SDFix: Version 1.98

Run by bpr on Thu 08/16/2007 at 6:56p

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
ntrcs
wgareg

ImagePath:
C:\WINNT\NT\nrcs.exe 
C:\WINNT\system32\wgareg.exe 

ntrcs - Deleted
wgareg - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINNT\dat.txt  - Deleted



Removing Temp Files...

ADS Check:

C:\WINNT
No streams found. 

C:\WINNT\system32
No streams found. 

C:\WINNT\system32\svchost.exe
No streams found.
 
C:\WINNT\system32\ntoskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\bpr.MHL\NetHood\ftp.asalegal.com\Desktop.ini
C:\Documents and Settings\bpr.MHL\NetHood\ftp.rainmakerlegal.com\Desktop.ini
C:\WINNT\SYSTEM32\PackethSvc.exe
C:\Documents and Settings\bpr.MHL\Application Data\MSN6\msnupdate!@#@.exe
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\0d40b7b519a5ba97d7bcd356fed41771\BIT6.tmp
C:\Documents and Settings\bpr.MHL\My Documents\My Pictures\Bobby\~WRL0001.tmp
C:\Documents and Settings\bpr.MHL\My Documents\data\Word\~WRL0194.tmp
C:\Documents and Settings\bpr.MHL\Application Data\Microsoft\Word\~WRL3851.tmp
C:\Documents and Settings\bpr.MHL\Application Data\Microsoft\Word\~WRL3762.tmp
C:\Documents and Settings\bpr.MHL\Application Data\Microsoft\Word\~WRL3842.tmp
C:\Documents and Settings\bpr.MHL\Application Data\Microsoft\Word\~WRL3873.tmp
C:\Documents and Settings\bpr.MHL\Application Data\Microsoft\Word\~WRL3152.tmp

                                 Finished