Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need a bit of assistance with OTS.txt results. Windows 7


  • Please log in to reply

#1
ornbjrg

ornbjrg

    New Member

  • Member
  • Pip
  • 1 posts
Firstly, background on me (since I broke out OTS before being asked) ... I'm 30, a web designer, and ex-hacker. I went legit years ago, and have apparently fallen behind the times a bit, not sure what out there people are using these days. My daily protection is AVG, I uninstall it, and install Avast on weekends for a file by file scan. I'm intimately familiar with my HijackThis, Spybot, CCleaner, about:config, and other tools to check for 'bad things'. When I doubt a file, it generally goes to VirusTotal for a check. I do computer repair on the side, and have been known to fix 'unfixable' machines. As per my Windows install, its Windows 7 Release Candidate 7127, obtained from Microsoft. I also run Fedora as a dual boot.

Here's my issue: I received an email at 11:32pm last night one of my game accounts had the password changed. At 11:33pm, I got a second email stating the email had been changed. This would make some worried about cracking, but my passwords, with my history, are such that most crackers don't even support all of the characters used in my passwords. This makes me immediately suspect an infection.

Since OTS seemed to be the litmus test here, decided to give it a go... quite happy with myself for including MD5's after finding these lines...

In Driver Services - Safe List:

64bit-(1394ohci) [55ZAD][1394 Ή€Ĭ Ćmρĺιйт Ηоţ Сőηтřōŀľзг !!! !!! !] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\1394ohci.sys -> [2009/05/08 02:15:17 | 00,227,840 | ---- | M | MD5 = E721E5299941F477C8E1CFF4C6888BEC] (Microsoft Corporation)
64bit-(AcpiPmi) [3bzGy][ǺĊΡĨ Ρōώёѓ Мėτėř Ďґνґ !!! !!] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\acpipmi.sys -> [2009/05/08 01:23:42 | 00,012,288 | ---- | M | MD5 = 58CA773E1FEFB0A0B861D693A0C1AB77] (Microsoft Corporation)
64bit-(AmdPPM) [RVdHv][ΆΜĐ Ρŕǿč℮ѕśг Đґįνёŗ !!! !] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\amdppm.sys -> [2009/05/08 01:15:43 | 00,060,928 | ---- | M | MD5 = 3A03F58575A245FA1DC2330EA594D211] (Microsoft Corporation)
64bit-(b06bdrv) [OjgyY][βѓąοm Ņ℮ťХťŗěмё Ί VВĎ !!! !!!] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\bxvbda.sys -> [2009/03/13 21:53:23 | 00,468,480 | ---- | M | MD5 = 3E5B191307609F7514148C6832BB0842] (Broadcom Corporation)
64bit-(b57nd60a) [5RuQo][Ъŗőăďčοm ∏ěτΧţяέm℮ Ĝīĝάъίť Ěţħēяňєτ - ŅĎĬЅ 6.0 !!! !!! !!! !] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\b57nd60a.sys -> [2009/03/06 00:10:45 | 00,270,848 | ---- | M | MD5 = 8D0E71D842F3E4C58FBFC8E1DFA4ACE1] (Broadcom Corporation)
64bit-(CmBatt) [JOL8J][Microsoft ĊРΪ Сόлŧґőĺ Мĕτћοď ЬŧťѓУ ѓινґ !!! !!! !!! ] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2009/05/08 01:28:13 | 00,017,664 | ---- | M | MD5 = 8A10D53AC69C5B16095F6D19A22532EC] (Microsoft Corporation)
64bit-(ebdrv) [0eHuo][Вŗm ИзŧΧτямέ İ 10 ĢίġĖ VЪ !!! !!! !] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\evbda.sys -> [2009/02/03 22:05:46 | 03,286,016 | ---- | M | MD5 = DC5D737F51BE844D8C82C695EB17372F] (Broadcom Corporation)
64bit-(HidBatt) [cs02b][ΉĨ ŨŚ Ьąτťэřŷ Đŕνėř !!! !!] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\HidBatt.sys -> [2009/05/08 01:28:16 | 00,026,624 | ---- | M | MD5 = 8D24DE30D2F0D356B303D5BC7E531BCD] (Microsoft Corporation)
64bit-(MTConfig) [nag6I][Мīćřбšбƒτ ŋрμτ Ćοиƒġűŗąтϊбπ Đґίνεґ !!! !!! !!] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\MTConfig.sys -> [2009/05/08 02:08:36 | 00,015,360 | ---- | M | MD5 = B8317FE40FD000404CCCA952500E7B6A] (Microsoft Corporation)
64bit-(UmPass) [pEQ7u][Μįċѓśθƒт ŪМΡаśś яĭνеѓ !!! !!] [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\umpass.sys -> [2009/05/08 02:14:58 | 00,009,728 | ---- | M | MD5 = 49385D7EEB222EF770768B4BECA58CAC] (Microsoft Corporation)


If anyone has the same build, from a reputable source, would you be kind enough to check and post the MD5 hash of these files?

Other than these, everything else looks perfectly normal and acceptable with nothing showing odd names, locations, or timestamps and all of my recently modified and new files are as they should be. No funky services or processes running visibly. Nothing new installed that I didn't build myself. My only new programs in the last 2 weeks were Blender and Filezilla, both built from snapshot source, libraries for building obtained from official repo's.

Edit: No, my display name is not in 'leetspeak'. It is a person from history. It is also spelled correctly.

Edited by ornbjrg, 12 October 2009 - 03:46 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP