Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present

Natsios Young Architects


15 October 2010


CLSID Shit List Update 6

A sends:

"The best way to protect a personal computer is to have the internet disconnected, and only connect to the internet when you desire going online."


32 Bit NETw5x32 WiFi Service

HKLM\SYSTEM\CurrentControlSet\Services\NETw5x32

Pc1news claims the NETw5x32.sys file may be a virus.

 NO evidence to back that up. The NETw5x32 service
is safe to bleach.


OInfoP12 [Runs with Interactive Users]

HKCR\AppID\{782A624F-C836-4135-B845-D45174463039}

HKEY_CLASSES_ROOT\AppID\oinfop12.exe

 Pc1news labels oinfop12.exe an WYSIWYG HTML editor,
while others report it trojan. It is not a trojan.

 It's part of the Expression Studio suite from
Microsoft, which can be used by third-party
developers. This is safe to bleach.


Vulnerable Volume Cache

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\VolumeCaches\Internet Cache Files

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\VolumeCaches\Remote Desktop Cache Files

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\VolumeCaches\WebClient and WebPublisher Cache


 Backdoor.Hupigon.GEN Rootkit injects itself into
Internet Explorer causing IE to hide itself. Also
logs keystrokes and allows remote access to the
compromised system, typically through port 8000.

HKEY_CLASSES_ROOT\smtp
{8D2595E0-07C3-11D3-B8AF-00105A19CDC6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\
MUILanguages\RCV2\esent.dll

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\
MUILanguages\RCV2\esent97.dll

HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\
RCV2\esent.dll

HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\
RCV2\esent97.dll

HKLM\SYSTEM\ControlSet001\Control\Keyboard Layouts

HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layouts

[Despite MUI language, esent.dlls are safe to bleach!]


Microsoft SQL Server *Virtual Device* Interface

HKCR\CLSID\{b5e7a132-a7bd-11d1-84c2-00c04fc21759}

 Virtual devices can be used for RemoteApps, even
Remote Desktop. This virtual service is not needed.

 "Complete desktop environments can run in virtual machines
on datacenter servers and can be accessed by end users from
any PC or thin client on the corporate network. This
solution provides IT with centralized control over desktop
computing resources and their data as well as the ability
to consolidate virtual machines and optimize resource
utilization across the datacenter."

WARNING ; Not all SQL CLSIDs pose security threats!


 Digital Protection is a rogue Antispyware, it cloaks
itself as Antivirus software. It is a wolf in sheep's
clothing. It conducts a fake scan of your system.

HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Digital Protection


Chinese/UK Funshion Spyware

C:\Program Files\Funshion Online\ DELETE ALL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Funshion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Funshion Task


 Bleach ClientMan. ClientMan changes browser settings,
shows commercial adverts, connects itself to the internet,
hides from the user and stays resident in the background.

HKCR\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKCR\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKCR\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKCR\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKCR\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKCR\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKCR\clsid\{f76fda04-87fa-4717-91f6-4bb5be9fd2bb}
HKCR\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_CURRENT_USER\software\climan
HKEY_CURRENT_USER\software\ipend
HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\runclientman1

HKLM\bjects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKLM\bjects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKLM\bjects\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKLM\bjects\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKLM\bjects\{a097840a-61f8-4b89-8693-f68f641cc838}
HKLM\software\microsoft\windows\currentversion\runclientman
HKLM\software\microsoft\windows\currentversion\runclientman1


 Electronic CRM concerns all forms of managing
relationships with customers making use of
Information Technology. Two formats to share.

HKEY_CLASSES_ROOT\.bcmr

HKEY_CLASSES_ROOT\.bcmx


RDN Security Breach

HKEY_CLASSES_ROOT\RstrCC.RstrProgress
{bf404da2-7d3b-11d3-b9e5-00c04f79e399}

HKCR\CLSID\{bf404da2-7d3b-11d3-b9e5-00c04f79e399}

HKLM\SOFTWARE\Classes\RstrCC.RstrProgress

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\UGatherer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\UGTHRSVC

HKLM\SYSTEM\ControlSet002\Services\UGatherer
HKLM\SYSTEM\ControlSet002\Services\UGTHRSVC
HKLM\SYSTEM\ControlSet001\Services\UGatherer
HKLM\SYSTEM\ControlSet001\Services\UGTHRSVC


Unknown [Safe to bleach]

HKEY_CLASSES_ROOT\PTxSCP.PTxContextMenu
HKEY_CLASSES_ROOT\PTxSCP.PTxGroup
HKEY_CLASSES_ROOT\PTxSCP.PTxShCombo
HKEY_CLASSES_ROOT\PTxSCP.PTxShFolderBrowseDlg
HKEY_CLASSES_ROOT\PTxSCP.PTxShLink
HKEY_CLASSES_ROOT\PTxSCP.PTxShList
HKEY_CLASSES_ROOT\PTxSCP.PTxShOpenSaveDlg
HKEY_CLASSES_ROOT\PTxSCP.PTxShTree
HKEY_CLASSES_ROOT\PTxSCP.PTxShUtils


 The CLSID shit lists were created to help others
learn to better protect their computers. As well,
guides to stealth vulnerable ports and to identify
malware / spyware and default threats buried inside
the massive grave known as registry. Also to update
past mistakes, so others can avoid from fucking up.

 The best way to protect a personal computer is to
have the internet disconnected, and only connect to
the internet when you desire going online.

Recent CLSID shit lists :

http://cryptome.org/0002/clsid-list-05.htm
http://cryptome.org/0001/clsid-list-04.htm http://cryptome.org/0001/clsid-list-03.htm http://cryptome.org/0001/clsid-list-02.htm http://cryptome.org/0001/clsid-list-01.htm http://cryptome.org/isp-spy/ms-analysis.htm http://cryptome.org/0001/vista-clsids.htm