Expert: Brian Benosky - 2/25/2009

Question
QUESTION: Greetings from Bali, where I've just recovered the Toshiba
Satellite A105 S4547 from a virus wipeout.  

I installed an earlier clone of XP2 on to C drive, cleaned
up a storage partition which had been partially infected,
and everything seemed fine. Until I discovered that desktop
shortcuts won't open programs in a third partition and that
Windows isn't talking to the DVCD drive, or vice versa.
It was before, because I used the drive to reboot, install
the XP clone and later another program.

Now the drive fires up when a disc is inserted but nothing
appears onscreen and Windows doesn't detect a drive there
at all. It's telling me: Windows successfully loaded the
device driver for this hardware but cannot find the
hardware device. (Code 41).  
The device is a Matshita DVD-RAM UJ-850S.

I'm presuming i've lost a system file or two in the
cleanup, but I'm no geek, I've been working on this for a
week, my brain's turned to porridge and i'm going round in
circles.

Help please !

Ps: xp is version 2002, media center edition, sp 2.

don't think i'm currently infected, but here's your micro
hijack file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:43 PM, on 2/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming
Utility\SmoothView.exe
C:\Program Files\GADMEI TVHome Media\ScheduleTV.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleTool
barNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\TOSHIBA\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 202.152.240.50:9201
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1;http://localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-
4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-
82A9-A0F997BA588C} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for
Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA}
- C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-
79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-
8377850BF205} - C:\Program Files\Free Download
Manager\iefdm2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-
81E4-DFEE4931A4AA} - C:\Program
Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-
81E4-DFEE4931A4AA} - C:\Program
Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-
9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program
Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [THotkey] C:\Program
Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program
Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ScheduleTV] "C:\Program Files\GADMEI
TVHome Media\ScheduleTV.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program
Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe
/run
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program
Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program
Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program
Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel
PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-
Aware\AAWTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program
Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleTool
barNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\TOSHIBA\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program
Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk =
C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download all with Free
Download Manager - file://C:\Program Files\Free Download
Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free
Download Manager - file://C:\Program Files\Free Download
Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free
Download Manager - file://C:\Program Files\Free Download
Manager\dlfvideo.htm
O8 - Extra context menu item: Download web site with Free
Download Manager - file://C:\Program Files\Free Download
Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download
Manager - file://C:\Program Files\Free Download
Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-
11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-
00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-
D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-
8E86B3CFCFE1} - C:\Program Files\Free Download
Manager\FUM\fumiebtn.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533}
(Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-
FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-
1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter -
C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG
Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies
CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA
CORPORATION - C:\Program
Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DQIXDDEZG - Sysinternals -
www.sysinternals.com -
C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\DQIXDDEZG.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric
Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng)
- Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PSEJXUJBAY - Unknown owner -
C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\PSEJXUJBAY.exe (file
missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service
(RegSrvc) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service
(S24EventMonitor) - Intel Corporation  - C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown
owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Swupdtmr - Unknown owner -
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) -
TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA
Applet\TAPPSRV.exe
O23 - Service: UHSRAYVDFW - Sysinternals -
www.sysinternals.com -
C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\UHSRAYVDFW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12038 bytes





ANSWER: Hi Garry

Yes, the log file is clean.  Have you tried the following from Microsoft:

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this behavior, follow these steps:
Start Registry Editor (Regedt32.exe).
Locate the UpperFilters value under the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
On the Edit menu, click Delete, and then click OK.
Locate the LowerFilters value under the same key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
On the Edit menu, click Delete, and then click OK.
Quit Registry Editor.
NOTE: After you remove the Upperfilters value and the Lowerfilters value, if you notice lost functionality in a particular program, such as CD recording software, you may need to reinstall that software. If the problem recurs, consult with the software vendor for assistance.
Restart your computer.

Brian


---------- FOLLOW-UP ----------

QUESTION:
Thanks for reply mate,  but it strikes me that we have a
catch 22 here: i can't reboot or reinstall from a cd if the
the cd player isn't functioning.  Or can i?  

Answer
Hi Garry

The fix I suggested is done using Regedit.  It is the Microsoft fix for Error Code 41, which you are receiving.  The warning is meant to dissuade users from playing around in the Registry, but you should not need to reinstall Windows if you follow the instructions closely.

Brian