Author Topic: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs  (Read 9651 times)

0 Members and 1 Guest are viewing this topic.

YXtanyaXY

  • Guest
Hi,
Avast! Antivirus free version 6.0.1125
Windows XP home SP3 up-to-date
Multiple problems:
Questions in red
But most urgent is:
1. I used Combofix.exe on 6/14/11 (My fault for taking advice)
Since then:
Avast! will not start up with the computer.
Until yesterday I had version 5.0.545, now I have 6.0.1125.


How can I have Avast! autorun i.e. start with the PC?.
All its program options are checked.
BUT:
Msconfig --> Start-up has no reference to Avast! (used to before combofix)
although
Msconfig --> services has a reference to Avast! "running" on boot and after I activate it. I.E. it does not change.
"Avast! Antivirus | Unknown manufacturer | running"

Is there a registry key to edit (IIRC there are keys that have autorun options)?

2. I cannot recall where the Avast! logs are kept? - I want to access them to post or print

Thank you in advance

P.S.
If anyone knows:
* Combofix has a restore option. Is anyone familiar with this? I would prefer to keep away from it but...

OR
* Do you think restoring the Windows registry to before Combofix would be an idea?
(I made a lot of copies) (e.g. from 6/13/11)

ADDENDUM:

Since Avast! wasn't running I got 4 threats (infections in the java\cache - Documents and settings)
They are in the virus chest and I rescanned today clean - will follow up ...
« Last Edit: June 20, 2011, 07:40:09 PM by YXtanyaXY »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #1 on: June 17, 2011, 07:28:47 PM »
have you tried a reinstall ?

uninstall with this and reinstall  http://www.avast.com/en-eu/uninstall-utility

YXtanyaXY

  • Guest
Re: How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #2 on: June 17, 2011, 07:41:40 PM »
have you tried a reinstall ?

uninstall with this and reinstall  http://www.avast.com/en-eu/uninstall-utility

Thank you... I don't want to make too many changes before trying to restore using the windows registry or combofix's resore option.
I am trying to find out which is better of the 2 but I thought the Windows registry has an autorun key(s)

(I did upgrade the program yesterday from 5.0.545 to 6.0.1125)

Do you know if I can manually add Avast! to start-up (so it shows up in Msconfig --> start-up)?

I have 7 threats ("infected" files) in the virus chest and I don't know what happens to the virus chest if I uninstal?

I appreciate your reply.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #3 on: June 17, 2011, 07:53:21 PM »
Quote
I have 7 threats ("infected" files) in the virus chest and I don't know what happens to the virus chest if I uninstal?
they will end up in virus heaven....or maybe it is virus hell   ;D

YXtanyaXY

  • Guest
Re: How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #4 on: June 17, 2011, 08:13:42 PM »
Quote
I have 7 threats ("infected" files) in the virus chest and I don't know what happens to the virus chest if I uninstal?
they will end up in virus heaven....or maybe it is virus hell   ;D

LOL
Okay....
I will ultimately likely un and reinstall
... but where are the text scan logs? I want to print and / or post the results?

After running Combofix I have to think about everything several times before messing things up further....
 :-[
Thanks!

YXtanyaXY

  • Guest
[ SOLVED] Re: How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #5 on: June 20, 2011, 07:31:55 PM »
Hi,
This was solved on the AumHa Web site forum:
Direct link to solution:
Re: Reverse Combofix, Windows registry? Edit registry"
http://aumha.net/viewtopic.php?f=62&t=45263&p=239068#p239068

It was a missing registry key - (as can be seen from the post)
I followed the instructions given and Avast! is working properly again (starts with the computer)
 
Msconfig --> start-up now shows: AvastUI (which was missing (since Combofix))

Log issues solved too:
"Re: Text Versions of Avast! Logs"
http://forum.avast.com/index.php?topic=80161.new;topicseen#new

Thanks

YXtanyaXY

  • Guest


How to access text (.XML) logs of virus chest contents (Avast! 5 and Avast! 6)

Windows XP Home SP2 and SP3:
Documents and Settings | All Users | Application Data | Alwil Software | Avast5 | chest

Files in Chest include "index.xml"
This has the text info (in xml)
(FWIW ran it through "virus total" first)

Can also "Save as" a text file. (IMHO safer)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #7 on: July 06, 2011, 07:36:35 PM »
The index.xml in the chest isn't infected it is there for information on the contents of the chest as files sent there are a) encrypted and b) have the name changed. These measures are to prevent outside access to infected files in the chest.

Why is it that you are trying to access/save this file, essentially there shouldn't be a need to access it. Saving it would be pointless if you did a clean install there would be no contents in the chest, so the index.xml saved would not match the new installation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YXtanyaXY

  • Guest
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #8 on: July 06, 2011, 08:24:25 PM »
Hello DavidR
Thanks for answering:

The index.xml in the chest isn't infected it is there for information on the contents of the chest as files sent there are a) encrypted and b) have the name changed. These measures are to prevent outside access to infected files in the chest.
I am trying to be EXTRA cautious;

also when I open the *.xml file I get a warning from MS I.E. re: the file "blocked from running scripts etc." etc.
I have 9 items from definable sources in the chest:
I wanted to record details about the 9 items: what they were, where they were originally the dates etc.
E.G. I found 1 on a boot scan and I know it is the same as 4 other files in the chest.

Quote
Why is it that you are trying to access/save this file, essentially there shouldn't be a need to access it. Saving it would be pointless if you did a clean install there would be no contents in the chest, so the index.xml saved would not match the new installation.
A clean instal of what?
I installed the program (updated from 5.0.545 to 6.0.1125 and the chest contents are the same (I never UNinstalled 5.0.545)

Want me to post the index.xml?

I have a question for you: This all started as follows:
I got a suspicious email (IMO) (4/2011) and moved it from the inbox to a new folder I created for it. (I did NOT open it)

I ran it through Avast! (5.0.545) (folder | right click | Scan "Folder name")  and  File | right click | scan "file name": File (email) and folder (newly created for the email) were "clean".
(I had also run folder / file through a free program from Trend's Web site also negative)

I deleted the message at some point but not the folder.

Used MozBackUp to back up mail -> The back up files (since the time the message came (4/2011)) were "infected" (the folder was). (Also found by "Trend" on another PC).

Why didn't Avast! find the folder / message to be a potential threat initially?
Thanks!


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #9 on: July 06, 2011, 09:08:30 PM »
The point is I couldn't see the purpose in saving index.xml at all, the the avast clean install was my best guess as to why you might want to save that file (which wouldn't be of use in those circumstances).

Sorry I really don't know about the email folder thing, as in the first instance if avast detected this email it was doing it in isolation. It would depend on several things, files shield settings, how it was moved if in archive form the file system shield wouldn't scan that by default; if doing an on-demand scan, again it depends on what one and if archives are selected; archives are by nature inert and not an immediate threat.

Scanning an email folder could be very dangerous as there may be no way of extracting an infected email from an email folder (which is essentially an archive file), now some AV would delete the whole email folder, treating it as one file and not a collection of emails in a file.

So scanning in the process of moving/backing it up if your AV scanned it and found an infected email within the email folder, the possibility for loss of all emails and not just the infected email is something to consider.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YXtanyaXY

  • Guest
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #10 on: July 06, 2011, 09:37:26 PM »
My comments in red

Hi DavidR,
Thank you for answering and for the information about the dangers of scanning emails....


The point is I couldn't see the purpose in saving index.xml at all, the the avast clean install was my best guess as to why you might want to save that file (which wouldn't be of use in those circumstances).
Just for my records (as mentioned about the boot scan finding the same threat and knowing it was the from the same source  (by viewing the data in the virus chest index file)
Quote
Sorry I really don't know about the email folder thing, as in the first instance if avast detected this email it was doing it in isolation. It would depend on several things, files shield settings,
I'll review the settings
Quote
how it was moved if in archive form the file system shield wouldn't scan that by default; if doing an on-demand scan, again it depends on what one and if archives are selected; archives are by nature inert and not an immediate threat.
It only detected the threat in the backup files from MozBackUp not in the email form....

Quote
Scanning an email folder could be very dangerous as there may be no way of extracting an infected email from an email folder (which is essentially an archive file), now some AV would delete the whole email folder, treating it as one file and not a collection of emails in a file.

So scanning in the process of moving/backing it up if your AV scanned it and found an infected email within the email folder, the possibility for loss of all emails and not just the infected email is something to consider.
That is why I made the new folder - so if Avast! had found something it would have only found it in the new folder and not in the entire inbox....
I did need to know whether the message was legit because I was expecting info from courier companies (It had DHL, and Fedex and I think UPS in the subject and / or body.)

If I receive another suspicious message, I should save it in text format maybe?

I am curious about something: I NEVER ran the file. But IIRC, one can make a file run with a mouseOver command, an open command etc. (JavaScript)

Many thanks again!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #11 on: July 06, 2011, 11:29:54 PM »
Personally if I were to receive a suspicious message I would tend to delete it. However, it would depend on what was found suspicious as these are heuristic based suspicions and not totally a virus detection.

In using MozBackup, I don't know if you are using thunderbird or mozilla seamonkey ?
For me it is thunderbird and all the emails are saved in .eml format within .msf files (database files) containing the contents of one email folder. The loss of a single .msf file would result the loss of multiple emails.

So I always backup my thunderbird profile folder with all of the .msf files just in case. I don't know if it is just the way mozbackup is compressing these which may be the problem, you didn't say what the alert malware name was from the AV scan and that would possibly give an idea of what it thought it found.

If you receive a suspicious file, by all means move it to a different folder, but immediately afterwards check it (I'm trying an add-on for tbird Mailsleuth 2.2.2) out and if necessary delete it there and then (empty your deleted emails folder and compress your folders), don't hang on to them. Or some time in the future they could come back to bite you in the rear when scanning folders.

Some emails can be crafted to have remote iframes (something which would be considered suspicious) and other external links, but I don't think there are many instances of a mouseover function being used in an html email. I don't know if thunderbird would have basic protection against that.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YXtanyaXY

  • Guest
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #12 on: July 07, 2011, 03:13:17 AM »
Hi,
Thanks for replying.

Personally if I were to receive a suspicious message I would tend to delete it. However, it would depend on what was found suspicious as these are heuristic based suspicions and not totally a virus detection.
It was a zipped file: ... dhl.zip#3651267798
Win32:Hostil [Wrm]

Quote
In using MozBackup, I don't know if you are using thunderbird or mozilla seamonkey ?
For me it is thunderbird and all the emails are saved in .eml format within .msf files (database files) containing the contents of one email folder. The loss of a single .msf file would result the loss of multiple emails.
On the system with Avast! I have TB version 2.0.0.24
I cannot find *.eml (and cannot open the .msf files)
I thought the *.msf files are indexes for the folders? (e.g. inbox (size = 9.96 MB) and inbox.msf size: 165 KB))

and that they "rebuild" themselves if deleted?  (like Netscape's *.snm files?)
Quote

So I always backup my thunderbird profile folder with all of the .msf files just in case. I don't know if it is just the way mozbackup is compressing these which may be the problem, you didn't say what the alert malware name was from the AV scan and that would possibly give an idea of what it thought it found.
There were 4 files from MozBackUp and 1 from a .msf file - (The MozBackUp files are *.pcv)


Here is the index.xml which shows the 5 files (all related to the same email...)
(the first 4 are from the *.pcv (MozBackUp) *.pcv files and the last is from the *.msf file - I don't know if this is compressed)

The scan had only stated the "threat notification" (in red) (IIRC) and there were the options on the bottom of the window: 1 of which was virus chest (chose that one for all)

*** START OF PASTE ***

INDEX.XML

  <?xml version="1.0" encoding="UTF-8" ?>
- <aswObject>
  <NewId>00000010</NewId>
  <Size>38000</Size>
- <ChestEntry>
  <ChestId>00000007</ChestId>
  <FileTime>1306536238</FileTime>
  <OrigFileName>dhl.zip#3651267798</OrigFileName>
  <OrigFolder>C:\Documents and Settings\Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2011-05-27.pcv|>Mail\popa.attglobal.net\virus check 4 2011</OrigFolder>

  <Comment />
  <Virus>Win32:Hostil [Wrm]</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1306521873</TransferTime>
  <FileSize>6643</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000008</ChestId>
  <FileTime>1306544347</FileTime>
  <OrigFileName>dhl.zip#3651267798</OrigFileName>
  <OrigFolder>C:\Documents and Settings\Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2011-04-26.pcv|>Mail\popa.attglobal.net\virus check 4 2011</OrigFolder>

  <Comment />
  <Virus>Win32:Hostil [Wrm]</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1306529990</TransferTime>
  <FileSize>6643</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000009</ChestId>
  <FileTime>1306545154</FileTime>
  <OrigFileName>dhl.zip#3651267798</OrigFileName>
  <OrigFolder>C:\Documents and Settings\Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2011-04-23.pcv|>Mail\popa.attglobal.net\virus check 4 2011</OrigFolder>

  <Comment />
  <Virus>Win32:Hostil [Wrm]</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1306530770</TransferTime>
  <FileSize>6643</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000A</ChestId>
  <FileTime>1307218982</FileTime>
  <OrigFileName>dhl.zip#3651267798</OrigFileName>
  <OrigFolder>C:\Documents and Settings\Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2011-04-07.pcv|>Mail\popa.attglobal.net\virus check 4 2011</OrigFolder>

  <Comment />
  <Virus>Win32:Hostil [Wrm]</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1307204598</TransferTime>
  <FileSize>6643</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000C</ChestId>
[...]
  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000D</ChestId>
[...]

  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000E</ChestId>
[...]
- <ChestEntry>
  <ChestId>0000000B</ChestId>
[...]
  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000F</ChestId>
  <FileTime>1308458291</FileTime>
  <OrigFileName>dhl.zip#3651267798</OrigFileName>
  <OrigFolder>C:\JIC\Trash from att msf 5.27.11\virus check 4 2011</OrigFolder>
  <Comment />

  <Virus>Win32:Hostil [Wrm]</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1308458291</TransferTime>
  <FileSize>6643</FileSize>
  </ChestEntry>
  </aswObject>

 

*** END OF PASTE ***

If you receive a suspicious file, by all means move it to a different folder, but immediately afterwards check it (I'm trying an add-on for tbird Mailsleuth 2.2.2) out and if necessary delete it there and then (empty your deleted emails folder and compress your folders), don't hang on to them. Or some time in the future they could come back to bite you in the rear when scanning folders.

Some emails can be crafted to have remote iframes (something which would be considered suspicious) and other external links, but I don't think there are many instances of a mouseover function being used in an html email. I don't know if thunderbird would have basic protection against that.
Thanks again!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #13 on: July 07, 2011, 04:38:06 AM »
If you save a file from within tbird to your hard disk it is saved as a .eml file, otherwise they remain archived together inside a .msf file (for each different email account/folder within that account. So it is these which if deleted because it might be seen as a single file, unlike an .eml file if saved to your hard disk is only one single email.

You can get that information from within the virus chest by right clicking on the file and selecting properties.

I'm not familiar with early versions of tbird as it is only in the last 6 months or so that I started using it. And I have zero experience of mozbackup, so I really am unsure of what has actually been sent to the chest and extracted email attachment (as in the dhl.zip#3651267798) or the backup archive C:\Documents and Settings\Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2011-04-07.pcv.

However, what it looks like is first off you are scanning archive  files in whatever scan it was that you did, personally this is a wast of time as they are inert and in the case of scanning email archived potentially dangerous.

that these were detection on incoming email as it appears to have only sent the attachment to the chest

~~~~
Whilst the inbox folder would be rebuilt if deleted the contents wouldn't be, that's the problem when you store lots of emails in your inbox folder, that should be like an intray, the letters/email should only be in there pending reading and storing in an appropriate emails folder.

The inbox is the one most prone to corruption and or deletion and with 9mb of emails in it if deleted and rebuilt I don't believe TB would recover these emails when the inbox is recreated.

I have just had a look at my TB profile in windows explorer for all the different file types, and .sbd Folders, .msf what would appear to be database files of the sub-folders containing information on the contents, this whilst looking like a text file viewing it has lots of deciferable characters and plain English also. For each .msf file there appears to be a corresponding file of the same name with no file type assigned; that is the contents of all your emails lumped together in one file and without that .msf file would be pretty useless (I believe).

####
That's me for the night my brain is turning to mush, after 3:30am here.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YXtanyaXY

  • Guest
Re: [SOLVED] How to get Avast! Antivrus to auto run (on boot) and logs
« Reply #14 on: July 07, 2011, 08:26:55 PM »
I want to thank you for the info and explanations!
Greatly appreciated

Comments (Interest) in red

If you save a file from within tbird to your hard disk it is saved as a .eml file, otherwise they remain archived together inside a .msf file (for each different email account/folder within that account. So it is these which if deleted because it might be seen as a single file, unlike an .eml file if saved to your hard disk is only one single email.

I see .... for single emails -> they are saved as *.eml files (as default))

Quote
You can get that information from within the virus chest by right clicking on the file and selecting properties.
But I cannot copy the contents from properties...
Quote
I'm not familiar with early versions of tbird as it is only in the last 6 months or so that I started using it. And I have zero experience of mozbackup, so I really am unsure of what has actually been sent to the chest and extracted email attachment (as in the dhl.zip#3651267798) or the backup archive C:\Documents and Settings\Owner\My Documents\Thunderbird 2.0.0.24 (en-US) - 2011-04-07.pcv.

However, what it looks like is first off you are scanning archive  files in whatever scan it was that you did, personally this is a wast of time as they are inert
Under: "Scan Computer | Scan Now | FULL SYSTEM SCAN | SETTINGS | PACKERS" - there is a long list of archived file types
Quote
and in the case of scanning email archived potentially dangerous.

that these were detection on incoming email as it appears to have only sent the attachment to the chest

~~~~
Whilst the inbox folder would be rebuilt if deleted the contents wouldn't be, that's the problem when you store lots of emails in your inbox folder, that should be like an intray, the letters/email should only be in there pending reading and storing in an appropriate emails folder.

The inbox is the one most prone to corruption and or deletion and with 9mb of emails in it if deleted and rebuilt I don't believe TB would recover these emails when the inbox is recreated.
Thanks for this info!

Quote
I have just had a look at my TB profile in windows explorer for all the different file types, and .sbd Folders, .msf what would appear to be database files of the sub-folders containing information on the contents, this whilst looking like a text file viewing it has lots of deciferable characters and plain English also.
Not mine:
FYI:

*** START OF .MSF FILE PASTE ***
// <!-- <mdb:mork:z v="1.4"/> -->
< <(a=c)> // (f=iso-8859-1)
  (80=ns:msg:db:row:scope:msgs:all)(81=subject)(82=sender)(83=message-id)
  (84=references)(85=recipients)(86=date)(87=size)(88=flags)(89=priority)
  (8A=label)(8B=statusOfset)(8C=numLines)(8D=ccList)(8E=msgThreadId)
  (8F=threadId)(90=threadFlags)(91=threadNewestMsgDate)(92=children)
  (93=unreadChildren)(94=threadSubject)(95=numRefs)(96=msgCharSet)
  (97=ns:msg:db:table:kind:msgs)(98=ns:msg:db:table:kind:thread)
  (99=ns:msg:db:table:kind:allthreads)
  (9A=ns:msg:db:row:scope:threads:all)(9B=threadParent)(9C=threadRoot)
  (9D=msgOffset)(9E=offlineMsgSize)
  (9F=ns:msg:db:row:scope:dbfolderinfo:all)
  (A0=ns:msg:db:table:kind:dbfolderinfo)(A1=numMsgs)(A2=numNewMsgs)
  (A3=folderSize)(A4=expungedBytes)(A5=folderDate)(A6=highWaterKey)
  (A7=mailboxName)(A8=UIDValidity)(A9=totPendingMsgs)
  (AA=unreadPendingMsgs)(AB=expiredMark)(AC=version)
  (AD=fixedBadRefThreading)(AE=folderName)(AF=charSet)>
{1:^80 {(k^97:c)(s=9)} }
{FFFFFFFD:^9A {(k^99:c)(s=9)} }

<(80=1)(81=400)>
{1:^9F {(k^A0:c)(s=9u)}
  [1(^AC=1)(^AD=1)(^88^81)]}

@$${1{@
<(82=400400)>[1:^9F(^88^82)]
@$$}1}@

@$${2{@
@$$}2}@

@$${3{@
<(83=400600)>[1:^9F(^88^83)]
@$$}3}@

@$${4{@
@$$}4}@

@$${5{@
@$$}5}@

*** END OF .MSF FILE PASTE ***
Quote
For each .msf file there appears to be a corresponding file of the same name with no file type assigned; that is the contents of all your emails lumped together in one file and without that .msf file would be pretty useless (I believe).

####
That's me for the night my brain is turning to mush, after 3:30am here.
I thank you again for the replies!