PDA

View Full Version : Blank device manager, missing modem



flabdablet
2005-11-29, 06:27
I was recently given a laptop to fix that had stopped being able to make a dialup connection; every time it tried, it claimed that the modem was missing.

When I attempted to check the modem in Device Manager, there was a blank window instead of the usual list of devices.

Microsoft has a knowledge base article that appears to describe this behavior, but their fix is to make sure the Plug and Play service is running, and it was; so no help there.

Finding that the Device Manager worked properly in Safe Mode, I checked the list of services running in Safe mode and ensured that the same services were also running in normal mode; they were.

Spybot S&D 1.4 with the latest detection rules found no threats. I used the System Startup tool to turn off all the registry-run and Start menu startup items, which still got me nowhere (I left the system.ini items on as they all looked standard, and turning those off has broken things for me before now).

Finally, following advice posted on the Tech Republic forum by pugman2, I went to Add/Remove Programs, found an item called "contextplus", clicked Remove, and rebooted. The Device Manager and dialup were both restored to normal.

Has anybody else here seen contextplus cause trouble?

Are there any plans to make SS&D detect and remove it?

What else can I safely turn off, next time I want to track down a problem that doesn't occur in Safe mode?

Thanks to Pepi and Team Spybot for making such fantastically useful software available.

LonnyRJones
2005-11-29, 10:50
Hi

Good detective work :)

Im sure antispyware programs will start detecting it soon, problem is its a rootkit.

Yes contextplus is well known now days, it usualy doesnt have an option to uninstall thats visible in addremove programs though.

To be sure its gone post a blacklite log
Download and run blacklite
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.

If you would like to go over your startups post or attach an SSD Full report

Open SpyBot 1.4, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools,and view report, ensure all the options are select near the bottom except
Uncheck[ ] do not report disabled or known legitimate Items,
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select (near the top) view report, Press export, in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button , navigate to and attach or post that report please.

Rosenfeld
2005-11-29, 21:38
There was also this in Techrepublic

http://techrepublic.com.com/trcommunity/5208-11186-0.html?forumID=48&threadID=184956

suggests use of Aproposfix

LonnyRJones
2005-11-30, 00:55
Rosenfeld hi, do you know reesecomputing ?
Aponosfix is not supposed to be mirrored

flabdablet
2005-11-30, 09:43
Lonny,

Thanks for the quick reply. I don't have ready access to that laptop any more (the owner doesn't generally bring it into the school unless something goes wrong with it) but if I run into the same issue again on another machine, or if the same one does fail again, I'll post more info here. I'll also use Sysinternals' Rootkit Revealer before trying to uninstall anything, to find out just what the rootkit is hiding.

Rosenfeld,

I've left a note in the Tech Republic forum you linked to, just in case this is Roger's problem as well.

Cheers
Stephen

Rosenfeld
2005-11-30, 21:40
Lonny,

No, I just saw that Techrepublic post. I had seen the apropos fix referred to somewhere else, can't remember. Anyway, I'm not mirroring anything, just an innocent contributor :-)

LonnyRJones
2005-12-01, 02:30
Ok

If you post about apronos fix anywhere use a link from the more common help forums please

Rich Y
2006-05-10, 16:29
I too have this problem.

And non of the fixes has done anything.

have even run the AproposFix tool. This shows basically nothing at all.

HELP!


Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Administrator\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

tashi
2006-05-10, 20:15
Rich Y posted in the malware forum:

http://forums.spybot.info/showthread.php?p=24694#post24694