« Freedom Watch | Main | Obama / Taliban CIA Columbia University Cover Up - Is this video a SCAM... a trick... or a joke? »

CLSID Shit Lists

20 February 2010


A sends:

CLSID Shit List (#1)

HKEY_CLASSES_ROOT\Neptune.JustWorks.AutoDiscovery
HKEY_CLASSES_ROOT\Neptune.JustWorks.AutoDiscovery.1
HKEY_CLASSES_ROOT\RDCHost.RemoteDesktopClientHost

HKEY_CLASSES_ROOT\RDCHost.RemoteDesktopClientHost.1
HKEY_CLASSES_ROOT\RDS.DataControl
HKEY_CLASSES_ROOT\RDS.DataSpace
HKEY_CLASSES_ROOT\RDSHost.SAFRemoteDesktopServerHost
HKEY_CLASSES_ROOT\RDSHost.SAFRemoteDesktopServerHost.1

HKEY_CLASSES_ROOT\RDSServer.DataFactory
HKEY_CLASSES_ROOT\RDSServer.DataFactory.2.81


Remote Desktop Connection (.RDP Format)
HKEY_CLASSES_ROOT\.RDP
HKEY_CLASSES_ROOT\RDP.File


S-1-5-21-1123561945-2111687655-839522115-1003 Hacked >>


HKEY_CLASSES_ROOT\MsRDP.MsRDP
HKEY_CLASSES_ROOT\MsRDP.MsRDP.2
HKEY_CLASSES_ROOT\MsRDP.MsRDP.3
HKEY_CLASSES_ROOT\MsRDP.MsRDP.4
HKEY_CLASSES_ROOT\MsRDP.MsRDP.5
HKEY_CLASSES_ROOT\MsRDP.MsRDP.6
AND

HKEY_CLASSES_ROOT\MsTscAx.MsTscAx
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.1
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.2
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.3
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.4
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.5

HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.6
HKEY_CLASSES_ROOT\MsTscAx.MsTscAx.7


Factoid Malware
HKEY_CLASSES_ROOT\CLSID\{64AB6C69-B40E-40AF-9B7F-F5687B48E2B6}
HKEY_CLASSES_ROOT\MOFL.Factoid
HKEY_CLASSES_ROOT\MOFL.Factoid.2 INVEST



MMC Plugable Internet Protocol
HKEY_CLASSES_ROOT\CLSID\{3C5F432A-EF40-4669-9974-9671D4FC2E12}
HKEY_CLASSES_ROOT\NODEMGR.AppEventsDHTMLConnector
HKEY_CLASSES_ROOT\NODEMGR.ComCacheCleanup
HKEY_CLASSES_ROOT\NODEMGR.MMCDocConfig

HKEY_CLASSES_ROOT\NODEMGR.MMCProtocol
HKEY_CLASSES_ROOT\NODEMGR.MMCVersionInfo
HKEY_CLASSES_ROOT\NODEMGR.MMCViewExt
HKEY_CLASSES_ROOT\NODEMGR.NodeInitObject
HKEY_CLASSES_ROOT\NODEMGR.ScopeTreeObject



Hidden Microsoft Remote Assistance
HKEY_CLASSES_ROOT\RACplDlg.RAEventLog
HKEY_CLASSES_ROOT\RACplDlg.RARegSetting
HKEY_CLASSES_ROOT\RACplDlg.RASettingProperty
HKEY_CLASSES_ROOT\TypeLib\{5190C4AF-AB0F-4235-B12F-D5A8FA3F854B}\1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D317113-C6EC-406A-9C61-20E891BC37F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fadcfea-0971-4575-a368-a2de9d2ed07d}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70FF37C0-F39A-4B26-AE5E-638EF296D490}

HKEY_CLASSES_ROOT\RcBdyCtl.Connection
HKEY_CLASSES_ROOT\RcBdyCtl.Display
HKEY_CLASSES_ROOT\RcBdyCtl.IMSession
HKEY_CLASSES_ROOT\Rcbdyctl.Setting
HKEY_CLASSES_ROOT\Rcbdyctl.smapi


HKEY_CLASSES_ROOT\ReplAgent.90.Distribution

HKEY_CLASSES_ROOT\ReplAgent.90.Merge
HKEY_CLASSES_ROOT\ReplAgent.90.RemoteDistribution
HKEY_CLASSES_ROOT\ReplAgent.90.RemoteMerge
HKEY_CLASSES_ROOT\ReplAgent.RemoteDistribution.2
HKEY_CLASSES_ROOT\ReplAgent.RemoteMerge.2



Unknown Trojan
HKEY_CLASSES_ROOT\WECAPI2.FpFile
HKEY_CLASSES_ROOT\WECAPI2.FpFolder
HKEY_CLASSES_ROOT\WECAPI2.FpMetaInfo
HKEY_CLASSES_ROOT\WECAPI2.WebExtenderClient
HKEY_CLASSES_ROOT\WECAPI2.WebExtenderClient.1

HKEY_CLASSES_ROOT\WECAPI5.FpFile
HKEY_CLASSES_ROOT\WECAPI5.FpFolder
HKEY_CLASSES_ROOT\WECAPI5.FpMetaInfo
HKEY_CLASSES_ROOT\WECAPI5.FpwAccessSetup
HKEY_CLASSES_ROOT\WECAPI5.WebExtenderClient
HKEY_CLASSES_ROOT\WECAPI5.WebExtenderClient.3



Use regedit.exe to locate these on Microsoft systems.
___

20 February 2010

CLSID Shit List (#1) https://cryptome.org/0001/clsid-list-01.htm


A sends:

CLSID Shit List (#2)


Built-in Copyright Protection
HKEY_CLASSES_ROOT\DRM.GetLicense
HKEY_CLASSES_ROOT\DRM.GetLicense.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DRM.GetLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DRM.GetLicense.1


Export .reg copy before erasing, in case WMP problem. If problem occurs you can recover it.

HKEY_CLASSES_ROOT\Software\Microsoft\Multimedia\Components\Installed\DRM_DRM


Junk
HKEY_CLASSES_ROOT\MsScp.MSSCP

HKEY_CLASSES_ROOT\MsScp.SCPTRANS


Trojan.Agent.KQ
HKEY_CLASSES_ROOT\MTxAddIn.RegRefresh
HKEY_CLASSES_ROOT\MTxAddIn2.RegRefresh
HKEY_CLASSES_ROOT\MTxAS.AppServer.1
HKEY_CLASSES_ROOT\MTxSpm.SharedPropertyGroupManager

HKEY_CLASSES_ROOT\CLSID\{1CB0A015-1676-11D0-825B-00A0C90395DF}
HKEY_CLASSES_ROOT\CLSID\{29729D01-CFE6-11D0-BE1D-0060977B4789}
HKEY_CLASSES_ROOT\Interface\{1CB0A011-1676-11D0-825B-00A0C90395DF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTxAddIn.RegRefresh

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTxAddIn2.RegRefresh
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTxAS.AppServer.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTxSpm.SharedPropertyGroupManager
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1CB0A010-1676-11D0-825B-00A0C90395DF}



S-1-5-21-1123561945-2111687655-839522115-1003 Hacked >>

HKEY_CLASSES_ROOT\MMC.ExecutivePlatform
HKEY_CLASSES_ROOT\MMC.IconControl
HKEY_CLASSES_ROOT\MMC.SnapInFailureReporter
HKEY_CLASSES_ROOT\MMC.WaitDialog

HKEY_CLASSES_ROOT\MMC20.Application
HKEY_CLASSES_ROOT\MMCTask.MMCTask

MMC Console Format
HKEY_CLASSES_ROOT\.msc


With the growth in home networking driven by the growth of broadband
delivery to home environments an opportunity exists for a network-based

service assurance and configuration platform for multiple PC households
In the future we would expect this to include smart appliances,
digital TV, Web tablets, etc. The configuration requirements become
increasingly complex as broadband home network users start to appreciate

the power of their connectivity and want to configure additional services
such as remote corporate network access (VPN), personal Web server hosting,
MP3-file sharing, and multi-player (on-line) gaming. In this paper we

describe the motivation for this work, the requirements for providing a
network-based home network management solution and then outline a potential
solution architecture. This small framework could access other wifi networks

around, like a remote computer, digital television, cell phones, Ipods, etc.

- 2002 IEEE 4th International Workshop on Digital Object Identifier

Original Filename: HNETCFG.DLL
{AE1E00AA-3FD5-403C-8A27-2BBDC30CD0E1}

{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}
{43E734CA-043D-4A70-9A2C-A8F254063D91}
{58FBCF7C-E7A9-467C-80B3-FC65E8FCCA08}

Shared Access Connection Manager Connection Enumerator Class
HKEY_CLASSES_ROOT\CLSID\{BA126AE1-2166-11D1-B1D0-00805FC1270E}


Shared Access Connection Class
HKEY_CLASSES_ROOT\CLSID\{BA126AE2-2166-11D1-B1D0-00805FC1270E}

Shared Access Connection Manager Class
HKEY_CLASSES_ROOT\CLSID\{BA126AE0-2166-11D1-B1D0-00805FC1270E}


Home Networking Connections Ultility Class
{BA126AE3-2166-11D1-B1D0-00805FC1270E}

Home Networking Configuration Manager
{46C166AA-3108-11D4-9348-00C04F8EEB71}

Home Networking Sharing Configuration Manager

{5C63C1AD-3956-4FF8-8486-40034758315B}

HNetCfg.FwOpenPort
{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}

HNetCfg.FwMgr
{304CE942-6E39-40D8-943A-B913C40C9CD4}

HNetCfg.FwAuthorizedApplication
{EC9846B3-2762-4A6B-A214-6ACB603462D2}


HNetCfg.FwAuthorizedApplication
{EC9846B3-2762-4A6B-A214-6ACB603462D2}

HNetCfg.HNetShare
{5C63C1AD-3956-4FF8-8486-40034758315B}


Microsoft Help Attribute Definition File
HKEY_CLASSES_ROOT\.hxa = MSHelp.hxa.2.5

HKEY_CLASSES_ROOT\.hxc = MSHelp.hxc.2.5
HKEY_CLASSES_ROOT\.hxd = MSHelp.hxd.2.5
HKEY_CLASSES_ROOT\.hxe = MSHelp.hxe.2.5
HKEY_CLASSES_ROOT\.hxf = MSHelp.hxf.2.5
HKEY_CLASSES_ROOT\.hxh = MSHelp.hxh.2.5
HKEY_CLASSES_ROOT\.hxi = MSHelp.hxi.2.5

HKEY_CLASSES_ROOT\.hxk = MSHelp.hxk.2.5
HKEY_CLASSES_ROOT\.hxq = MSHelp.hxq.2.5
HKEY_CLASSES_ROOT\.hxr = MSHelp.hxr.2.5
HKEY_CLASSES_ROOT\.hxs = MSHelp.hxs.2.5
HKEY_CLASSES_ROOT\.hxt = MSHelp.hxt.2.5
HKEY_CLASSES_ROOT\.hxv = MSHelp.hxv.2.5

HKEY_CLASSES_ROOT\.hxw = MSHelp.hxw.2.5
HKEY_CLASSES_ROOT\MSHelp.hxa.2.5
HKEY_CLASSES_ROOT\MSHelp.hxc.2.5
HKEY_CLASSES_ROOT\MSHelp.hxd.2.5
HKEY_CLASSES_ROOT\MSHelp.hxe.2.5
HKEY_CLASSES_ROOT\MSHelp.hxf.2.5

HKEY_CLASSES_ROOT\MSHelp.hxh.2.5
HKEY_CLASSES_ROOT\MSHelp.hxi.2.5
HKEY_CLASSES_ROOT\MSHelp.hxk.2.5
HKEY_CLASSES_ROOT\MSHelp.hxq.2.5
HKEY_CLASSES_ROOT\MSHelp.hxr.2.5
HKEY_CLASSES_ROOT\MSHelp.hxs.2.5
HKEY_CLASSES_ROOT\MSHelp.hxt.2.5

HKEY_CLASSES_ROOT\MSHelp.hxv.2.5
HKEY_CLASSES_ROOT\MSHelp.hxw.2.5


Simple Mail Transfer Protocol (SMTP) is an Internet standard
for electronic mail (e-mail) transmission across Internet
Protocol (IP) networks. SMTP was first defined in RFC 821

(STD 15),[1] and last updated by RFC 5321 (2008)[2] which
includes the extended SMTP (ESMTP) additions, and is the
protocol in widespread use today. SMTP is specified for
outgoing mail transport and uses TCP port 25.


While electronic mail servers and other mail transfer agents
use SMTP to send and receive mail messages, user-level client
mail applications typically only use SMTP for sending messages
to a mail server for relaying. For receiving messages, client

applications usually use either the Post Office Protocol
(POP) or the Internet Message Access Protocol (IMAP) to
access their mail box accounts on a mail server.

SMTP OnArrival Script Host Sink Class
HKEY_CLASSES_ROOT\CLSID\{CD000005-8B95-11D1-82DB-00C04FB1625D}


SMTPConnector Class
HKEY_CLASSES_ROOT\CLSID\{CD000008-8B95-11D1-82DB-00C04FB1625D}
HKEY_CLASSES_ROOT\CDO.SMTPConnector
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CDO.SMTPConnector

SMTP OnArrival Sink
HKEY_CLASSES_ROOT\CDO.SS_SMTPOnArrivalSink

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CDO.SS_SMTPOnArrivalSink

Microsoft WBEM SMTP Event Consumer Provider
HKEY_CLASSES_ROOT\CLSID\{C7A3A54B-0250-11D3-9CD1-00105A1F4801}

CLSID_ISMTPTransport
HKEY_CLASSES_ROOT\CLSID\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}


ISMTPOnArrival
HKEY_CLASSES_ROOT\Interface\{CD000026-8B95-11D1-82DB-00C04FB1625D}

ISMTPScriptConnector
HKEY_CLASSES_ROOT\Interface\{CD000030-8B95-11D1-82DB-00C04FB1625D}


UGather Spy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UGatherer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UGTHRSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UGatherer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UGTHRSVC

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC


Remote Assistance [Remote Desktop Help Session Manager]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDSessMgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDSessMgr


ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
Matches all ICMP packets between this computer and any other computer.


ipsecNFA{127fac49-e5c7-43d4-a909-8d29c00918b0}
ipsecNFA{36533ca7-f257-44d3-9b98-430ad6a6a651}
Permit unsecure ICMP packets to pass through.

ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}

Accepts unsecured communication, but requests clients to establish trust
and security methods. Will communicate insecurely to untrusted clients if
they do not respond to request.

ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}

Permit unsecured IP packets to pass through.


Use regedit.exe to locate these on Microsoft systems.
___

21 February 2010

Previous

clsid-list-02.htm   CLSID Shit List No. 2              February 20, 2010
clsid-list-01.htm CLSID Shit List No. 1 February 20, 2010



A sends:

CLSID Shit List (#3)

Bluetooth Devices - "btw_ci.dll"
{95C7A0A0-3094-11D7-A202-00508B9D7D5A}

Bluetooth Radio - "dthci.dll"
{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}


Bluetooth Bus Enumerator
[same CLSID as btw_ci.dll]

Bluetooth Service - "btwdins"
{8ECC055D-047F-11D1-A537-0000F8753ED1}

Bluetooth Installation dll - btins.dll
MD5 SIGNATURE: 5890B075623E93D4195D3FFCE341DE49


WIDCOMM, Bluetooth - btneighborhood.dll
MD5 SIGNATURE: 76fc863b8231c8ee60648d23a224d6dd
MD5 SIGNATURE: 7f253fdae76ef21c8d8dedcbc046e9e1
MD5 SIGNATURE: 20c4a9e2ece8e90208167544f1e3f8a3
MD5 SIGNATURE: e50a7a4e6ff2b397e2246f8722e2c9d8

MD5 SIGNATURE: bba9df444e92740dea4ef0851e8e5abb

Bluetooth Software Location
HKEY_CURRENT_USER\Software\Widcomm

Bluetooth Software - btstackserver.exe
C:\Program Files\WIDCOMM\Bluetooth Software\


WIDCOMM, Bluetooth - btneighborhood.tlb
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls

WIDCOMM, Bluetooth - btsendto_explorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls


WIDCOMM controls the bluetooth services, so to bleach that alone
could disable bluetooth. However I recommend you wipe bluetooth out
completely by going after the install .dll(s). This is a full list
of bluetooth dll(s) : btw_ci.dll

bthci.dll
btins.dll
btwdins
btkrnl.dll
dthci.dll


Collection of all the available BDA tuning models and spaces


BDATuner.AnalogTVTuningSpace
{8A674B4D-1F63-11D3-B64C-00C04F79498E}
{2A6E293B-2595-11D3-B64C-00C04F79498E}
{39DD45DA-2DA8-46BA-8A8A-87E2B73D983A}
{8A674B4D-1F63-11D3-B64C-00C04F79498E}

Legacy Analog TV Tuner Device Segment

{1C15D484-911D-11D2-B632-00C04F79498E}
{2A6E293C-2595-11D3-B64C-00C04F79498E}

BDATuner.ATSCChannelTuneRequest
{0369B4E6-45B6-11D3-B650-00C04F79498E}

BDATuner.ATSCLocator
{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}


BDATuner.ATSCTuningSpace
{A2E30750-6C3D-11D3-B653-00C04F79498E}

BDATuner.AnalogRadioTuningSpace
{8A674B4C-1F63-11D3-B64C-00C04F79498E}

BDATuner.Auxilary.InTuningSpace
{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}


BDA Data Services Feature Segment
{334125C0-77E5-11D3-B653-00C04F79498E}

MSVidCtl Analog TV Control
{28953661-0231-41DB-8986-21FF4388EE9B}
{3540D440-5B1D-49CB-821A-E84B8CF065A7}
{847B4DF5-4B61-11D2-9BDB-204C4F4F5020}

{8E718888-423F-11D2-876E-00A0C9082467}
{8A674B4C-1F63-11D3-B64C-00C04F79498E}
{8A674B4D-1F63-11D3-B64C-00C04F79498E}
{9F50E8B1-9530-4DDC-825E-1AF81D47AED6}

Radio / Analog Data Server Control
{334125C0-77E5-11D3-B653-00C04F79498E}

{8E71888A-423F-11D2-876E-00A0C9082467}
{8E718889-423F-11D2-876E-00A0C9082467}
{9C2263A0-3E3C-11D2-9BD3-204C4F4F5020}
{ABE40035-27C3-4A2F-8153-6624471608AF}
{C5702CD6-9B79-11D3-B654-00C04F79498E}
{E18AF75A-08AF-11D3-B64A-00C04F79498E}


BDA Tuning Tuning Spaces
HKEY_CLASSES_ROOT\CLSID\{0B3FFB92-0919-4934-9D5B-619C719D0202}
HKEY_CLASSES_ROOT\CLSID\{D02AAC50-027E-11D3-9D8E-00C04F72D980}

BLEACH Local Analog Antennas >>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tuning Spaces



IAS.Accounting
{6BC096B8-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.AccountValidation
{6BC0989E-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.ADsDataStore
{6BC096C6-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.AuditChannel

{6BC0969D-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.AuthorizationHost
{6BC09899-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.BaseCampHost
{6BC09898-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.CClient
{6BC096DA-0CE6-11D1-BAAE-00C04FC2E20D}


IAS.InfoBase
{6BC096A0-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.NTEventLog
{6BC0969F-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.PolicyEnforcer
{6BC098A7-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.ProxyPolicyEnforcer

{6BC098A8-0CE6-11D1-BAAE-00C04FC2E20D}

IAS.RadiusProtocol
{6BC09894-0CE6-11D1-BAAE-00C04FC2E20D}

HKEY_CLASSES_ROOT\IAS.NetDataStore

HKEY_CLASSES_ROOT\IAS.NTGroups

HKEY_CLASSES_ROOT\IAS.NTSamAuthentication


HKEY_CLASSES_ROOT\IAS.NTSamNames

HKEY_CLASSES_ROOT\IAS.Request

HKEY_CLASSES_ROOT\IAS.TimeOfDay

HKEY_CLASSES_ROOT\IAS.URHandler


Third Party Dispatchers

ThirdPartyEapDispatcherAuthenticatorRuntime

HKEY_CLASSES_ROOT\AppID\{B0E28D63-52F6-4E30-992B-78ECF97268E9}

ThirdPartyEapDispatcherPeerConfig
HKEY_CLASSES_ROOT\AppID\{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}

ThirdPartyEapDispatcherPeerConfig
HKEY_CLASSES_ROOT\CLSID\{1F7D1BE9-7A50-40b6-A605-C4F3696F49C0}


ThirdPartyEapDispatcherPeerRuntime
HKEY_CLASSES_ROOT\CLSID\{87BB326B-E4A0-4de1-94F0-B9F41D0C6059}

ThirdPartyEapDispatcherAuthenticatorRuntime
HKEY_CLASSES_ROOT\CLSID\{B0E28D63-52F6-4e30-992B-78ECF97268E9}


IThirdPartyEapDispatcherPeerConfig
HKEY_CLASSES_ROOT\Interface\{32C5A81F-27C0-4E66-A894-786F646F1236}

IThirdPartyEapDispatcherAuthenticatorConfig
HKEY_CLASSES_ROOT\Interface\{7A3F55BF-EF47-40A6-A0AD-8023CC9ED4C7}


IThirdPartyEapDispatcherAuthenticatorRuntime
HKEY_CLASSES_ROOT\Interface\{9DAA7B9D-CE5B-42CE-B942-32BBC284AC44}

IThirdPartyEapDispatcherPeerRuntime
HKEY_CLASSES_ROOT\Interface\{C48CA462-67FB-4C12-A21A-6415460FA8AE}


ThirdPartyEapDispatcherAuthenticatorConfig
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1FF84C3B-1140-4EB6-BE38-4BE618D2E7D6}

ThirdPartyEapDispatcherAuthenticatorConfig
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FF84C3B-1140-4eb6-BE38-4BE618D2E7D6}



iPhone binary

HKEY_CLASSES_ROOT\.iii
HKEY_CLASSES_ROOT\iiifile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-iphone


Yahoo / Google binary

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}

C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
HKEY_CLASSES_ROOT\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}

C:\Program Files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll

HKEY_CLASSES_ROOT\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}

C:\Program Files\Yahoo!\Companion\Installs\cpn\YMERemote.dll
HKEY_CLASSES_ROOT\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}

HKEY_CLASSES_ROOT\Yahoo.AntiSpyPlugin

HKEY_CLASSES_ROOT\Yahoo.MessengerCompanionControl
HKEY_CLASSES_ROOT\YBrowserToolbar.YBrowserToolbar
HKEY_CLASSES_ROOT\yt.CacheLoader
HKEY_CLASSES_ROOT\yt.Clickstream
HKEY_CLASSES_ROOT\yt.YTHelper
HKEY_CLASSES_ROOT\yt.YToolbarBand

HKEY_CLASSES_ROOT\ytbbroker.YTBCustomizerAssistant
HKEY_CLASSES_ROOT\ytbbroker.YTBMessengerAssistant
HKEY_CLASSES_ROOT\YTBM.YTBMButton
HKEY_CLASSES_ROOT\YTNavAssist.NameSpaceCF
HKEY_CLASSES_ROOT\YTNavAssist.NameSpacePP

HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin
HKEY_CLASSES_ROOT\YTSingleInstance.SingleInstance
HKEY_CURRENT_USER\Software\Yahoo
HKEY_CURRENT_USER\Software\YahooPartnerToolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AntiSpyPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.MessengerCompanionControl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.CacheLoader
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.Clickstream

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YTHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YToolbarBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo

HKEY_LOCAL_MACHINE\SOFTWARE\Google


HKEY_CLASSES_ROOT\CDO.Configuration

HKEY_CLASSES_ROOT\CDO.DropDirectory

HKEY_CLASSES_ROOT\CDO.Message


HKEY_CLASSES_ROOT\CDO.NNTPEarlyConnector

HKEY_CLASSES_ROOT\CDO.NNTPFinalConnector

HKEY_CLASSES_ROOT\CDO.NNTPPostConnector

HKEY_CLASSES_ROOT\CDO.SMTPConnector

HKEY_CLASSES_ROOT\CDO.SS_NNTPOnPostEarlySink


HKEY_CLASSES_ROOT\CDO.SS_NNTPOnPostFinalSink

HKEY_CLASSES_ROOT\CDO.SS_NNTPOnPostSink


!!!!!!!!!!!!!!!!!!!

WARNING | SOME CLSIDs LISTED BELOW ARE NEEDED TO ACCESS EMAIL ACCOUNTS AND

FOR PURCHASING PRODUCTS ONLINE!

THESE SHOULD ONLY BE ERASED BY USERS WHO CARE TO MUCH ABOUT PRIVACY / SECURITY.


ControlSet001 NetBIOS Interface >>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\

Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\
{4CB914FE-BA82-482D-A8D2-76DBD283A86A}

ControlSet001 NetBIOS SMB Message-oriented ICP/IP >>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\
Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\

{65450A4E-B19B-4FDC-9AE1-B4D6441C929C}

ControlSet002 NetBIOS Interface >>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\
Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\
{4CB914FE-BA82-482D-A8D2-76DBD283A86A}


ControlSet002 NetBIOS SMB Message-oriented ICP/IP >>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\
Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\
{65450A4E-B19B-4FDC-9AE1-B4D6441C929C}

CCSet NetBIOS Interface >>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\
{4CB914FE-BA82-482D-A8D2-76DBD283A86A}

CCSet NetBIOS SMB Message-oriented ICP/IP >>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\

Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\
{65450A4E-B19B-4FDC-9AE1-B4D6441C929C}

How to check if your computer leaks Netbios info?
Go to https://member.dnsstuff.com/pages/tools.php


Scroll down until you see “Does your computer leak Netbios
info†, click “Find out!†This should be the result >>

.......WaitNbtQueryResponse( ) timeout.

The timeout normally indicates that Netbios is not

available on your computer, or you are using a Scope-ID,
or your Internet provider blocks Netbios packets.
All of these are good.


INTERNET EXPLORER THE INFO LEAKING WHORE

GO TO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs


AdvancedOptions\CRYPTO

CACHE_FLUSH
CACHE_PAGES
CERTREV
CHECK_SIG
SITECERT
SSL2.0
SSL3.0
SSLREV
SUBMIT
TLS1.0

AdvancedOptions\INTERNATIONAL

IDN
IDN_INFOBAR

IDN_INTRANET
IDN_SHOWPUNY
UTF8_MAILTO
UTF8_URL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AutoComplete

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Document Caching


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Image Caching


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\InformationCard Token Provider

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\P3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\PrintAppletsOnFEWin95

Microsoft Url History Service
{3C374A40-BAE4-11CF-BF7D-00AA006946EE}

IE AutoComplete
{3028902F-6374-48b2-8DC6-9725E775B926}


IE Microsoft History AutoComplete List
{6038EF75-ABFC-4e59-AB6F-12D397F6568D}

IE Microsoft Multiple AutoComplete List Container
{B31C5FAE-961F-415b-BAF0-E697A5178B94}

Windows Mail AutoDiscovery

HKEY_CLASSES_ROOT\CLSID\{008FD5DD-6DBB-48e3-991B-2D3ED658516A}

IMailAutoDiscovery
HKEY_CLASSES_ROOT\Interface\{80402DEE-B114-4D32-B44E-82FD8234C92A}

Microsoft Url History Service
HKEY_CLASSES_ROOT\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}


IE Windows Messenger Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}

IE P3 Microsoft Registration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\P3


IE URL Search Hooks
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

Intelli-Forms
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms

Client UrlCache MMF Ver 5.2


HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache


HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL3.0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\CERTREV
Check for publisher's certificate revocation*


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSLREV
Checks for server certificate revocation*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\CHECK_SIG

Check for signatures on downloaded programs*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SITECERT
Warn about certificate address mismatch*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SUBMIT

Warn if POST submittal is redirected to a zone that does not permit posts


WebCheck 4.0 runs on a secure web server using industry standard,
SSL technology. Data communication between the workstations

and the server listed below.

WebCheckWebCrawler
HKEY_CLASSES_ROOT\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}

WebCheck SyncMgr Handler
HKEY_CLASSES_ROOT\CLSID\{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}


WebCheck
HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}

WebCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Webcheck

C:\WINDOWS\system32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}



SCHANNEL SSL 2.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
SCHANNEL\Protocols\SSL 2.0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\
SCHANNEL\Protocols\SSL 2.0


SCHANNEL SSL 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
SCHANNEL\Protocols\SSL 3.0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\
SCHANNEL\Protocols\SSL 3.0


SCHANNEL TLS 1.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
SCHANNEL\Protocols\TLS 1.0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\
SCHANNEL\Protocols\TLS 1.0


SCHANNEL PKCS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
SCHANNEL\KeyExchangeAlgorithms\PKCS

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\
SCHANNEL\KeyExchangeAlgorithms\PKCS



SSL Certificate Formats

HKEY_CLASSES_ROOT\.crt

HKEY_CLASSES_ROOT\.der

HKEY_CLASSES_ROOT\.p10

HKEY_CLASSES_ROOT\.p12

HKEY_CLASSES_ROOT\.p7b

HKEY_CLASSES_ROOT\.p7c


HKEY_CLASSES_ROOT\.p7m

HKEY_CLASSES_ROOT\.p7r

HKEY_CLASSES_ROOT\.p7s

HKEY_CLASSES_ROOT\.pfx

HKEY_CLASSES_ROOT\.spc

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertificateAuthority.Config


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertificateAuthority.Config.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertificateAuthority.Request

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertificateAuthority.Request.1


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-pkcs12

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-pkcs7-certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-pkcs7-certreqresp


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-x509-ca-cert

NEVER MISTAKE SYSTEM CERTIFICATES FOR SSL CERTIFICATES!


!!!!!!!!!!!!!!!!!!!

WARNING, DO NOT ERASE CLSIDs BELOW UNLESS YOU RATHER NOT HAVE FTP


FTP Installer to handle FTP Associations
{1ABCFC13-2340-11d2-B601-006097DF5BD4}

FTP Folder Web View Automation
{210DA8A2-7445-11d1-91F7-006097DF5BD4}

FTP IDataObject impl
{299D0193-6DAA-11d2-B679-006097DF5BD4}


Microsoft FTP Folder
{63da6ec0-2e98-11cf-8d82-444553540000}

ftp: Asychronous Pluggable Protocol Handler
{79eac9e3-baf9-11ce-8c82-00aa004ba90b}

FTP Folder Web View Automation
{210DA8A2-7445-11d1-91F7-006097DF5BD4}


FTP Folders Webview
{63da6ec0-2e98-11cf-8d82-444553540000}

FTP IDataObject impl
{299D0193-6DAA-11d2-B679-006097DF5BD4}

Microsoft FTP Folder
{63da6ec0-2e98-11cf-8d82-444553540000}


IFtpWebView
{21DCE770-ABD0-11D2-A32B-006097DF5BD4}

Add Network Place
Connects to shared folders, Web folders, and FTP sites.
{D4480A50-BA28-11d1-8E75-00C04FA31A86}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ftp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Router\CurrentVersion\
RouterManagers\Ip\FTP


TIPS FOR FOOLS

Be careful editing the registry, it is a sensitive complex.


!DO NOT BLEACH TELEPHONY! {this will cut the internet connection}
!DO NOT BLEACH SYSTEM CERTIFICATE! {this will destroy the system}
!DO NOT BLEACH CRYPTOGRAPHIC PROVIDERS! {this will destroy the system}
!DO NOT BLEACH CERFile {this is a hardware cryptographic certificate}

!DO NOT BLEACH ITCARD! {this will cut the internet connection}
!DO NOT BLEACH MUICache {this will destroy system restore capability}
!DO NOT BLEACH INK FILE BINARY {this will destroy start menu and desktop shortcuts}

!DO NOT BLEACH RASMAN Certificate! {this would cause browser problems}
!DO NOT BLEACH ANY RPC {this will destroy the system}
!DO NOT BLEACH WHAT YOU DO NOT KNOW! {take this as experienced forewarning}



To run regedit.exe, go to the desktop and click "start"; then "run"; type "regedit"

Source: https://cryptome.org

February 28, 2010 in Current Affairs | Permalink