
HKEY_CLASSES_ROOT\CLSID\{AE0E44B4-5549-49ad-9057-6C6BC55054B1}

RemoteFMRadioPlayer Class
HKEY_CLASSES_ROOT\CLSID\{aff7ae3c-3f98-49e5-bb07-246a1a27b4d5}

RemoteDvrPlayer Class
HKEY_CLASSES_ROOT\CLSID\{b49761aa-bb47-4ec8-91b5-3f1bfcfad14d}

Microsoft.Ehome.Epg.Ehepgdat
HKEY_CLASSES_ROOT\CLSID\{C8778ACA-6E3A-4612-ACC7-349247D0DB1F}


eHome.BroadcastPlayer
HKEY_CLASSES_ROOT\CLSID\{C9A2F6D4-463D-4bd9-BB47-169AE9C83B9D}

eHomeSchedulerService.EhepgdatWrapper
HKEY_CLASSES_ROOT\CLSID\{CD621DE4-2AA5-4468-ADF1-087A05891DA7}

eHomeSchedulerService.EhepgdatDispatcher
HKEY_CLASSES_ROOT\CLSID\{E8DF2799-8F1B-4b60-B30F-AED6BBF39625}

EHomeMusicDropTarget Class
HKEY_CLASSES_ROOT\CLSID\{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}

eHome.McProxy
HKEY_CLASSES_ROOT\CLSID\{f2ce09f6-d836-4029-be4c-5793ba9f14ec}

HKEY_CLASSES_ROOT\eHome.BroadcastPlayer
{C9A2F6D4-463D-4bd9-BB47-169AE9C83B9D}

HKEY_CLASSES_ROOT\eHome.DvdPlayer
{96EFF869-1551-4c34-9AAB-D175FFCB06C0}

HKEY_CLASSES_ROOT\eHome.DvrPlayer
{2FABD29B-6A89-4497-9909-A486C9F7C273}

HKEY_CLASSES_ROOT\eHome.FMRadioPlayer
{84283b18-61fd-4d49-9955-2934fa3bcbac}

HKEY_CLASSES_ROOT\eHome.McProxy
{f2ce09f6-d836-4029-be4c-5793ba9f14ec}

HKEY_CLASSES_ROOT\eHome.McxMediaController
{7b6f5efb-45f0-4672-ab4d-4463c5957854}

HKEY_CLASSES_ROOT\eHome.RemoteFMRadioPlayer
{804f7e8f-5430-42cf-80d1-de4e871a9615}

HKEY_CLASSES_ROOT\eHome.VCDPlayer
{AE0E44B4-5549-49ad-9057-6C6BC55054B1}

HKEY_CLASSES_ROOT\eHome.WmpOcxPlayer
{8E874F89-BE35-409C-B95B-2A7BD741DC00}

HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeC2RDropTarget
{045EFB3B-3EC4-4D6D-99A5-E87E23AEE929}

HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeDVRDropTarget
{6e2822ca-f234-45da-8c4c-1408e18981d1}

HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeMCLDropTarget
{4a8dbdfc-6c55-4c0d-9cb8-65bb711e4a4e}

HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeMusicDropTarget
{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}

HKEY_CLASSES_ROOT\EHomeDropTarget.EHomePhotosHandler
{4b7601c1-d292-4902-89f4-583a5ce0c535}

HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeVideoDropTarget
{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}

HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeVideosHandler
{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}

HKEY_CLASSES_ROOT\eHomeSchedulerService.EhepgdatDispatcher
{E8DF2799-8F1B-4b60-B30F-AED6BBF39625}

HKEY_CLASSES_ROOT\eHomeSchedulerService.EhepgdatWrapper
{CD621DE4-2AA5-4468-ADF1-087A05891DA7}

HKEY_CLASSES_ROOT\eHomeSchedulerService.MCEIRUser
{95142bf8-5f09-452b-b384-44af84a500c6}

HKEY_CLASSES_ROOT\eHomeSchedulerService.MCEMediaOutputDevice
{a8298e0c-7201-470e-84d5-728cff85bcbf}

HKEY_CLASSES_ROOT\eHomeSchedulerService.MCESetTopBox
{5cc76543-0f98-47a8-afa2-208562ef9454}

HKEY_CLASSES_ROOT\eHomeSchedulerService.RecordingDispatcher
{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}

HKEY_CLASSES_ROOT\eHomeSchedulerService.ScanDispatcher
{630D560F-6AAF-49bd-84A9-16CF87C937FF}

HKEY_CLASSES_ROOT\eHomeSchedulerService.TVThumbnailCache
{509443A8-B499-4d72-9222-52B82980D8AB}


Default DAO

Some reports identify the DAO as a worm, others a backdoor
trojan. Whatever it is, it's safe to bleach.

DAO.DBEngine.36
HKEY_CLASSES_ROOT\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}

DAO.PrivateDBEngine.36
HKEY_CLASSES_ROOT\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}

DAO.TableDef.36
HKEY_CLASSES_ROOT\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}

DAO.Field.36
HKEY_CLASSES_ROOT\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}

DAO.Index.36
HKEY_CLASSES_ROOT\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}


DAO.Group.36
HKEY_CLASSES_ROOT\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}

DAO.User.36
HKEY_CLASSES_ROOT\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}

DAO.QueryDef.36
HKEY_CLASSES_ROOT\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}

DAO.Relation.36
HKEY_CLASSES_ROOT\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}

DAO.TableDef.120
HKEY_CLASSES_ROOT\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}

DAO.PrivateDBEngine.120
HKEY_CLASSES_ROOT\CLSID\{6F3DD387-5AF2-492B-BDE2-30FF2F451241}

DAO.User.120
HKEY_CLASSES_ROOT\CLSID\{805B7F91-C9CF-4EDF-ACA6-775664FDFB3E}

DAO.Index.120
HKEY_CLASSES_ROOT\CLSID\{8D4F994C-EBBE-4F8D-BA4B-AE20CD36E72D}

DAO.Group.120
HKEY_CLASSES_ROOT\CLSID\{97A2762C-403C-4953-A121-7A75ABCE4373}

DAO.Field.120
?

DAO.DBEngine.120
HKEY_CLASSES_ROOT\CLSID\{CD7791B9-43FD-42C5-AE42-8DD2811F0419}

DAO.Relation.120
HKEY_CLASSES_ROOT\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9}

DAO.QueryDef.120
HKEY_CLASSES_ROOT\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}


REMOVE CREATOR OWNER SID FROM PERMISSION SET

[DO NOT BLEACH CLSID!]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
SSO\Passport1.4

URL LINK: http:// www. passport .com


WMI HACK BY CREATOR OWNER SID?

REMOVE CREATOR OWNER SID FROM PERMISSION SET

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
WMI\Security  [DO NOT BLEACH CLSID!]


Remote SIDs found in Svcid, including MSDTC client.

Backdoor electronic orgy.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CID.Local
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SVCID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SVCID.Local


VIRUS? MALWARE? SPYWARE? Safe to bleach.

HKEY_CLASSES_ROOT\S00163_Photo2.Photo2
{0f9a3e9d-6334-6948-8b32-fb74b2f2d38b}

HKEY_CLASSES_ROOT\S00163_Photo2.Photo2Text
{8EB3CBB9-D8B9-F04F-8320-D5E611F2D54E}

HKEY_CLASSES_ROOT\S00251_ProClassic.ProClassic
{6fbbf243-8875-774b-b034-48f0d717bb70}

HKEY_CLASSES_ROOT\S00251_ProClassic.ProClassicText
{832C78FC-32FA-574E-B993-01A2E7FDBC9E}

HKEY_CLASSES_ROOT\S00253_BackInTime.BackInTime
{9a5a3bda-c283-c646-b83e-ca3c709d731b}

HKEY_CLASSES_ROOT\S00253_BackInTime.BackInTimeText
{22F52C60-60F9-B545-B15E-752193890D6F}


InteractionFax
HKEY_CLASSES_ROOT\.i3f

HKEY_CLASSES_ROOT\InteractionFax

C:\Program Files\Interactive Intelligence\InteractionFax\
InteractionFax.exe

HKEY_CLASSES_ROOT\InteractionVoicemail

C:\Program Files\Interactive Intelligence\InteractionVoiceMail\
InteractionVoicemail.exe

Interaction Vox file

HKEY_CLASSES_ROOT\ININ.VoxPlayer

C:\Program Files\Interactive Intelligence\InteractionVoiceMail\
InteractionVoicemailLauncherU.exe

__________


Create 802.11 Ad hoc Task Class
HKEY_CLASSES_ROOT\CLSID\{0cbb5030-f2b2-4b38-8cbc-895cec57db03}

Adhoc Create Adapter Selection Page Class
HKEY_CLASSES_ROOT\CLSID\{0cbb5031-f2b2-4b38-8cbc-895cec57db03}

Adhoc Create Setup Page Class
HKEY_CLASSES_ROOT\CLSID\{0cbb5032-f2b2-4b38-8cbc-895cec57db03}

Adhoc Create Status Page Class
HKEY_CLASSES_ROOT\CLSID\{0cbb5034-f2b2-4b38-8cbc-895cec57db03}

Adhoc Create Finish Page Class
HKEY_CLASSES_ROOT\CLSID\{0cbb5035-f2b2-4b38-8cbc-895cec57db03}

Adhoc Ics Option Page Class
HKEY_CLASSES_ROOT\CLSID\{0cbb5036-f2b2-4b38-8cbc-895cec57db03}

Adhoc Ics Status Page Class
HKEY_CLASSES_ROOT\CLSID\{0cbb5037-f2b2-4b38-8cbc-895cec57db03}

Adhoc Error Report Page Class
HKEY_CLASSES_ROOT\CLSID\{0cbb5038-f2b2-4b38-8cbc-895cec57db03}

Adhoc Ics Finish Page Class
HKEY_CLASSES_ROOT\CLSID\{0cbb503a-f2b2-4b38-8cbc-895cec57db03}


Don't enjoy sharing media? Bleach these.

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing

DetectionAndSharing
HKEY_CLASSES_ROOT\AppID\{1fda955b-61ff-11da-978c-0008744faab7}

Sharing Elevated Virtual Factory
HKEY_CLASSES_ROOT\AppID\{72A7994A-3092-4054-B6BE-08FF81AEEFFC}

Network and Sharing Center Cpl Elevated Virtual Factory
HKEY_CLASSES_ROOT\AppID\{7A076CE1-4B31-452a-A4F1-0304C8738100}

Detection And Sharing
HKEY_CLASSES_ROOT\CLSID\{1fda955b-61ff-11da-978c-0008744faab7}

PSFactoryBuffer
HKEY_CLASSES_ROOT\CLSID\{1fda955c-61ff-11da-978c-0008744faab7}

FileSharing Class
HKEY_CLASSES_ROOT\CLSID\{2E144316-2FF2-4D9D-A458-AAD215F18A0A}

Sharing Configuration Manager
HKEY_CLASSES_ROOT\CLSID\{49F371E1-8C5C-4d9c-9A3B-54A6827F513C}

Home Networking Sharing Configuration Manager
HKEY_CLASSES_ROOT\CLSID\{5C63C1AD-3956-4FF8-8486-40034758315B}

Sharing Elevated Virtual Factory
HKEY_CLASSES_ROOT\CLSID\{72A7994A-3092-4054-B6BE-08FF81AEEFFC}

Network and Sharing Center Cpl Elevated Virtual Factory
HKEY_CLASSES_ROOT\CLSID\{7A076CE1-4B31-452a-A4F1-0304C8738100}

Network and Sharing Center
HKEY_CLASSES_ROOT\CLSID\{8E908FC9-BECC-40f6-915B-F4CA0E70D03D}

HKEY_CLASSES_ROOT\Directory\shellex\
ContextMenuHandlers\Sharing

HKEY_CLASSES_ROOT\dtsh.DetectionAndSharing
{1fda955b-61ff-11da-978c-0008744faab7}

Share Permission List
HKEY_CLASSES_ROOT\CLSID\{59A437AB-74F3-4de2-AFE6-54203634C4DD}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\
{59A437AB-74F3-4de2-AFE6-54203634C4DD}

INetSharingPortMappingCollection
HKEY_CLASSES_ROOT\Interface\{02E4A2DE-DA20-4E34-89C8-AC22275A010B}

INetSharingPortMappingProps
HKEY_CLASSES_ROOT\Interface\{24B7E9B5-E38F-4685-851B-00892CF5F940}

INetSharingEveryConnectionCollection
HKEY_CLASSES_ROOT\Interface\{33C4643C-7811-46FA-A89A-768597BD7223}

INetSharingPrivateConnectionCollection
HKEY_CLASSES_ROOT\Interface\{38AE69E0-4409-402A-A2CB-E965C727F840}

INetSharingPublicConnectionCollection
HKEY_CLASSES_ROOT\Interface\{7D7A6355-F372-4971-A149-BFC927BE762A}

Same [Labled Enum ; NOT a real enum process]
HKEY_CLASSES_ROOT\Interface\{C08956A0-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956A1-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956A2-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956A3-1CD3-11D1-B1C5-00805FC1270E}

HKEY_CLASSES_ROOT\Interface\{C08956A5-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956A6-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956B0-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956B1-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956B4-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956B5-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956B6-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956B7-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956B8-1CD3-11D1-B1C5-00805FC1270E}
HKEY_CLASSES_ROOT\Interface\{C08956BA-1CD3-11D1-B1C5-00805FC1270E}


MISTAKES UPDATED

!DO NOT BLEACH TELEPHONY!
{this will cut the internet connection}
!DO NOT BLEACH SYSTEM CERTIFICATE!
{this will destroy the system}
!DO NOT BLEACH CRYPTOGRAPHIC PROVIDERS!
{this will destroy the system}
!DO NOT BLEACH CERFile!
{this is a hardware cryptographic certificate}

!DO NOT BLEACH DEFAULT OLE! (UPDATE)
{this will disable copy/paste, drag/drop}

OlePrn CLSIDs are safe to bleach.

!DO NOT BLEACH ITCARD!
{this will cut the internet connection}
!DO NOT BLEACH MUICache!
{this will destroy system restore capability}
!DO NOT BLEACH INK FILE!
{this will destroy start menu and desktop shortcuts}
!DO NOT BLEACH RASMAN Certificate!
{this would cause browser problems}

!DO NOT BLEACH MSSTDFMT! (UPDATE)
{this will damage Visual Studio 6.0 and ActiveX}

!DO NOT BLEACH ANY RPC!
{this will destroy the system}
!DO NOT BLEACH MUI!
{this will cause problems with media players}

!DO NOT BLEACH DRM_DRM! (UPDATE)
{this will cause problems with flash players}

I was wrong about the simple HKCR DRM registry;
that is safe to bleach. DO NOT BLEACH "DRM_DRM"

!DO NOT BLEACH vCard!
{this will cause microsoft outlook to crash}
!DO NOT BLEACH DirectX!
{this could cause problems with audio software}
!DO NOT BLEACH LEGACY DRIVES!
{major problems could fry the computer}
!DO NOT BLEACH WHAT YOU DO NOT KNOW!
{take this as experienced forewarning}