• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
amnesiak

msxmidi.exe

5 posts in this topic

Hello,

After I`ve used CwShredder my winxp (just after start) reports that Windows cannnot find F:\system 32\services\msxmidi.exe. It also suggests that i can remove the regisry entry, but I can`t find that entry anyway.Is there any way I can fix that? I have deleted the msxmidi.exe file but the report still coming after I start the windows,

And one more thing CWSchreder also found this file smcfg.exe and asks me if I should delete it.

Please reply.

Share this post


Link to post
Share on other sites

Please do this.

Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

 

smcfg.exe is probably a modem file and should not be deleted if you have an SMC modem.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 18:02:21, on 27.6.2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\LEXBCES.EXE

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\LEXPPS.EXE

F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

F:\Program Files\Alwil Software\Avast4\ashServ.exe

F:\WINDOWS\system32\slserv.exe

F:\WINDOWS\System32\LXSUPMON.EXE

F:\Program Files\Winamp\winampa.exe

F:\Program Files\Alwil Software\Avast4\ashDisp.exe

F:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

F:\WINDOWS\System32\ctfmon.exe

F:\Program Files\Messenger\msmsgs.exe

F:\WINDOWS\System32\wtssvsu.exe

F:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe

F:\Program Files\SpywareGuard\sgmain.exe

F:\Program Files\SpywareGuard\sgbhp.exe

F:\WINDOWS\System32\wuauclt.exe

F:\ZIP\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

F1 - win.ini: run=F:\WINDOWS\System32\services\msxmidi.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - F:\Program Files\SysShield Tools\Internet Eraser\pkext.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - F:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll

O4 - HKLM\..\Run: [LXSUPMON] F:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] F:\Program Files\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] F:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [WinInit] Win86.exe

O4 - HKLM\..\Run: [WinLogin] win32x.exe

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [WAPI] F:\WINDOWS\System32\wtssvsu.exe

O4 - Startup: AbsoluteShield Internet Eraser.lnk = F:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe

O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E08E8B6-D06B-4234-9E3D-CC768AEAD827}: NameServer = 217.72.64.10 217.72.64.11

O17 - HKLM\System\CS1\Services\Tcpip\..\{7E08E8B6-D06B-4234-9E3D-CC768AEAD827}: NameServer = 217.72.64.10 217.72.64.11

Share this post


Link to post
Share on other sites

Tick the boxes next to all these, then close all browser and explorer windows, and tell HijackThis to "Fix checked". Then Reboot.

 

O4 - HKLM\..\Run: [WinInit] Win86.exe

O4 - HKLM\..\Run: [WinLogin] win32x.exe

O4 - HKCU\..\Run: [WAPI] F:\WINDOWS\System32\wtssvsu.exe

 

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

 

It would be a good idea to run an online virus scan. Win86.exe may be viral.

http://www.pandasoftware.com/activescan/co...n_principal.htm

and/or http://housecall.trendmicro.com/

Share this post


Link to post
Share on other sites

After 2 days of messing with this..

I too was getting this home page, also a"XXX" Start Menu shortcut, and overwrites to my hosts file. It was worse when it started. My dial-up connection was being redirected, a TIB Browser was installed, and probably a few more I don't remember anymore. AdAware would seemingly clean up some of this, but it would return on a reboot. XoftSpy found even more but could not permanently remove them. After downloading HijackThis and using it to search this and other forums, I've managed a clean sweep.

 

It involved deleteing system32.dll, mstasks1.exe, mstasks2.exe, etc. I wish now I had written it all down, but I don't have that kind of patience.

 

I've always kept up with my latest XP Critical Updates, InoculateIT signatures, and AdAware updates, but all of this infection installed very quickly. I LOVE HijackThis and this forum. I will be subscribing to the newsletter as soon as I get the site white listed on Tuesday. I found the site by googling the 213.159.117.134 ip address. Amazing! :mellow:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0