Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present

Natsios Young Architects

19 June 2010

A sends: 

Click Start, Run, then copy/paste the following into the Run box and click OK
  
ComboFix /u
  
IF this restores any of the registry, you are not bleaching, only pressing delete.
  
 To bleach a path, right click Permissions, then click Advanced, clear all SIDs out of the
permission box. After that is done, press OK, and the CLSID should be wiped clean without
any permissions leftover. Then right click the delete button, it will popup with an error.
That error confirms a true bleach of the CLSID, now let a hacker try getting those back!
  
Here are the first three CLSID Shit Lists, including VISTA and Microsoft Analysis CLSIDs!
  
http://cryptome.org/0001/clsid-list-01.htm
  
http://cryptome.org/0001/clsid-list-02.htm
  
http://cryptome.org/0001/clsid-list-03.htm
  
http://cryptome.org/0001/vista-clsids.htm
  
http://cryptome.org/isp-spy/ms-analysis.htm
  
  
CLSID Shit List 4
  
HxSession Class
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
HKEY_CLASSES_ROOT\CLSID\{31411198-a502-11d2-bbca-00c04f8ec294}
  
HxProtocol Class
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
HKEY_CLASSES_ROOT\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}
  
HxRegistryWalker Class
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
HKEY_CLASSES_ROOT\CLSID\{314111f0-a502-11d2-bbca-00c04f8ec294}
  
HxParseDisplayName Class
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
HKEY_CLASSES_ROOT\CLSID\{314111f7-a502-11d2-bbca-00c04f8ec294}
  
HxRegisterSession Class
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
HKEY_CLASSES_ROOT\CLSID\{31411219-a502-11d2-bbca-00c04f8ec294}
  
HxRegisterProtocol Class
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
HKEY_CLASSES_ROOT\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}
  
  
Trojan-Dropper.Agent
  
PPServerClass Class
HKEY_CLASSES_ROOT\CLSID\{23D1AE30-8023-11D3-8D47-00C04F949D33}
  
HKEY_CLASSES_ROOT\ppDSApp.ppDSApp
HKEY_CLASSES_ROOT\ppDSApp.ppDSApp.1
HKEY_CLASSES_ROOT\ppDSClip.ppDSClip
HKEY_CLASSES_ROOT\ppDSClip.ppDSClip.1
HKEY_CLASSES_ROOT\ppDSDetl.ppDSDetl
HKEY_CLASSES_ROOT\ppDSDetl.ppDSDetl.1
HKEY_CLASSES_ROOT\ppDShowNet.ppDShowNet
HKEY_CLASSES_ROOT\ppDShowPlay.ppDShowPlay
HKEY_CLASSES_ROOT\ppDSMeta.ppDSMeta
HKEY_CLASSES_ROOT\ppDSMeta.ppDSMeta.1
HKEY_CLASSES_ROOT\ppDSView.ppDSView
HKEY_CLASSES_ROOT\ppDSView.ppDSView.1
  
HKEY_CLASSES_ROOT\PPServer.PPServerClass
{23D1AE30-8023-11D3-8D47-00C04F949D33}
  
HKEY_CLASSES_ROOT\PPServer.PPServerClass.1
{23D1AE30-8023-11D3-8D47-00C04F949D33}
  
Offline Files Menu
HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}
  
Temporary Offline Files Cleaner
HKEY_CLASSES_ROOT\CLSID\{750fdf0f-2a26-11d1-a3ea-080036587f03}
  
Offline Files Synchronization Handler
HKEY_CLASSES_ROOT\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}
  
  
Trojan-Spy.KeyLogger!sd5 >>
  
HKEY_CLASSES_ROOT\.wk4
HKEY_CLASSES_ROOT\.xevgenxml
  
SpnMdrWrdBrk Class
HKEY_CLASSES_ROOT\CLSID\{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}
  
ItlItlWrdBrk Class
HKEY_CLASSES_ROOT\CLSID\{91870674-DE84-4313-B07D-A387415BB4F5}
  
HKEY_CLASSES_ROOT\ItlItlWrdBrk.ItlItlWrdBrk
HKEY_CLASSES_ROOT\ItlItlWrdBrk.ItlItlWrdBrk.1
{91870674-DE84-4313-B07D-A387415BB4F5}
  
HKEY_CLASSES_ROOT\SpnMdrWrdBrk.SpnMdrWrdBrk
HKEY_CLASSES_ROOT\SpnMdrWrdBrk.SpnMdrWrdBrk.1
{1F7E6C6D-C3F8-4c80-8D77-C4825ABBE5CF}
  
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ItlItlWrdBrk.ItlItlWrdBrk
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpnMdrWrdBrk.SpnMdrWrdBrk
  
  
HKEY_CLASSES_ROOT\MTxAddIn.RegRefresh
HKEY_CLASSES_ROOT\MTxAddIn.RegRefresh.1
HKEY_CLASSES_ROOT\MTxAddIn2.RegRefresh
HKEY_CLASSES_ROOT\MTxAddIn2.RegRefresh.1
HKEY_CLASSES_ROOT\MTxAS.AppServer.1
HKEY_CLASSES_ROOT\MTxSpm.SharedPropertyGroupManager
HKEY_CLASSES_ROOT\MTxSpm.SharedPropertyGroupManager.1
  
  
 Windows SharePoint Services (WSS) is a free add-on to Microsoft Windows Server 
2003 and 2008 providing a fully functional web portal with the following features ;
  
• Content Management system
• Collaboration tools
• Shared calendars and contact lists
• Alerts (including e-mail alerts)
• Discussion boards
• Blogs and Wikis
• Document Management providing a central repository for shared doccuments
• Web-based collaboration, collaborative editing of shared documents, and document 
  workspaces
• Content Publishing including publishing workflows
• Access control and revision control for documents in a library 
• Browser-based management and administration.
• Help desk and bug tracking
• Room and Equipment Reservations
• Physical Asset Tracking
• Sales Pipeline
• Customizable web pages using dashboards, web parts, and navigatioon tools
• Network load balancing and web farm support
• Firewall and DMZ support
  
SharePoint Export Database Launcher
HKEY_CLASSES_ROOT\CLSID\{62B4D041-4667-40B6-BB50-4BC0A5043A73}
  
SharePoint OpenDocuments Class
HKEY_CLASSES_ROOT\CLSID\{9203C2CB-1DC1-482D-967E-597AFF270F0D}
  
HKEY_CLASSES_ROOT\SharePoint.ExportDatabase
  
HKEY_CLASSES_ROOT\SharePoint.OpenDocuments
HKEY_CLASSES_ROOT\SharePoint.OpenDocuments.1
HKEY_CLASSES_ROOT\SharePoint.OpenDocuments.2
HKEY_CLASSES_ROOT\SharePoint.OpenDocuments.3
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F}
  
HKEY_CLASSES_ROOT\SharePoint.SpreadsheetLauncher
HKEY_CLASSES_ROOT\SharePoint.SpreadsheetLauncher.1
HKEY_CLASSES_ROOT\SharePoint.SpreadsheetLauncher.2
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}
  
HKEY_CLASSES_ROOT\SharePoint.StssyncHandler
HKEY_CLASSES_ROOT\SharePoint.StssyncHandler.2
HKEY_CLASSES_ROOT\SharePoint.StssyncHandler.3
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F}
  
  
HKEY_CLASSES_ROOT\com.sun.star.ServiceManager
HKEY_CLASSES_ROOT\com.sun.star.ServiceManager.1
  
  
HKEY_CLASSES_ROOT\SoftwareDistribution.MicrosoftUpdateWebControl
HKEY_CLASSES_ROOT\SoftwareDistribution.MicrosoftUpdateWebControl.1
  
  
HKEY_CLASSES_ROOT\DBROWPRX.AsProxy
{ef636392-f343-11d0-9477-00c04fd36226}
  
HKEY_CLASSES_ROOT\DBROWPRX.AsProxy.1
{ef636392-f343-11d0-9477-00c04fd36226}
  
HKEY_CLASSES_ROOT\DBROWPRX.AsServer
{ef636393-f343-11d0-9477-00c04fd36226}
  
HKEY_CLASSES_ROOT\DBROWPRX.AsServer.1
{ef636393-f343-11d0-9477-00c04fd36226}
  
HKEY_CLASSES_ROOT\DBRSTPRX.AsProxy
{ef636390-f343-11d0-9477-00c04fd36226}
  
HKEY_CLASSES_ROOT\DBRSTPRX.AsProxy.1
{ef636390-f343-11d0-9477-00c04fd36226}
  
HKEY_CLASSES_ROOT\DBRSTPRX.AsServer
{ef636391-f343-11d0-9477-00c04fd36226}
  
HKEY_CLASSES_ROOT\DBRSTPRX.AsServer.1
{ef636391-f343-11d0-9477-00c04fd36226}
  
  
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\   << Bluetooth .exe files
  
  
COMEXPS for NASA mapping >>
  
HKEY_CLASSES_ROOT\COMEXPS.CCOMNSScopeImpl    [call]
HKEY_CLASSES_ROOT\COMEXPS.CCOMNSScopeImpl.1  [call]
{99847C33-B1B4-11D1-8F10-00C04FC2C17B}
  
HKEY_CLASSES_ROOT\COMEXPS.CTrkEvntListener   [listen]
HKEY_CLASSES_ROOT\COMEXPS.CTrkEvntListener.1 [listen]
{2C3E140B-7A0D-42d1-B2AA-D343500A90CF}
  
http:// map. nasa. gov /MITgcm_f90toHTML/html_code/src/fizhi_lwrad.F.html#COMEXPS
http:// map. nasa. gov /MITgcm_f90toHTML/call_to/COMEXPS.html
  
  
Another hack from SID S-1-5-21
  
IWTSListenerCallback
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1230203-D6A7-11D8-B9FD-000BDBD1F198}
  
IWTSVirtualChannelCallback
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1230204-D6A7-11D8-B9FD-000BDBD1F198}
  
IWTSVirtualChannelManager
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1230205-D6A7-11D8-B9FD-000BDBD1F198}
  
IWTSVirtualChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1230207-D6A7-11D8-B9FD-000BDBD1F198}
  
  
Check this path for a hacked SID, it is a common target, but never ever bleach or 
delete this!
  
Careful! >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost