Link to home
Start Free TrialLog in
Avatar of anotherhick
anotherhick

asked on

Device Manager blank on SBS 2003 SP1

Okay, I've went through everything here on the site as well as everything I can find on the Internet to no avail.  I have a client with an SBS 2003 SP1 server that when you open Device Manager it is blank. Any ideas on how I can resolve this issue?  We're not seeing anything in the Event Viewer and there doesn't appear to be anything that brought the issue on.  No new software installs or patches.

Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image
Make sure that the Plug & Play Service is running and set to start automatically.

Jeff
TechSoEasy
Avatar of anotherhick
anotherhick

ASKER

The Plug & Play service is running and set to Automatic start, no change.
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image
You need to make sure you don't have any spyware or a rootkit on your server... such as ContextPlus which causes this behavior.

Download :  http://www.sysinternals.com/Utilities/RootkitRevealer.html

Good Powerpoint overview of this stuff:  http://download.microsoft.com/download/D/B/6/DB69DDD0-FB3E-4BB2-84D8-E38B92E8BF20/Security%20-%20Dhiresh%20Salian%20-%20Defending%20against%20Rootkits.ppt

Jeff
TechSoEasy

Avatar of anotherhick
anotherhick

ASKER

Jeff,

Here is the output of the RootKitRevealer, I didn't see anything that stood out as unusual.  Did I miss anything?

HKLM\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\AddressCache\FAITH-SBS2003\LastUpdateTime      11/2/2006 3:02 PM      4 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed      11/2/2006 3:02 PM      80 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\SBSMONITORING\MSSQLServer\uptime_time_utc      11/2/2006 3:02 PM      8 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\uptime_time_utc      11/2/2006 3:02 PM      8 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability\LastAliveUptime      11/2/2006 3:03 PM      4 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability\LastAliveStamp      11/2/2006 3:03 PM      16 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Symantec\Quarantine\Server\QFreeSpace      11/2/2006 3:02 PM      12 bytes      Data mismatch between Windows API and raw hive data.
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD      11/2/2006 3:04 PM      0 bytes      Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL      11/2/2006 3:04 PM      0 bytes      Visible in Windows API, but not in MFT or directory index.
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image
Do you have TWO anti-virus programs running?  LANDesk and Symantec?  That would be unusual... since it's quite easy for one to think the other is acting in a viral manner, which could cause very unusual things to happen.

Jeff
TechSoEasy
Avatar of anotherhick
anotherhick

ASKER

No, the LANDesk keys are subsomponents of the Symantec Corporate Edition.
ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial