| Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present |
15 October 2010
CLSID Shit List Update 6
A sends:
"The best way to protect a personal computer is to have the internet disconnected, and only connect to the internet when you desire going online."
32 Bit NETw5x32 WiFi Service
HKLM\SYSTEM\CurrentControlSet\Services\NETw5x32
Pc1news claims the NETw5x32.sys file may be a virus.
NO evidence to back that up. The NETw5x32 service
is safe to bleach.
OInfoP12 [Runs with Interactive Users]
HKCR\AppID\{782A624F-C836-4135-B845-D45174463039}
HKEY_CLASSES_ROOT\AppID\oinfop12.exe
Pc1news labels oinfop12.exe an WYSIWYG HTML editor,
while others report it trojan. It is not a trojan.
It's part of the Expression Studio suite from
Microsoft, which can be used by third-party
developers. This is safe to bleach.
Vulnerable Volume Cache
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\VolumeCaches\Internet Cache Files
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\VolumeCaches\Remote Desktop Cache Files
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\VolumeCaches\WebClient and WebPublisher Cache
Backdoor.Hupigon.GEN Rootkit injects itself into
Internet Explorer causing IE to hide itself. Also
logs keystrokes and allows remote access to the
compromised system, typically through port 8000.
HKEY_CLASSES_ROOT\smtp
{8D2595E0-07C3-11D3-B8AF-00105A19CDC6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\
MUILanguages\RCV2\esent.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\
MUILanguages\RCV2\esent97.dll
HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\
RCV2\esent.dll
HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\
RCV2\esent97.dll
HKLM\SYSTEM\ControlSet001\Control\Keyboard Layouts
HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layouts
[Despite MUI language, esent.dlls are safe to bleach!]
Microsoft SQL Server *Virtual Device* Interface
HKCR\CLSID\{b5e7a132-a7bd-11d1-84c2-00c04fc21759}
Virtual devices can be used for RemoteApps, even
Remote Desktop. This virtual service is not needed.
"Complete desktop environments can run in virtual machines
on datacenter servers and can be accessed by end users from
any PC or thin client on the corporate network. This
solution provides IT with centralized control over desktop
computing resources and their data as well as the ability
to consolidate virtual machines and optimize resource
utilization across the datacenter."
WARNING ; Not all SQL CLSIDs pose security threats!
Digital Protection is a rogue Antispyware, it cloaks
itself as Antivirus software. It is a wolf in sheep's
clothing. It conducts a fake scan of your system.
HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Digital Protection
Chinese/UK Funshion Spyware
C:\Program Files\Funshion Online\ DELETE ALL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Funshion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Funshion Task
Bleach ClientMan. ClientMan changes browser settings,
shows commercial adverts, connects itself to the internet,
hides from the user and stays resident in the background.
HKCR\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKCR\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKCR\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKCR\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKCR\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKCR\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKCR\clsid\{f76fda04-87fa-4717-91f6-4bb5be9fd2bb}
HKCR\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}
HKEY_CURRENT_USER\software\climan
HKEY_CURRENT_USER\software\ipend
HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\runclientman1
HKLM\bjects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKLM\bjects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKLM\bjects\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKLM\bjects\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKLM\bjects\{a097840a-61f8-4b89-8693-f68f641cc838}
HKLM\software\microsoft\windows\currentversion\runclientman
HKLM\software\microsoft\windows\currentversion\runclientman1
Electronic CRM concerns all forms of managing
relationships with customers making use of
Information Technology. Two formats to share.
HKEY_CLASSES_ROOT\.bcmr
HKEY_CLASSES_ROOT\.bcmx
RDN Security Breach
HKEY_CLASSES_ROOT\RstrCC.RstrProgress
{bf404da2-7d3b-11d3-b9e5-00c04f79e399}
HKCR\CLSID\{bf404da2-7d3b-11d3-b9e5-00c04f79e399}
HKLM\SOFTWARE\Classes\RstrCC.RstrProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\UGatherer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\UGTHRSVC
HKLM\SYSTEM\ControlSet002\Services\UGatherer
HKLM\SYSTEM\ControlSet002\Services\UGTHRSVC
HKLM\SYSTEM\ControlSet001\Services\UGatherer
HKLM\SYSTEM\ControlSet001\Services\UGTHRSVC
Unknown [Safe to bleach]
HKEY_CLASSES_ROOT\PTxSCP.PTxContextMenu
HKEY_CLASSES_ROOT\PTxSCP.PTxGroup
HKEY_CLASSES_ROOT\PTxSCP.PTxShCombo
HKEY_CLASSES_ROOT\PTxSCP.PTxShFolderBrowseDlg
HKEY_CLASSES_ROOT\PTxSCP.PTxShLink
HKEY_CLASSES_ROOT\PTxSCP.PTxShList
HKEY_CLASSES_ROOT\PTxSCP.PTxShOpenSaveDlg
HKEY_CLASSES_ROOT\PTxSCP.PTxShTree
HKEY_CLASSES_ROOT\PTxSCP.PTxShUtils
The CLSID shit lists were created to help others
learn to better protect their computers. As well,
guides to stealth vulnerable ports and to identify
malware / spyware and default threats buried inside
the massive grave known as registry. Also to update
past mistakes, so others can avoid from fucking up.
The best way to protect a personal computer is to
have the internet disconnected, and only connect to
the internet when you desire going online.
Recent CLSID shit lists :
http://cryptome.org/0002/clsid-list-05.htm
http://cryptome.org/0001/clsid-list-04.htm
http://cryptome.org/0001/clsid-list-03.htm
http://cryptome.org/0001/clsid-list-02.htm
http://cryptome.org/0001/clsid-list-01.htm
http://cryptome.org/isp-spy/ms-analysis.htm
http://cryptome.org/0001/vista-clsids.htm