rasdrywall,

See if the little program here corrects the problem.

Carole Anne,

I'm glad to hear that changing the attribute of the autoexec.nt file worked for you, but there is something else going on in your system. The autoexec.nt file should not be read only in a standard configuration.

With the rash of these that seem to be common, I'd suspect there is some malware out there that deletes this file. I have no clue as to exactly what it might be though.

Carole Anne, could you post a HiJackThis log for me to check?

Download HijackThis from this HijackThis Download Site.

Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Unzip HijackThis into this folder. If required a tutorial is here.

Run HijackThis by opening the C:\HJT folder and double clicking on the Hijackthis.exe file. Click on "None of the above, just start the program", Click on the Scan button and then on the Save Log button. After specifying the save path (keeping the logs in C:\HJT is a good idea) NotePad will open. Right click and Select All, then right click again and select Copy.

Create a reply to this post, and right click in the message area and select paste to paste the log into the post.

Thanks.

I hope this worked.

Logfile of HijackThis v1.99.0
Scan saved at 4:49:10 PM, on 2/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\PROGRA~1\mcafee.com\agent\mcupdate.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
F:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
F:\Program Files\Windows FormatAd\WinForm.exe
F:\WINDOWS\System32\CTsvcCDA.exe
F:\progra~1\mcafee\MCAFEE~1\MssCli.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\Messenger\msmsgs.exe
f:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
F:\Program Files\Windows FormatAd\WinFormKeep.exe
F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
F:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\BullsEye Network\bin\bargains.exe
F:\Program Files\Outlook Express\msimn.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
F:\Documents and Settings\Herb Grunthal\Local Settings\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe
F:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - F:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - F:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - F:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] F:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MPTBox] F:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [diagent] "F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] F:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows FormatAd] F:\Program Files\Windows FormatAd\WinForm.exe
O4 - HKLM\..\Run: [_AntiSpyware] f:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MyWebSearch Email Plugin.lnk = F:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = F:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSXXXXXX40US
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://mn104.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0636a4354bc1e900eb01/netzip/RdxIE601.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4405/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner - McAfee, Inc. - f:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MpService - Canon Inc. - F:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown - F:\WINDOWS\zeta.exe

Thanks from Dotbie.

Thank you Dotbie, that's exactly what I needed.

I did see at least 8 different malware infection in that log. If your machine is giving you any problems, you may want to post over in the Dell virus removal board or on one of the A-SAP websites.

Thank you ddeerrff. I contacted the A-Sap site and their Hijackthis program corrected my problem.