|
||
21 December 2010. Response: http://cryptome.org/0003/security-hoot.htm 20 December 2010 Previous: http://cryptome.org/0002/clsid-list-07.htm
CLSID Shit List 9A sends: Every CLSID in these lists were tested and proven safe to bleach. "Safe to bleach" meaning to bleach the provided registry WILL NOT cause system damage, nor damage to the basic internet protocol. These shit lists contain CLSIDs required for interactive, third-party communications. The CLSIDs can be bleached on Windows XP to fortify system security from being breached. The purpose of these lists is to clarify any ubiquitous registry, as well, expose spyware, malware, rootkits, or any other security risk to Windows XP. Registry is easy to bleach on Windows XP. click start / run / type regedit / enter / click edit / click find / copy & paste a provided CLSID / it pops up; right click it / permissions / advanced / remove inherit / press apply, press OK / that removes that data / press delete / an error pops up and its destroyed! [It takes 10 seconds.] All irresponsible mistakes have been updated and provided, incase someone wants to use these lists, to learn what not to touch and why not. Any criticism is appreciated. AppleTalk Configuration Notify Object HKEY_CLASSES_ROOT\CLSID\{962FFCF3-965F-11D0-A881-00C04FC99C9C} AppleTalk HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\ Parameters\AppleTalk ___________________ AppleTalk Guid Data Located Below HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ Winsock\Setup Migration\Well Known Guids [DO NOT BLEACH] ONLY DELETE APPLETALK GUID DATA! a0 17 3b 2c df c6 cf 11 95 c8 00 80 5f 48 a1 92 (You may have to change permission set to full control, in order to be able to edit or delete the GUID.) DO NOT DELETE THE OTHER GUIDs! Follow the same for the Current Control Set. ___________________ Yahoo Apps Update HKEY_CLASSES_ROOT\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484} HKEY_CLASSES_ROOT\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} HKEY_CLASSES_ROOT\AppID\{35860EFB-1589-4F32-A618-99E847A502B2} HKEY_CLASSES_ROOT\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345} HKEY_CLASSES_ROOT\.WebAllowBlockList HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebAllowBlockList_wpc Backdoor Woozle HKEY_CLASSES_ROOT\CLSID\{75215200-A2FE-30F6-A34B-8F1A1830358E} HKEY_CLASSES_ROOT\System.UnauthorizedAccessException {75215200-A2FE-30F6-A34B-8F1A1830358E} WiaWoW Backdoor Trojan HKEY_CLASSES_ROOT\AppID\{5E1395B2-B685-44e3-8AED-E2304D85ACD1} WiaWow64 HKEY_CLASSES_ROOT\CLSID\{5E1395B2-B685-44e3-8AED-E2304D85ACD1} HKEY_CLASSES_ROOT\Wow6432Node\Interface\ {7BB68E65-F426-4698-A0B7-D2AF28B1BA81} HKEY_CLASSES_ROOT\Interface\{7BB68E65-F426-4698-A0B7-D2AF28B1BA81} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ {5E1395B2-B685-44e3-8AED-E2304D85ACD1} PopCap Malware HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} Hidden Digital Camera Connection Remote Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000\ Events\Connected "CAPICOM is a new 'security' technology from Microsoft that allows Microsoft Visual Basic, Visual Basic Script, ASP, and C++ programmers to easily incorporate digital signing and encryption into their application." CAPICOM Vulnerability? -- http://secunia.com/advisories/25185/ Bleaching CAPICOM may cause problems in new systems! HKEY_CLASSES_ROOT\CAPICOM.Attribute {54BA1E8F-818D-407F-949D-BAE1692C5C18} HKEY_CLASSES_ROOT\CAPICOM.Certificate {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} HKEY_CLASSES_ROOT\CAPICOM.Certificate.2 {E38FD381-6404-4041-B5E9-B2739258941F} HKEY_CLASSES_ROOT\CAPICOM.Certificate.3 {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} HKEY_CLASSES_ROOT\CAPICOM.Certificates {3605B612-C3CF-4ab4-A426-2D853391DB2E} HKEY_CLASSES_ROOT\CAPICOM.Certificates.1 {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338} HKEY_CLASSES_ROOT\CAPICOM.Certificates.2 {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338} HKEY_CLASSES_ROOT\CAPICOM.Certificates.3 {17E3A1C3-EA8A-4970-AF29-7F54610B1D4C} HKEY_CLASSES_ROOT\CAPICOM.Certificates.4 {3605B612-C3CF-4ab4-A426-2D853391DB2E} HKEY_CLASSES_ROOT\CAPICOM.Chain {550C8FFB-4DC0-4756-828C-862E6D0AE74F} HKEY_CLASSES_ROOT\CAPICOM.Chain.1 {65104D73-BA60-4160-A95A-4B4782E7AA62} HKEY_CLASSES_ROOT\CAPICOM.Chain.2 {65104D73-BA60-4160-A95A-4B4782E7AA62} HKEY_CLASSES_ROOT\CAPICOM.Chain.3 {550C8FFB-4DC0-4756-828C-862E6D0AE74F} HKEY_CLASSES_ROOT\CAPICOM.EncryptedData {A440BD76-CFE1-4D46-AB1F-15F238437A3D} HKEY_CLASSES_ROOT\CAPICOM.EnvelopedData {F3A12E08-EDE9-4160-8B51-334D982A9AD0} HKEY_CLASSES_ROOT\CAPICOM.ExtendedProperty {9E7EA907-5810-4FCA-B817-CD0BBA8496FC} HKEY_CLASSES_ROOT\CAPICOM.HashedData {CE32ABF6-475D-41F6-BF82-D27F03E3D38B} HKEY_CLASSES_ROOT\CAPICOM.OID {7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C} HKEY_CLASSES_ROOT\CAPICOM.PrivateKey {03ACC284-B757-4B8F-9951-86E600D2CD06} HKEY_CLASSES_ROOT\CAPICOM.Settings {A996E48C-D3DC-4244-89F7-AFA33EC60679} HKEY_CLASSES_ROOT\CAPICOM.SignedCode {8C3E4934-9FA4-4693-9253-A29A05F99186} HKEY_CLASSES_ROOT\CAPICOM.SignedData {94AFFFCC-6C05-4814-B123-A941105AA77F} HKEY_CLASSES_ROOT\CAPICOM.Signer {60A9863A-11FD-4080-850E-A8E184FC3A3C} HKEY_CLASSES_ROOT\CAPICOM.Store {91D221C4-0CD4-461C-A728-01D509321556} HKEY_CLASSES_ROOT\CAPICOM.Utilities {22A85CE1-F011-4231-B9E4-7E7A0438F71B} _________ Anyone who does not use wireless communications to access the internet, who rather keep their system offline when they choose, bleach these! HKLM\SOFTWARE\Intel\Wireless\EvTrace S24EvMon HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\ API\{597CAE07-AD2B-4CF6-B536-42A7E2BD575F} RegSrvc HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\ API\{86F269E9-9BE5-4B0C-A0EE-FA95DBC61143} iWA HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\ API\{9EA18EFB-4C41-4534-972B-4E5DD32D1A7E} S24 HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\ API\{C2500C19-B4BC-47C1-BA94-20899705002C} AdHoc Wiz HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\EvTrace\ API\{F2A6E98B-1D98-4608-9D20-A6CD4A71BA22} ____________________ S24 service ; A transport for supporting WNMP over WLAN. [Interop] A WNMP-client is a program that administers or monitors a remote system. (Think Coffee) Using the graphical WNMP-editor, the creation of a model containing all relevant parameters is both simple and quick. It is also possible to import existing MIB-files from SNMP into the model in order to get started quickly. ____________________ Hidden WiFi APIs HKCR\Installer\Features\6A6C7A2588B61D7429E2F9A8E780E9A6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Installer\UserData\X-X-X-X\ Components\1BA3E2302375D014E982ED3A31DEE8C3 -- WiFiWMIP.mof value ; 6A6C7A2588B61D7429E2F9A8E780E9A6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Installer\UserData\X-X-X-X\ Components\1C511D903AAA5424A8192DED132CDA0E -- ZcSvcPTB.dll value ; 6A6C7A2588B61D7429E2F9A8E780E9A6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Installer\UserData\X-X-X-X\ Components\1CD1CCE8852B3ED42850A03F7137CE7A -- DrWfiPLK.dll value ; 6A6C7A2588B61D7429E2F9A8E780E9A6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Installer\UserData\X-X-X-X\ Components\1D03B38112780E441B224E82DC8CF2FC -- SsoGnHEB.dll value ; 6A6C7A2588B61D7429E2F9A8E780E9A6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Installer\UserData\X-X-X-X\ Components\1F94FA866294A25418FC19AD0697C266 -- wassistheb.chm value ; 6A6C7A2588B61D7429E2F9A8E780E9A6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Installer\UserData\X-X-X-X\ Components\311B4C0A3CD2A09458F34E6776B6AB5F -- Others [Values ; 6A6C7A2588B61D7429E2F9A8E780E9A6] -- S24Trans.inf -- PfWizELL.dll -- PfWizNOR.dll -- IntWAITA.dll -- DrWfiELL.dll -- LViewDEU.dll -- SsoGnARA.dll -- TraceSVE.mdb -- SsoGnCHT.dll ect... BLEACH ALL WIFI ADAPTERS! HKLM\SOFTWARE\Intel\Wireless\SupportedAdapters -- 3945ABGADAPTER10 -- CALEXICO2ADAPTER11ABG -- CALEXICO2ADAPTER11G -- EBRONADAPTER -- KEDRONADAPTER -- SHILOHADAPTER Corporate Video Service RedBoxLite.RedBoxEvent HKEY_CLASSES_ROOT\CLSID\{657C7A59-4FEC-4C06-A354-607B1EB184FB} HKEY_CLASSES_ROOT\RedBoxLite.RedBoxESInternal {C6A168A1-CF31-4351-95FD-40077E8A5A54} HKEY_CLASSES_ROOT\RedBoxLite.RedBoxEvent {657C7A59-4FEC-4C06-A354-607B1EB184FB} HKEY_CLASSES_ROOT\RedBoxLite.RedBoxEventStore {A7949A2D-4692-40CB-9A98-D4DB2B59872E} Rootkits - BLEACH IT ALL! HKEY_LOCAL_MACHINE\BCD00000000 Objects\\ {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} {1afa9c49-16ab-4a5c-901b-212802da9460} {4636856e-540f-4170-a130-a84776f4c654} {466f5a88-0af2-4f76-9038-095b170dc21c} {5189b25c-5558-4bf2-bca4-289b11bd29e2} {572bcd55-ffa7-11d9-aae2-0007e994107d} {6e015dd1-2921-11dd-8dd2-a4c6f03d903b} {6e015dd2-2921-11dd-8dd2-a4c6f03d903b} {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} {9dea862c-5cdd-4e70-acc1-f32b344d4795} {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} {ae5534e0-a924-466c-b836-758539a3ee3a} {b2721d73-1db4-4c62-bf78-c548a880142d} HKEY_LOCAL_MACHINE\COMPONENTS SEVERAL SITES LABLE THESE CLSIDs AS TROJANS! This trojan was hard to find. This trojan cloaked original comctl32.ocx titles (which are mandatory for the system to properly function.) These have nothing to do with comctl32. Tested and safe to bleach. HKEY_CLASSES_ROOT\CLSID\{c27cce32-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce33-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce34-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce35-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce36-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce37-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce38-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce39-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce3a-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce3b-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce3c-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce3d-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce3e-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce3f-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce40-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce41-8596-11d1-b16a-00c0f0283628} HKEY_CLASSES_ROOT\CLSID\{c27cce42-8596-11d1-b16a-00c0f0283628} Microsoft Remote Data Objects HKEY_CLASSES_ROOT\MicrosoftRDO.RdoConnection {E791964C-208A-11CF-8146-00AA00A40C25} HKEY_CLASSES_ROOT\MicrosoftRDO.RdoConnection2.0 {E791964C-208A-11CF-8146-00AA00A40C25} HKEY_CLASSES_ROOT\MicrosoftRDO.rdoEngine {5E71F04C-551F-11CF-8152-00AA00A40C25} HKEY_CLASSES_ROOT\MicrosoftRDO.rdoEngine2.0 {5E71F04C-551F-11CF-8152-00AA00A40C25} HKEY_CLASSES_ROOT\MicrosoftRDO.RdoQuery {5EBB68F5-3BF1-11CF-814C-00AA00A40C25} HKEY_CLASSES_ROOT\MicrosoftRDO.RdoQuery2.0 {5EBB68F5-3BF1-11CF-814C-00AA00A40C25} __________ Bluetooth Spyware Updated ..\Toshiba\Bluetooth Toshiba Stack\ Bluetooth Personal Area Connection HKEY_CLASSES_ROOT\CLSID\{6FE54E0E-009F-4E3D-A830-EDFA71E1F306} HKEY_CLASSES_ROOT\CLSID\{7071EC01-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC05-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC07-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC13-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC31-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC32-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC33-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC61-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC62-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC71-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC75-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071EC77-663B-4BC1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECA0-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECA3-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECA5-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECA7-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECA8-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECA9-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECAF-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECB0-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECB3-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECB4-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECB5-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECB6-663B-4BC1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECB7-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECB8-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECBF-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECD0-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECD5-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECE0-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECE5-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECF1-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECF7-663B-4bc1-A1FA-B97F3B917C55} HKEY_CLASSES_ROOT\CLSID\{7071ECFA-663B-4bc1-A1FA-B97F3B917C55} Bluetooth PAN Profile Class Manager HKEY_CLASSES_ROOT\CLSID\{B4C8DF59-D16F-4042-80B7-3557A254B7C5} Bluetooth Personal Area Connection Enumerator HKEY_CLASSES_ROOT\CLSID\{CD5096A1-E7E7-4E09-8B12-CBF2790A87CF} HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\ Components\amd64_microsoft.windows.h..uetooth- driverclass_31bf3856ad364e35_6.0.6000.16386 _none_decccxxxxxxxxxxx Microsoft AutoComplete Updated Microsoft AutoComplete HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062} Microsoft History AutoComplete List HKEY_CLASSES_ROOT\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062} Microsoft Multiple AutoComplete List Container HKEY_CLASSES_ROOT\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062} IE AutoComplete HKEY_CLASSES_ROOT\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926} IE Microsoft History AutoComplete List HKEY_CLASSES_ROOT\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D} Microsoft TipAutoCompleteClient Control HKEY_CLASSES_ROOT\CLSID\{807C1E6C-1D00-453f-B920-B61BB7CDD997} IE Microsoft Shell Folder AutoComplete List HKEY_CLASSES_ROOT\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} IE Microsoft Multiple AutoComplete List Container HKEY_CLASSES_ROOT\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94} ITipAutoCompleteState HKEY_CLASSES_ROOT\Interface\{2EC8EA69-8E64-4654-A177-E787D2F41FA1} IAutoCompleteDropDown HKEY_CLASSES_ROOT\Interface\{3CD141F4-3C6A-11D2-BCAA-00C04FD929DB} ITipAutoCompleteStateSink HKEY_CLASSES_ROOT\Interface\{46E4E7F0-B5C6-4863-B600-59887BB71965} ITipAutoCompleteResultSink HKEY_CLASSES_ROOT\Interface\{7465467B-2C47-463B-A3A1-F7F245358A73} AsyncITipAutoCompleteStateSink HKEY_CLASSES_ROOT\Interface\{88068FD0-69A1-4EA2-B9B9-0DB81CBF529A} HKEY_CLASSES_ROOT\TipAutoCompleteClient.TipAutoCompleteClient {807C1E6C-1D00-453f-B920-B61BB7CDD997} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {00BB2763-6A77-11D0-A535-00C04FD7D062} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {00BB2764-6A77-11D0-A535-00C04FD7D062} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {00BB2765-6A77-11D0-A535-00C04FD7D062} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {3028902F-6374-48b2-8DC6-9725E775B926} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {6038EF75-ABFC-4e59-AB6F-12D397F6568D} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {807C1E6C-1D00-453f-B920-B61BB7CDD997} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {B31C5FAE-961F-415b-BAF0-E697A5178B94} DO NOT BLEACH ANY MRU CACHE! MRUs not listed. __________ eHome [Home Networking] Spyware http://www.advantech.com/solutions/eHome/scenario.asp?Category_ID=1-EDZ11 HKEY_CLASSES_ROOT\.mcl - eHome Index HKEY_CLASSES_ROOT\.msrcincident - RemoteAssistance MediaStatusAggregator Class HKEY_CLASSES_ROOT\CLSID\{0228576F-6E6C-4E1A-B175-0E46A316AFE2} EHomeC2RDropTarget Class HKEY_CLASSES_ROOT\CLSID\{045EFB3B-3EC4-4D6D-99A5-E87E23AEE929} TVThumb Class HKEY_CLASSES_ROOT\CLSID\{069501DC-D776-4778-8C76-81D7A3DFFBB7} Media Center Input Module HKEY_CLASSES_ROOT\CLSID\{07461CC0-878C-4C0F-9255-7DDB269B363B} HKEY_CLASSES_ROOT\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8} HKEY_CLASSES_ROOT\CLSID\{A96434FF-30F1-430E-B568-DCCCB831FFCE} Wireless Setup Class (eHome) HKEY_CLASSES_ROOT\CLSID\{0c98b8bc-273c-464d-938a-b9709607e137} HtmlInput Class (eHome) HKEY_CLASSES_ROOT\CLSID\{1989C694-3CF9-4a56-B1CC-2E3CB1D753D7} korime.korinputmodule [C:\Windows\eHome\ehkorime.dll] HKEY_CLASSES_ROOT\CLSID\{26fa7c37-2cd3-4897-9499-33330e075cbd} Microsoft TV Caption Decoder HKEY_CLASSES_ROOT\CLSID\{2F7EE4B6-6FF5-4EB4-B24A-2BFC41117171} eHome.DvrPlayer HKEY_CLASSES_ROOT\CLSID\{2FABD29B-6A89-4497-9909-A486C9F7C273} EHomeMCLDropTarget Class HKEY_CLASSES_ROOT\CLSID\{4a8dbdfc-6c55-4c0d-9cb8-65bb711e4a4e} EHomePhotosHandler Class HKEY_CLASSES_ROOT\CLSID\{4b7601c1-d292-4902-89f4-583a5ce0c535} EHomeVideosHandler Class HKEY_CLASSES_ROOT\CLSID\{4f61ec50-acef-4ae7-b4c6-b19bddc0f745} TVThumbnailCache Class HKEY_CLASSES_ROOT\CLSID\{509443A8-B499-4d72-9222-52B82980D8AB} eHomeSchedulerService.ScanDispatcher HKEY_CLASSES_ROOT\CLSID\{630D560F-6AAF-49bd-84A9-16CF87C937FF} eHome.RemoteFilePlayer HKEY_CLASSES_ROOT\CLSID\{64ffd390-efbc-43da-b89d-fd2b2d1c22d8} EHomeDVRDropTarget Class HKEY_CLASSES_ROOT\CLSID\{6e2822ca-f234-45da-8c4c-1408e18981d1} MediaCenterSSO Class HKEY_CLASSES_ROOT\CLSID\{6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} eHome.McxMediaController HKEY_CLASSES_ROOT\CLSID\{7b6f5efb-45f0-4672-ab4d-4463c5957854} eHomeSchedulerService.RecordingDispatcher HKEY_CLASSES_ROOT\CLSID\{7F6316B4-4D69-4765-B0A3-B2598F2FA80A} RemoteBroadcastPlayer Class HKEY_CLASSES_ROOT\CLSID\{804f7e8f-5430-42cf-80d1-de4e871a9615} eHome.FMRadioPlayer HKEY_CLASSES_ROOT\CLSID\{84283b18-61fd-4d49-9955-2934fa3bcbac} eHome.WmpOcxPlayer HKEY_CLASSES_ROOT\CLSID\{8E874F89-BE35-409C-B95B-2A7BD741DC00} eHomeSchedulerService.MCEIRUser HKEY_CLASSES_ROOT\CLSID\{95142bf8-5f09-452b-b384-44af84a500c6} eHome.DvdPlayer HKEY_CLASSES_ROOT\CLSID\{96EFF869-1551-4c34-9AAB-D175FFCB06C0} Ehmsas.MediaStatusSession HKEY_CLASSES_ROOT\CLSID\{A24BCC4A-448D-41CA-92BB-3DC15D81C16C} EHomeVideoDropTarget Class HKEY_CLASSES_ROOT\CLSID\{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB} eHomeSchedulerService.MCEMediaOutputDevice HKEY_CLASSES_ROOT\CLSID\{a8298e0c-7201-470e-84d5-728cff85bcbf} eHome.VCDPlayer HKEY_CLASSES_ROOT\CLSID\{AE0E44B4-5549-49ad-9057-6C6BC55054B1} RemoteFMRadioPlayer Class HKEY_CLASSES_ROOT\CLSID\{aff7ae3c-3f98-49e5-bb07-246a1a27b4d5} RemoteDvrPlayer Class HKEY_CLASSES_ROOT\CLSID\{b49761aa-bb47-4ec8-91b5-3f1bfcfad14d} Microsoft.Ehome.Epg.Ehepgdat HKEY_CLASSES_ROOT\CLSID\{C8778ACA-6E3A-4612-ACC7-349247D0DB1F} eHome.BroadcastPlayer HKEY_CLASSES_ROOT\CLSID\{C9A2F6D4-463D-4bd9-BB47-169AE9C83B9D} eHomeSchedulerService.EhepgdatWrapper HKEY_CLASSES_ROOT\CLSID\{CD621DE4-2AA5-4468-ADF1-087A05891DA7} eHomeSchedulerService.EhepgdatDispatcher HKEY_CLASSES_ROOT\CLSID\{E8DF2799-8F1B-4b60-B30F-AED6BBF39625} EHomeMusicDropTarget Class HKEY_CLASSES_ROOT\CLSID\{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C} eHome.McProxy HKEY_CLASSES_ROOT\CLSID\{f2ce09f6-d836-4029-be4c-5793ba9f14ec} HKEY_CLASSES_ROOT\eHome.BroadcastPlayer {C9A2F6D4-463D-4bd9-BB47-169AE9C83B9D} HKEY_CLASSES_ROOT\eHome.DvdPlayer {96EFF869-1551-4c34-9AAB-D175FFCB06C0} HKEY_CLASSES_ROOT\eHome.DvrPlayer {2FABD29B-6A89-4497-9909-A486C9F7C273} HKEY_CLASSES_ROOT\eHome.FMRadioPlayer {84283b18-61fd-4d49-9955-2934fa3bcbac} HKEY_CLASSES_ROOT\eHome.McProxy {f2ce09f6-d836-4029-be4c-5793ba9f14ec} HKEY_CLASSES_ROOT\eHome.McxMediaController {7b6f5efb-45f0-4672-ab4d-4463c5957854} HKEY_CLASSES_ROOT\eHome.RemoteFMRadioPlayer {804f7e8f-5430-42cf-80d1-de4e871a9615} HKEY_CLASSES_ROOT\eHome.VCDPlayer {AE0E44B4-5549-49ad-9057-6C6BC55054B1} HKEY_CLASSES_ROOT\eHome.WmpOcxPlayer {8E874F89-BE35-409C-B95B-2A7BD741DC00} HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeC2RDropTarget {045EFB3B-3EC4-4D6D-99A5-E87E23AEE929} HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeDVRDropTarget {6e2822ca-f234-45da-8c4c-1408e18981d1} HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeMCLDropTarget {4a8dbdfc-6c55-4c0d-9cb8-65bb711e4a4e} HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeMusicDropTarget {ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C} HKEY_CLASSES_ROOT\EHomeDropTarget.EHomePhotosHandler {4b7601c1-d292-4902-89f4-583a5ce0c535} HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeVideoDropTarget {A48E70A4-8E15-4465-9D85-CCE9E63F8AAB} HKEY_CLASSES_ROOT\EHomeDropTarget.EHomeVideosHandler {4f61ec50-acef-4ae7-b4c6-b19bddc0f745} HKEY_CLASSES_ROOT\eHomeSchedulerService.EhepgdatDispatcher {E8DF2799-8F1B-4b60-B30F-AED6BBF39625} HKEY_CLASSES_ROOT\eHomeSchedulerService.EhepgdatWrapper {CD621DE4-2AA5-4468-ADF1-087A05891DA7} HKEY_CLASSES_ROOT\eHomeSchedulerService.MCEIRUser {95142bf8-5f09-452b-b384-44af84a500c6} HKEY_CLASSES_ROOT\eHomeSchedulerService.MCEMediaOutputDevice {a8298e0c-7201-470e-84d5-728cff85bcbf} HKEY_CLASSES_ROOT\eHomeSchedulerService.MCESetTopBox {5cc76543-0f98-47a8-afa2-208562ef9454} HKEY_CLASSES_ROOT\eHomeSchedulerService.RecordingDispatcher {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} HKEY_CLASSES_ROOT\eHomeSchedulerService.ScanDispatcher {630D560F-6AAF-49bd-84A9-16CF87C937FF} HKEY_CLASSES_ROOT\eHomeSchedulerService.TVThumbnailCache {509443A8-B499-4d72-9222-52B82980D8AB} Default DAO Some reports identify the DAO as a worm, others a backdoor trojan. Whatever it is, it's safe to bleach. DAO.DBEngine.36 HKEY_CLASSES_ROOT\CLSID\{00000100-0000-0010-8000-00AA006D2EA4} DAO.PrivateDBEngine.36 HKEY_CLASSES_ROOT\CLSID\{00000101-0000-0010-8000-00AA006D2EA4} DAO.TableDef.36 HKEY_CLASSES_ROOT\CLSID\{00000103-0000-0010-8000-00AA006D2EA4} DAO.Field.36 HKEY_CLASSES_ROOT\CLSID\{00000104-0000-0010-8000-00AA006D2EA4} DAO.Index.36 HKEY_CLASSES_ROOT\CLSID\{00000105-0000-0010-8000-00AA006D2EA4} DAO.Group.36 HKEY_CLASSES_ROOT\CLSID\{00000106-0000-0010-8000-00AA006D2EA4} DAO.User.36 HKEY_CLASSES_ROOT\CLSID\{00000107-0000-0010-8000-00AA006D2EA4} DAO.QueryDef.36 HKEY_CLASSES_ROOT\CLSID\{00000108-0000-0010-8000-00AA006D2EA4} DAO.Relation.36 HKEY_CLASSES_ROOT\CLSID\{00000109-0000-0010-8000-00AA006D2EA4} DAO.TableDef.120 HKEY_CLASSES_ROOT\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5} DAO.PrivateDBEngine.120 HKEY_CLASSES_ROOT\CLSID\{6F3DD387-5AF2-492B-BDE2-30FF2F451241} DAO.User.120 HKEY_CLASSES_ROOT\CLSID\{805B7F91-C9CF-4EDF-ACA6-775664FDFB3E} DAO.Index.120 HKEY_CLASSES_ROOT\CLSID\{8D4F994C-EBBE-4F8D-BA4B-AE20CD36E72D} DAO.Group.120 HKEY_CLASSES_ROOT\CLSID\{97A2762C-403C-4953-A121-7A75ABCE4373} DAO.Field.120 ? DAO.DBEngine.120 HKEY_CLASSES_ROOT\CLSID\{CD7791B9-43FD-42C5-AE42-8DD2811F0419} DAO.Relation.120 HKEY_CLASSES_ROOT\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9} DAO.QueryDef.120 HKEY_CLASSES_ROOT\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE} REMOVE CREATOR OWNER SID FROM PERMISSION SET [DO NOT BLEACH CLSID!] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SSO\Passport1.4 URL LINK: http:// www. passport .com WMI HACK BY CREATOR OWNER SID? REMOVE CREATOR OWNER SID FROM PERMISSION SET HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ WMI\Security [DO NOT BLEACH CLSID!] Remote SIDs found in Svcid, including MSDTC client. Backdoor electronic orgy. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CID.Local HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SVCID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SVCID.Local VIRUS? MALWARE? SPYWARE? Safe to bleach. HKEY_CLASSES_ROOT\S00163_Photo2.Photo2 {0f9a3e9d-6334-6948-8b32-fb74b2f2d38b} HKEY_CLASSES_ROOT\S00163_Photo2.Photo2Text {8EB3CBB9-D8B9-F04F-8320-D5E611F2D54E} HKEY_CLASSES_ROOT\S00251_ProClassic.ProClassic {6fbbf243-8875-774b-b034-48f0d717bb70} HKEY_CLASSES_ROOT\S00251_ProClassic.ProClassicText {832C78FC-32FA-574E-B993-01A2E7FDBC9E} HKEY_CLASSES_ROOT\S00253_BackInTime.BackInTime {9a5a3bda-c283-c646-b83e-ca3c709d731b} HKEY_CLASSES_ROOT\S00253_BackInTime.BackInTimeText {22F52C60-60F9-B545-B15E-752193890D6F} InteractionFax HKEY_CLASSES_ROOT\.i3f HKEY_CLASSES_ROOT\InteractionFax C:\Program Files\Interactive Intelligence\InteractionFax\ InteractionFax.exe HKEY_CLASSES_ROOT\InteractionVoicemail C:\Program Files\Interactive Intelligence\InteractionVoiceMail\ InteractionVoicemail.exe Interaction Vox file HKEY_CLASSES_ROOT\ININ.VoxPlayer C:\Program Files\Interactive Intelligence\InteractionVoiceMail\ InteractionVoicemailLauncherU.exe __________ Create 802.11 Ad hoc Task Class HKEY_CLASSES_ROOT\CLSID\{0cbb5030-f2b2-4b38-8cbc-895cec57db03} Adhoc Create Adapter Selection Page Class HKEY_CLASSES_ROOT\CLSID\{0cbb5031-f2b2-4b38-8cbc-895cec57db03} Adhoc Create Setup Page Class HKEY_CLASSES_ROOT\CLSID\{0cbb5032-f2b2-4b38-8cbc-895cec57db03} Adhoc Create Status Page Class HKEY_CLASSES_ROOT\CLSID\{0cbb5034-f2b2-4b38-8cbc-895cec57db03} Adhoc Create Finish Page Class HKEY_CLASSES_ROOT\CLSID\{0cbb5035-f2b2-4b38-8cbc-895cec57db03} Adhoc Ics Option Page Class HKEY_CLASSES_ROOT\CLSID\{0cbb5036-f2b2-4b38-8cbc-895cec57db03} Adhoc Ics Status Page Class HKEY_CLASSES_ROOT\CLSID\{0cbb5037-f2b2-4b38-8cbc-895cec57db03} Adhoc Error Report Page Class HKEY_CLASSES_ROOT\CLSID\{0cbb5038-f2b2-4b38-8cbc-895cec57db03} Adhoc Ics Finish Page Class HKEY_CLASSES_ROOT\CLSID\{0cbb503a-f2b2-4b38-8cbc-895cec57db03} Don't enjoy sharing media? Bleach these. HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sharing DetectionAndSharing HKEY_CLASSES_ROOT\AppID\{1fda955b-61ff-11da-978c-0008744faab7} Sharing Elevated Virtual Factory HKEY_CLASSES_ROOT\AppID\{72A7994A-3092-4054-B6BE-08FF81AEEFFC} Network and Sharing Center Cpl Elevated Virtual Factory HKEY_CLASSES_ROOT\AppID\{7A076CE1-4B31-452a-A4F1-0304C8738100} Detection And Sharing HKEY_CLASSES_ROOT\CLSID\{1fda955b-61ff-11da-978c-0008744faab7} PSFactoryBuffer HKEY_CLASSES_ROOT\CLSID\{1fda955c-61ff-11da-978c-0008744faab7} FileSharing Class HKEY_CLASSES_ROOT\CLSID\{2E144316-2FF2-4D9D-A458-AAD215F18A0A} Sharing Configuration Manager HKEY_CLASSES_ROOT\CLSID\{49F371E1-8C5C-4d9c-9A3B-54A6827F513C} Home Networking Sharing Configuration Manager HKEY_CLASSES_ROOT\CLSID\{5C63C1AD-3956-4FF8-8486-40034758315B} Sharing Elevated Virtual Factory HKEY_CLASSES_ROOT\CLSID\{72A7994A-3092-4054-B6BE-08FF81AEEFFC} Network and Sharing Center Cpl Elevated Virtual Factory HKEY_CLASSES_ROOT\CLSID\{7A076CE1-4B31-452a-A4F1-0304C8738100} Network and Sharing Center HKEY_CLASSES_ROOT\CLSID\{8E908FC9-BECC-40f6-915B-F4CA0E70D03D} HKEY_CLASSES_ROOT\Directory\shellex\ ContextMenuHandlers\Sharing HKEY_CLASSES_ROOT\dtsh.DetectionAndSharing {1fda955b-61ff-11da-978c-0008744faab7} Share Permission List HKEY_CLASSES_ROOT\CLSID\{59A437AB-74F3-4de2-AFE6-54203634C4DD} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\ {59A437AB-74F3-4de2-AFE6-54203634C4DD} INetSharingPortMappingCollection HKEY_CLASSES_ROOT\Interface\{02E4A2DE-DA20-4E34-89C8-AC22275A010B} INetSharingPortMappingProps HKEY_CLASSES_ROOT\Interface\{24B7E9B5-E38F-4685-851B-00892CF5F940} INetSharingEveryConnectionCollection HKEY_CLASSES_ROOT\Interface\{33C4643C-7811-46FA-A89A-768597BD7223} INetSharingPrivateConnectionCollection HKEY_CLASSES_ROOT\Interface\{38AE69E0-4409-402A-A2CB-E965C727F840} INetSharingPublicConnectionCollection HKEY_CLASSES_ROOT\Interface\{7D7A6355-F372-4971-A149-BFC927BE762A} Same [Labled Enum ; NOT a real enum process] HKEY_CLASSES_ROOT\Interface\{C08956A0-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956A1-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956A2-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956A3-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956A5-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956A6-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956B0-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956B1-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956B4-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956B5-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956B6-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956B7-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956B8-1CD3-11D1-B1C5-00805FC1270E} HKEY_CLASSES_ROOT\Interface\{C08956BA-1CD3-11D1-B1C5-00805FC1270E} MISTAKES UPDATED !DO NOT BLEACH TELEPHONY! {this will cut the internet connection} !DO NOT BLEACH SYSTEM CERTIFICATE! {this will destroy the system} !DO NOT BLEACH CRYPTOGRAPHIC PROVIDERS! {this will destroy the system} !DO NOT BLEACH CERFile! {this is a hardware cryptographic certificate} !DO NOT BLEACH DEFAULT OLE! (UPDATE) {this will disable copy/paste, drag/drop} OlePrn CLSIDs are safe to bleach. !DO NOT BLEACH ITCARD! {this will cut the internet connection} !DO NOT BLEACH MUICache! {this will destroy system restore capability} !DO NOT BLEACH INK FILE! {this will destroy start menu and desktop shortcuts} !DO NOT BLEACH RASMAN Certificate! {this would cause browser problems} !DO NOT BLEACH MSSTDFMT! (UPDATE) {this will damage Visual Studio 6.0 and ActiveX} !DO NOT BLEACH ANY RPC! {this will destroy the system} !DO NOT BLEACH MUI! {this will cause problems with media players} !DO NOT BLEACH DRM_DRM! (UPDATE) {this will cause problems with flash players} I was wrong about the simple HKCR DRM registry; that is safe to bleach. DO NOT BLEACH "DRM_DRM" !DO NOT BLEACH vCard! {this will cause microsoft outlook to crash} !DO NOT BLEACH DirectX! {this could cause problems with audio software} !DO NOT BLEACH LEGACY DRIVES! {major problems could fry the computer} !DO NOT BLEACH WHAT YOU DO NOT KNOW! {take this as experienced forewarning}
|