Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The maximum number of secrets that may be stored in a single system has been exceeded


  • This topic is locked This topic is locked
2 replies to this topic

#1 zoeysmiles

zoeysmiles

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 17 April 2009 - 05:36 AM

First and formost,thank you all so much for devoting your time and efforts to us all with our computer issues.
To whomever may be reading this:Please I ask for your patience as I am trying to be as exhaustive as possible with my details.I could have,in the time it has taken me to post alone,completely reinstalled windows but i am trying desperately to save my files.
This is my second attempt at posting now....crashed half way through the first time ...GRRRR....!!! :thumbup2:
Fingers and toes Crossed... :) ...so here goes:

Original error only ever appeared once as follows while attempting to open Falsh drive E:

"E:\Videos is not accesible.The maximum amount of secrets that may be stored in a single system has been exceeded"

The flash drives appears in device manager on both USB ports,however it reports "Unreadable" while attempting to populate the drive.This drive reads and is accesible without issue on other computers.
The USB ports in question however,has no issues with any other hardware connected(Webcam,Wireless USB adapter,Joystick,and Cell Phone).All appear in device manager and have no issues at all.Strangely I can access the microSD card in my phone through Bitpim.This is NOT the Falsh drive in question though.

System restore will open up,but after chosing my restore point,clicking next on the last screen results in no action or error message what so ever.Attempts to create a restore point(done for assessment)will result in:

"System restore is not able to create a restore point.Please restart your computer,and run system restore again":
after providing a "Restore point description"

Windows disk defragmenter opens up ok,however displays the following when either analyze or defragment is selected:

"Disk Defragmenter could not start"

My computer Reports user "Joey" ( thats me :step4: ) as the computer administrator.However when accesssing Services,and attempting to disable "Background Intelligent Transfer Service" ,"Access is Denied" message window is the result.I have not come across this mesaage while accesssing other running services yet I did not try them all.

Msconfig gives back the following message after making no changes at all and selecting "OK":

"An access denied error was returned while attempting to change a service.You may need to log on using an administrator account to make the specified changes"

Registry Edit and Folder Options were originally not functioning as well.After much researching I installed "Malwarebytes' Anti-Malware" which seems to have repaired both functions.No result at all though with the previously mentioned issues.I have tried to force errors messages in Regedit yet it seems to allow access and functions as is expected.Hidden files and system folders are also now Viewable.

Suspicious executables I have come across include:
blockstrain (VCD Wrapper) in root directory
osx47eo.exe (now deleted)
2101170800.exe (now deleted)
1601987248.exe Resides here: C:\Documents and Settings\Administrator\Local Settings\Temp
3142470256.exe Resides here: C:\Documents and Settings\Administrator\Local Settings\Temp
"pdk-Joey" Folder in the same above directory containing the following DLL files:
1a657931d78ddcfa584e65d2115500be.dll
2d6f1145555608861b5ad67752346ccf.dll
8b285eff21bc702f99df7d987f097691.dll
8559f0a5de4aeae630ab829edac0de98.dll
490337bdcf639439f186e2fd528fb0b3.dll
056721307e354d83addd03bdfc5c4d54.dll
b40afc4ad6d3dc7069afe736e6017337.dll
b886f5e90b51cd2f24df88d6ae161c21.dll
c815b5b8d7c4f31dc220574352ea1959.dll
d6238b26db974c1e3bd964fb70243060.dll
d07294610b5173a78e2c7609b703eadc.dll

Maybe unrelated I cant be sure but I am certain "pdk-joey" was not there before
And I'm certain more of which I have not discovered
A search on google gives back no results for all but blockstrain.(User specific created programs?)

I have checked my list and checked it twice.I'm am certain there are files and issues I have not come across yet these are all the issues I am aware of and have documented.

As per instructions,below is a paste of DDS.txt. and attachment of Attach.txt

Again,Thank you all kindly. :step1:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Joey at 4:29:00.69 on 17/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.510.100 [GMT -7:00]

FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Administrator\Desktop\ \Rubber Ducky\RubberDucky.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/
uSearch Page =
uSearch Bar =
uWindow Title = Microsoft Internet Explorer provided by Joey Jones
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {d7bf4552-94f1-42bd-f434-3604812c856d} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MimarSinan Rubber Ducky] "c:\documents and settings\administrator\desktop\ \rubber ducky\RubberDucky.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: RecycleBinSize = 1 (0x1)
uPolicies-explorer: NoClose = 1 (0x1)
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} - file://c:\documents and settings\all users.windows\application data\skype\plugins\plugins\263af18ba8e6473194d1e386fdadb7de\4USclub.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: opnommkl - opnommkl.dll
AppInit_DLLs: jhzemd.dll
SEH: {0DB0263F-A555-4853-AEF3-4D78331512B3} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccdcBTm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ejkqq05y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/documentaries/docplayer_tnot.html
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ejkqq05y.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll

============= SERVICES / DRIVERS ===============

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-4-10 33824]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-9-25 353672]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 DLINK11G;D-Link AirPlus G Wireless Adapter;c:\windows\system32\drivers\TNET1130.SYS [2008-11-16 386816]
S2 FLYCAM;FlyCam, WDM Video Capture;c:\windows\system32\drivers\flycam.sys [2006-1-12 705408]
S3 MAMEOPL;Auxiliary MAME32 OPL Access Driver;c:\program files\mame32\Mameopl.sys [2008-11-4 4312]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 rt2870;Belkin N1 Wireless USB Adapter Driver;c:\windows\system32\drivers\rt2870.sys [2008-11-15 485248]
S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2009-4-9 25952]
S4 CameraServer;CameraServer;c:\program files\eyemail technology inc\CameraServer.exe [2006-1-12 86016]

=============== Created Last 30 ================

2009-04-17 03:42 <DIR> --d----- c:\program files\Trend Micro
2009-04-17 02:58 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-16 16:53 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-16 16:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-16 16:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 16:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-16 16:53 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-04-16 16:00 <DIR> --d----- c:\windows\LastGood.Tmp
2009-04-16 10:58 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-04-16 06:29 23,040 a------- c:\windows\system32\ak1.exe
2009-04-16 03:05 155 a------- c:\windows\system32\SelfDel.bat
2009-04-15 20:16 109,010 a------- c:\windows\system32\drivers\ed6ced17.sys
2009-04-15 17:29 <DIR> --d----- c:\program files\Mobiola Web Camera for S60
2009-04-15 12:47 227,328 ---shr-- c:\windows\system32\ac3DX.ax
2009-04-15 12:47 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-04-15 12:47 175,104 ---shr-- c:\windows\system32\CoreAAC.ax
2009-04-15 12:47 169,472 ---shr-- c:\windows\system32\MatroskaDX.ax
2009-04-15 12:47 163,328 ---shr-- c:\windows\system32\flvDX.dll
2009-04-15 12:47 161,792 ---shr-- c:\windows\system32\RealMediaDX.ax
2009-04-15 12:47 123,904 ---shr-- c:\windows\system32\AVCDX.ax
2009-04-15 12:47 81,920 ---shr-- c:\windows\system32\aac_parser.ax
2009-04-15 12:47 54,784 ---shr-- c:\windows\system32\RLAPEDec.ax
2009-04-15 12:47 37,888 ---shr-- c:\windows\system32\RLMPCDec.ax
2009-04-15 12:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2009-04-15 12:47 <DIR> --d----- c:\program files\eRightSoft
2009-04-15 11:24 168,448 a------- c:\windows\system32\unrar.dll
2009-04-15 11:24 839,680 a------- c:\windows\system32\lameACM.acm
2009-04-15 11:24 118,784 a------- c:\windows\system32\ac3acm.acm
2009-04-15 11:24 414 a------- c:\windows\system32\lame_acm.xml
2009-04-15 11:24 795,648 a------- c:\windows\system32\xvidcore.dll
2009-04-15 11:24 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-04-15 11:24 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-04-15 11:24 684,032 a------- c:\windows\system32\divx.dll
2009-04-15 11:24 86,016 a------- c:\windows\system32\dpl100.dll
2009-04-15 11:24 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-04-15 11:24 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-04-15 11:24 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-04-14 20:19 <DIR> --d----- c:\program files\Cheetah Burner
2009-04-14 13:42 <DIR> --d----- C:\Dell
2009-04-14 05:31 <DIR> --d----- c:\program files\HoTTProxy
2009-04-14 04:59 151,040 a------- c:\program files\hexedit.exe
2009-04-13 06:58 716,800 a------- c:\windows\system32\Wibuke32.cpl
2009-04-13 06:58 <DIR> --d----- c:\program files\WIBU-SYSTEMS
2009-04-13 06:25 <DIR> --d----- c:\program files\common files\Motorola Shared
2009-04-13 03:49 2,305,280 a------- C:\blockstrain.dat
2009-04-13 03:49 <DIR> --d----- c:\program files\Eyemail Technology Inc
2009-04-13 00:09 37 a------- c:\windows\MemoryDebugApp.INI
2009-04-11 06:54 <DIR> --d----- c:\windows\system\Temporary Internet Files
2009-04-10 08:10 33,824 a------- c:\windows\system32\drivers\oreans32.sys
2009-04-10 07:11 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-04-10 07:11 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-04-10 07:11 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-04-10 07:11 6,144 a------- c:\windows\system32\kbd101c.dll
2009-04-10 07:11 6,144 a------- c:\windows\system32\kbd101b.dll
2009-04-10 07:11 5,632 a------- c:\windows\system32\kbd103.dll
2009-04-10 07:11 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-04-10 07:11 6,144 a------- c:\windows\system32\kbd106.dll
2009-04-09 23:38 940,304 a------- c:\windows\system\msjava.dll
2009-04-09 12:37 719,872 a------- c:\windows\system32\devil.dll
2009-04-09 12:37 318,976 a------- c:\windows\system32\avisynth.dll
2009-04-09 12:37 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-04-09 12:37 70,656 a------- c:\windows\system32\i420vfw.dll
2009-04-09 12:37 27,648 a------- c:\windows\system32\AVSredirect.dll
2009-04-09 12:37 <DIR> --d----- c:\program files\AviSynth 2.5
2009-04-09 12:34 186,880 ---shr-- c:\windows\system32\RLOgg.ax
2009-04-09 12:34 92,672 ---shr-- c:\windows\system32\RLVorbisDec.ax
2009-04-09 12:34 67,584 ---shr-- c:\windows\system32\RLTheoraDec.ax
2009-04-09 12:34 51,712 ---shr-- c:\windows\system32\RLSpeexDec.ax
2009-04-09 12:34 179,200 ---shr-- c:\windows\system32\DiracSplitter.ax
2009-04-09 06:57 264,704 a------- c:\windows\system32\hlvdd.dll
2009-04-09 06:57 458,752 a------- c:\windows\system32\drivers\hardlock.sys
2009-04-09 06:57 25,952 a------- c:\windows\system32\drivers\wnsdrvr.sys
2009-04-06 02:43 <DIR> --d----- c:\docume~1\admini~1\applic~1\Messenger_for_Skype
2009-04-04 20:24 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PC Drivers HeadQuarters
2009-04-04 08:03 10 a------- c:\windows\system32\810429tv4-test.jun
2009-04-02 09:06 <DIR> --d----- c:\docume~1\admini~1\applic~1\TELUSCalendar.6CBD8DF9C800B3FB7004AC6A012454DA4FD6BED2.1
2009-04-02 08:17 <DIR> --d----- c:\program files\TELUS Calendar
2009-04-01 23:46 114,688 a------- c:\windows\system32\BTCamVideoSource.dll
2009-04-01 23:40 11,776 a------- c:\windows\system32\drivers\ateksoftaudio.sys
2009-04-01 20:24 306,688 a------- c:\windows\IsUninst.exe
2009-04-01 03:14 990 a------- c:\windows\system32\winpoa06.sys
2009-03-31 14:46 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Messenger Plus!
2009-03-31 03:06 <DIR> --d--r-- c:\program files\Messenger Plus! Live
2009-03-30 18:17 <DIR> --d----- c:\docume~1\admini~1\applic~1\Vbuzzer Messenger
2009-03-30 18:08 245,760 a------- c:\windows\system32\FaxHelper.exe
2009-03-30 18:08 57,344 a------- c:\windows\system32\FaxMonitor.dll
2009-03-29 20:41 <DIR> --d--r-- c:\program files\SecondLife
2009-03-29 13:49 <DIR> --d----- c:\temp\CheetahAudio
2009-03-29 13:49 <DIR> --d----- C:\temp
2009-03-28 05:36 <DIR> --d----- c:\docume~1\admini~1\applic~1\Mizu
2009-03-27 18:14 <DIR> --d----- c:\docume~1\admini~1\applic~1\Gizmo5
2009-03-27 04:48 <DIR> --d----- c:\program files\Lame for Audacity
2009-03-27 04:27 <DIR> --d--r-- c:\program files\Audacity 1.3 Beta (Unicode)
2009-03-27 04:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\Tapur
2009-03-27 04:03 1,047,552 a------- c:\windows\system32\mfc71u.dll
2009-03-27 04:03 1,060,864 a------- c:\windows\system32\mfc71.dll
2009-03-27 03:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\WizzTones
2009-03-27 03:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\Transclick
2009-03-26 15:35 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-03-26 15:31 <DIR> --d--r-- c:\program files\Skype
2009-03-24 12:28 1,164,728 a------- c:\windows\system32\NMSDVDXU.dll
2009-03-24 12:28 454,656 a------- c:\windows\system32\FoxDVDImager.ocx
2009-03-24 12:28 380,928 a------- c:\windows\system32\CDRipperX.ocx
2009-03-24 12:28 1,228,800 a------- c:\windows\system32\FoxBurner.ocx
2009-03-24 12:28 1,208,320 a------- c:\windows\system32\PTxSCP.ocx
2009-03-24 12:28 344,064 a------- c:\windows\system32\msvcr70.dll
2009-03-24 12:28 323,584 a------- c:\windows\system32\FoxImager.dll
2009-03-24 12:28 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-03-22 18:12 12,288 a------- c:\windows\impborl.dll
2009-03-22 18:12 <DIR> --d----- c:\windows\screensaver_21 dir
2009-03-21 06:57 <DIR> --d--r-- c:\program files\MAMEnew2
2009-03-20 17:28 <DIR> --d--r-- c:\program files\MAMEnew
2009-03-20 14:36 <DIR> --d--r-- c:\program files\MAME
2009-03-18 07:51 <DIR> --d--r-- c:\program files\CastRipper

==================== Find3M ====================

2009-04-16 13:16 1,536 a------- c:\windows\system32\TrueSoft.dat
2009-04-16 10:58 4,212 ac--h--- c:\windows\system32\zllictbl.dat
2009-04-16 06:53 108,544 a------- c:\windows\system32\services.exe
2009-03-31 17:51 22,238,792 a------- c:\program files\World Atlas.chm
2009-02-25 12:54 499,712 a------- c:\windows\system32\MSVCP71.DLL
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2006-05-03 03:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 04:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-11-20 11:21 602,530 ac-sh--- c:\windows\system32\mTBcdccf.ini2
2008-03-16 06:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 4:29:38.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:05:47 PM

Posted 02 May 2009 - 03:32 PM

Hi,

I apoligise for the delay, the forum is very busy.

If you still require assistance post a new set of DDS Logs please, thank you.

#3 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:05:47 PM

Posted 06 May 2009 - 06:21 PM

Due to inactivity, this topic is now be closed.

If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request.

This applies only to the original topic starter. Should you have a new issue, please start a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users