anotherhick
asked on
Device Manager blank on SBS 2003 SP1
Okay, I've went through everything here on the site as well as everything I can find on the Internet to no avail. I have a client with an SBS 2003 SP1 server that when you open Device Manager it is blank. Any ideas on how I can resolve this issue? We're not seeing anything in the Event Viewer and there doesn't appear to be anything that brought the issue on. No new software installs or patches.
ASKER
The Plug & Play service is running and set to Automatic start, no change.
You need to make sure you don't have any spyware or a rootkit on your server... such as ContextPlus which causes this behavior.
Download : http://www.sysinternals.com/Utilities/RootkitRevealer.html
Good Powerpoint overview of this stuff: http://download.microsoft.com/download/D/B/6/DB69DDD0-FB3E-4BB2-84D8-E38B92E8BF20/Security%20-%20Dhiresh%20Salian%20-%20Defending%20against%20Rootkits.ppt
Jeff
TechSoEasy
Download : http://www.sysinternals.com/Utilities/RootkitRevealer.html
Good Powerpoint overview of this stuff: http://download.microsoft.com/download/D/B/6/DB69DDD0-FB3E-4BB2-84D8-E38B92E8BF20/Security%20-%20Dhiresh%20Salian%20-%20Defending%20against%20Rootkits.ppt
Jeff
TechSoEasy
ASKER
Jeff,
Here is the output of the RootKitRevealer, I didn't see anything that stood out as unusual. Did I miss anything?
HKLM\SOFTWARE\Intel\LANDes k\VirusPro tect6\Curr entVersion \AddressCa che\FAITH- SBS2003\La stUpdateTi me 11/2/2006 3:02 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cr yptography \RNG\Seed 11/2/2006 3:02 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Mi crosoft SQL Server\SBSMONITORING\MSSQL Server\upt ime_time_u tc 11/2/2006 3:02 PM 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\MS SQLServer\ MSSQLServe r\uptime_t ime_utc 11/2/2006 3:02 PM 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Reliabili ty\LastAli veUptime 11/2/2006 3:03 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Reliabili ty\LastAli veStamp 11/2/2006 3:03 PM 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Symantec\Qua rantine\Se rver\QFree Space 11/2/2006 3:02 PM 12 bytes Data mismatch between Windows API and raw hive data.
C:\WINDOWS\system32\spool\ PRINTERS\F P00000.SHD 11/2/2006 3:04 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\spool\ PRINTERS\F P00000.SPL 11/2/2006 3:04 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
Here is the output of the RootKitRevealer, I didn't see anything that stood out as unusual. Did I miss anything?
HKLM\SOFTWARE\Intel\LANDes
HKLM\SOFTWARE\Microsoft\Cr
HKLM\SOFTWARE\Microsoft\Mi
HKLM\SOFTWARE\Microsoft\MS
HKLM\SOFTWARE\Microsoft\Wi
HKLM\SOFTWARE\Microsoft\Wi
HKLM\SOFTWARE\Symantec\Qua
C:\WINDOWS\system32\spool\
C:\WINDOWS\system32\spool\
Do you have TWO anti-virus programs running? LANDesk and Symantec? That would be unusual... since it's quite easy for one to think the other is acting in a viral manner, which could cause very unusual things to happen.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
No, the LANDesk keys are subsomponents of the Symantec Corporate Edition.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Jeff
TechSoEasy