fxsesmui.exe file a regular system file?

I am currently working on a users laptop that has a few issues. I had to do a repair install of windows, Windows Scripting had been removed, and was unable to get it reinstalled. Now I was finnally able to get Norton installed, but it wont open. I went to msconfig and saw fxsesmui.exe listed twice under startup. I disabled them, rebooted, and they re-checked themselves in msconfig after reboot. Also, task manager is showing several tasks as blank names, or the names are in strange characters, or squares (like when a font is not present and it cant find a suitable one to replace it). All online virus scans have shown nothing, even pulled the HDD and ran a norton scan on it from another PC, found several virsues that it removed. Also had CWS on it, used CWShredder to get rid of it. I can provide a HJT Log if needed. Im just really wondering if anybody has ever seen fxsesmui.exe before. I feel like it is behind most of these problems, and I wont let me end the process. File is located in c:/windows/system32.

 

Quick update:

sarc.com's online virus scan picked up a virus in fxsesmui.exe. Doesnt give an actual name for it though, just says Backdoor.Trojan. Removing the lines from HJT that involve fxsesmui.exe does nothing to help, they just come right back.

 

Try the following:

Download the following files:
http://www.sophos.com/tools/sav32sfx.exe
http://www.sophos.com/downloads/ide/ides.zip

launch sav32sfx.exe it will look to unpack to C:\SAV32CLI.
Unpack ides.zip to C:\SAV32CLI and perform the following steps:

Reboot the machine into safe mode with command prompt (F8 at startup).

type: CD C:\SAV32CLI
type: SAV32CLI C: -di -dn -all -p=C:\SAV32CLI\dis.txt
type: SAV32CLI C: -remove -all -p=C:\SAV32CLI\remove.txt
(N.B. Full information can be found in C:\SAV32CLI\READCLI.TXT -all is overkill really and will take much longer to complete)

Follow any on-screen prompts.
Step 5 is only really worth running if Step 4 finds a virus which isn't dealt with.

Hope this helps.

Cheers

Pr0phet

 

Just went thru registry and found 3 spots where it listed fxsesmui.exe. One of them was attached to the userinit, seems like that might be where it is redoing itself when windows logs onto a user. Is it safe to remove the fxsesmui.exe from this part, but leave the userinit intact? Im trying to figure out if this is the real problem with why Norton AV wont run when I double click on it. Also had to rename Adaware's main program file to run it, didnt work with NAV though. Also, is it safe to boot to DOS mode and delete fxsesmui file completely?

 

try disabling system restore before running the virus scan, as the virus may be in those files and hence it keeps coming back...

 

Well we finnally decided its taking too much time, so we are going to grab the files he needs and fdisk it. Thanks for your guys help, I just couldnt find anything online about fxsesmui.exe.

 

It's probably a randomly generated file name. Running the scans should be enough identify the files.