HI there! I'm afraid that my PC got infected w/ "WareOut". By chance I came across this forum and read that using "fixwareout.exe" should help. I downloaded it, ran it, followed the prompts and got following message: Check for missing files ..... C:\WINDOWS\system32\AUTOEXEC.NT not there ..... End check for missing files ..... please post this at the forum Could please somebody help me with this? I'm not an PC expert and would appreciate any help!

Sorry, for having you bothered w/ this! Reading posts in the forum having searched for "WareOut" I came across a fix for my problem posted by jabuck (Thanx!): ****************************************** Download XP fix from this link and run it http://www.visualtour.com/downloads/ it should replace the missing C:\WINDOWS\system32\AUTOEXEC.NT file. Then run the fixwareout. ****************************************** I did this and it worked! I've got my file back! Here the fixwareout report: Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nwlmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif ... Random Runs removed from HKLM "dmlwn.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. Directory of C:\WINDOWS\system32 {93050923-94AB-48AB-A2E1-48BBE987AB12}.exe {A9A07235-2E5B-4A06-B880-ECA6354AABCD}.exe »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. Then I ran HijackThis, which gave following report: Logfile of HijackThis v1.97.7 Scan saved at 01:28:29, on 08.09.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ProcessGuard\dcsuserprot.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\Programme\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\notepad.exe C:\Programme\Gemeinsame Dateien\Logitech\QCDriver2\LVCOMS.exe C:\Programme\Logitech\ImageStudio\LogiTray.exe C:\Programme\ProcessGuard\pgaccount.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programme\ProcessGuard\procguard.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.exe C:\Programme\Sony\OpenMG Jukebox\Omgtray.exe C:\Programme\Medionkeyboard\1.3\KbdAp32A.exe C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe F:\Spy&VirusRemoval\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver2\LVCOMS.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [!1_pgaccount] "C:\Programme\ProcessGuard\pgaccount.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Medionkeyboard\1.3\MMKEYBD.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Programme\ProcessGuard\procguard.exe" -minimize O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.exe" O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Programme\Sony\OpenMG Jukebox\Omgtray.exe O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.eureka-gmbh.de

Please update your older version of Hijack This to 1.99 from this link http://www.thespykiller.co.uk/files/HJTsetup.exe then post a new Hijack This log.