Sign in with
Sign up | Sign in
Your question

Autoexec.nt file missing?

Last response: in Windows XP
Share
Anonymous
November 20, 2004 11:41:01 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I'm using XP Home with SP2. I've tried to install a number of programs
recently (since SP2). Some recent Microsoft downloads, and another rather
old program throw up the message

16 bit window subsystem
C:\Windows\System32\Autoexec.nt - the sytem file is not suitable for running
MS-DOS or Microsoft Windows applications. Choose 'close' to terminate the
application.

The only other program I have installed recently did so without question.
There is no file called "autoexec.nt" or "autoexec" with any extension in
that directory. Should there be?

There is no file of this name in Windows\Driver Cache\I386 or
Windows\System32\dllcache

More about : autoexec file missing

Anonymous
November 20, 2004 12:50:23 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

The file is located in the Windows\system32 folder

"Sebastian" <Sebastian@discussions.microsoft.com> wrote in message news:0644DFC3-E256-4FAD-B403-4402E541EAA6@microsoft.com...
> I'm using XP Home with SP2. I've tried to install a number of programs
> recently (since SP2). Some recent Microsoft downloads, and another rather
> old program throw up the message
>Snip>
Anonymous
November 20, 2004 7:50:18 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Hi

Please see if the following article helps:

"Error Message When You Install or Start an MS-DOS or 16-Bit Windows Based
Program"
http://support.microsoft.com/?kbid=324767

--

Will Denny
MS-MVP - Windows Shell/User
Please reply to the News Groups


"Sebastian" <Sebastian@discussions.microsoft.com> wrote in message
news:0644DFC3-E256-4FAD-B403-4402E541EAA6@microsoft.com...
> I'm using XP Home with SP2. I've tried to install a number of programs
> recently (since SP2). Some recent Microsoft downloads, and another rather
> old program throw up the message
>
> 16 bit window subsystem
> C:\Windows\System32\Autoexec.nt - the sytem file is not suitable for
> running
> MS-DOS or Microsoft Windows applications. Choose 'close' to terminate the
> application.
>
> The only other program I have installed recently did so without question.
> There is no file called "autoexec.nt" or "autoexec" with any extension in
> that directory. Should there be?
>
> There is no file of this name in Windows\Driver Cache\I386 or
> Windows\System32\dllcache
>
>
>
>
>
Related resources
Anonymous
November 20, 2004 7:50:19 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

"Will Denny" wrote:
> Please see if the following article helps:
>
> "Error Message When You Install or Start an MS-DOS or 16-Bit Windows Based
> Program"
> http://support.microsoft.com/?kbid=324767
>
Thanks - I had seen this article, but its solution was to expand from the
i386 directory, which doesn't have this file int it.

I've now read it again, and there are other steps I can take later in the
article. I'll try those.
Anonymous
November 20, 2004 7:50:20 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Hi Sebastian,

You could also try copying the autoexec.nt file from the C:\Windows\Repair
folder to the C:\Windows\System folder.

In addition, have a look at these two threads:

http://groups.google.com/groups?threadm=8PCdnSzBqtmadsP...

http://groups.google.com/groups?selm=5f6f139.0409140618...
oogle.com



Regards,

--
Patti MacLeod
Microsoft MVP - Windows Shell/User

"Sebastian" <Sebastian@discussions.microsoft.com> wrote in message
news:35EA1BBD-A98A-4E5F-86C9-038569FBD6F6@microsoft.com...
> "Will Denny" wrote:
> > Please see if the following article helps:
> >
> > "Error Message When You Install or Start an MS-DOS or 16-Bit Windows
Based
> > Program"
> > http://support.microsoft.com/?kbid=324767
> >
> Thanks - I had seen this article, but its solution was to expand from the
> i386 directory, which doesn't have this file int it.
>
> I've now read it again, and there are other steps I can take later in the
> article. I'll try those.
Anonymous
November 20, 2004 11:26:21 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

"JerryM (ID)" wrote:
> The file is located in the Windows\system32 folder

I didn't really phrase my question properly. I had already discovered that
the file is missing from that directory and I was trying to locate another
copy to put there. As I understand it (you can see I'm a new user) this used
to be windows\driver cache\i386 and [since SP2] windows\sustem32zdllcache.

"Patti MacLeod" suggested two refences. The second wasn't available, the
first was helpful.

Thanks for all clues - I'll have more if they're availabe because, being
naive, I keep thinking I might learn to understand all this stuff one day.
Anonymous
November 23, 2004 2:04:46 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file in
your C:\WINNT\System32| folder AND keep it there, please let me know how you
managed it. Everytime I put the file into the system32 folder it is deleted
the next time I reboot. No body seems to know why this happens It's
obviously something to do with the Windows XP file protection feature but no
one can tell me what to do to stop the deletion.
Also when people tell you that the folder you are to put the AUTOEXEC.NT
file in is your C:\Windows\System32\ folder they are incorrect. It's the
C:\WINNT\System32| folder. People for some reason keep saying it's the
C:\Windows|System32 folder. (Ido realize thats what the Microsoft articles
say but ther're wrong)
If any of these experts that answered your question can tell me how to stop
the deletion problem please do it!

NevBud

Sebastian <Sebastian@discussions.microsoft.com> wrote in message
news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
> "JerryM (ID)" wrote:
> > The file is located in the Windows\system32 folder
>
> I didn't really phrase my question properly. I had already discovered
that
> the file is missing from that directory and I was trying to locate another
> copy to put there. As I understand it (you can see I'm a new user) this
used
> to be windows\driver cache\i386 and [since SP2] windows\sustem32zdllcache.
>
> "Patti MacLeod" suggested two refences. The second wasn't available, the
> first was helpful.
>
> Thanks for all clues - I'll have more if they're availabe because, being
> naive, I keep thinking I might learn to understand all this stuff one day.
>
>
Anonymous
November 23, 2004 11:00:37 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Bud Norris wrote:
> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file in
> your C:\WINNT\System32| folder AND keep it there, please let me know how
> you managed it. Everytime I put the file into the system32 folder it is
> deleted the next time I reboot. No body seems to know why this happens
> It's obviously something to do with the Windows XP file protection

Actually, it is probably due to some 3rd party application you have
installed. There are a couple of programs in the "wild" known to cause this
kind of behaviour. Suggest you examine your system to see what you have
welcomed into your home. ;) 

--

....Sky

================



> feature but no one can tell me what to do to stop the deletion.
> Also when people tell you that the folder you are to put the AUTOEXEC.NT
> file in is your C:\Windows\System32\ folder they are incorrect. It's the
> C:\WINNT\System32| folder. People for some reason keep saying it's the
> C:\Windows|System32 folder. (Ido realize thats what the Microsoft articles
> say but ther're wrong)
> If any of these experts that answered your question can tell me how to
> stop the deletion problem please do it!
>
> NevBud
>
> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>> "JerryM (ID)" wrote:
>>> The file is located in the Windows\system32 folder
>>
>> I didn't really phrase my question properly. I had already discovered
>> that the file is missing from that directory and I was trying to locate
>> another copy to put there. As I understand it (you can see I'm a new
>> user) this used to be windows\driver cache\i386 and [since SP2]
>> windows\sustem32zdllcache.
>>
>> "Patti MacLeod" suggested two refences. The second wasn't available, the
>> first was helpful.
>>
>> Thanks for all clues - I'll have more if they're availabe because, being
>> naive, I keep thinking I might learn to understand all this stuff one
>> day.
Anonymous
November 25, 2004 2:45:20 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

If you make the file read only it will stay put. Also in XP it sits in the
windows/system32 directory.

"Bud Norris" <bdev605@prodigy.net> wrote in message
news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file in
> your C:\WINNT\System32| folder AND keep it there, please let me know how
> you
> managed it. Everytime I put the file into the system32 folder it is
> deleted
> the next time I reboot. No body seems to know why this happens It's
> obviously something to do with the Windows XP file protection feature but
> no
> one can tell me what to do to stop the deletion.
> Also when people tell you that the folder you are to put the AUTOEXEC.NT
> file in is your C:\Windows\System32\ folder they are incorrect. It's the
> C:\WINNT\System32| folder. People for some reason keep saying it's the
> C:\Windows|System32 folder. (Ido realize thats what the Microsoft articles
> say but ther're wrong)
> If any of these experts that answered your question can tell me how to
> stop
> the deletion problem please do it!
>
> NevBud
>
> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>> "JerryM (ID)" wrote:
>> > The file is located in the Windows\system32 folder
>>
>> I didn't really phrase my question properly. I had already discovered
> that
>> the file is missing from that directory and I was trying to locate
>> another
>> copy to put there. As I understand it (you can see I'm a new user) this
> used
>> to be windows\driver cache\i386 and [since SP2]
>> windows\sustem32zdllcache.
>>
>> "Patti MacLeod" suggested two refences. The second wasn't available, the
>> first was helpful.
>>
>> Thanks for all clues - I'll have more if they're availabe because, being
>> naive, I keep thinking I might learn to understand all this stuff one
>> day.
>>
>>
>
>
Anonymous
November 25, 2004 10:20:00 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Some OEM's decided to make the \%systemroot% ("windows") directory C:\WINNT
instead of C:\WINDOWS
Why? Who knows? Who cares? One is not really "correct" over the other.

"Bullwinkle. J. Moose" <moose.nyc@nospam.verizon.net> wrote in message
news:%23MO1dmq0EHA.1452@TK2MSFTNGP11.phx.gbl...
> If you make the file read only it will stay put. Also in XP it sits in the
> windows/system32 directory.
>
> "Bud Norris" <bdev605@prodigy.net> wrote in message
> news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file
>> in
>> your C:\WINNT\System32| folder AND keep it there, please let me know how
>> you
>> managed it. Everytime I put the file into the system32 folder it is
>> deleted
>> the next time I reboot. No body seems to know why this happens It's
>> obviously something to do with the Windows XP file protection feature but
>> no
>> one can tell me what to do to stop the deletion.
>> Also when people tell you that the folder you are to put the AUTOEXEC.NT
>> file in is your C:\Windows\System32\ folder they are incorrect. It's the
>> C:\WINNT\System32| folder. People for some reason keep saying it's the
>> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
>> articles
>> say but ther're wrong)
>> If any of these experts that answered your question can tell me how to
>> stop
>> the deletion problem please do it!
>>
>> NevBud
>>
>> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>>> "JerryM (ID)" wrote:
>>> > The file is located in the Windows\system32 folder
>>>
>>> I didn't really phrase my question properly. I had already discovered
>> that
>>> the file is missing from that directory and I was trying to locate
>>> another
>>> copy to put there. As I understand it (you can see I'm a new user) this
>> used
>>> to be windows\driver cache\i386 and [since SP2]
>>> windows\sustem32zdllcache.
>>>
>>> "Patti MacLeod" suggested two refences. The second wasn't available,
>>> the
>>> first was helpful.
>>>
>>> Thanks for all clues - I'll have more if they're availabe because, being
>>> naive, I keep thinking I might learn to understand all this stuff one
>>> day.
>>>
>>>
>>
>>
>
>
Anonymous
November 25, 2004 10:20:01 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I have had this same problem for the last couple of weeks and it was also
driving me crazy trying to get the file to remain in system32 after restart.
I just went into system32, changed the file to read only and restarted my
computer. Great news! The file is still there! Thanks so much for the help!!

"XPUSER" wrote:

> Some OEM's decided to make the \%systemroot% ("windows") directory C:\WINNT
> instead of C:\WINDOWS
> Why? Who knows? Who cares? One is not really "correct" over the other.
>
> "Bullwinkle. J. Moose" <moose.nyc@nospam.verizon.net> wrote in message
> news:%23MO1dmq0EHA.1452@TK2MSFTNGP11.phx.gbl...
> > If you make the file read only it will stay put. Also in XP it sits in the
> > windows/system32 directory.
> >
> > "Bud Norris" <bdev605@prodigy.net> wrote in message
> > news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
> >> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file
> >> in
> >> your C:\WINNT\System32| folder AND keep it there, please let me know how
> >> you
> >> managed it. Everytime I put the file into the system32 folder it is
> >> deleted
> >> the next time I reboot. No body seems to know why this happens It's
> >> obviously something to do with the Windows XP file protection feature but
> >> no
> >> one can tell me what to do to stop the deletion.
> >> Also when people tell you that the folder you are to put the AUTOEXEC.NT
> >> file in is your C:\Windows\System32\ folder they are incorrect. It's the
> >> C:\WINNT\System32| folder. People for some reason keep saying it's the
> >> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
> >> articles
> >> say but ther're wrong)
> >> If any of these experts that answered your question can tell me how to
> >> stop
> >> the deletion problem please do it!
> >>
> >> NevBud
> >>
> >> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> >> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
> >>> "JerryM (ID)" wrote:
> >>> > The file is located in the Windows\system32 folder
> >>>
> >>> I didn't really phrase my question properly. I had already discovered
> >> that
> >>> the file is missing from that directory and I was trying to locate
> >>> another
> >>> copy to put there. As I understand it (you can see I'm a new user) this
> >> used
> >>> to be windows\driver cache\i386 and [since SP2]
> >>> windows\sustem32zdllcache.
> >>>
> >>> "Patti MacLeod" suggested two refences. The second wasn't available,
> >>> the
> >>> first was helpful.
> >>>
> >>> Thanks for all clues - I'll have more if they're availabe because, being
> >>> naive, I keep thinking I might learn to understand all this stuff one
> >>> day.
> >>>
> >>>
> >>
> >>
> >
> >
>
>
>
Anonymous
November 25, 2004 11:37:00 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

The real question is what is causing this to happen in the first place.
No doubt the work of some virus or spyware or combination thereof.
=================================================

"gojeffie" <gojeffie@discussions.microsoft.com> wrote in message
news:9D7E09B4-37A6-45BE-8DCF-9C55F8B9F353@microsoft.com...
>I have had this same problem for the last couple of weeks and it was also
> driving me crazy trying to get the file to remain in system32 after
> restart.
> I just went into system32, changed the file to read only and restarted my
> computer. Great news! The file is still there! Thanks so much for the
> help!!
>
> "XPUSER" wrote:
>
>> Some OEM's decided to make the \%systemroot% ("windows") directory
>> C:\WINNT
>> instead of C:\WINDOWS
>> Why? Who knows? Who cares? One is not really "correct" over the other.
>>
>> "Bullwinkle. J. Moose" <moose.nyc@nospam.verizon.net> wrote in message
>> news:%23MO1dmq0EHA.1452@TK2MSFTNGP11.phx.gbl...
>> > If you make the file read only it will stay put. Also in XP it sits in
>> > the
>> > windows/system32 directory.
>> >
>> > "Bud Norris" <bdev605@prodigy.net> wrote in message
>> > news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>> >> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT
>> >> file
>> >> in
>> >> your C:\WINNT\System32| folder AND keep it there, please let me know
>> >> how
>> >> you
>> >> managed it. Everytime I put the file into the system32 folder it is
>> >> deleted
>> >> the next time I reboot. No body seems to know why this happens It's
>> >> obviously something to do with the Windows XP file protection feature
>> >> but
>> >> no
>> >> one can tell me what to do to stop the deletion.
>> >> Also when people tell you that the folder you are to put the
>> >> AUTOEXEC.NT
>> >> file in is your C:\Windows\System32\ folder they are incorrect. It's
>> >> the
>> >> C:\WINNT\System32| folder. People for some reason keep saying it's the
>> >> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
>> >> articles
>> >> say but ther're wrong)
>> >> If any of these experts that answered your question can tell me how to
>> >> stop
>> >> the deletion problem please do it!
>> >>
>> >> NevBud
>> >>
>> >> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>> >> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>> >>> "JerryM (ID)" wrote:
>> >>> > The file is located in the Windows\system32 folder
>> >>>
>> >>> I didn't really phrase my question properly. I had already
>> >>> discovered
>> >> that
>> >>> the file is missing from that directory and I was trying to locate
>> >>> another
>> >>> copy to put there. As I understand it (you can see I'm a new user)
>> >>> this
>> >> used
>> >>> to be windows\driver cache\i386 and [since SP2]
>> >>> windows\sustem32zdllcache.
>> >>>
>> >>> "Patti MacLeod" suggested two refences. The second wasn't available,
>> >>> the
>> >>> first was helpful.
>> >>>
>> >>> Thanks for all clues - I'll have more if they're availabe because,
>> >>> being
>> >>> naive, I keep thinking I might learn to understand all this stuff one
>> >>> day.
>> >>>
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>>
Anonymous
November 25, 2004 11:37:01 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I use Norton antivirus with auto updates. It scans entire computer every
other day with no virus ever found. Have had some adware but this only
started when I downloaded SP2 from cd and restarted. No problem prior to that.

"XPUSER" wrote:

> The real question is what is causing this to happen in the first place.
> No doubt the work of some virus or spyware or combination thereof.
> =================================================
>
> "gojeffie" <gojeffie@discussions.microsoft.com> wrote in message
> news:9D7E09B4-37A6-45BE-8DCF-9C55F8B9F353@microsoft.com...
> >I have had this same problem for the last couple of weeks and it was also
> > driving me crazy trying to get the file to remain in system32 after
> > restart.
> > I just went into system32, changed the file to read only and restarted my
> > computer. Great news! The file is still there! Thanks so much for the
> > help!!
> >
> > "XPUSER" wrote:
> >
> >> Some OEM's decided to make the \%systemroot% ("windows") directory
> >> C:\WINNT
> >> instead of C:\WINDOWS
> >> Why? Who knows? Who cares? One is not really "correct" over the other.
> >>
> >> "Bullwinkle. J. Moose" <moose.nyc@nospam.verizon.net> wrote in message
> >> news:%23MO1dmq0EHA.1452@TK2MSFTNGP11.phx.gbl...
> >> > If you make the file read only it will stay put. Also in XP it sits in
> >> > the
> >> > windows/system32 directory.
> >> >
> >> > "Bud Norris" <bdev605@prodigy.net> wrote in message
> >> > news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
> >> >> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT
> >> >> file
> >> >> in
> >> >> your C:\WINNT\System32| folder AND keep it there, please let me know
> >> >> how
> >> >> you
> >> >> managed it. Everytime I put the file into the system32 folder it is
> >> >> deleted
> >> >> the next time I reboot. No body seems to know why this happens It's
> >> >> obviously something to do with the Windows XP file protection feature
> >> >> but
> >> >> no
> >> >> one can tell me what to do to stop the deletion.
> >> >> Also when people tell you that the folder you are to put the
> >> >> AUTOEXEC.NT
> >> >> file in is your C:\Windows\System32\ folder they are incorrect. It's
> >> >> the
> >> >> C:\WINNT\System32| folder. People for some reason keep saying it's the
> >> >> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
> >> >> articles
> >> >> say but ther're wrong)
> >> >> If any of these experts that answered your question can tell me how to
> >> >> stop
> >> >> the deletion problem please do it!
> >> >>
> >> >> NevBud
> >> >>
> >> >> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> >> >> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
> >> >>> "JerryM (ID)" wrote:
> >> >>> > The file is located in the Windows\system32 folder
> >> >>>
> >> >>> I didn't really phrase my question properly. I had already
> >> >>> discovered
> >> >> that
> >> >>> the file is missing from that directory and I was trying to locate
> >> >>> another
> >> >>> copy to put there. As I understand it (you can see I'm a new user)
> >> >>> this
> >> >> used
> >> >>> to be windows\driver cache\i386 and [since SP2]
> >> >>> windows\sustem32zdllcache.
> >> >>>
> >> >>> "Patti MacLeod" suggested two refences. The second wasn't available,
> >> >>> the
> >> >>> first was helpful.
> >> >>>
> >> >>> Thanks for all clues - I'll have more if they're availabe because,
> >> >>> being
> >> >>> naive, I keep thinking I might learn to understand all this stuff one
> >> >>> day.
> >> >>>
> >> >>>
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >>
>
>
>
Anonymous
November 25, 2004 12:54:27 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

OK - Just a thought though - Norton is not infallable - could try a second
opinion:

Free Online Anti Virus Scanners:

Panda ActiveScan
http://www.pandasoftware.com/activescan/

TrendMicro Houscall Anti Virus Scan
http://housecall.trendmicro.com/

McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp

Computer Associates
http://www3.ca.com/securityadvisor/virusinfo/default.as...


Free Anti Spyware programs-

Ad-Aware SE
http://www.lavasoft.de/ms/index.htm

Spybot - Search & Destroy 1.2
http://www.safer-networking.org/microsoft.en.html

SpywareBlaster 3.2
http://www.javacoolsoftware.com/spywareblaster.html

=========================================================

"gojeffie" <gojeffie@discussions.microsoft.com> wrote in message
news:FE75D919-AD36-41D4-87CD-B529C26C9DE0@microsoft.com...
>I use Norton antivirus with auto updates. It scans entire computer every
> other day with no virus ever found. Have had some adware but this only
> started when I downloaded SP2 from cd and restarted. No problem prior to
> that.
>
> "XPUSER" wrote:
>
>> The real question is what is causing this to happen in the first place.
>> No doubt the work of some virus or spyware or combination thereof.
>> =================================================
>>
>> "gojeffie" <gojeffie@discussions.microsoft.com> wrote in message
>> news:9D7E09B4-37A6-45BE-8DCF-9C55F8B9F353@microsoft.com...
>> >I have had this same problem for the last couple of weeks and it was
>> >also
>> > driving me crazy trying to get the file to remain in system32 after
>> > restart.
>> > I just went into system32, changed the file to read only and restarted
>> > my
>> > computer. Great news! The file is still there! Thanks so much for the
>> > help!!
>> >
>> > "XPUSER" wrote:
>> >
>> >> Some OEM's decided to make the \%systemroot% ("windows") directory
>> >> C:\WINNT
>> >> instead of C:\WINDOWS
>> >> Why? Who knows? Who cares? One is not really "correct" over the other.
>> >>
>> >> "Bullwinkle. J. Moose" <moose.nyc@nospam.verizon.net> wrote in message
>> >> news:%23MO1dmq0EHA.1452@TK2MSFTNGP11.phx.gbl...
>> >> > If you make the file read only it will stay put. Also in XP it sits
>> >> > in
>> >> > the
>> >> > windows/system32 directory.
>> >> >
>> >> > "Bud Norris" <bdev605@prodigy.net> wrote in message
>> >> > news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>> >> >> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT
>> >> >> file
>> >> >> in
>> >> >> your C:\WINNT\System32| folder AND keep it there, please let me
>> >> >> know
>> >> >> how
>> >> >> you
>> >> >> managed it. Everytime I put the file into the system32 folder it is
>> >> >> deleted
>> >> >> the next time I reboot. No body seems to know why this happens It's
>> >> >> obviously something to do with the Windows XP file protection
>> >> >> feature
>> >> >> but
>> >> >> no
>> >> >> one can tell me what to do to stop the deletion.
>> >> >> Also when people tell you that the folder you are to put the
>> >> >> AUTOEXEC.NT
>> >> >> file in is your C:\Windows\System32\ folder they are incorrect.
>> >> >> It's
>> >> >> the
>> >> >> C:\WINNT\System32| folder. People for some reason keep saying it's
>> >> >> the
>> >> >> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
>> >> >> articles
>> >> >> say but ther're wrong)
>> >> >> If any of these experts that answered your question can tell me how
>> >> >> to
>> >> >> stop
>> >> >> the deletion problem please do it!
>> >> >>
>> >> >> NevBud
>> >> >>
>> >> >> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>> >> >> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>> >> >>> "JerryM (ID)" wrote:
>> >> >>> > The file is located in the Windows\system32 folder
>> >> >>>
>> >> >>> I didn't really phrase my question properly. I had already
>> >> >>> discovered
>> >> >> that
>> >> >>> the file is missing from that directory and I was trying to locate
>> >> >>> another
>> >> >>> copy to put there. As I understand it (you can see I'm a new
>> >> >>> user)
>> >> >>> this
>> >> >> used
>> >> >>> to be windows\driver cache\i386 and [since SP2]
>> >> >>> windows\sustem32zdllcache.
>> >> >>>
>> >> >>> "Patti MacLeod" suggested two refences. The second wasn't
>> >> >>> available,
>> >> >>> the
>> >> >>> first was helpful.
>> >> >>>
>> >> >>> Thanks for all clues - I'll have more if they're availabe because,
>> >> >>> being
>> >> >>> naive, I keep thinking I might learn to understand all this stuff
>> >> >>> one
>> >> >>> day.
>> >> >>>
>> >> >>>
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
Anonymous
November 25, 2004 1:18:20 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Sorry about misspelling infallible in previous post.
==========================
"XPUSER" <XPUSER@HOTMAIL.XYZ> wrote in message
news:%23$20u9w0EHA.2180@TK2MSFTNGP10.phx.gbl...
> OK - Just a thought though - Norton is not infallable - could try a second
> opinion:
>
> Free Online Anti Virus Scanners:
>
> Panda ActiveScan
> http://www.pandasoftware.com/activescan/
>
> TrendMicro Houscall Anti Virus Scan
> http://housecall.trendmicro.com/
>
> McAfee Security - FreeScan
> http://www.mcafee.com/myapps/mfs/default.asp
>
> Computer Associates
> http://www3.ca.com/securityadvisor/virusinfo/default.as...
>
>
> Free Anti Spyware programs-
>
> Ad-Aware SE
> http://www.lavasoft.de/ms/index.htm
>
> Spybot - Search & Destroy 1.2
> http://www.safer-networking.org/microsoft.en.html
>
> SpywareBlaster 3.2
> http://www.javacoolsoftware.com/spywareblaster.html
>
> =========================================================
>
> "gojeffie" <gojeffie@discussions.microsoft.com> wrote in message
> news:FE75D919-AD36-41D4-87CD-B529C26C9DE0@microsoft.com...
>>I use Norton antivirus with auto updates. It scans entire computer every
>> other day with no virus ever found. Have had some adware but this only
>> started when I downloaded SP2 from cd and restarted. No problem prior to
>> that.
>>
>> "XPUSER" wrote:
>>
>>> The real question is what is causing this to happen in the first place.
>>> No doubt the work of some virus or spyware or combination thereof.
>>> =================================================
>>>
>>> "gojeffie" <gojeffie@discussions.microsoft.com> wrote in message
>>> news:9D7E09B4-37A6-45BE-8DCF-9C55F8B9F353@microsoft.com...
>>> >I have had this same problem for the last couple of weeks and it was
>>> >also
>>> > driving me crazy trying to get the file to remain in system32 after
>>> > restart.
>>> > I just went into system32, changed the file to read only and restarted
>>> > my
>>> > computer. Great news! The file is still there! Thanks so much for the
>>> > help!!
>>> >
>>> > "XPUSER" wrote:
>>> >
>>> >> Some OEM's decided to make the \%systemroot% ("windows") directory
>>> >> C:\WINNT
>>> >> instead of C:\WINDOWS
>>> >> Why? Who knows? Who cares? One is not really "correct" over the
>>> >> other.
>>> >>
>>> >> "Bullwinkle. J. Moose" <moose.nyc@nospam.verizon.net> wrote in
>>> >> message
>>> >> news:%23MO1dmq0EHA.1452@TK2MSFTNGP11.phx.gbl...
>>> >> > If you make the file read only it will stay put. Also in XP it sits
>>> >> > in
>>> >> > the
>>> >> > windows/system32 directory.
>>> >> >
>>> >> > "Bud Norris" <bdev605@prodigy.net> wrote in message
>>> >> > news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>>> >> >> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT
>>> >> >> file
>>> >> >> in
>>> >> >> your C:\WINNT\System32| folder AND keep it there, please let me
>>> >> >> know
>>> >> >> how
>>> >> >> you
>>> >> >> managed it. Everytime I put the file into the system32 folder it
>>> >> >> is
>>> >> >> deleted
>>> >> >> the next time I reboot. No body seems to know why this happens
>>> >> >> It's
>>> >> >> obviously something to do with the Windows XP file protection
>>> >> >> feature
>>> >> >> but
>>> >> >> no
>>> >> >> one can tell me what to do to stop the deletion.
>>> >> >> Also when people tell you that the folder you are to put the
>>> >> >> AUTOEXEC.NT
>>> >> >> file in is your C:\Windows\System32\ folder they are incorrect.
>>> >> >> It's
>>> >> >> the
>>> >> >> C:\WINNT\System32| folder. People for some reason keep saying it's
>>> >> >> the
>>> >> >> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
>>> >> >> articles
>>> >> >> say but ther're wrong)
>>> >> >> If any of these experts that answered your question can tell me
>>> >> >> how to
>>> >> >> stop
>>> >> >> the deletion problem please do it!
>>> >> >>
>>> >> >> NevBud
>>> >> >>
>>> >> >> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>>> >> >> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>>> >> >>> "JerryM (ID)" wrote:
>>> >> >>> > The file is located in the Windows\system32 folder
>>> >> >>>
>>> >> >>> I didn't really phrase my question properly. I had already
>>> >> >>> discovered
>>> >> >> that
>>> >> >>> the file is missing from that directory and I was trying to
>>> >> >>> locate
>>> >> >>> another
>>> >> >>> copy to put there. As I understand it (you can see I'm a new
>>> >> >>> user)
>>> >> >>> this
>>> >> >> used
>>> >> >>> to be windows\driver cache\i386 and [since SP2]
>>> >> >>> windows\sustem32zdllcache.
>>> >> >>>
>>> >> >>> "Patti MacLeod" suggested two refences. The second wasn't
>>> >> >>> available,
>>> >> >>> the
>>> >> >>> first was helpful.
>>> >> >>>
>>> >> >>> Thanks for all clues - I'll have more if they're availabe
>>> >> >>> because,
>>> >> >>> being
>>> >> >>> naive, I keep thinking I might learn to understand all this stuff
>>> >> >>> one
>>> >> >>> day.
>>> >> >>>
>>> >> >>>
>>> >> >>
>>> >> >>
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >>
>>>
>>>
>>>
>
>
Anonymous
November 25, 2004 1:40:57 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

It doesn't reside in the Windows\System32 folder on my machine!


--
NevBud

Winners: They have the guts to face the envy and hatred of the losers and
the wrath of the gods.
Bullwinkle. J. Moose <moose.nyc@nospam.verizon.net> wrote in message
news:#MO1dmq0EHA.1452@TK2MSFTNGP11.phx.gbl...
> If you make the file read only it will stay put. Also in XP it sits in the
> windows/system32 directory.
>
> "Bud Norris" <bdev605@prodigy.net> wrote in message
> news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
> > Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file
in
> > your C:\WINNT\System32| folder AND keep it there, please let me know how
> > you
> > managed it. Everytime I put the file into the system32 folder it is
> > deleted
> > the next time I reboot. No body seems to know why this happens It's
> > obviously something to do with the Windows XP file protection feature
but
> > no
> > one can tell me what to do to stop the deletion.
> > Also when people tell you that the folder you are to put the AUTOEXEC.NT
> > file in is your C:\Windows\System32\ folder they are incorrect. It's the
> > C:\WINNT\System32| folder. People for some reason keep saying it's the
> > C:\Windows|System32 folder. (Ido realize thats what the Microsoft
articles
> > say but ther're wrong)
> > If any of these experts that answered your question can tell me how to
> > stop
> > the deletion problem please do it!
> >
> > NevBud
> >
> > Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> > news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
> >> "JerryM (ID)" wrote:
> >> > The file is located in the Windows\system32 folder
> >>
> >> I didn't really phrase my question properly. I had already discovered
> > that
> >> the file is missing from that directory and I was trying to locate
> >> another
> >> copy to put there. As I understand it (you can see I'm a new user)
this
> > used
> >> to be windows\driver cache\i386 and [since SP2]
> >> windows\sustem32zdllcache.
> >>
> >> "Patti MacLeod" suggested two refences. The second wasn't available,
the
> >> first was helpful.
> >>
> >> Thanks for all clues - I'll have more if they're availabe because,
being
> >> naive, I keep thinking I might learn to understand all this stuff one
> >> day.
> >>
> >>
> >
> >
>
>
Anonymous
November 25, 2004 1:42:11 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Yeah. My machine was created by Gateway and they did just that.

--
NevBud

Winners: They have the guts to face the envy and hatred of the losers and
the wrath of the gods.
XPUSER <XPUSER@HOTMAIL.XYZ> wrote in message
news:eI$Bbnv0EHA.1308@TK2MSFTNGP09.phx.gbl...
> Some OEM's decided to make the \%systemroot% ("windows") directory
C:\WINNT
> instead of C:\WINDOWS
> Why? Who knows? Who cares? One is not really "correct" over the other.
>
> "Bullwinkle. J. Moose" <moose.nyc@nospam.verizon.net> wrote in message
> news:%23MO1dmq0EHA.1452@TK2MSFTNGP11.phx.gbl...
> > If you make the file read only it will stay put. Also in XP it sits in
the
> > windows/system32 directory.
> >
> > "Bud Norris" <bdev605@prodigy.net> wrote in message
> > news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
> >> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file
> >> in
> >> your C:\WINNT\System32| folder AND keep it there, please let me know
how
> >> you
> >> managed it. Everytime I put the file into the system32 folder it is
> >> deleted
> >> the next time I reboot. No body seems to know why this happens It's
> >> obviously something to do with the Windows XP file protection feature
but
> >> no
> >> one can tell me what to do to stop the deletion.
> >> Also when people tell you that the folder you are to put the
AUTOEXEC.NT
> >> file in is your C:\Windows\System32\ folder they are incorrect. It's
the
> >> C:\WINNT\System32| folder. People for some reason keep saying it's the
> >> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
> >> articles
> >> say but ther're wrong)
> >> If any of these experts that answered your question can tell me how to
> >> stop
> >> the deletion problem please do it!
> >>
> >> NevBud
> >>
> >> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> >> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
> >>> "JerryM (ID)" wrote:
> >>> > The file is located in the Windows\system32 folder
> >>>
> >>> I didn't really phrase my question properly. I had already discovered
> >> that
> >>> the file is missing from that directory and I was trying to locate
> >>> another
> >>> copy to put there. As I understand it (you can see I'm a new user)
this
> >> used
> >>> to be windows\driver cache\i386 and [since SP2]
> >>> windows\sustem32zdllcache.
> >>>
> >>> "Patti MacLeod" suggested two refences. The second wasn't available,
> >>> the
> >>> first was helpful.
> >>>
> >>> Thanks for all clues - I'll have more if they're availabe because,
being
> >>> naive, I keep thinking I might learn to understand all this stuff one
> >>> day.
> >>>
> >>>
> >>
> >>
> >
> >
>
>
November 25, 2004 2:21:57 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Well can you believe that? I tried the suggestion of "Bullwinkle" and
changed the file's properties to "read only" and it doesn't get deleted upon
boot. I'm flabbergasted that such a simple thing could resolve this deletion
problem! Even if the root cause of the original problem of the file being
deleted in the first place, is still unknown, at least I can live with it
until I can discover what caused it.
I've put this problem to all kind of places on the Web (I use both Terry and
Bud Norris) and even to my computer OEM (Gateway) and nobody ever thought of
changing the file's properties.
Many, many thanks to Bullwinkle!

"Bud Norris" <bdev605@prodigy.net> wrote in message
news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file in
> your C:\WINNT\System32| folder AND keep it there, please let me know how
you
> managed it. Everytime I put the file into the system32 folder it is
deleted
> the next time I reboot. No body seems to know why this happens It's
> obviously something to do with the Windows XP file protection feature but
no
> one can tell me what to do to stop the deletion.
> Also when people tell you that the folder you are to put the AUTOEXEC.NT
> file in is your C:\Windows\System32\ folder they are incorrect. It's the
> C:\WINNT\System32| folder. People for some reason keep saying it's the
> C:\Windows|System32 folder. (Ido realize thats what the Microsoft articles
> say but ther're wrong)
> If any of these experts that answered your question can tell me how to
stop
> the deletion problem please do it!
>
> NevBud
>
> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
> > "JerryM (ID)" wrote:
> > > The file is located in the Windows\system32 folder
> >
> > I didn't really phrase my question properly. I had already discovered
> that
> > the file is missing from that directory and I was trying to locate
another
> > copy to put there. As I understand it (you can see I'm a new user) this
> used
> > to be windows\driver cache\i386 and [since SP2]
windows\sustem32zdllcache.
> >
> > "Patti MacLeod" suggested two refences. The second wasn't available,
the
> > first was helpful.
> >
> > Thanks for all clues - I'll have more if they're availabe because, being
> > naive, I keep thinking I might learn to understand all this stuff one
day.
> >
> >
>
>
Anonymous
November 25, 2004 5:11:02 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I too called Microsoft support and then Dell support on more than one
occasion. Both spent hours with me trying to find the problem, but neither
was either able to solve the problem. Everytime I have had a mindboggling
computer problem, the solution came quickest by using this newsgroup. Hats
off to all of you guys out there willing to help us computer challenged
users. I have found most fixes to be simple, but I could never have solved
the problem without you. Thanks again.

"Terry" wrote:

> Well can you believe that? I tried the suggestion of "Bullwinkle" and
> changed the file's properties to "read only" and it doesn't get deleted upon
> boot. I'm flabbergasted that such a simple thing could resolve this deletion
> problem! Even if the root cause of the original problem of the file being
> deleted in the first place, is still unknown, at least I can live with it
> until I can discover what caused it.
> I've put this problem to all kind of places on the Web (I use both Terry and
> Bud Norris) and even to my computer OEM (Gateway) and nobody ever thought of
> changing the file's properties.
> Many, many thanks to Bullwinkle!
>
> "Bud Norris" <bdev605@prodigy.net> wrote in message
> news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
> > Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file in
> > your C:\WINNT\System32| folder AND keep it there, please let me know how
> you
> > managed it. Everytime I put the file into the system32 folder it is
> deleted
> > the next time I reboot. No body seems to know why this happens It's
> > obviously something to do with the Windows XP file protection feature but
> no
> > one can tell me what to do to stop the deletion.
> > Also when people tell you that the folder you are to put the AUTOEXEC.NT
> > file in is your C:\Windows\System32\ folder they are incorrect. It's the
> > C:\WINNT\System32| folder. People for some reason keep saying it's the
> > C:\Windows|System32 folder. (Ido realize thats what the Microsoft articles
> > say but ther're wrong)
> > If any of these experts that answered your question can tell me how to
> stop
> > the deletion problem please do it!
> >
> > NevBud
> >
> > Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> > news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
> > > "JerryM (ID)" wrote:
> > > > The file is located in the Windows\system32 folder
> > >
> > > I didn't really phrase my question properly. I had already discovered
> > that
> > > the file is missing from that directory and I was trying to locate
> another
> > > copy to put there. As I understand it (you can see I'm a new user) this
> > used
> > > to be windows\driver cache\i386 and [since SP2]
> windows\sustem32zdllcache.
> > >
> > > "Patti MacLeod" suggested two refences. The second wasn't available,
> the
> > > first was helpful.
> > >
> > > Thanks for all clues - I'll have more if they're availabe because, being
> > > naive, I keep thinking I might learn to understand all this stuff one
> day.
> > >
> > >
> >
> >
>
>
>
Anonymous
November 26, 2004 12:27:52 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I've wasted my time before telling people the process on how to fix. But you idiots refuse to do it. YOU HAVE NOT FIXED IT (as some setup programs will now fail).

Autoexec.nt. There is something deleting it for many people at boot or shutdown. Hopefully auditiong will show what program or virus is doing it. Most people can't use auditing so noone know what it is. Auditing records access to something (what you specify it to) in Windows. It's off by default because it slows down the computer and often noone cares.

1. Turn on auditing (this turns it on but nothing is being audited)
2. Set auditing for just this file (else you'll get millions of messages to sort through if you audit everything).


1. You must enable Auditing for the machine (in Local Security Policy - see Help).

2. You must specify what to audit. You do this the same place you set permissions (click Advanced).

Then you can read it in the Event Viewer


Audit object access
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy

Description
Determines whether to audit the event of a user accessing an object-for example, a file, folder, registry key, printer, and so forth-that has its own system access control list (SACL) specified.

If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.

Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box.

Default: No auditing.



Then set auditing for your drives in the Drives Properties - Security - Advanced - Auditing

You have to turn it on then set what is to be audited.

This is what a audit for a printer looks like

Object Open:
Object Server: Spooler
Object Type: Document
Object Name: http://smh.com.au/news/opinion/webdiary/index.html?from...
Handle ID: 9487952
Operation ID: {-,-}
Process ID: 1020
Image File Name: C:\WINDOWS\system32\spoolsv.exe
Primary User Name: SERENITY$
Primary Domain: WORKGROUP
Primary Logon ID: (0x0,0x3E7)
Client User Name: David Candy
Client Domain: SERENITY
Client Logon ID: (0x0,0xE179)
Accesses: READ_CONTROL
%%6949
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at

Big companies have programs that look through these logs. You can use a spreadsheet.

--
----------------------------------------------------------
http://www.uscricket.com
"Terry" <tllawton@prodigy.net> wrote in message news:o HDwDQy0EHA.3900@TK2MSFTNGP10.phx.gbl...
> Well can you believe that? I tried the suggestion of "Bullwinkle" and
> changed the file's properties to "read only" and it doesn't get deleted upon
> boot. I'm flabbergasted that such a simple thing could resolve this deletion
> problem! Even if the root cause of the original problem of the file being
> deleted in the first place, is still unknown, at least I can live with it
> until I can discover what caused it.
> I've put this problem to all kind of places on the Web (I use both Terry and
> Bud Norris) and even to my computer OEM (Gateway) and nobody ever thought of
> changing the file's properties.
> Many, many thanks to Bullwinkle!
>
> "Bud Norris" <bdev605@prodigy.net> wrote in message
> news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file in
>> your C:\WINNT\System32| folder AND keep it there, please let me know how
> you
>> managed it. Everytime I put the file into the system32 folder it is
> deleted
>> the next time I reboot. No body seems to know why this happens It's
>> obviously something to do with the Windows XP file protection feature but
> no
>> one can tell me what to do to stop the deletion.
>> Also when people tell you that the folder you are to put the AUTOEXEC.NT
>> file in is your C:\Windows\System32\ folder they are incorrect. It's the
>> C:\WINNT\System32| folder. People for some reason keep saying it's the
>> C:\Windows|System32 folder. (Ido realize thats what the Microsoft articles
>> say but ther're wrong)
>> If any of these experts that answered your question can tell me how to
> stop
>> the deletion problem please do it!
>>
>> NevBud
>>
>> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>> > "JerryM (ID)" wrote:
>> > > The file is located in the Windows\system32 folder
>> >
>> > I didn't really phrase my question properly. I had already discovered
>> that
>> > the file is missing from that directory and I was trying to locate
> another
>> > copy to put there. As I understand it (you can see I'm a new user) this
>> used
>> > to be windows\driver cache\i386 and [since SP2]
> windows\sustem32zdllcache.
>> >
>> > "Patti MacLeod" suggested two refences. The second wasn't available,
> the
>> > first was helpful.
>> >
>> > Thanks for all clues - I'll have more if they're availabe because, being
>> > naive, I keep thinking I might learn to understand all this stuff one
> day.
>> >
>> >
>>
>>
>
>
Anonymous
November 26, 2004 6:18:29 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

STUPID? isn't that a little harsh David? However be that as it may, please
read the following disclaimer:

Because Windows XP Home Edition does not include the Local Security Settings
Console, you can't enable Auditing on a computer running Home Edition.

I have Home Edition and I would bet most others do also.

Just how do you know we haven't fixed the problem? If you know what's
causing it please let us know.

If no anti-virus program or ad-aware program or Trojan hunting program can
find the culprit what do you expect us to do? I'm sure we would really
appreciate your suggestions, except auditing of course.

Respectfully,
--
NevBud
Winners: They have the guts to face the envy and hatred of the losers and
the wrath of the gods.

David Candy <.> wrote in message
news:#O7qJ4z0EHA.3120@TK2MSFTNGP12.phx.gbl...
I've wasted my time before telling people the process on how to fix. But you
idiots refuse to do it. YOU HAVE NOT FIXED IT (as some setup programs will
now fail).

Autoexec.nt. There is something deleting it for many people at boot or
shutdown. Hopefully auditiong will show what program or virus is doing it.
Most people can't use auditing so noone know what it is. Auditing records
access to something (what you specify it to) in Windows. It's off by default
because it slows down the computer and often noone cares.

1. Turn on auditing (this turns it on but nothing is being audited)
2. Set auditing for just this file (else you'll get millions of messages to
sort through if you audit everything).


1. You must enable Auditing for the machine (in Local Security Policy - see
Help).

2. You must specify what to audit. You do this the same place you set
permissions (click Advanced).

Then you can read it in the Event Viewer


Audit object access
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy

Description
Determines whether to audit the event of a user accessing an object-for
example, a file, folder, registry key, printer, and so forth-that has its
own system access control list (SACL) specified.

If you define this policy setting, you can specify whether to audit
successes, audit failures, or not audit the event type at all. Success
audits generate an audit entry when a user successfully accesses an object
that has a SACL specified. Failure audits generate an audit entry when a
user unsuccessfully attempts to access an object that has a SACL specified.
To set this value to no auditing, in the Properties dialog box for this
policy setting, select the Define these policy settings check box and clear
the Success and Failure check boxes.

Note that you can set a SACL on a file system object using the Security tab
in that object's Properties dialog box.

Default: No auditing.



Then set auditing for your drives in the Drives Properties - Security -
Advanced - Auditing

You have to turn it on then set what is to be audited.

This is what a audit for a printer looks like

Object Open:
Object Server: Spooler
Object Type: Document
Object Name: http://smh.com.au/news/opinion/webdiary/index.html?from...
Handle ID: 9487952
Operation ID: {-,-}
Process ID: 1020
Image File Name: C:\WINDOWS\system32\spoolsv.exe
Primary User Name: SERENITY$
Primary Domain: WORKGROUP
Primary Logon ID: (0x0,0x3E7)
Client User Name: David Candy
Client Domain: SERENITY
Client Logon ID: (0x0,0xE179)
Accesses: READ_CONTROL
%%6949
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at

Big companies have programs that look through these logs. You can use a
spreadsheet.

--
----------------------------------------------------------
http://www.uscricket.com
"Terry" <tllawton@prodigy.net> wrote in message
news:o HDwDQy0EHA.3900@TK2MSFTNGP10.phx.gbl...
> Well can you believe that? I tried the suggestion of "Bullwinkle" and
> changed the file's properties to "read only" and it doesn't get deleted
upon
> boot. I'm flabbergasted that such a simple thing could resolve this
deletion
> problem! Even if the root cause of the original problem of the file being
> deleted in the first place, is still unknown, at least I can live with it
> until I can discover what caused it.
> I've put this problem to all kind of places on the Web (I use both Terry
and
> Bud Norris) and even to my computer OEM (Gateway) and nobody ever thought
of
> changing the file's properties.
> Many, many thanks to Bullwinkle!
>
> "Bud Norris" <bdev605@prodigy.net> wrote in message
> news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file
in
>> your C:\WINNT\System32| folder AND keep it there, please let me know how
> you
>> managed it. Everytime I put the file into the system32 folder it is
> deleted
>> the next time I reboot. No body seems to know why this happens It's
>> obviously something to do with the Windows XP file protection feature but
> no
>> one can tell me what to do to stop the deletion.
>> Also when people tell you that the folder you are to put the AUTOEXEC.NT
>> file in is your C:\Windows\System32\ folder they are incorrect. It's the
>> C:\WINNT\System32| folder. People for some reason keep saying it's the
>> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
articles
>> say but ther're wrong)
>> If any of these experts that answered your question can tell me how to
> stop
>> the deletion problem please do it!
>>
>> NevBud
>>
>> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>> > "JerryM (ID)" wrote:
>> > > The file is located in the Windows\system32 folder
>> >
>> > I didn't really phrase my question properly. I had already discovered
>> that
>> > the file is missing from that directory and I was trying to locate
> another
>> > copy to put there. As I understand it (you can see I'm a new user)
this
>> used
>> > to be windows\driver cache\i386 and [since SP2]
> windows\sustem32zdllcache.
>> >
>> > "Patti MacLeod" suggested two refences. The second wasn't available,
> the
>> > first was helpful.
>> >
>> > Thanks for all clues - I'll have more if they're availabe because,
being
>> > naive, I keep thinking I might learn to understand all this stuff one
> day.
>> >
>> >
>>
>>
>
>
Anonymous
November 26, 2004 7:49:21 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Interesting - When I first became aware of this issue from a colleague
of mine that was troubleshooting someone's computer, they had found
"Wintools for IE" in the non Microsoft Services of
System Configuration Utility Services tab and so I figured that some
spyware was causing the issue.
===================================================


"Bud Norris" <bdev605@prodigy.net> wrote in message
news:uS4np4A1EHA.2196@TK2MSFTNGP14.phx.gbl...
> STUPID? isn't that a little harsh David? However be that as it may, please
> read the following disclaimer:
>
> Because Windows XP Home Edition does not include the Local Security
> Settings
> Console, you can't enable Auditing on a computer running Home Edition.
>
> I have Home Edition and I would bet most others do also.
>
> Just how do you know we haven't fixed the problem? If you know what's
> causing it please let us know.
>
> If no anti-virus program or ad-aware program or Trojan hunting program can
> find the culprit what do you expect us to do? I'm sure we would really
> appreciate your suggestions, except auditing of course.
>
> Respectfully,
> --
> NevBud
> Winners: They have the guts to face the envy and hatred of the losers and
> the wrath of the gods.
>
> David Candy <.> wrote in message
> news:#O7qJ4z0EHA.3120@TK2MSFTNGP12.phx.gbl...
> I've wasted my time before telling people the process on how to fix. But
> you
> idiots refuse to do it. YOU HAVE NOT FIXED IT (as some setup programs will
> now fail).
>
> Autoexec.nt. There is something deleting it for many people at boot or
> shutdown. Hopefully auditiong will show what program or virus is doing it.
> Most people can't use auditing so noone know what it is. Auditing records
> access to something (what you specify it to) in Windows. It's off by
> default
> because it slows down the computer and often noone cares.
>
> 1. Turn on auditing (this turns it on but nothing is being audited)
> 2. Set auditing for just this file (else you'll get millions of messages
> to
> sort through if you audit everything).
>
>
> 1. You must enable Auditing for the machine (in Local Security Policy -
> see
> Help).
>
> 2. You must specify what to audit. You do this the same place you set
> permissions (click Advanced).
>
> Then you can read it in the Event Viewer
>
>
> Audit object access
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\Audit Policy
>
> Description
> Determines whether to audit the event of a user accessing an object-for
> example, a file, folder, registry key, printer, and so forth-that has its
> own system access control list (SACL) specified.
>
> If you define this policy setting, you can specify whether to audit
> successes, audit failures, or not audit the event type at all. Success
> audits generate an audit entry when a user successfully accesses an object
> that has a SACL specified. Failure audits generate an audit entry when a
> user unsuccessfully attempts to access an object that has a SACL
> specified.
> To set this value to no auditing, in the Properties dialog box for this
> policy setting, select the Define these policy settings check box and
> clear
> the Success and Failure check boxes.
>
> Note that you can set a SACL on a file system object using the Security
> tab
> in that object's Properties dialog box.
>
> Default: No auditing.
>
>
>
> Then set auditing for your drives in the Drives Properties - Security -
> Advanced - Auditing
>
> You have to turn it on then set what is to be audited.
>
> This is what a audit for a printer looks like
>
> Object Open:
> Object Server: Spooler
> Object Type: Document
> Object Name:
> http://smh.com.au/news/opinion/webdiary/index.html?from...
> Handle ID: 9487952
> Operation ID: {-,-}
> Process ID: 1020
> Image File Name: C:\WINDOWS\system32\spoolsv.exe
> Primary User Name: SERENITY$
> Primary Domain: WORKGROUP
> Primary Logon ID: (0x0,0x3E7)
> Client User Name: David Candy
> Client Domain: SERENITY
> Client Logon ID: (0x0,0xE179)
> Accesses: READ_CONTROL
> %%6949
> Privileges: -
> Restricted Sid Count: 0
> For more information, see Help and Support Center at
>
> Big companies have programs that look through these logs. You can use a
> spreadsheet.
>
> --
> ----------------------------------------------------------
> http://www.uscricket.com
> "Terry" <tllawton@prodigy.net> wrote in message
> news:o HDwDQy0EHA.3900@TK2MSFTNGP10.phx.gbl...
>> Well can you believe that? I tried the suggestion of "Bullwinkle" and
>> changed the file's properties to "read only" and it doesn't get deleted
> upon
>> boot. I'm flabbergasted that such a simple thing could resolve this
> deletion
>> problem! Even if the root cause of the original problem of the file being
>> deleted in the first place, is still unknown, at least I can live with it
>> until I can discover what caused it.
>> I've put this problem to all kind of places on the Web (I use both Terry
> and
>> Bud Norris) and even to my computer OEM (Gateway) and nobody ever thought
> of
>> changing the file's properties.
>> Many, many thanks to Bullwinkle!
>>
>> "Bud Norris" <bdev605@prodigy.net> wrote in message
>> news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>>> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file
> in
>>> your C:\WINNT\System32| folder AND keep it there, please let me know how
>> you
>>> managed it. Everytime I put the file into the system32 folder it is
>> deleted
>>> the next time I reboot. No body seems to know why this happens It's
>>> obviously something to do with the Windows XP file protection feature
>>> but
>> no
>>> one can tell me what to do to stop the deletion.
>>> Also when people tell you that the folder you are to put the AUTOEXEC.NT
>>> file in is your C:\Windows\System32\ folder they are incorrect. It's the
>>> C:\WINNT\System32| folder. People for some reason keep saying it's the
>>> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
> articles
>>> say but ther're wrong)
>>> If any of these experts that answered your question can tell me how to
>> stop
>>> the deletion problem please do it!
>>>
>>> NevBud
>>>
>>> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>>> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>>> > "JerryM (ID)" wrote:
>>> > > The file is located in the Windows\system32 folder
>>> >
>>> > I didn't really phrase my question properly. I had already discovered
>>> that
>>> > the file is missing from that directory and I was trying to locate
>> another
>>> > copy to put there. As I understand it (you can see I'm a new user)
> this
>>> used
>>> > to be windows\driver cache\i386 and [since SP2]
>> windows\sustem32zdllcache.
>>> >
>>> > "Patti MacLeod" suggested two refences. The second wasn't available,
>> the
>>> > first was helpful.
>>> >
>>> > Thanks for all clues - I'll have more if they're availabe because,
> being
>>> > naive, I keep thinking I might learn to understand all this stuff one
>> day.
>>> >
>>> >
>>>
>>>
>>
>>
>
>
Anonymous
November 27, 2004 1:43:21 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I'm refering to all users generically.
I also don't acknowledge the legitamacy of Home. If something is happening then tough luck is Home's attitude..

--
----------------------------------------------------------
http://www.uscricket.com
"Bud Norris" <bdev605@prodigy.net> wrote in message news:uS4np4A1EHA.2196@TK2MSFTNGP14.phx.gbl...
> STUPID? isn't that a little harsh David? However be that as it may, please
> read the following disclaimer:
>
> Because Windows XP Home Edition does not include the Local Security Settings
> Console, you can't enable Auditing on a computer running Home Edition.
>
> I have Home Edition and I would bet most others do also.
>
> Just how do you know we haven't fixed the problem? If you know what's
> causing it please let us know.
>
> If no anti-virus program or ad-aware program or Trojan hunting program can
> find the culprit what do you expect us to do? I'm sure we would really
> appreciate your suggestions, except auditing of course.
>
> Respectfully,
> --
> NevBud
> Winners: They have the guts to face the envy and hatred of the losers and
> the wrath of the gods.
>
> David Candy <.> wrote in message
> news:#O7qJ4z0EHA.3120@TK2MSFTNGP12.phx.gbl...
> I've wasted my time before telling people the process on how to fix. But you
> idiots refuse to do it. YOU HAVE NOT FIXED IT (as some setup programs will
> now fail).
>
> Autoexec.nt. There is something deleting it for many people at boot or
> shutdown. Hopefully auditiong will show what program or virus is doing it.
> Most people can't use auditing so noone know what it is. Auditing records
> access to something (what you specify it to) in Windows. It's off by default
> because it slows down the computer and often noone cares.
>
> 1. Turn on auditing (this turns it on but nothing is being audited)
> 2. Set auditing for just this file (else you'll get millions of messages to
> sort through if you audit everything).
>
>
> 1. You must enable Auditing for the machine (in Local Security Policy - see
> Help).
>
> 2. You must specify what to audit. You do this the same place you set
> permissions (click Advanced).
>
> Then you can read it in the Event Viewer
>
>
> Audit object access
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\Audit Policy
>
> Description
> Determines whether to audit the event of a user accessing an object-for
> example, a file, folder, registry key, printer, and so forth-that has its
> own system access control list (SACL) specified.
>
> If you define this policy setting, you can specify whether to audit
> successes, audit failures, or not audit the event type at all. Success
> audits generate an audit entry when a user successfully accesses an object
> that has a SACL specified. Failure audits generate an audit entry when a
> user unsuccessfully attempts to access an object that has a SACL specified.
> To set this value to no auditing, in the Properties dialog box for this
> policy setting, select the Define these policy settings check box and clear
> the Success and Failure check boxes.
>
> Note that you can set a SACL on a file system object using the Security tab
> in that object's Properties dialog box.
>
> Default: No auditing.
>
>
>
> Then set auditing for your drives in the Drives Properties - Security -
> Advanced - Auditing
>
> You have to turn it on then set what is to be audited.
>
> This is what a audit for a printer looks like
>
> Object Open:
> Object Server: Spooler
> Object Type: Document
> Object Name: http://smh.com.au/news/opinion/webdiary/index.html?from...
> Handle ID: 9487952
> Operation ID: {-,-}
> Process ID: 1020
> Image File Name: C:\WINDOWS\system32\spoolsv.exe
> Primary User Name: SERENITY$
> Primary Domain: WORKGROUP
> Primary Logon ID: (0x0,0x3E7)
> Client User Name: David Candy
> Client Domain: SERENITY
> Client Logon ID: (0x0,0xE179)
> Accesses: READ_CONTROL
> %%6949
> Privileges: -
> Restricted Sid Count: 0
> For more information, see Help and Support Center at
>
> Big companies have programs that look through these logs. You can use a
> spreadsheet.
>
> --
> ----------------------------------------------------------
> http://www.uscricket.com
> "Terry" <tllawton@prodigy.net> wrote in message
> news:o HDwDQy0EHA.3900@TK2MSFTNGP10.phx.gbl...
>> Well can you believe that? I tried the suggestion of "Bullwinkle" and
>> changed the file's properties to "read only" and it doesn't get deleted
> upon
>> boot. I'm flabbergasted that such a simple thing could resolve this
> deletion
>> problem! Even if the root cause of the original problem of the file being
>> deleted in the first place, is still unknown, at least I can live with it
>> until I can discover what caused it.
>> I've put this problem to all kind of places on the Web (I use both Terry
> and
>> Bud Norris) and even to my computer OEM (Gateway) and nobody ever thought
> of
>> changing the file's properties.
>> Many, many thanks to Bullwinkle!
>>
>> "Bud Norris" <bdev605@prodigy.net> wrote in message
>> news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>>> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file
> in
>>> your C:\WINNT\System32| folder AND keep it there, please let me know how
>> you
>>> managed it. Everytime I put the file into the system32 folder it is
>> deleted
>>> the next time I reboot. No body seems to know why this happens It's
>>> obviously something to do with the Windows XP file protection feature but
>> no
>>> one can tell me what to do to stop the deletion.
>>> Also when people tell you that the folder you are to put the AUTOEXEC.NT
>>> file in is your C:\Windows\System32\ folder they are incorrect. It's the
>>> C:\WINNT\System32| folder. People for some reason keep saying it's the
>>> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
> articles
>>> say but ther're wrong)
>>> If any of these experts that answered your question can tell me how to
>> stop
>>> the deletion problem please do it!
>>>
>>> NevBud
>>>
>>> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>>> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>>> > "JerryM (ID)" wrote:
>>> > > The file is located in the Windows\system32 folder
>>> >
>>> > I didn't really phrase my question properly. I had already discovered
>>> that
>>> > the file is missing from that directory and I was trying to locate
>> another
>>> > copy to put there. As I understand it (you can see I'm a new user)
> this
>>> used
>>> > to be windows\driver cache\i386 and [since SP2]
>> windows\sustem32zdllcache.
>>> >
>>> > "Patti MacLeod" suggested two refences. The second wasn't available,
>> the
>>> > first was helpful.
>>> >
>>> > Thanks for all clues - I'll have more if they're availabe because,
> being
>>> > naive, I keep thinking I might learn to understand all this stuff one
>> day.
>>> >
>>> >
>>>
>>>
>>
>>
>
>
Anonymous
November 27, 2004 2:05:39 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

File C:\Program Files\Common files\WinTools\WSup.exe
File C:\Program Files\Common files\WinTools\WToolsS.exe
File C:\Program Files\Common files\WinTools\WToolsA.exe
Folder C:\Program Files\Common files\WinTools

If someone sends me these files or tells me how to get infected I'll tell you if they have anything to do with deleting autoexec.nt.
--
----------------------------------------------------------
http://www.uscricket.com
"XPUSER" <XPUSER@HOTMAIL.XYZ> wrote in message news:ukHTQKB1EHA.2112@TK2MSFTNGP15.phx.gbl...
> Interesting - When I first became aware of this issue from a colleague
> of mine that was troubleshooting someone's computer, they had found
> "Wintools for IE" in the non Microsoft Services of
> System Configuration Utility Services tab and so I figured that some
> spyware was causing the issue.
> ===================================================
>
>
> "Bud Norris" <bdev605@prodigy.net> wrote in message
> news:uS4np4A1EHA.2196@TK2MSFTNGP14.phx.gbl...
>> STUPID? isn't that a little harsh David? However be that as it may, please
>> read the following disclaimer:
>>
>> Because Windows XP Home Edition does not include the Local Security
>> Settings
>> Console, you can't enable Auditing on a computer running Home Edition.
>>
>> I have Home Edition and I would bet most others do also.
>>
>> Just how do you know we haven't fixed the problem? If you know what's
>> causing it please let us know.
>>
>> If no anti-virus program or ad-aware program or Trojan hunting program can
>> find the culprit what do you expect us to do? I'm sure we would really
>> appreciate your suggestions, except auditing of course.
>>
>> Respectfully,
>> --
>> NevBud
>> Winners: They have the guts to face the envy and hatred of the losers and
>> the wrath of the gods.
>>
>> David Candy <.> wrote in message
>> news:#O7qJ4z0EHA.3120@TK2MSFTNGP12.phx.gbl...
>> I've wasted my time before telling people the process on how to fix. But
>> you
>> idiots refuse to do it. YOU HAVE NOT FIXED IT (as some setup programs will
>> now fail).
>>
>> Autoexec.nt. There is something deleting it for many people at boot or
>> shutdown. Hopefully auditiong will show what program or virus is doing it.
>> Most people can't use auditing so noone know what it is. Auditing records
>> access to something (what you specify it to) in Windows. It's off by
>> default
>> because it slows down the computer and often noone cares.
>>
>> 1. Turn on auditing (this turns it on but nothing is being audited)
>> 2. Set auditing for just this file (else you'll get millions of messages
>> to
>> sort through if you audit everything).
>>
>>
>> 1. You must enable Auditing for the machine (in Local Security Policy -
>> see
>> Help).
>>
>> 2. You must specify what to audit. You do this the same place you set
>> permissions (click Advanced).
>>
>> Then you can read it in the Event Viewer
>>
>>
>> Audit object access
>> Computer Configuration\Windows Settings\Security Settings\Local
>> Policies\Audit Policy
>>
>> Description
>> Determines whether to audit the event of a user accessing an object-for
>> example, a file, folder, registry key, printer, and so forth-that has its
>> own system access control list (SACL) specified.
>>
>> If you define this policy setting, you can specify whether to audit
>> successes, audit failures, or not audit the event type at all. Success
>> audits generate an audit entry when a user successfully accesses an object
>> that has a SACL specified. Failure audits generate an audit entry when a
>> user unsuccessfully attempts to access an object that has a SACL
>> specified.
>> To set this value to no auditing, in the Properties dialog box for this
>> policy setting, select the Define these policy settings check box and
>> clear
>> the Success and Failure check boxes.
>>
>> Note that you can set a SACL on a file system object using the Security
>> tab
>> in that object's Properties dialog box.
>>
>> Default: No auditing.
>>
>>
>>
>> Then set auditing for your drives in the Drives Properties - Security -
>> Advanced - Auditing
>>
>> You have to turn it on then set what is to be audited.
>>
>> This is what a audit for a printer looks like
>>
>> Object Open:
>> Object Server: Spooler
>> Object Type: Document
>> Object Name:
>> http://smh.com.au/news/opinion/webdiary/index.html?from...
>> Handle ID: 9487952
>> Operation ID: {-,-}
>> Process ID: 1020
>> Image File Name: C:\WINDOWS\system32\spoolsv.exe
>> Primary User Name: SERENITY$
>> Primary Domain: WORKGROUP
>> Primary Logon ID: (0x0,0x3E7)
>> Client User Name: David Candy
>> Client Domain: SERENITY
>> Client Logon ID: (0x0,0xE179)
>> Accesses: READ_CONTROL
>> %%6949
>> Privileges: -
>> Restricted Sid Count: 0
>> For more information, see Help and Support Center at
>>
>> Big companies have programs that look through these logs. You can use a
>> spreadsheet.
>>
>> --
>> ----------------------------------------------------------
>> http://www.uscricket.com
>> "Terry" <tllawton@prodigy.net> wrote in message
>> news:o HDwDQy0EHA.3900@TK2MSFTNGP10.phx.gbl...
>>> Well can you believe that? I tried the suggestion of "Bullwinkle" and
>>> changed the file's properties to "read only" and it doesn't get deleted
>> upon
>>> boot. I'm flabbergasted that such a simple thing could resolve this
>> deletion
>>> problem! Even if the root cause of the original problem of the file being
>>> deleted in the first place, is still unknown, at least I can live with it
>>> until I can discover what caused it.
>>> I've put this problem to all kind of places on the Web (I use both Terry
>> and
>>> Bud Norris) and even to my computer OEM (Gateway) and nobody ever thought
>> of
>>> changing the file's properties.
>>> Many, many thanks to Bullwinkle!
>>>
>>> "Bud Norris" <bdev605@prodigy.net> wrote in message
>>> news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
>>>> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file
>> in
>>>> your C:\WINNT\System32| folder AND keep it there, please let me know how
>>> you
>>>> managed it. Everytime I put the file into the system32 folder it is
>>> deleted
>>>> the next time I reboot. No body seems to know why this happens It's
>>>> obviously something to do with the Windows XP file protection feature
>>>> but
>>> no
>>>> one can tell me what to do to stop the deletion.
>>>> Also when people tell you that the folder you are to put the AUTOEXEC.NT
>>>> file in is your C:\Windows\System32\ folder they are incorrect. It's the
>>>> C:\WINNT\System32| folder. People for some reason keep saying it's the
>>>> C:\Windows|System32 folder. (Ido realize thats what the Microsoft
>> articles
>>>> say but ther're wrong)
>>>> If any of these experts that answered your question can tell me how to
>>> stop
>>>> the deletion problem please do it!
>>>>
>>>> NevBud
>>>>
>>>> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
>>>> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
>>>> > "JerryM (ID)" wrote:
>>>> > > The file is located in the Windows\system32 folder
>>>> >
>>>> > I didn't really phrase my question properly. I had already discovered
>>>> that
>>>> > the file is missing from that directory and I was trying to locate
>>> another
>>>> > copy to put there. As I understand it (you can see I'm a new user)
>> this
>>>> used
>>>> > to be windows\driver cache\i386 and [since SP2]
>>> windows\sustem32zdllcache.
>>>> >
>>>> > "Patti MacLeod" suggested two refences. The second wasn't available,
>>> the
>>>> > first was helpful.
>>>> >
>>>> > Thanks for all clues - I'll have more if they're availabe because,
>> being
>>>> > naive, I keep thinking I might learn to understand all this stuff one
>>> day.
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>
>>
>
>
November 27, 2004 8:18:51 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I think I've found the culprit. It's a program called Windows Adcontrol that
has an app named "Windupdate.exe". This program gets put in a computer by a
site where a program is downloaded.

Here's how to fix the problem:

1. Go to Lavasoft.com and download their free ad-aware program called
"Ad-aware-se personal v1.05". After you install it make sure it gets the
lastes definitions (11-25-04 as of this). I ran an earlier version of this
and it didn't find the program.
2. Run the program in the custom settings option with all things checked.
3. This scan of your entire system should pick up any risky ad items. It
should identify this Windupdate program and its registry items.
4. You can select these items found and remove them from your computer.
5. After you have removed the program you should check in your C:/ Program
Files/ folder to see if this program folder is now gone. (You can check for
the folder before the scan if you want to)
6. They warn you that some items you remove could make some of your added
programs not perform. However when you remove these items it puts them in a
quarrantine file in Ad-aware and you can go back and restore any you think
you want or need. I haven't found any that I need to restore. This
quarrantine file is kept and each time you run Ad-aware it adds another file
with the new items found. So don't worry about removing these risk items
found.

I ran this Ad-aware program found the Windupdate program and removed all
reference to it. I then reset the autoexec.nt file in my System32 folder and
when I restarted my computer it did not get deleted as it did in the past.

"Bud Norris" <bdev605@prodigy.net> wrote in message
news:uNYq88Y0EHA.1924@TK2MSFTNGP10.phx.gbl...
> Lots of luck Sebastion! If somehow you can replace the AUTOEXEC.NT file in
> your C:\WINNT\System32| folder AND keep it there, please let me know how
you
> managed it. Everytime I put the file into the system32 folder it is
deleted
> the next time I reboot. No body seems to know why this happens It's
> obviously something to do with the Windows XP file protection feature but
no
> one can tell me what to do to stop the deletion.
> Also when people tell you that the folder you are to put the AUTOEXEC.NT
> file in is your C:\Windows\System32\ folder they are incorrect. It's the
> C:\WINNT\System32| folder. People for some reason keep saying it's the
> C:\Windows|System32 folder. (Ido realize thats what the Microsoft articles
> say but ther're wrong)
> If any of these experts that answered your question can tell me how to
stop
> the deletion problem please do it!
>
> NevBud
>
> Sebastian <Sebastian@discussions.microsoft.com> wrote in message
> news:AC0C0803-9FC3-40F8-96BF-1CE6116CF993@microsoft.com...
> > "JerryM (ID)" wrote:
> > > The file is located in the Windows\system32 folder
> >
> > I didn't really phrase my question properly. I had already discovered
> that
> > the file is missing from that directory and I was trying to locate
another
> > copy to put there. As I understand it (you can see I'm a new user) this
> used
> > to be windows\driver cache\i386 and [since SP2]
windows\sustem32zdllcache.
> >
> > "Patti MacLeod" suggested two refences. The second wasn't available,
the
> > first was helpful.
> >
> > Thanks for all clues - I'll have more if they're availabe because, being
> > naive, I keep thinking I might learn to understand all this stuff one
day.
> >
> >
>
>
Anonymous
December 10, 2004 2:46:04 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

A backup copy of Autoexec.nt and many other files may be found in: -
c:\windows\repair :cool:


--
Control
!