Please Help - Systems History

Computing.Net > Forums > Windows Me > Please Help - Systems History

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Please Help - Systems History

Name: Peter
Date: September 5, 2003 at 10:51:06 Pacific
OS: Windows ME
CPU/Ram: 128

Comment:

Thank you for an excellent forum on Windows Me.
I have recently discovered a break-in to my PC via a Trojan virus and am trying to understand changes made in my computer.
I discovered following logs under System History for Hardware Resources and Software. Could you please let me know what they mean?
Many Thanks for your help!
Peter
HARDWARE RESOURCES Name What Type
9/4/03 1:15 AM CHANGED System board extension for ACPI BIOS Property "StartingAddress" changed from "1048576" to "0". Device Memory Address
9/4/03 1:15 AM CHANGED Sony OHCI i.LINK(IEEE 1394) PCI Host Controller Property "StartingAddress" changed from "3565158400" to "3556769792". Device Memory Address
9/4/03 1:15 AM CHANGED NVIDIA GeForce2 MX (Sony) Property "StartingAddress" changed from "3607101440" to "3590324224". Device Memory Address
9/4/03 1:15 AM CHANGED Intel(r) 82815 Processor to AGP Controller - 1131 Property "StartingAddress" changed from "3622830080" to "3590324224". Device Memory Address
9/4/03 1:15 AM CHANGED NVIDIA GeForce2 MX (Sony) Property "StartingAddress" changed from "3623878656" to "3607101440". Device Memory Address
9/4/03 1:15 AM CHANGED System board extension for ACPI BIOS Property "StartingAddress" changed from "4290248704" to "1048576". Device Memory Address
9/4/03 1:15 AM CHANGED System board extension for ACPI BIOS Property "StartingAddress" changed from "4294443008" to "4290248704". Device Memory Address
9/4/03 1:15 AM CHANGED NVIDIA GeForce2 MX (Sony) Property "StartingAddress" changed from "655360" to "3623878656". Device Memory Address
9/4/03 1:15 AM CHANGED NVIDIA GeForce2 MX (Sony) Property "StartingAddress" changed from "720896" to "655360". Device Memory Address
9/4/03 1:15 AM CHANGED NVIDIA GeForce2 MX (Sony) Property "StartingAddress" changed from "786432" to "720896". Device Memory Address
9/4/03 1:15 AM CHANGED System board extension for ACPI BIOS Property "StartingAddress" changed from "983040" to "4294443008". Device Memory Address
9/4/03 1:15 AM CHANGED Intel 82801AA Bus Master IDE Controller Property "IRQNumber" changed from "15" to "14". IRQ
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "101" to "1008". Port Resource
9/4/03 1:15 AM CHANGED Standard Floppy Disk Controller Property "StartingAddress" changed from "1015" to "1010". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "116" to "101". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "1232" to "116". Port Resource
9/4/03 1:15 AM CHANGED Direct memory access controller Property "StartingAddress" changed from "128" to "0". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "145" to "1232". Port Resource
9/4/03 1:15 AM CHANGED Direct memory access controller Property "StartingAddress" changed from "148" to "128". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "16" to "145". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "162" to "16". Port Resource
9/4/03 1:15 AM CHANGED Direct memory access controller Property "StartingAddress" changed from "192" to "148". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "224" to "162". Port Resource
9/4/03 1:15 AM CHANGED Programmable interrupt controller Property "StartingAddress" changed from "32" to "160". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "34" to "224". Port Resource
9/4/03 1:15 AM CHANGED Intel 82801AA Bus Master IDE Controller Property "StartingAddress" changed from "368" to "1014". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "46" to "34". Port Resource
9/4/03 1:15 AM CHANGED Primary IDE controller (dual fifo) Property "StartingAddress" changed from "47104" to "1014". Port Resource
9/4/03 1:15 AM CHANGED Intel 82801AA Bus Master IDE Controller Property "StartingAddress" changed from "47104" to "368". Port Resource
9/4/03 1:15 AM CHANGED Secondary IDE controller (dual fifo) Property "StartingAddress" changed from "47112" to "368". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "48" to "46". Port Resource
9/4/03 1:15 AM CHANGED Primary IDE controller (dual fifo) Property "StartingAddress" changed from "496" to "47104". Port Resource
9/4/03 1:15 AM CHANGED Intel 82801AA Bus Master IDE Controller Property "StartingAddress" changed from "496" to "47104". Port Resource
9/4/03 1:15 AM CHANGED WDM Communication Device Property "StartingAddress" changed from "55296" to "54272". Port Resource
9/4/03 1:15 AM CHANGED YAMAHA AC-XG Audio Device Property "StartingAddress" changed from "57600" to "57344". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "60416" to "58368". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "656" to "60416". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "68" to "48". Port Resource
9/4/03 1:15 AM CHANGED Secondary IDE controller (dual fifo) Property "StartingAddress" changed from "886" to "47112". Port Resource
9/4/03 1:15 AM CHANGED Intel 82801AA Bus Master IDE Controller Property "StartingAddress" changed from "886" to "496". Port Resource
9/4/03 1:15 AM CHANGED Standard 101/102-Key or Microsoft Natural Keyboard Property "StartingAddress" changed from "96" to "100". Port Resource
9/4/03 1:15 AM CHANGED NVIDIA GeForce2 MX (Sony) Property "StartingAddress" changed from "960" to "944". Port Resource
9/4/03 1:15 AM CHANGED Motherboard resources Property "StartingAddress" changed from "98" to "68". Port Resource
SOFTWARE ENVIRONMENT

8/7/03 12:16 PM REMOVED 2nd Story Software Program Group
8/7/03 12:16 PM REMOVED QuickTime Program Group
8/12/03 1:39 PM ADDED Spybot - Search & Destroy Program Group
8/12/03 1:39 PM REMOVED C:\Program Files\Xupiter\XTCfgLoader.exe Startup Programs
8/12/03 1:39 PM REMOVED C:\Program Files\Xupiter\XupiterStartup.exe Startup Programs
8/14/03 2:04 AM REMOVED Zone Labs Program Group
8/14/03 1:16 PM REMOVED C:\PROGRA~1\WINZIP\WZQKPICK.exe Startup Programs
8/14/03 1:16 PM ADDED C:\PROGRA~1\WINZIP\WZQKPICK.exe Startup Programs
8/14/03 2:04 AM REMOVED C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service Startup Programs
8/15/03 12:05 PM ADDED NeoTrace Pro Program Group
8/15/03 12:05 PM ADDED QuickTime Program Group
8/15/03 12:05 PM ADDED Trend Micro PC-cillin 2003 Program Group
8/15/03 12:05 PM ADDED C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe Startup Programs
8/15/03 12:05 PM ADDED C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe Startup Programs
8/15/03 12:05 PM ADDED C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe Startup Programs
8/15/03 12:05 PM ADDED C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe Startup Programs
8/15/03 12:05 PM ADDED C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe Startup Programs
8/15/03 12:05 PM REMOVED C:\WINDOWS\SYSTEM\QTTASK.exe -atboottime Startup Programs
8/15/03 12:05 PM ADDED C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe Startup Programs
8/15/03 12:05 PM ADDED C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.exe -r Startup Programs
8/15/03 12:05 PM ADDED C:\PROGRA~1\WINZIP\WZQKPICK.exe Startup Programs
8/15/03 12:05 PM REMOVED C:\PROGRA~1\WINZIP\WZQKPICK.exe Startup Programs
8/15/03 12:05 PM ADDED C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe Startup Programs
8/15/03 12:05 PM ADDED C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe Startup Programs
8/15/03 12:05 PM REMOVED C:\WINDOWS\SYSTEM\ssdpsrv.exe Startup Programs
8/29/03 11:34 AM ADDED Zone Labs Program Group
8/29/03 11:34 AM ADDED C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service Startup Programs
9/4/03 1:15 AM CHANGED C:\Program Files\Trend Micro\PC-cillin 2003\PCCIOMON.exe Startup Programs
9/4/03 1:15 AM CHANGED Rundll32.exe powrprof.dll,LoadCurrentPwrScheme Startup Programs

Sponsored Link

Ads by Google

Response Number 1

Name: Simplychilled Mark
Date: September 6, 2003 at 05:56:01 Pacific

Reply:

Peter,
The following page may help you out - there's several links at the bottom by the section on System History:
http://support.microsoft.com/default.aspx?scid=kb;en-us;278449
Personally since you know the type of trojan infection I'd say you have several choices. You can either system-restore to a time when all was working ok, or look at a reinstall for maximum security since you don't know what other changes have been made without your knowledge. Let's be honest, your data has already been compromised and a full reinstall is the easiest way to start over and protect the data you store on your pc.
If you system-restore you will have to be certain you remove ALL traces of the trojan and any changes it's made since you may not know just how long it's been there.
I'd start over from scratch and put it down to experience if you don't want another breakin.
Hope this helps,
Mark

ieee 1394 controller nvidia geforce2 mx mx 400 driver yamaha ac-xg audio device intel 82801AA bus master IEEE 1394 BUS HOST CONTROLLERS driver intel 82801aa bus master ide controller 8.15.7.117 via cpu to agp controller windows system group system board failure	system board extension for acpi bios yamaha Ac-XG Driver WDM based device system board extension for pnp bios 655360 complex adding c++ typing history remove quicktime processor p1 history intel r 82815 graphics controller microsoft corporation
See More

e-mails returned

low on system resources

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows Me Forum Home

Sponsored links

Ads by Google

Results for: Please Help - Systems History

Please help system restore files

Summary

www.computing.net/answers/windows-me/please-help-system-restore-files/34070.html

invalid system disk...please help!!

Summary

www.computing.net/answers/windows-me/invalid-system-diskplease-help/33558.html

Please Help

Summary

www.computing.net/answers/windows-me/please-help/12767.html

From the Geek Dictionary
Hard Drive - n. A magnetic pornography storage device, used in computers. It uses a meta...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Few questions about this WinFast DTV1000 S

How can I fully clear RUN history?

help please

Help! I have some questions for you experts

vbs scripting help

All Awaiting Reply

Tom's News
Verizon: iPhone is Digitally Clueless Beauty Queen

Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE