A sends:
“The best way to protect a personal computer is to have the internet disconnected, and only connect to the internet when you desire going online.”
32 Bit NETw5x32 WiFi Service
HKLMSYSTEMCurrentControlSetServicesNETw5x32
Pc1news claims the NETw5x32.sys file may be a virus.
NO evidence to back that up. The NETw5x32 service
is safe to bleach.
OInfoP12 [Runs with Interactive Users]
HKCRAppID{782A624F-C836-4135-B845-D45174463039}
HKEY_CLASSES_ROOTAppIDoinfop12.exe
Pc1news labels oinfop12.exe an WYSIWYG HTML editor,
while others report it trojan. It is not a trojan.
It’s part of the Expression Studio suite from
Microsoft, which can be used by third-party
developers. This is safe to bleach.
Vulnerable Volume Cache
HKLMSOFTWAREMicrosoftWindowsCurrentVersion
ExplorerVolumeCachesInternet Cache Files
HKLMSOFTWAREMicrosoftWindowsCurrentVersion
ExplorerVolumeCachesRemote Desktop Cache Files
HKLMSOFTWAREMicrosoftWindowsCurrentVersion
ExplorerVolumeCachesWebClient and WebPublisher Cache
Backdoor.Hupigon.GEN Rootkit injects itself into
Internet Explorer causing IE to hide itself. Also
logs keystrokes and allows remote access to the
compromised system, typically through port 8000.
HKEY_CLASSES_ROOTsmtp
{8D2595E0-07C3-11D3-B8AF-00105A19CDC6}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftESENT
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlNls
MUILanguagesRCV2esent.dll
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlNls
MUILanguagesRCV2esent97.dll
HKLMSYSTEMCurrentControlSetControlNlsMUILanguages
RCV2esent.dll
HKLMSYSTEMCurrentControlSetControlNlsMUILanguages
RCV2esent97.dll
HKLMSYSTEMControlSet001ControlKeyboard Layouts
HKLMSYSTEMCurrentControlSetControlKeyboard Layouts
[Despite MUI language, esent.dlls are safe to bleach!]
Microsoft SQL Server *Virtual Device* Interface
HKCRCLSID{b5e7a132-a7bd-11d1-84c2-00c04fc21759}
Virtual devices can be used for RemoteApps, even
Remote Desktop. This virtual service is not needed.
“Complete desktop environments can run in virtual machines
on datacenter servers and can be accessed by end users from
any PC or thin client on the corporate network. This
solution provides IT with centralized control over desktop
computing resources and their data as well as the ability
to consolidate virtual machines and optimize resource
utilization across the datacenter.”
WARNING ; Not all SQL CLSIDs pose security threats!
Digital Protection is a rogue Antispyware, it cloaks
itself as Antivirus software. It is a wolf in sheep’s
clothing. It conducts a fake scan of your system.
HKCRCLSID{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINESOFTWAREDigital Protection
HKLMSOFTWAREMicrosoftWindowsCurrentVersion
UninstallDigital Protection
Chinese/UK Funshion Spyware
C:Program FilesFunshion Online DELETE ALL
HKEY_LOCAL_MACHINESOFTWAREClassesFunshion
HKEY_LOCAL_MACHINESOFTWAREClassesFunshion Task
Bleach ClientMan. ClientMan changes browser settings,
shows commercial adverts, connects itself to the internet,
hides from the user and stays resident in the background.
HKCRclsid{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKCRclsid{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKCRclsid{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKCRclsid{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKCRclsid{a097840a-61f8-4b89-8693-f68f641cc838}
HKCRclsid{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKCRclsid{f76fda04-87fa-4717-91f6-4bb5be9fd2bb}
HKCRclsid{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}
HKEY_CURRENT_USERsoftwarecliman
HKEY_CURRENT_USERsoftwareipend
HKEY_CURRENT_USERsoftwaremicrosoftwindows
currentversionrunclientman1
HKLMbjects{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKLMbjects{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKLMbjects{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKLMbjects{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKLMbjects{a097840a-61f8-4b89-8693-f68f641cc838}
HKLMsoftwaremicrosoftwindowscurrentversionrunclientman
HKLMsoftwaremicrosoftwindowscurrentversionrunclientman1
Electronic CRM concerns all forms of managing
relationships with customers making use of
Information Technology. Two formats to share.
HKEY_CLASSES_ROOT.bcmr
HKEY_CLASSES_ROOT.bcmx
RDN Security Breach
HKEY_CLASSES_ROOTRstrCC.RstrProgress
{bf404da2-7d3b-11d3-b9e5-00c04f79e399}
HKCRCLSID{bf404da2-7d3b-11d3-b9e5-00c04f79e399}
HKLMSOFTWAREClassesRstrCC.RstrProgress
HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
ServicesUGatherer
HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
ServicesUGTHRSVC
HKLMSYSTEMControlSet002ServicesUGatherer
HKLMSYSTEMControlSet002ServicesUGTHRSVC
HKLMSYSTEMControlSet001ServicesUGatherer
HKLMSYSTEMControlSet001ServicesUGTHRSVC
Unknown [Safe to bleach]
HKEY_CLASSES_ROOTPTxSCP.PTxContextMenu
HKEY_CLASSES_ROOTPTxSCP.PTxGroup
HKEY_CLASSES_ROOTPTxSCP.PTxShCombo
HKEY_CLASSES_ROOTPTxSCP.PTxShFolderBrowseDlg
HKEY_CLASSES_ROOTPTxSCP.PTxShLink
HKEY_CLASSES_ROOTPTxSCP.PTxShList
HKEY_CLASSES_ROOTPTxSCP.PTxShOpenSaveDlg
HKEY_CLASSES_ROOTPTxSCP.PTxShTree
HKEY_CLASSES_ROOTPTxSCP.PTxShUtils
The CLSID shit lists were created to help others
learn to better protect their computers. As well,
guides to stealth vulnerable ports and to identify
malware / spyware and default threats buried inside
the massive grave known as registry. Also to update
past mistakes, so others can avoid from fucking up.
The best way to protect a personal computer is to
have the internet disconnected, and only connect to
the internet when you desire going online.
Recent CLSID shit lists : http://ht.ly/19nj0Z [which redirects to:]
we must know 