Jump to content

LARRYRB

Honorary Members
  • Posts

    70
  • Joined

  • Last visited

Reputation

0 Neutral

About LARRYRB

  • Birthday 01/31/1957

Profile Information

  • Location
    NW Indiana
  • Interests
    Beating computers into submission.
  1. Yup.. separate power source on the external drive so it's not dependent upon power from the USB connection. The fact that it happens with all 3 Win7 PC's that I've connected it to, along with 3 different cables, coupled with the 15-20 minute repeatability really convinces me that its not its not a hardware/power issue. I've moved the Seagate drive to a Windows Home Server 2008 setup as a data storage drive... it seems to be working swimmingly in this capacity (I'm pretty sure WHS 2008 is based upon Win Server 2003 technology). In fact, it worked so well on the WHS that, along with my curiosity over the innards of the drive, I cracked the case open and found a 1.8 TB Seagate SATA drive inside. I threw the drive into a Rosewill USB SATA dock which effectively replaces its USB interface and plan to procure a PCI to SATA interface for it because my WHS PC doesn't support SATA (just IDE). As for progress on the original issue, I have another external USB hard drive that I'm about ready to connect to one of the Win7 PC's to see if it, too, does the disappearing act...
  2. 3rd cable in place, no change in symptoms. I even plugged the 3rd cable into a different USB port... the multimedia class scheduler service pops up in the system event log about 17 minutes after the drive was plugged in and the the cycle repeats. I can't believe three different cables could be bad, right? I guess next move is to shift the drive to another PC and see if the symptom follows... ARRRRRGGGGHHHHHH!!!!!
  3. Well, I borrowed a cable from the neighbor and it behaves the same way... drive disappears, reappears just like the first cable. He gave me two, so on the weird chance that his first cable is bad as well, I'll try his second one now...
  4. I appreciate the reply, Firefox! I'm still running the original USB cable that came with the device.. a 5 or 6 foot USB A-male at the computer end with a micro (or mini ?) USB (sorta looks like a miniature version of the standard HDMI connector) at the drive end. I don't have another one of these cables to substitute, but may go out looking for one just to eliminate the possibility of a bad cable. But I've changed ports, reseated connectors, and moved the drive quite a few times and the errant behavior never seems to change-- even moving it to a 2nd computer. With the behavior being so "scheduled" looking, with it occuring every 10-15 minutes, isn't it hard to believe that a hardware problem or cable could be the cause? My experience with hardware failures is a much more "random" appearance of the issue. I do have a 3rd Win7 machine (not running any media center) as well as an XP Pro laptop... they are perhaps next in line to meet this disk just to see if the problem follows the disk drive... Very perplexing!!!! Please keep the thoughts coming... I'll try anything possible (erm... within reason, of course)!!!
  5. Thanks for the reply, rgabbard! Good thinking, but already covered... my bad on failing to mention this in my "what I've done already" section. I'm running the Maximum performance selection, with sleep disabled in all advanced options within that scheme. I also went into device manager, USB ports and unticked "allow this device to put the computer to sleep" under the power management tabs on the USB hubs (basically, anywhere where i saw power management options, I've turned 'em off-- 4 places on one machine's USB devices, 6 places on the first machine). I've done the above to both computers, and neither shows any sign of it making a difference in the odd behavior. What's your next thought?
  6. I've received some excellent virus/malware help from these forums, so I'm hoping some of you computer uber-gods can shed some light on an issue I'm having (non-virus related, I think). I'm having an annoying problem on my Win7 Pro 64 bit home theater PC (HTPC) that i use as my DVR to record TV running Windows Media Center (WMC). The WMC part works wonderfully-- check it out if you're unfamiliar with it.. it blows away the DVR offerings by both DirecTV and Comcast (I've had both). But I digress... I thought that since this computer is always on, why not attach my Seagate 2TB Expansion Drive to the PC's USB port, share the drive at the root as Z: and map network drives to it on my other household PC's to have them all run periodic backups during the wee hours of the night, saving the disk images to this Seagate hosted on the HTPC. The HTPC will "trumpet" every 10-15 minutes (making the sound that removing a device makes, followed in 10 seconds by the adding device sound). Upon watching this in detail, I've caught the Seagate light turning off when the first trumpet sounds, and the light coming back on at the second trumpet 10 seconds later. Further watching shows the drive Z disappear from the list of drives under Computer, then reappear 10 seconds later. So the HTPC is dropping the drive, then re-adding it 4-6 times per hour. Every once in a while the sharing on the drive is blown away too and I find I have to reassert the share. The goose chasing I've done so far: About the time I hear the trumpet the Event viewer, Windows Logs, System shows a series of Service Control Manager Event ID: 7036 's The Multimedia Class Scheduler service entered the running state. and then 10-12 seconds later The Portable Device Enumerator Service service entered the running state. 120 seconds after the Enumerator starts, it enters a stopped state and then a couple minutes later the Class Scheduler stops as well. All of this will repeat 15 to 20 minutes later, so you can imagine what my event logs look like. Does any of the above ring bells for anyone reading this? I've moved the Seagate drive to a 2nd Win7 Pro PC and it does the exact same thing, so I'm concluding that the USB port in the HTPC isn't bad, although I've plugged the drive into several of its USB ports and see no difference in behavior. I've checked with Cetoncorp.. the folks that make the InfiniTV 4 tuner card for the DVR function that Win Media Center uses and they advise the following: I've installed the Process Monitor tool from Microsoft sysinternals but I'm a bit blown away by all the info it displays. (i.e. a powerful table saw in the hands of an amateur makes more sawdust than fine cabinetry... ;-)). I'm under the impression that this tool can show me the calling process that gooses the Multimedia Class Scheduler to wake up, but I'm not sure how to do that, or if this is even an appropriate avenue to pursue... There is a small second partition on the Seagate (I'm not sure if it was there from the factory or not) that Bit Locker errors come up for after a reboot... Event ID: 24620 -- Encrypted volume check: Volume information on \\?\Volume{27395a8b-d4b8-11e0-95cb-806e6f6e6963} cannot be read. This isn't a boot drive, but perhaps the drive was attached at some point during a Win7 setup and it received one of those special boot partitions that Win7 throws down maybe? I didn't want to nuke the partition before investigating this further, but I certainly could if you folks think that this behavior is Win7 rechecking this drive all the time. But the Bit-Locker errors only occur right after boot... not continually like the 7036 events I'm seeing with the drive dropping out/reappearing. I'm not sure if Win7 comes back every 15 minutes to check a partition that it couldn't read? And if it did, wouldn't I be seeing continual Bit-Locker errors? Any ideas on how I should proceed to track this down? I'm close to destroying the case of the Seagate, yanking out what I expect to find being a 2 TB 3.5" SATA drive inside it (hopefully a Seagate or Maxtor.. LOL), and mounting the drive into the HTPC and directly attaching a SATA cable to it to eliminate the USB interface. Yeah.. I know... it will be faster too... but i do lose the portability of the drive doing this. Anybody wanna help me beat this one into submission?
  7. Ok, and just so I can learn something from all this... By this you mean that you are going to remove the detection signature from MBAM's database that detects the malware within guidetoolsetup because you feel it does no harm? I'm assuming that your systems detected it too, but upon inspection of it you're concluding that it's harmless? Or did your systems not throw up the same warning that my MBAM did?
  8. Great! Cool! I understand... and I just zipped em up, and started a topic in the forum Rich suggested (using the same topic name as this one) to which I posted them as attachments. Thanks again!
  9. Ron, is your advice of deleting the system restore points only to keep me from possibly recovering my system sometime in the future to an earlier time when this malware was still around? Or is there some other reason to clear them?
  10. Well, if I'm reading the results properly, 2 out of 43 anti-virus programs detect the ie7prosetup_2.5.1.exe file with the commentary equally split as to goodware/malware tags. However, the reputation tags win on the goodware side 15 to 2. Here's a link to the results: My link and the other file (guidetoolsetup.exe) is only detected by McAfee (1 out of 43) with no commentary from the community... It's result link: guidetoolsetup.exe results Ron, are you implying you want me to attach them here? If you don't want them attached, shall I let each program (MBAM and MSE) eradicate their respective finds?
  11. Oh, I understand the need for both an anti-virus and the anti-malware-- I'm not disputing that in the slightest. The curiousity for me is that the detected items both seem to be of a malware classification in my eyes, so I was really thinking that both MSE and MBAM would report both of them, rather than the mutual exclusivity I'm reporting. They both have an "Adware" designation, no? Just to clarify, isn't "Adware" considered to be "Malware"? If this is the case, I'm surprised MBAM didn't pick up both of them, hence why I'm bringing this up. I.E., do the folks in the malware signatures department (engineering?) have any interest in having these files before I nuke em?
  12. This morning my Win7 Pro 64bit machine pops up a Microsoft Security Essentials (MSE) alert detailing a potential threat found in a file I had downloaded from the internet a few weeks back. The threat is entitled Adware:Win32/OpenCandy and lists these details: containerfile:D:\Common\Downloads\IE Session Managers\IE7Pro\IE7ProSetup_2.5.1.exe file:D:\Common\Downloads\IE Session Managers\IE7Pro\IE7ProSetup_2.5.1.exe->(nsis-6-ProgSenseSetup.exe)->(inno#000043) So I thought, what the heck, before I take any removal action on the threat I'd run a MalwareBytes (MBAM) quick scan to see if it detected the same issue. Well, the MBAM quick scan found zero issues. So, I thought I'd run the MBAM full scan so see if the full scan would detect what was missed during the Quick scan. Surprisingly, the MBAM full scan also didn't see the malware threat in the above IE7ProSetup_2.5.1.exe file but oddly enough, it detected something that the full scan of MSE missed entirely: Files Infected: d:\Common\downloads\media center tools\guide tool\guidetoolsetup.exe (Adware.EzSearch.Gen) -> No action taken. I've not taken the MBAM "remove selected" action yet either, thinking that the MalwareByte's crew might be interested in at least the IE7ProSetup_2.5.1.exe file since it was missed in the MBAM full scan. I'd be happy to attach one or both of the infected files... Please advise and move this post to the proper forum if I'm not already there... Larry ps I downloaded the IE7ProSetup in a, as yet still unfruitful, search for a session manager product for IE7/8 that mimics the immensely capable session saving capabilities of the Tab Mix Plus addon for Firefox. While this is unrelated to the above Malware issues, I'm very open to suggestions of products to try for IE.
  13. OK... sounds good.. I'll give those training sites a look. I'm presuming that once you close it, I'll still see it under "My Content" and be able to reference it, correct? I suspect it's going to go into the "Resolved HiJackThis Logs"? Thanks again for all your help!!
  14. Woot!!! Woot!!! No more errors in the Eventvwr related to Java! That did the trick! A quick check back in regedit looking under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key I see no more folder for JavaQuickStarterService either. I'm curious.. was the SC command (I'm assuming this means Service Controller) just a more convenient (and safer) way to delete the service than nuking the JavaQuickStarterService folder via regedit? i.e.. does WinXP read that collection of folders at startup and develop a database that gets corrupted if you just delete a registry key that feeds it? Just trying to learn (as well as educate others that are reading this thread and may have the same questions) And, to continue.. here's a re-run of DDS logs... (which I did run with Msft's Security Essentials still active, hope that's not an issue or should I repeat them with MSE realtime scanning off?) I note within the DDS log I still show the two DPF references within the Pseudo HJT Report section. Any Java references in the Attach report are for a time period before this latest work. Other than the several questions above, is there anything else I should do now to prove I'm "Clean" ??? dds_final_3.txt attach_final_3.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.