General discussion

Locked

Device Manager blank

By semmelbroesel ·
Hi,
I have a client PC that had tons of spyware/adware on it which I removed, and I don't think there is anything bad left. But when I open the Device Manager, it it empty. In Safe Mode, all devices show up fine.
I have read plenty of forums by now and tried all the solutions offered there:
1. Check if Plug and Play service is on (also check msconfig)
2. Registry entry HKLM\SYSTEM\CURRENTCONTROLSET\ENUM must have permissions set correctly, i.e. Full Control for System and Read for user (use regedt32.exe)
3. Remove Apropos spyware
4. SFC /scannow

I also checked if there were registry errors in Enum, but none were found.

I have tried uninstalling and re-installing one of the MS Fixes that came from Windows Update, but I didn't go into a lot of detail there since on that day 12-15 of them were installed, and I don't want to uninstall all of them unless I can be sure that's what it is.

I went through most of the following forum thread, and this is where I the information I have stated above. I am posting it here so others with the same problem can get more details, and I hope it will work for them.

http://www.annoyances.org/exec/forum/winxp/t1051715405

If anyone has another idea which I have not tried yet, please let me know.

Thanks!

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jc2it In reply to Device Manager blank

The Sony Malware that we all heard about recently did the same thing, but only to the CD-ROM drive. The problem is that a filter was removed. Here is Mark Russinovich's expaination.

"When I logged in again I discovered that the CD drive was missing from Explorer. Deleting the drivers had disabled the CD. Now I was really mad. Windows supports device ?filtering?, which allows a driver to insert itself below or above another one so that it can see and modify the I/O requests targeted at the one it wants to filter. I know from my past work with device driver filter drivers that if you delete a filter driver?s image, Windows fails to start the target driver. I opened Device Manager, displayed the properties for my CD-ROM device, and saw one of the cloaked drivers, Crater.sys (another ironic name, since it had ?cratered? my CD), registered as a lower filter:
"

Here is how he fixed it:

"Unfortunately, although you can view the names of registered filter drivers in the ?Upper filters? and ?Lower filters? entries of a device?s Details tab in Device Manager, there?s no administrative interface for deleting filters. Filter registrations are stored in the Registry under HKLM\System\CurrentControlSet\Enum so I opened Regedit and searched for $sys$ in that key. I found the entry configuring the CD?s lower filter:"

To read the rest check out his blog. I think this will help you fix your problem.

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Job Cacka

Collapse -

by semmelbroesel In reply to

Nice thought. I have read this particular blog just recently. I did not find the registry entry mentioned here, and I don't think the owner ever put any Sony software on there. Good idea though! I have to re-install the PC this week-end to get it back to the owner.

Collapse -

by Enrique Corona In reply to Device Manager blank

HI.
have you tried this AproposFix?? i found this in a forum.

you can donwloaded from: http://swandog46.geekstogo.com/aproposfix.exe

instrucctions:

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.


i found this at: http://forums.majorgeeks.com/showthread.php?t=76893&goto=nextnewest

hope it works for you.

Collapse -

by semmelbroesel In reply to

As I wrote in my question: I did check out the possibility of the Apropos virus/spyware, and it wasn't even detected on this PC by either of the two programs.

Collapse -

by semmelbroesel In reply to

As I wrote in my question: I did check out the possibility of the Apropos virus/spyware, and it wasn't even detected on this PC by either of the two programs.

Collapse -

by SystemsAdmin In reply to Device Manager blank

One of the other things that might help is deleting the user profile and creating a new one as some of the malicous software can corrupt user profiles

Collapse -

by semmelbroesel In reply to

I believe I cleaned this baby really well; there shouldn't be any bad pieces of software left anywhere. I don't think it's malware but lack of a piece of necessary software (i.e. a system file got corrupted, but SFC won't find it).

Collapse -

by semmelbroesel In reply to

I believe I cleaned this baby really well; there shouldn't be any bad pieces of software left anywhere. I don't think it's malware but lack of a piece of necessary software (i.e. a system file got corrupted, but SFC won't find it).

Collapse -

by semmelbroesel In reply to Device Manager blank

This question was closed by the author

Back to Desktop Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums