CESWXFST.SYS, TCEXFST.SYS

Just figured the solution to this!
The file that is doing this is macidwe.exe, and is starting either ceswxfst.sys or tcexfst.sys or cfexfst.sys. And They all play audio snippets off the web.

If you right click on My Computer, select Manage, go to services and applications, services, and then find the Macidwe Service. Right Click on that, select properties and change the startup type to "Disabled"

Press Ctrl+Alt+Delete and kill all processes you know are associated with this. Macidwe.exe and all the .sys files will be in the Windows/system32 folder, so just find the ones you see pop up when sounds play and delete them.

You should no longer have the problem. I think i just posted the first solution to this on the web :D

So far i have seen little evidence to indicate a privacy breach, and it is probably most likely that the software was made to cause irritation, but i have no idea who made it, or alternatively what other risks it poses. I think i got it from a duff keygen or crack for Photoshop CS3 (Serves me right)

I also found other files that are responsible - Wserving.exe, Sobicyt.exe Nobicyt and Perfs.exe, known as Perfmons. All off these should be deleted from the system32 folder, as well as blocked in service management. I have a suspicion that Perfs.exe or Wserving may be the key file that keeps making these processes.

Oh and Afinding.exe, wow this is some evil malware!

And routing.exe

Im pretty sure thats the last of it. Hopefully no more will be created when i start up again tommorow.

I had to remove all of these (although it's possible this is more than one infection/problem):

afinding.exe
edtxfst.sys
macidwe.exe
Nobicyt.exe
perfs.exe
routing.exe
sobicyt.exe
tdxdowkc.exe
wserving.exe

I heard a woman giggling. Also, at one point I sneezed and I could have sworn a text-to-speech voice said "gesundheit".

These files also appear in c/windows/prefetch, might wanna delete from there too

Thankyou Ehsan and everyone else that posted on this topic, I have disabled and removed all of the files mentioned. Lets hope they do not come back.

Thank you all guys for your assistance. My laptop kept playing random sound clips at random times. I read all your posts and disabled and deleted all suspected files. So far my computer hasn't played these clips at all so it has appeared to work. This is my work computer and my IT guy lives and swears by Symantec, which did not catch any of these files at all. I keep hounding him about not using Symantec, but obviously that has gotten me nowhere. One thing I did notice though. On the icon for the sobicyt.exe file, I had to squint to read it, but it read TS Online. I googled TS Online and it pulled up various links to "gaming" sites among a few sites regarding online learning. One of these sites might be a mirror site that keeps planting these files on our PC's. Anyway, thanks for the help guys.

Cfexfst.sys
atsxyzd.sys
routing.exe
wserving.exe
tcexfst.sys
tdxdowkc.exe
Nobicyt.exe
macidwe.exe
msudks.exe
dxtxfst.sys
afinding.exe
edtxfst.sys
perfs.exe
sobicyt.exe

there are all the files i had and the mcafee cleaned 6 trojans that originated from the perfs.exe application
it seems that my infection is more sericous because i have more files then you guys stated earlier
but i am going to all the things you suggested to rid my computer of these horrible files because they were not picked up on any of my scanners except the trojans but most of the files returned to my comp after a few days i will try the new methods and get back to you

All the sys files are generated and run by the applications made by perfs.exe. the exe's are the ones that are making the problems so dont worry if you have all these sys files going at you.

I hate to bust your bubbles, but I have the same problem of radio and other snippets playing at random; I tried what was suggested and found NONE of those files!

So what's my problem?

I too followed the suggestions and found and deleted all the files. My Norton anti virus program keeps picking up however the following exe files with different ending and beginning numbers. A0090039.exe. Norton is putting them in quarntine. I'm not sure of the source. Any suggestions? Can I delete the source once I find out what it is?

I think i figured it out guys

when you get into the computer management, disable all files that have ______ corporation. I.E afinding service or wserving... E.X you should see ''wsering corperation'' in the discription.

After you delete the exe files in safe mode
delete the services causing the problems by typing sc delete ______ Service

Careful you don't delete the wrong service!

Regrun worked for me when the trojan came back

I am having the same problem. The only thing is that I have looked every where for the files that you all have listed on the page and I can't find them. I still keep getting the music, radio station and other non sense on the speakers. I press F5 and it refreshes the screen and goes away. It will periodically reappear and I have to hit F5 to get rid of it again. There must be something that we can do or it will come back over and over and over again. I have been going through this for the last 4 months now. It sucks. I leave my speakers off just so I don't hear it. Also from time to time I get a pop up with a broken link. Pretty sure that comes with whats going on. I run Spybot non stop but that doesn't work, then Regcure and doesn't work and the virus systems that I have don't pick up crap. I used Norton 360 and Avast. Need some serious help.

Now I am having trouble getting rid of another malicious file that surfs the internet on hidden web pages 6LN0dYGS.exe, I delete the file from my system32 folder and it continues to come back. Any suggestions?

J - Has the random sound issue been solved ? I see no postings in September. My son's DEll laptop has this problem.
I had to clear over 100 Trojaan viruses from its hard drive. But the random sound still remains an issue. I will try the
things mentioned in this forum. tks