1) I've got a nagging feeling this might be needed by something legit.. but am going to remove it anyway.
2) I missed this step and didn't end up removing remoteadministrator until AFTER I ran the Kapresky scan.
4) OTmoveit gave an error message that it was unable to create a log file but did say this in the results window.
5) Search for ~tmp0.1st.exe failed to find any file on pc. (set search for hidden and system areas as instructed)
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer]
"Show_FullURL"=dword:00000000
"SmartDithering"=dword:00000001
"AddButtons"=dword:00000002
"Download Directory"="C:\\Documents and Settings\\Optional\\Desktop"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Default HTML Editor]
"Description"="Microsoft Word for Windows"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Default HTML Editor\shell]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Default HTML Editor\shell\edit]
@="&Edit"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command]
@="\"C:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE\" /n"
"command"=hex(7):31,30,21,21,21,67,78,73,66,28,4e,67,5d,71,46,60,48,7b,4c,73,\
57,4f,52,44,46,69,6c,65,73,3e,6c,6c,54,5d,6a,49,7b,6a,66,28,3d,31,26,4c,5b,\
2d,38,31,2d,5d,20,2f,6e,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ddeexec]
@="[REM _DDE_Direct][FileOpen(\"%1\")]"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ddeexec\Application]
@="WinWord"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ddeexec\Topic]
@="System"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]
"BackupWallpaper"=""
"WallpaperFileTime"=hex:00,00,00,00,00,00,00,00
"WallpaperLocalFileTime"=hex:00,78,70,33,5c,00,00,00
"TileWallpaper"="0"
"WallpaperStyle"="2"
"Wallpaper"=""
"ComponentsPositioned"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Old WorkAreas]
"NoOfOldWorkAreas"=dword:00000001
"OldWorkAreaRects"=hex:00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\SafeMode]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\SafeMode\General]
"Wallpaper"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,57,65,62,5c,53,61,66,\
65,4d,6f,64,65,2e,68,74,74,00
"VisitGallery"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Scheme]
"Edit"=""
"Display"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Document Windows]
"Maximized"="no"
"height"=hex:00,00,00,00
"width"=hex:00,00,00,80
"x"=hex:00,00,00,80
"y"=hex:00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="yes"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
@="Media Band"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}]
"BarSize"=hex:cc,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}]
"BarSize"=hex:18,01,00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}]
"BarSize"=hex:57,01,00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}]
"BarSize"=hex:29,01,00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping]
"NextId"=dword:00002013
"{6224f700-cba3-4071-b251-47cb894244cd}"=dword:00002001
"{FB5F1910-F110-11d2-BB9E-00C04F795683}"=dword:00002002
"{FD9DE2B4-C926-4460-81C4-FC58C6F1062E}"=dword:00002003
"{FF983118-58C7-4AD4-B5A7-691C39CB7B42}"=dword:00002004
"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}"=dword:00002005
"{053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7}"=dword:00002006
"{1FA9B650-D1BC-4E43-96B3-13A32FC39732}"=dword:00002007
"{320AF880-6646-11D3-ABEE-C5DBF3571F46}"=dword:00002009
"{320AF880-6646-11D3-ABEE-C5DBF3571F49}"=dword:0000200a
"{724d43aa-0d85-11d4-9908-00400523e39a}"=dword:0000200b
"{B13B4423-2647-4cfc-A4B3-C7D56CB83487}"=dword:0000200c
"{7130DF06-BBC1-4e16-83D4-1F875E65B695}"=dword:0000200d
"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}"=dword:0000200f
"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"=dword:00002010
"{5C106A59-CC3C-4caa-81A4-6D909B5ACE23}"=dword:00002011
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Help_Menu_URLs]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InformationBar]
"FirstTime"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\IntelliForms]
"AskUser"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\IntelliForms\SPW]
"'?PG3U$/Q1U+[?B"=dword:00000000
"8L!!2JYYK$!Q*]8"=dword:00000000
"4%#C3P:\\ #-<:)+"=dword:00000000
"85APM@/ZN-J!:QD"=dword:00000000
"18\".=G5J;<[7\\/M"=dword:00000000
"7GL8E>8*%3?M6IU"=dword:00000000
"B')Y\"WD7_ R_\"\\1"=dword:00000000
"LNUF\"</@:.6G?BN"=dword:00000000
"BWSM3=9_X4 SV80"=dword:00000000
"EGQMY_5 ZG:JD[U"=dword:00000000
"%P$W[ Y^CX/W+M,"=dword:00000000
"V)@ AT4J*5B'Z8U"=dword:00000000
"H>7>62;EUN&(I3E"=dword:00000000
"]2;8:QXX?MIUAY-"=dword:00000000
"5J/; ',MU(>@)1B"=dword:00000000
"6.<C5:4,:;EZG!2"=dword:00000000
"H4,O3)_SG]6:G\"I"=dword:00000000
"SC:'][5SR,ED+DG"=dword:00000000
"X74V!47VR-5,-AU"=dword:00000000
"40 NX$(6CPK/6R8"=dword:00000000
")W(+S_76S,B3T9B"=dword:00000000
"I91-,\"O&E8@\"07W"=dword:00000000
"=OL+X^1_!:&7+<:"=dword:00000000
"S#U:$F*. 5R%V;:"=dword:00000000
"83M'=T19]3\"=XPE"=dword:00000000
"?-F02T).0NP]X-M"=dword:00000000
"#.\\.T*-]B'5I<>]"=dword:00000000
"6YCRB/JP5VC^IP@"=dword:00000000
"QDE:,RJ @H.73W#"=dword:00000000
"CD>1PL&^$@7*Z=I"=dword:00000000
"MF%J+TJFLM)(/7@"=dword:00000000
";8P*C86@_:\"T?!K"=dword:00000000
"_'&%,\\6Y**%5[^S"=dword:00000000
"GI]/DHO),</F@)>"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International]
@=""
"W2KLpk"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU]
"Enable"=dword:00000001
"Size"=dword:0000000a
"InitHits"=dword:00000064
"Factor"=dword:00000014
"Cache"=hex:e3,04,00,00,98,08,00,00,9f,4e,00,00,b1,06,00,00,b0,6f,00,00,53,03,\
00,00,bd,6f,00,00,f5,01,00,00,e2,04,00,00,d1,01,00,00,a8,03,00,00,33,01,00,\
00,82,51,00,00,a1,00,00,00,a4,03,00,00,48,00,00,00,ed,ca,00,00,25,00,00,00,\
6a,03,00,00,08,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\25]
"IEFontSize"=hex:01,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\26]
"IEFontSize"=hex:01,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\3]
"IEPropFontName"="Times New Roman"
"IEFixedFontName"="Courier New"
"IEFontSize"=hex:02,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Extensions]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000000
"NoJITSetup"=dword:00000000
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Use_DlgBox_Colors"="yes"
"Check_Associations"="No"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,8e,00,00,00,1d,00,00,00,e2,03,00,00,d4,02,00,\
00
"NotifyDownloadComplete"="no"
"Error Dlg Displayed On Every Error"="no"
"Error Dlg Details Pane Open"="yes"
"Use FormSuggest"="yes"
"ShowedCheckBrowser"="Yes"
"AddToFavoritesExpanded"=dword:00000001
"Expand Alt Text"="no"
"Move System Caret"="no"
"NscSingleExpand"=dword:00000001
"NoWebJITSetup"=dword:00000000
"Page_Transitions"=dword:00000001
"FavIntelliMenus"="yes"
"UseThemes"=dword:00000001
"Force Offscreen Composition"=dword:00000000
"AllowWindowReuse"=dword:00000000
"Friendly http errors"="no"
"ShowGoButton"="yes"
"SmoothScroll"=dword:00000001
"Enable AutoImageResize"="no"
"Enable_MyPics_Hoverbar"="no"
"Play_Animations"="yes"
"Play_Background_Sounds"="yes"
"Display Inline Videos"="yes"
"Show image placeholders"=dword:00000000
"Print_Background"="no"
"LastCheckedHi"=dword:01c7c436
"FavChevron"="NO"
"HistoryViewType"=hex:08,00,66,63,03,00,00,00,00,00
"HistoryTopNSitesView"=dword:00000014
"StatusBarOther"=dword:00000001
"Save Directory"="C:\\Documents and Settings\\Optional\\Desktop\\newzen-for-blogger\\images\\saved\\"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
"LOCALMACHINE_CD_UNLOCK"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Media]
"SuppressOnlineContent"="no"
"AutoplayPrompt"=hex:01
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Media\MimeTypes]
"text/vnd.rn-realtext"=hex:00
"application/vnd.rn-realplayer"=hex:00
"application/vnd.rn-rn_music_package"=hex:00
"audio/x-musicnet-stream"=hex:00
"audio/x-musicnet-download"=hex:00
"application/vnd.rn-realmedia-secure"=hex:00
"application/vnd.rn-realaudio-secure"=hex:00
"audio/x-realaudio-secure"=hex:00
"video/vnd.rn-realvideo-secure"=hex:00
"application/vnd.rn-realsystem-rjs"=hex:00
"audio/vnd.rn-realaudio"=hex:00
"audio/x-realaudio"=hex:00
"application/vnd.rn-realmedia"=hex:00
"application/vnd.rn-realmedia-vbr"=hex:00
"image/vnd.rn-realpix"=hex:00
"audio/x-pn-realaudio"=hex:00
"application/vnd.rn-rsml"=hex:00
"video/vnd.rn-realvideo"=hex:00
"application/vnd.rn-realsystem-rmj"=hex:00
"audio/x-la-lms"=hex:00
"audio/x-la-lqt"=hex:00
"audio/x-liquid-secure"=hex:00
"application/x-laplayer-reg"=hex:00
"audio/x-liquid-file"=hex:00
"application/vnd.rn-realsystem-rjt"=hex:00
"application/vnd.rn-realsystem-rmx"=hex:00
"application/vnd.rn-recording"=hex:00
"text/vnd.rn-realtext3d"=hex:00
"application/x-vpeg005"=hex:00
"video/quicktime"=hex:00
"image/x-macpaint"=hex:00
"image/x-quicktime"=hex:00
"audio/x-mpegurl"=hex:00
"video/x-ms-asf"=hex:00
"audio/wav"=hex:00
"video/x-ms-wmv"=hex:00
"video/msvideo"=hex:00
"audio/x-wav"=hex:01
"video/x-ms-wvx"=hex:00
"audio/m4a"=hex:00
"video/avi"=hex:00
"video/mpeg"=hex:00
"audio/x-ms-wax"=hex:00
"application/smil"=hex:00
"video/3gpp"=hex:00
"video/3gpp-encrypted"=hex:00
"audio/3gpp"=hex:00
"audio/3gpp-encrypted"=hex:00
"audio/AMR"=hex:00
"audio/AMR-encrypted"=hex:00
"audio/AMR-WB"=hex:00
"audio/AMR-WB-encrypted"=hex:00
"audio/X-RN-3GPP-AMR"=hex:00
"audio/X-RN-3GPP-AMR-encrypted"=hex:00
"audio/X-RN-3GPP-AMR-WB"=hex:00
"audio/X-RN-3GPP-AMR-WB-encrypted"=hex:00
"video/3gpp2"=hex:00
"audio/3gpp2"=hex:00
"video/x-mpeg"=hex:00
"application/sdp"=hex:00
"video/x-m4v"=hex:00
"video/sd-video"=hex:00
"application/x-mpeg"=hex:00
"image/pict"=hex:00
"image/x-pict"=hex:00
"video/flc"=hex:00
"audio/aac"=hex:00
"audio/x-aac"=hex:00
"audio/x-caf"=hex:00
"audio/mpeg"=hex:00
"audio/x-mpeg"=hex:00
"video/mp4"=hex:00
"audio/mp4"=hex:00
"image/jp2"=hex:00
"image/jpeg2000"=hex:00
"image/jpeg2000-image"=hex:00
"image/x-jpeg2000-image"=hex:00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Google Search]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Backward Links]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Customize Menu]
@="file://F:\\Program Files\\Roboform\\RoboFormComCustomizeIEMenu.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Customize Menu &4]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Fill Forms]
@="file://F:\\Program Files\\Roboform\\RoboFormComFillForms.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Fill Forms &]]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Browser: Resize Window]
@="C:\\Program Files\\IE Booster\\window-size.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Frame: Open in &New Window]
@="C:\\Program Files\\IE Booster\\frame-open-in-new-window.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Frame: Open in &This Window]
@="C:\\Program Files\\IE Booster\\frame-open-in-this-window.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Image: Copy Path to Clipboard]
@="C:\\Program Files\\IE Booster\\image-copy-path-to-clipboard.html"
"contexts"=dword:00000002
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Image: Show Image Data]
"contexts"=dword:00000002
@="C:\\Program Files\\IE Booster\\image-view-image-data.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Image: Show Server Response]
@="C:\\Program Files\\IE Booster\\link-show-server-response.html"
"contexts"=dword:00000002
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Link: Copy as <A href="URL">caption</A>]
@="C:\\Program Files\\IE Booster\\link-copy.html"
"contexts"=dword:00000020
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Link: Open in New Minimized Window]
@="C:\\Program Files\\IE Booster\\link-open-minimized.html"
"contexts"=dword:00000020
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Link: Show Server Response]
@="C:\\Program Files\\IE Booster\\link-show-server-response.html"
"contexts"=dword:00000020
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Page: Copy Title as <A href="URL">Title</a>]
@="C:\\Program Files\\IE Booster\\page-copy-title.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Page: Show Forms and Applets]
@="C:\\Program Files\\IE Booster\\page-show-forms.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Page: Show Hyperlinks]
@="C:\\Program Files\\IE Booster\\page-view-hyperlinks.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Page: Show Images]
@="C:\\Program Files\\IE Booster\\page-show-images.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Page: Show Source]
@="C:\\Program Files\\IE Booster\\page-view-source.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Page: Show Stylesheets]
@="C:\\Program Files\\IE Booster\\page-view-stylesheets.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Page: Show TABLE, FORM and DIV Borders]
@="C:\\Program Files\\IE Booster\\page-show-table-structure.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Selection: Copy as plain text]
"contexts"=dword:00000010
@="C:\\Program Files\\IE Booster\\selection-copy-plaintext.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Selection: Open in Browser]
@="C:\\Program Files\\IE Booster\\selection-open-in-browser.html"
"contexts"=dword:00000010
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\IEB: Selection: Show Partial Source]
@="C:\\Program Files\\IE Booster\\selection-show-source.html"
"contexts"=dword:00000010
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\RoboForm &2]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\RoboForm Toolbar]
@="file://F:\\Program Files\\Roboform\\RoboFormComShowToolbar.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Save Forms]
@="file://F:\\Program Files\\Roboform\\RoboFormComSavePass.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Save Forms &[]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Similar Pages]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Translate into English]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows]
"PlaySound"=dword:00000001
"UseSecBand"=dword:00000001
"BlockUserInit"=dword:00000000
"UseTimerMethod"=dword:00000000
"UseHooks"=dword:00000001
"AllowHTTPS"=dword:00000000
"PopupMgr"="yes"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PageSetup]
"header"="&w&bPage &p of &P"
"footer"="&u&b&d"
"margin_bottom"="0.750000"
"margin_left"="0.750000"
"margin_right"="0.750000"
"margin_top"="0.750000"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]
"Enabled"=dword:00000002
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchProperties]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchProperties\en-au]
"PanelOrder"=hex:57,00,65,00,62,00,01,00,50,00,72,00,65,00,76,00,01,00,4d,00,\
61,00,70,00,01,00,45,00,6e,00,63,00
"Panel@Web"=hex:64,00,65,00,66,00,61,00,75,00,6c,00,74,00,03,00,6c,00,6f,00,6f,\
00,6b,00,73,00,6d,00,61,00,72,00,74,00,04,00,6d,00,73,00,6e,00
"Panel@Enc"=hex:64,00,65,00,66,00,61,00,75,00,6c,00,74,00,03,00,65,00,6e,00,63,\
00,61,00,72,00,74,00,61,00
"Panel@Map"=hex:70,00,6c,00,61,00,63,00,65,00,03,00,65,00,78,00,70,00,65,00,64,\
00,69,00,61,00
"SettingsVersion"=hex:42,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl]
"provider"=""
@="http://home.microsoft.com/access/autosearch.asp?p=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security]
"Sending_Security"="Medium"
"Viewing_Security"="Low"
"Safety Warning Level"="Query"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\P3Global]
"Enabled"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\P3Sites]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Services]
@=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings]
"Anchor Color Visited"="128,0,128"
"Anchor Color"="0,0,255"
"Background Color"="192,192,192"
"Text Color"="0,0,0"
"Use Anchor Hover Color"="No"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName"="Links"
"Locked"=dword:00000001
"ShowDiscussionButton"="Yes"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Explorer]
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,34,00,00,00,1b,00,00,00,\
4e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:b1,c2,18,23,65,49,d4,11,9b,18,00,\
90,27,a5,cd,4f
"{4D5C8C2A-D075-11D0-B416-00C04FB90376}"=hex:2a,8c,5c,4d,75,d0,d0,11,b4,16,00,\
c0,4f,b9,03,76
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:a0,43,4d,72,85,0d,d4,11,99,08,00,\
40,05,23,e3,9a
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,34,00,00,00,1b,00,00,00,\
4e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:b1,c2,18,23,65,49,d4,11,9b,18,00,\
90,27,a5,cd,4f
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,\
aa,00,5b,43,83,22,00,1c,00,08,01,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,\
00,00,46,81,00,00,00,10,00,00,00,ce,ae,35,f1,3d,a3,c2,01,c9,ae,37,5f,14,c9,\
c7,01,1a,4a,e5,dc,1f,7a,c5,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,43,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,\
08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,d9,34,7d,58,10,00,44,4f,43,55,4d,\
45,7e,31,00,00,44,00,03,00,04,00,ef,be,8e,2d,8c,8c,f2,36,4e,3d,14,00,00,00,\
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,\
00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,40,00,\
31,00,00,00,00,00,f0,36,9b,22,10,00,4f,70,74,69,6f,6e,61,6c,00,00,28,00,03,\
00,04,00,ef,be,8e,2d,10,37,f2,36,d5,3c,14,00,00,00,4f,00,70,00,74,00,69,00,\
6f,00,6e,00,61,00,6c,00,00,00,18,00,42,00,31,00,00,00,00,00,e8,36,60,39,30,\
00,46,41,56,4f,52,49,7e,31,00,00,2a,00,03,00,04,00,ef,be,8e,2d,10,37,f1,36,\
18,7d,14,00,00,00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,00,00,\
00,18,00,36,00,31,00,00,00,00,00,da,32,da,3a,10,00,4c,69,6e,6b,73,00,22,00,\
03,00,04,00,ef,be,8e,2d,12,37,f1,36,23,7d,14,00,00,00,4c,00,69,00,6e,00,6b,\
00,73,00,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,00,00,00,00,\
6d,75,6c,65,00,00,00,00,00,00,00,00,00,00,00,00,50,77,65,41,10,3d,34,41,bc,\
7a,9e,76,95,7a,5b,de,32,bc,0e,d2,33,0f,d7,11,a7,91,00,e0,29,9d,c1,b1,50,77,\
65,41,10,3d,34,41,bc,7a,9e,76,95,7a,5b,de,32,bc,0e,d2,33,0f,d7,11,a7,91,00,\
e0,29,9d,c1,b1,00,00,00,00,08,00,00,00,02,00,00,00,32,03,00,00,01,00,00,00,\
08,00,00,00,4e,00,00,00,00,00,00,00,40,00,32,00,97,00,00,00,38,32,89,70,20,\
08,41,6e,6f,6e,2e,75,72,6c,00,00,28,00,03,00,04,00,ef,be,4a,30,cb,84,f1,36,\
23,7d,14,00,00,00,41,00,6e,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,00,18,\
00,00,00,00,00,00,00,68,00,00,00,05,00,00,00,5a,00,32,00,17,00,00,00,d9,32,\
9a,06,20,00,41,55,54,4f,4d,41,7e,31,2e,55,52,4c,00,00,3e,00,03,00,04,00,ef,\
be,d9,32,9a,06,f1,36,23,7d,14,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,\
74,00,65,00,20,00,4c,00,69,00,6e,00,6b,00,73,00,32,00,2e,00,75,00,72,00,6c,\
00,00,00,1c,00,00,00,00,00,00,00,5c,00,00,00,01,00,00,00,4e,00,32,00,c5,01,\
00,00,6f,31,05,a2,20,00,42,4c,4f,47,50,4f,7e,31,2e,55,52,4c,00,00,32,00,03,\
00,04,00,ef,be,07,31,eb,39,f1,36,23,7d,14,00,00,00,42,00,6c,00,6f,00,67,00,\
20,00,50,00,6f,00,73,00,74,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,00,00,00,\
00,00,00,5e,00,00,00,06,00,00,00,50,00,32,00,34,00,00,00,d9,32,08,07,20,00,\
43,4f,4e,56,45,52,7e,31,2e,55,52,4c,00,00,34,00,03,00,04,00,ef,be,d9,32,08,\
07,f1,36,23,7d,14,00,00,00,43,00,6f,00,6e,00,76,00,65,00,72,00,73,00,61,00,\
74,00,65,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,00,00,00,00,00,00,82,00,00,\
00,04,00,00,00,74,00,32,00,6a,00,00,00,d9,32,eb,38,20,00,44,45,4c,49,43,49,\
7e,31,2e,55,52,4c,00,00,58,00,03,00,04,00,ef,be,d9,32,4b,06,f1,36,23,7d,14,\
00,00,00,64,00,65,00,6c,00,2e,00,69,00,63,00,69,00,6f,00,2e,00,75,00,73,00,\
2d,00,64,00,6f,00,63,00,2d,00,62,00,6f,00,6f,00,6b,00,6d,00,61,00,72,00,6b,\
00,6c,00,65,00,74,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,00,00,00,00,\
00,00,5a,00,00,00,02,00,00,00,4c,00,32,00,50,01,00,00,6f,31,64,a2,20,00,4e,\
59,54,4c,49,4e,7e,31,2e,55,52,4c,00,00,30,00,03,00,04,00,ef,be,08,31,e9,22,\
f1,36,23,7d,14,00,00,00,6e,00,79,00,74,00,20,00,6c,00,69,00,6e,00,6b,00,2e,\
00,75,00,72,00,6c,00,00,00,1c,00,00,00,00,00,00,00,6a,00,00,00,07,00,00,00,\
5c,00,32,00,c1,00,00,00,d9,32,b5,06,20,08,50,4f,4f,44,4c,45,7e,31,2e,55,52,\
4c,00,00,40,00,03,00,04,00,ef,be,7a,30,1c,87,f1,36,23,7d,14,00,00,00,50,00,\
6f,00,6f,00,64,00,6c,00,65,00,20,00,50,00,72,00,65,00,64,00,69,00,63,00,74,\
00,6f,00,72,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,00,00,00,00,00,00,70,00,\
00,00,03,00,00,00,62,00,32,00,a9,00,00,00,99,32,0e,af,20,00,57,49,4e,44,4f,\
57,7e,32,2e,55,52,4c,00,00,46,00,03,00,04,00,ef,be,99,32,0e,af,f1,36,23,7d,\
14,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4d,00,61,00,72,\
00,6b,00,65,00,74,00,70,00,6c,00,61,00,63,00,65,00,2e,00,75,00,72,00,6c,00,\
00,00,1c,00,00,00,00,00,00,00
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:a0,43,4d,72,85,0d,d4,11,99,08,00,\
40,05,23,e3,9a
"{4D5C8C2A-D075-11D0-B416-00C04FB90376}"=hex:2a,8c,5c,4d,75,d0,d0,11,b4,16,00,\
c0,4f,b9,03,76
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,34,00,00,00,1f,00,03,00,\
81,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,03,00,00,00,20,03,00,00,00,00,00,00,07,00,00,00,21,05,00,00,00,00,00,\
00,06,00,00,00,21,05,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,a0,43,4d,72,85,0d,d4,11,99,08,00,40,05,23,e3,9a,b1,c2,18,\
23,65,49,d4,11,9b,18,00,90,27,a5,cd,4f,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
-------------------------------------------------------------------------------
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Optional\Application Data\Thunderbird\Profiles\fro310x9.default\Mail\Local Folders\Inbox/[From "Valeria Carlisle" <Szxluqwh@altern.org>][Date Mon, 01 Aug 2005 02:19:39 -0400]/UNNAMED/[From "Emanuel Mays" <acasgzmoqhs@almodels.com>][Date Mon, 01 Aug 2005 07:12:38 +0000]/text/[From "Proteus O. Thriftiness" <David|david_wertheim@nyc.com>][Date Mon, 01 Aug 2005 03:29:06 -0400]/UNNAMED/[From "Gonzales" <xqsomkj@ed.shawcable.net>][Date Mon, 01 Aug 2005 02:01:40 -0800]/text/[From
][Date Mon, 1 Aug 2005 18:30:06 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Optional\Application Data\Thunderbird\Profiles\fro310x9.default\Mail\Local Folders\Inbox/[From "Valeria Carlisle" <Szxluqwh@altern.org>][Date Mon, 01 Aug 2005 02:19:39 -0400]/UNNAMED/[From "Emanuel Mays" <acasgzmoqhs@almodels.com>][Date Mon, 01 Aug 2005 07:12:38 +0000]/text/[From "Proteus O. Thriftiness" <David|david_wertheim@nyc.com>][Date Mon, 01 Aug 2005 03:29:06 -0400]/UNNAMED/[From "Gonzales" <xqsomkj@ed.shawcable.net>][Date Mon, 01 Aug 2005 02:01:40 -0800]/text Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Optional\Application Data\Thunderbird\Profiles\fro310x9.default\Mail\Local Folders\Inbox/[From "Valeria Carlisle" <Szxluqwh@altern.org>][Date Mon, 01 Aug 2005 02:19:39 -0400]/UNNAMED/[From "Emanuel Mays" <acasgzmoqhs@almodels.com>][Date Mon, 01 Aug 2005 07:12:38 +0000]/text/[From "Proteus O. Thriftiness" <David|david_wertheim@nyc.com>][Date Mon, 01 Aug 2005 03:29:06 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Optional\Application Data\Thunderbird\Profiles\fro310x9.default\Mail\Local Folders\Inbox/[From "Valeria Carlisle" <Szxluqwh@altern.org>][Date Mon, 01 Aug 2005 02:19:39 -0400]/UNNAMED/[From "Emanuel Mays" <acasgzmoqhs@almodels.com>][Date Mon, 01 Aug 2005 07:12:38 +0000]/text Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Optional\Application Data\Thunderbird\Profiles\fro310x9.default\Mail\Local Folders\Inbox/[From "Valeria Carlisle" <Szxluqwh@altern.org>][Date Mon, 01 Aug 2005 02:19:39 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Optional\Application Data\Thunderbird\Profiles\fro310x9.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infected - 5 skipped
C:\Documents and Settings\Optional\Desktop\BACKUPS\image_cdrive.zip/image_cdrive/Desktop/translate_c Infected: not-a-virus:Dialer.Win32.gen skipped
C:\Documents and Settings\Optional\Desktop\BACKUPS\image_cdrive.zip/image_cdrive/Program Files/Radmin/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Optional\Desktop\BACKUPS\image_cdrive.zip/image_cdrive/Program Files/Radmin/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Optional\Desktop\BACKUPS\image_cdrive.zip/image_cdrive/Program Files/Radmin/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Optional\Desktop\BACKUPS\image_cdrive.zip/image_cdrive/Program Files/Radmin/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Optional\Desktop\BACKUPS\image_cdrive.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "cknor" <cknor@erols.com>][Date Wed, 24 Sep 2003 21:40:02 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "cknor" <cknor@erols.com>][Date Wed, 24 Sep 2003 21:40:02 -0400]/cjfd.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/installer58.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From "William Roeder" <WHRoeder@yahoo.com>][Date Tue, 7 Oct 2003 15:08:10 -0400]/text/[From "Matthew Smith" <smithm@4thenet.co.uk>][Date Wed, 8 Oct 2003 04:48:44 +0100]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From "William Roeder" <WHRoeder@yahoo.com>][Date Tue, 7 Oct 2003 15:08:10 -0400]/text Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From "Dave Murphy" <murphydn@pei.sympatico.ca>][Date Wed, 8 Oct 2003 20:52:20 -0300]/UNNAMED/[From "Microsoft Corporation Security Center" <sunncuvhory@bulletin.msdn.net>][Date Thu, 9 Oct 2003 16:31:48 +0200]/PACK19.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From "Dave Murphy" <murphydn@pei.sympatico.ca>][Date Wed, 8 Oct 2003 20:52:20 -0300]/UNNAMED Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Fri, 10 Oct 2003 12:48:11 +0200]/UNNAMED/[From "Microsoft Network Email Delivery Service" <dmailautomat@netmail.com>][Date Fri, 10 Oct 2003 09:21:04 +0200]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Fri, 10 Oct 2003 12:48:11 +0200]/UNNAMED/[From "Microsoft Network Email Delivery Service" <dmailautomat@netmail.com>][Date Fri, 10 Oct 2003 09:21:04 +0200]/ectpr.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Fri, 10 Oct 2003 12:48:11 +0200]/UNNAMED Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From "gordon" <gordonmcg@blueyonder.co.uk>][Date Fri, 10 Oct 2003 18:06:12 +0100]/UNNAMED/[From Pat Evans <rwjm@mindspring.com>][Date Sat, 11 Oct 2003 09:11:29 -0400]/text/[From Sandy <sandyuhhfgh24@ale.com.tw>][Date Sun, 12 Oct 2003 05:09:12 +0800 (CST)]/©T©w¸Ó§R°£ªº¸ê®Æ§¨¤º®e.doc.scr Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From "gordon" <gordonmcg@blueyonder.co.uk>][Date Fri, 10 Oct 2003 18:06:12 +0100]/UNNAMED/[From Pat Evans <rwjm@mindspring.com>][Date Sat, 11 Oct 2003 09:11:29 -0400]/text Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From "gordon" <gordonmcg@blueyonder.co.uk>][Date Fri, 10 Oct 2003 18:06:12 +0100]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Svetaka, Marius M LITHREP-OA (Secondary)" <Marius.M.Svetaka@ope.shell.com>][D ... /[From "Microsoft Network Security Division" <lbdiulfjmqnwjkw-llws@advisor.net>][Date Mon, 13 Oct 2003 09:23:48 +0200]/patch327.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Svetaka, Marius M LITHREP-OA (Secondary)" <Marius.M.Svetaka@ope.shell.com>][Date Sat, 11 Oct 2003 ... /[From i_like_someone_special2001 <i_like_someone_special2001@yahoo.com>][Date 13 Oct 2003 09:54:55 +0100]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Svetaka, Marius M LITHREP-OA (Secondary)" <Marius.M.Svetaka@ope.shell.com>][Date Sat, 1 ... /[From i_like_someone_special2001 <i_like_someone_special2001@yahoo.com>][Date 13 Oct 2003 09:54:55 +0100]/counter[3].bat Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Svetaka, Marius M LITHREP-OA (Secondary)" <Marius.M.Svetaka@ope.shell.com>][Date Sat, 11 Oct 2003 12:14:21 +0200]/UNNAMED/[From <NEXON-MAILER@nexonclub.com>][Date Mon, 13 Oct 2003 16:42:06 +0900 (KST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Svetaka, Marius M LITHREP-OA (Secondary)" <Marius.M.Svetaka@ope.shell.com>][Date Sat, 11 Oct 2003 12:14:21 +0200]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:15:34 -0000]/html/[From inmeuk <inmeuk@hotmail.com>][Date 13 Oct 2003 22:38:31 +0100]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:15:34 -0000]/html/[From inmeuk <inmeuk@hotmail.com>][Date 13 Oct 2003 22:38:31 +0100]/age.scr Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:15:34 -0000]/html Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From brandie <brandie@wu6nw7h992.com>][Date Tue, 14 Oct 2003 05:16:03 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From brandie <brandie@wu6nw7h992.com>][Date Tue, 14 Oct 2003 05:16:03 -0400]/for.scr Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From
][Date Tue, 14 Oct 2003 01:55 ... /[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:15:34 -0000]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From
][Date Tue, 14 Oct 2003 ... /[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:15:34 -0000]/fajnh.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From jingers911@yaho ... /[From "Network Message Delivery Service" <mailerform@puremail.com>][Date Tue, 14 Oct 2003 12:47:01 +030 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From jingers911@yaho ... /[From "Network Message Delivery Service" <mailerform@puremail.com>][Date Tue, 14 Oct 2003 12:47: ... /flnhyha.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From jingers911@yaho ... /[From "Network ... /[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/CPheading.doc.scr Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From jingers911@yaho ... /[From "Network Message Deliver ... /[From
][Date Tue, 14 Oct 2003 12:39:44 +0100]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From jingers911@yaho ... /[From "Network Message Delivery ... /[From
][Date Tue, 14 Oct 2003 10:38:04 GMT]/text Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From jingers911@yaho ... /[From "Network Message Delivery Service" <mailerform@puremail.com>][Date Tue, 14 Oct 2003 12:47:01 +0300]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html/[From
][Date Tue, 14 Oct 2003 01:55:55 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:35:47 -0000]/html Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Sun, 12 Oct 2003 18:39:55 +0900]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Tue, 14 Oct 2003 20:28:42 -0700 (PDT)]/UNNAMED/[From <victoryyy@rambler.ru>(OLEG GHHH)][Date Wed, 15 Oct 2003 11:13:39 +0400]/sexy Infected: Email-Worm.Win32.Hybris.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Wed, 15 Oct 2003 04:58:41 -0700 (PDT)]/UNNAMED/[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 07:09:27 -0000]/play.exe Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Wed, 15 Oct 2003 04:58:41 -0700 (PDT)]/UNNAMED/[From Mail Delivery Subsystem <MAILER-DAEM ... /[From "Max C. Shot" <info@wonderdrug.ws>][Date 13 Oct 2003 18:15:34 -0000]/die Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Wed, 15 Oct 2003 04:58:41 -0700 (PDT)]/UNNAMED/[From Mail Delivery Subsystem <MAILER ... ... /[From "Max C. Shot" <info@wonderdrug.ws>][Date 17 Oct 2003 00:37:34 -0000]/How Infected: Virus.Win32.Xorala skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Wed, 15 Oct 2003 04:58:41 -0700 (PDT)]/UNNAMED/[From Mail Delivery Subsystem <MAILER ... /[From "David E. Lovejoy" <del@fdml.com>][Date Thu, 16 Oct 2003 21:31:29 -0700]/text Infected: Virus.Win32.Xorala skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Wed, 15 Oct 2003 04:58:41 -0700 (PDT)]/UNNAMED/[From Mail Delivery Subsystem <MAILER-DAE ... /[From "Max C. Shot" <info@wonderdrug.ws>][Date 17 Oct 2003 00:37:34 -0000]/html Infected: Virus.Win32.Xorala skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Wed, 15 Oct 2003 04:58:41 -0700 (PDT)]/UNNAMED/[From Mail Delivery Subsystem <MAILER-DAEM ... /[From
][Date Wed, 15 Oct 2003 13:22:06 -0700 (PDT)]/UNNAMED Infected: Virus.Win32.Xorala skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin" <pldewkiwwlh@vrtxcy.net>][Date Tue, 07 Oct 2003 16:23:29 +0100]/UNNAMED/[From "Larry Harris" <lharris@sgpvfed.org>][Date Tue, 7 Oct 2003 08:50:46 -0700]/text/[From
][Date Wed, 15 Oct 2003 04:58:41 -0700 (PDT)]/UNNAMED/[From Mail Delivery Subsystem <MAILER-DAEMON@pop3.yucom.be>][Date Wed, 15 Oct 2003 21:44:55 +0200]/text Infected: Virus.Win32.Xorala skipped
C:\Documents and Settings\Optional\Desktop\EMAIL\Mailbox/[From "MS Corporation Security Bulletin