Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present

Natsios Young Architects

20 February 2010

A sends: 

CLSID Shit List (#1)
  
HKEY_CLASSES_ROOT\Neptune.JustWorks.AutoDiscovery
HKEY_CLASSES_ROOT\Neptune.JustWorks.AutoDiscovery.1
HKEY_CLASSES_ROOT\RDCHost.RemoteDesktopClientHost
HKEY_CLASSES_ROOT\RDCHost.RemoteDesktopClientHost.1
HKEY_CLASSES_ROOT\RDS.DataControl
HKEY_CLASSES_ROOT\RDS.DataSpace
HKEY_CLASSES_ROOT\RDSHost.SAFRemoteDesktopServerHost
HKEY_CLASSES_ROOT\RDSHost.SAFRemoteDesktopServerHost.1
HKEY_CLASSES_ROOT\RDSServer.DataFactory
HKEY_CLASSES_ROOT\RDSServer.DataFactory.2.81
  
  
Remote Desktop Connection (.RDP Format)
HKEY_CLASSES_ROOT\.RDP
HKEY_CLASSES_ROOT\RDP.File
  
  
S-1-5-21-1123561945-2111687655-839522115-1003 Hacked >>
  
HKEY_CLASSES_ROOT\MsRDP.MsRDP
HKEY_CLASSES_ROOT\MsRDP.MsRDP.2
HKEY_CLASSES_ROOT\MsRDP.MsRDP.3
HKEY_CLASSES_ROOT\MsRDP.MsRDP.4
HKEY_CLASSES_ROOT\MsRDP.MsRDP.5
HKEY_CLASSES_ROOT\MsRDP.MsRDP.6
AND
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.1
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.2
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.3
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.4
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.5
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.6
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.7
  
  
Factoid Malware
HKEY_CLASSES_ROOT\CLSID\{64AB6C69-B40E-40AF-9B7F-F5687B48E2B6}
HKEY_CLASSES_ROOT\MOFL.Factoid
HKEY_CLASSES_ROOT\MOFL.Factoid.2 INVEST
  
  
MMC Plugable Internet Protocol
HKEY_CLASSES_ROOT\CLSID\{3C5F432A-EF40-4669-9974-9671D4FC2E12}
HKEY_CLASSES_ROOT\NODEMGR.AppEventsDHTMLConnector
HKEY_CLASSES_ROOT\NODEMGR.ComCacheCleanup
HKEY_CLASSES_ROOT\NODEMGR.MMCDocConfig
HKEY_CLASSES_ROOT\NODEMGR.MMCProtocol
HKEY_CLASSES_ROOT\NODEMGR.MMCVersionInfo
HKEY_CLASSES_ROOT\NODEMGR.MMCViewExt
HKEY_CLASSES_ROOT\NODEMGR.NodeInitObject
HKEY_CLASSES_ROOT\NODEMGR.ScopeTreeObject
  
  
Hidden Microsoft Remote Assistance
HKEY_CLASSES_ROOT\RACplDlg.RAEventLog
HKEY_CLASSES_ROOT\RACplDlg.RARegSetting
HKEY_CLASSES_ROOT\RACplDlg.RASettingProperty
HKEY_CLASSES_ROOT\TypeLib\{5190C4AF-AB0F-4235-B12F-D5A8FA3F854B}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D317113-C6EC-406A-9C61-20E891BC37F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fadcfea-0971-4575-a368-a2de9d2ed07d}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70FF37C0-F39A-4B26-AE5E-638EF296D490}
HKEY_CLASSES_ROOT\RcBdyCtl.Connection
HKEY_CLASSES_ROOT\RcBdyCtl.Display
HKEY_CLASSES_ROOT\RcBdyCtl.IMSession
HKEY_CLASSES_ROOT\Rcbdyctl.Setting
HKEY_CLASSES_ROOT\Rcbdyctl.smapi
  
  
HKEY_CLASSES_ROOT\ReplAgent.90.Distribution
HKEY_CLASSES_ROOT\ReplAgent.90.Merge
HKEY_CLASSES_ROOT\ReplAgent.90.RemoteDistribution
HKEY_CLASSES_ROOT\ReplAgent.90.RemoteMerge
HKEY_CLASSES_ROOT\ReplAgent.RemoteDistribution.2
HKEY_CLASSES_ROOT\ReplAgent.RemoteMerge.2
  
  
Unknown Trojan
HKEY_CLASSES_ROOT\WECAPI2.FpFile
HKEY_CLASSES_ROOT\WECAPI2.FpFolder
HKEY_CLASSES_ROOT\WECAPI2.FpMetaInfo
HKEY_CLASSES_ROOT\WECAPI2.WebExtenderClient
HKEY_CLASSES_ROOT\WECAPI2.WebExtenderClient.1
HKEY_CLASSES_ROOT\WECAPI5.FpFile
HKEY_CLASSES_ROOT\WECAPI5.FpFolder
HKEY_CLASSES_ROOT\WECAPI5.FpMetaInfo
HKEY_CLASSES_ROOT\WECAPI5.FpwAccessSetup
HKEY_CLASSES_ROOT\WECAPI5.WebExtenderClient
HKEY_CLASSES_ROOT\WECAPI5.WebExtenderClient.3
    
    
Use regedit.exe to locate these on Microsoft systems.