HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Ardamax.nbq (v) (VIPRE), Win32.SuspectCrc!IK (Emsisoft), SpyTool.Win32.Ardamax.FD, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan, Worm, EmailWorm, SpyTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: c0153b846ca880a370627e037e89c3d8
SHA1: e747ac3f13b4599e91768c89db538dc8863dd2b0
SHA256: dd8c1a3d2f73f5ddde4466f5b1a301b10bdfdfedc1fd41d87c80df18aeefd59b
SSDeep: 49152:YoMiFzNxHxNZ/6YQ13yZtkC9R65LbHWFO/r:YoMEfHxj/6YQNa1R6liFOD
Size: 2055680 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-10-10 15:18:52
Analyzed on: WindowsXP SP3 32-bit
Summary: SpyTool. A program used to apply passive protection methods to spyware, such as obfuscation, encryption or polymorphism. The original malicious program is usually encrypted/compressed and stored inside the wrapper.
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The SpyTool creates the following process(es):
HelpSvc.exe:1224
%original file name%.exe:1816
The SpyTool injects its code into the following process(es):
AGO.exe:1320
File activity
The process HelpSvc.exe:1224 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%WinDir%\Temp\MPC1B.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Options.htm (3 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\tools.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\panels (4 bytes)
%WinDir%\Temp\MPCC1.tmp (1 bytes)
%WinDir%\Temp\MPC18.tmp (322 bytes)
%WinDir%\pchealth\helpctr\System\errors\badurl.htm (1 bytes)
%WinDir%\Temp\MPC2A.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\images (4 bytes)
%WinDir%\Temp\MPC51.tmp (5 bytes)
%WinDir%\Temp\MPC26.tmp (14 bytes)
%WinDir%\Temp\MPC9B.tmp (1 bytes)
%WinDir%\Temp\MPC7C.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\info.gif (99 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels (4 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
%WinDir%\Temp\MPC7.tmp (1830 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysinfomain.htm (4 bytes)
%WinDir%\Temp\MPCAC.tmp (262 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16 (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\100_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_mousedown.bmp (2 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48 (4 bytes)
%WinDir%\Temp\MPC47.tmp (19 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\30_chart.gif (782 bytes)
%WinDir%\Temp\MPC70.tmp (762 bytes)
%WinDir%\Temp\MPC9C.tmp (139 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\monitor.gif (129 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm (6 bytes)
%WinDir%\Temp\MPCE.tmp (6 bytes)
%WinDir%\Temp\MPC6C.tmp (782 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\expanded.gif (135 bytes)
%WinDir%\Temp\MPC1A.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\chip.gif (102 bytes)
%WinDir%\Temp\MPC13.tmp (2416 bytes)
%WinDir%\pchealth\helpctr\System\panels\Context.htm (9 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysHealthInfo.htm (13 bytes)
%WinDir%\Temp\MPCBD.tmp (1289 bytes)
%WinDir%\pchealth\helpctr\System\css\Layout.css (492 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfo.xml (371 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\windows.gif (569 bytes)
%WinDir%\Temp\MPC3E.tmp (7 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_newwindow_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfohss.css (582 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\tools.bmp (1 bytes)
%WinDir%\Temp\MPC3B.tmp (967 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c1.gif (114 bytes)
%WinDir%\pchealth\helpctr\System\errors\redirect.htm (1 bytes)
%WinDir%\pchealth\helpctr\System (4 bytes)
%WinDir%\Temp\MPC68.tmp (784 bytes)
%WinDir%\Temp\MPC88.tmp (1 bytes)
%WinDir%\Temp\MPCD9.tmp (1821 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\55_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__DESKTOP.js (3 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysEvtLogInfo.htm (10 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common (8 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysRemoteInfo.htm (1 bytes)
%WinDir%\Temp\MPCC0.tmp (609 bytes)
%WinDir%\Temp\MPC8F.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\error.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_generic.bmp (9 bytes)
%WinDir%\Temp\MPC69.tmp (778 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\0_chart.gif (734 bytes)
%WinDir%\Temp\MPC91.tmp (682 bytes)
%WinDir%\Temp\MPCBE.tmp (9 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\arrow_green_normal_shadow.bmp (2 bytes)
%WinDir%\Temp\MPCB.tmp (1568 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\searchblurb.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\5_chart.gif (773 bytes)
%WinDir%\Temp\MPC54.tmp (843 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\spacer.gif (43 bytes)
%WinDir%\Temp\MPC9E.tmp (159 bytes)
%WinDir%\Temp\MPC46.tmp (1 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm (2759 bytes)
%WinDir%\pchealth\helpctr\System\panels\HHWrapper.htm (713 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\error.gif (107 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\10_chart.gif (1 bytes)
%WinDir%\Temp\MPCCC.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\55_chart.gif (777 bytes)
%WinDir%\pchealth\helpctr\System\panels\ShareHelp.htm (4 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_blank_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.htm (7 bytes)
%WinDir%\Temp\MPC33.tmp (449 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\GArrow.gif (682 bytes)
%WinDir%\Temp\MPC3F.tmp (880 bytes)
%WinDir%\Temp\MPC6F.tmp (785 bytes)
%WinDir%\Temp\MPCD1.tmp (630 bytes)
%WinDir%\Temp\MPCC.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysConfigLaunch.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\MiniNavBar.xml (1 bytes)
%WinDir%\Temp\MPC3D.tmp (850 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__SERVER.js (8 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysinfosum.htm (16 bytes)
%WinDir%\Temp\MPC65.tmp (1077 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email (4 bytes)
%WinDir%\Temp\MPC25.tmp (16 bytes)
%WinDir%\Temp\MPCA2.tmp (129 bytes)
%WinDir%\Temp\MPC6B.tmp (781 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysInfoLaunch.htm (4 bytes)
%WinDir%\pchealth\helpctr\System\HelpCtr.mmf (5 bytes)
%WinDir%\Temp\MPC79.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\10_chart.gif (784 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\searchtips.htm (10 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\100_chart.gif (741 bytes)
%WinDir%\Temp\MPCD2.tmp (630 bytes)
%WinDir%\Temp\MPC4A.tmp (4 bytes)
%WinDir%\Temp\MPC8C.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\AboutWU.htm (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\50_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\printer.gif (136 bytes)
%WinDir%\Temp\MPC39.tmp (1780 bytes)
%WinDir%\Temp\MPC3A.tmp (275 bytes)
%WinDir%\pchealth\helpctr\Logs\hcupdate.log (601927 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\BArrow.gif (674 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\stripe.jpg (9 bytes)
%WinDir%\pchealth\helpctr\System\DFS\privacy.htm (3 bytes)
%WinDir%\Temp\MPCA9.tmp (43 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\90_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\DFS\uplddrvinfo.htm (32 bytes)
%WinDir%\pchealth\helpctr\System\DFS (4 bytes)
%WinDir%\Temp\MPCA1.tmp (99 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\learnWU.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\35_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\Uabrand.gif (1 bytes)
%WinDir%\Temp\MPC4B.tmp (1 bytes)
%WinDir%\Temp\MPC73.tmp (789 bytes)
%WinDir%\Temp\MPC89.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Index.htm (2 bytes)
%WinDir%\Temp\MPCA8.tmp (107 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_02.bmp (9 bytes)
%WinDir%\Temp\MPC53.tmp (714 bytes)
%WinDir%\Temp\MPCBB.tmp (2 bytes)
%WinDir%\Temp\MPCD6.tmp (76 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\AboutCompat.htm (3 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\50_chart.gif (762 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\RSoP.htm (56 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm (16 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysComponentInfo.htm (25 bytes)
%WinDir%\Temp\MPC1C.tmp (10 bytes)
%WinDir%\Temp\MPCD0.tmp (630 bytes)
%WinDir%\Temp\MPC99.tmp (145 bytes)
%WinDir%\Temp\MPCD7.tmp (3 bytes)
%WinDir%\Temp\MPCAE.tmp (9161 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\History.htm (5 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr (4 bytes)
%WinDir%\Temp\MPC78.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\ftshelp.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\90_chart.gif (1 bytes)
%WinDir%\Temp\MPC44.tmp (775 bytes)
%WinDir%\Temp\MPC29.tmp (1 bytes)
%WinDir%\Temp\MPCA7.tmp (106 bytes)
%WinDir%\Temp\MPC8B.tmp (1 bytes)
%WinDir%\Temp\MPC30.tmp (10 bytes)
%WinDir%\Temp\MPC15.tmp (32 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\35_chart.gif (793 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US (4 bytes)
%WinDir%\pchealth\helpctr\PackageStore\package_5.cab (601 bytes)
%WinDir%\Temp\MPC38.tmp (3 bytes)
%WinDir%\Temp\MPC2F.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\errmsg.bmp (1 bytes)
%WinDir%\Temp\MPCCA.tmp (895 bytes)
%WinDir%\Temp\MPC52.tmp (608 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Subsite.htm (6 bytes)
%WinDir%\Temp\MPC48.tmp (110 bytes)
%WinDir%\Temp\MPCA0.tmp (677 bytes)
%WinDir%\pchealth\helpctr\System\ErrMsg\ErrorMessagesOffline.htm (880 bytes)
%WinDir%\Temp\MPCD.tmp (1 bytes)
%WinDir%\Temp\MPC1F.tmp (1385 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\alert.gif (118 bytes)
%WinDir%\Temp\MPC31.tmp (1 bytes)
%WinDir%\Temp\MPC28.tmp (1 bytes)
%WinDir%\Temp\MPCD8.tmp (3 bytes)
%WinDir%\Temp\MPC7E.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\check.gif (145 bytes)
%WinDir%\Temp\MPCCB.tmp (70 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\Index.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\75_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\60_chart.gif (789 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\commonFunc.js (32 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c3.gif (106 bytes)
%WinDir%\Temp\MPCA3.tmp (181 bytes)
%WinDir%\Temp\MPC2C.tmp (3 bytes)
%WinDir%\Temp\MPC6A.tmp (775 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysComponentInfo.js (27 bytes)
%WinDir%\Temp\MPCCE.tmp (630 bytes)
%WinDir%\Temp\MPC98.tmp (257 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\up.bmp (1 bytes)
%WinDir%\pchealth\helpctr\Indices (4 bytes)
%WinDir%\Temp\MPC7B.tmp (1 bytes)
%WinDir%\Temp\MPC85.tmp (1 bytes)
%WinDir%\Temp\MPC7F.tmp (1 bytes)
%WinDir%\Temp\MPCB7.tmp (600 bytes)
%WinDir%\Temp\MPC45.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\0_chart.gif (1 bytes)
%WinDir%\Temp\MPC3C.tmp (439 bytes)
%WinDir%\Temp\MPCA6.tmp (107 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\Favorites.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\85_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\75_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Search.htm (37 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\20_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\LearnCompat.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\5_chart.gif (1 bytes)
%WinDir%\Temp\MPCD5.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\CompatMode.htm (601 bytes)
%WinDir%\pchealth\helpctr\System\panels\NavBar.xml (2 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\watermark_300x.bmp (2105 bytes)
%WinDir%\Temp\MPC37.tmp (492 bytes)
%WinDir%\Temp\MPCCD.tmp (630 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\blue_arrow.gif (674 bytes)
%WinDir%\Temp\MPC59.tmp (861 bytes)
%WinDir%\Temp\MPC7D.tmp (1 bytes)
%WinDir%\Temp\MPC86.tmp (1 bytes)
%WinDir%\Temp\MPC7A.tmp (1 bytes)
%WinDir%\Temp\MPC4F.tmp (395 bytes)
%WinDir%\pchealth\helpctr\PackageStore\CRC_Disk.new (24 bytes)
%WinDir%\pchealth\helpctr\System\images\progbar.gif (2 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\support.bmp (1 bytes)
%WinDir%\Temp\MPC4D.tmp (2 bytes)
%WinDir%\Temp\MPC9F.tmp (135 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\80_chart.gif (1 bytes)
%WinDir%\Temp\MPCD4.tmp (2 bytes)
%WinDir%\Temp\MPCA5.tmp (114 bytes)
%WinDir%\Temp\MPCB4.tmp (1 bytes)
%WinDir%\Temp\MPC1.tmp (6 bytes)
%WinDir%\Temp\MPC50.tmp (4 bytes)
%WinDir%\Temp\MPCDA.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\dvdupgrd.js (1 bytes)
%WinDir%\pchealth\helpctr\System\images\wrapperhelp.gif (76 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieGrey.gif (67 bytes)
%WinDir%\Temp\MPCA4.tmp (136 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\85_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\20_chart.gif (775 bytes)
%WinDir%\Temp\MPC49.tmp (713 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\arrow_blue_normal_shadow.bmp (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysDiskTS.htm (2 bytes)
%WinDir%\Temp\MPC62.tmp (2 bytes)
%WinDir%\Temp\MPCB3.tmp (1 bytes)
%WinDir%\Temp\MPCDB.tmp (239598 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_01.bmp (9 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\80_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\collapsed.gif (139 bytes)
%WinDir%\pchealth\helpctr\PackageStore\package_6.cab (1425 bytes)
%WinDir%\Temp\MPCD3.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\errors\connection.htm (18 bytes)
%WinDir%\Temp\MPC2.tmp (5 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\70_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\warning.gif (600 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysHealthInfo.js (20 bytes)
%WinDir%\pchealth\helpctr\System\css\Behaviors.css (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\MiniNavBar.htm (4 bytes)
%WinDir%\pchealth\helpctr\PackageStore\SkuStore.bin.new (438 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_articles_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\CompatOffline.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\windows_newsgroups.htm (2 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm (6 bytes)
%WinDir%\pchealth\helpctr\System\panels\firstpage.htm (714 bytes)
%WinDir%\Temp\MPC32.tmp (2 bytes)
%WinDir%\Temp\MPCB0.tmp (287 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\45_chart.gif (1 bytes)
%WinDir%\Temp\MPC67.tmp (741 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\65_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Channels.htm (8 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\floppy.gif (159 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\drive.gif (139 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\45_chart.gif (785 bytes)
%WinDir%\Temp\MPC4C.tmp (20 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\cd.gif (257 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\gears.gif (135 bytes)
%WinDir%\Temp\MPC1E.tmp (20 bytes)
%WinDir%\Temp\MPC5.tmp (12 bytes)
%WinDir%\Temp\MPC2D.tmp (1 bytes)
%WinDir%\Temp\MPCCF.tmp (630 bytes)
%WinDir%\pchealth\helpctr\System\images\feedback.gif (895 bytes)
%WinDir%\pchealth\helpctr\Config\sereg.xml.new (150 bytes)
%WinDir%\pchealth\helpctr\System\NetDiag\dglogshelp.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\dialogs\Print.dlg (7 bytes)
%WinDir%\Temp\MPCB6.tmp (1 bytes)
%WinDir%\Temp\MPC1D.tmp (1128 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\loc_strings.xml (26 bytes)
%WinDir%\Temp\MPC9D.tmp (107 bytes)
%WinDir%\pchealth\helpctr\System\DFS\xmldisplay.xsl (11 bytes)
%WinDir%\Temp\MPC19.tmp (1765 bytes)
%WinDir%\Temp\MPC8A.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\40_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm (1474 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\95_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfo.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_normal.bmp (2 bytes)
%WinDir%\pchealth\helpctr\System\images\get_conn.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\errors\notfound.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\panels\blank.htm (608 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysServicesInfo.htm (10 bytes)
%WinDir%\Temp\MPCC7.tmp (135 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.js (9 bytes)
%WinDir%\pchealth\helpctr\System\panels\AdvSearch.htm (19 bytes)
%WinDir%\Temp\MPC6.tmp (5 bytes)
%WinDir%\Temp\MPC5C.tmp (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\65_chart.gif (1 bytes)
%WinDir%\Temp\MPC5D.tmp (4 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__SHARED.js (4 bytes)
%WinDir%\pchealth\helpctr\Config\CheckPoint\tmp.edb (3240 bytes)
%WinDir%\Temp\MPC82.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\dvdupgrd.htm (1 bytes)
%WinDir%\Temp\MPC2B.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\helpdoc.gif (207 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_mouseover.bmp (2 bytes)
%WinDir%\Temp\MPCB8.tmp (2 bytes)
%WinDir%\Temp\MPC84.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\15_chart.gif (1 bytes)
%WinDir%\Temp\MPC83.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\40_chart.gif (789 bytes)
%WinDir%\Temp\MPC11.tmp (1890 bytes)
%WinDir%\Temp\MPC2E.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\flyout_arrow.gif (70 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\95_chart.gif (1 bytes)
%WinDir%\Temp\MPC74.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c2.gif (107 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common (4 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24 (4 bytes)
%WinDir%\Temp\MPC21.tmp (10 bytes)
%WinDir%\Temp\MPC40.tmp (1 bytes)
%WinDir%\Temp\MPCC9.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\errors\indexfirstlevel.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\25_chart.gif (1 bytes)
%WinDir%\Temp\MPCAD.tmp (569 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_03.bmp (9 bytes)
%WinDir%\Temp\MPC63.tmp (371 bytes)
%WinDir%\Temp\MPC14.tmp (2413 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\RSoP.js (56 bytes)
%WinDir%\pchealth\helpctr\System\panels\NavBar.htm (20 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\rcmoreinfo.htm (10 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\History.htm (1 bytes)
%WinDir%\Temp\MPC10.tmp (7 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\15_chart.gif (778 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\greendot.jpg (677 bytes)
%WinDir%\Temp\MPC55.tmp (8 bytes)
%WinDir%\pchealth\helpctr\System\HomePage__SERVER.htm (7 bytes)
%WinDir%\Temp\MPC4E.tmp (839 bytes)
%WinDir%\pchealth\helpctr\System\images\warning.gif (1 bytes)
%WinDir%\Temp\MPC77.tmp (1 bytes)
%WinDir%\Temp\MPC41.tmp (18 bytes)
%WinDir%\pchealth\helpctr\System\panels\Topics.htm (5 bytes)
%WinDir%\Temp\MPCAB.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\NetDiag\dglogs.htm (55 bytes)
%WinDir%\Temp\MPC5B.tmp (208 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_tutorials_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\common.js (5 bytes)
%WinDir%\Temp\MPC97.tmp (162 bytes)
%WinDir%\Temp\MPCC8.tmp (207 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\update.bmp (1 bytes)
%WinDir%\Temp\MPC90.tmp (674 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\25_chart.gif (781 bytes)
%WinDir%\Temp\MPC24.tmp (1964 bytes)
%WinDir%\Temp\MPC12.tmp (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A (256 bytes)
%WinDir%\Temp\MPC87.tmp (1 bytes)
%WinDir%\Temp\MPC17.tmp (582 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\usb.gif (262 bytes)
%WinDir%\Temp\MPC72.tmp (773 bytes)
%WinDir%\Temp\MPC5F.tmp (2 bytes)
%WinDir%\Temp\MPC60.tmp (2 bytes)
%WinDir%\Temp\MPC34.tmp (980 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\card.gif (162 bytes)
%WinDir%\Temp\MPCAA.tmp (404 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\Untitled.gif (1 bytes)
%WinDir%\Temp\MPCB2.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Favorites.htm (8 bytes)
%WinDir%\Temp\MPC20.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieWhite.gif (67 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\endnode.gif (136 bytes)
%WinDir%\Temp\MPC5A.tmp (6 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm (10 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_04.bmp (9 bytes)
%WinDir%\pchealth\helpctr\System\scripts\Common.js (3 bytes)
%WinDir%\Temp\MPC71.tmp (777 bytes)
%WinDir%\pchealth\helpctr\System\scripts\wrapperparam.js (2 bytes)
%WinDir%\Temp\MPCB5.tmp (1 bytes)
%WinDir%\Temp\MPC35.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_tours_12x.bmp (630 bytes)
%WinDir%\Temp\MPCC3.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\DFS\viewmode.xml (275 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r3_c2.gif (107 bytes)
%WinDir%\pchealth\helpctr\System\errors\unreachable.htm (1 bytes)
%WinDir%\Temp\MPC76.tmp (1 bytes)
%WinDir%\Temp\MPC80.tmp (1 bytes)
%WinDir%\Temp\MPCC5.tmp (139 bytes)
%WinDir%\pchealth\helpctr\System\errors\offline.htm (775 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo (8 bytes)
%WinDir%\Temp\MPC66.tmp (734 bytes)
%WinDir%\Temp\MPCC2.tmp (1 bytes)
%WinDir%\Temp\MPC58.tmp (3 bytes)
%WinDir%\Temp\MPC16.tmp (544 bytes)
%WinDir%\Temp\MPCA.tmp (48457 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\down.bmp (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\RemoteHelp.htm (43 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie (4 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\options.htm (1 bytes)
%WinDir%\Temp\MPC4.tmp (5 bytes)
%WinDir%\Temp\MPC9A.tmp (102 bytes)
%WinDir%\Temp\MPCBA.tmp (2 bytes)
%WinDir%\Temp\MPC61.tmp (1 bytes)
%WinDir%\Temp\MPC27.tmp (374 bytes)
%WinDir%\Temp\MPC94.tmp (67 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client (4 bytes)
%WinDir%\pchealth\helpctr\System\dialogs\DlgLib.js (850 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A (528 bytes)
%WinDir%\pchealth\helpctr\System\scripts (4 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\Learn.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\IULogo.gif (1 bytes)
%WinDir%\Temp\MPC6E.tmp (789 bytes)
%WinDir%\Temp\MPC8D.tmp (1 bytes)
%WinDir%\Temp\MPC3.tmp (6 bytes)
%WinDir%\Temp\MPC96.tmp (118 bytes)
%WinDir%\pchealth\helpctr\System\HomePage__DESKTOP.htm (7 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\compat.bmp (1 bytes)
%WinDir%\Temp\MPC43.tmp (24 bytes)
%WinDir%\Temp\MPC56.tmp (5 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\LearnInternet.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\wmi_data.js (14 bytes)
%WinDir%\Temp\MPC92.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieChart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\60_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\keywordhelp.htm (1 bytes)
%WinDir%\Temp\MPCF.tmp (7 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_onlineinline_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\personalizing.gif (181 bytes)
%WinDir%\pchealth\helpctr\System\images\32x32\logo.bmp (2 bytes)
%WinDir%\Temp\MPC57.tmp (2 bytes)
%WinDir%\Temp\MPC42.tmp (1 bytes)
%WinDir%\Temp\MPC36.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\70_chart.gif (1 bytes)
%WinDir%\Temp\MPC93.tmp (67 bytes)
%WinDir%\Temp\MPC95.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\system.gif (404 bytes)
%WinDir%\Temp\MPC81.tmp (1428 bytes)
%WinDir%\Temp\MPC64.tmp (9 bytes)
%WinDir%\pchealth\helpctr\System\DFS\xmldialog.htm (967 bytes)
%WinDir%\pchealth\helpctr\System\Headlines.htm (6 bytes)
%WinDir%\pchealth\helpctr\System\panels\Options.htm (4 bytes)
%WinDir%\Temp\MPC8E.tmp (1 bytes)
%WinDir%\Temp\MPCBF.tmp (9 bytes)
%WinDir%\Temp\MPC23.tmp (9 bytes)
%WinDir%\Temp\MPCC6.tmp (136 bytes)
%WinDir%\Temp\MPC9.tmp (1488 bytes)
%WinDir%\pchealth\helpctr\System\blurbs (4 bytes)
%WinDir%\pchealth\helpctr\System\images\info.gif (1 bytes)
%WinDir%\Temp\MPCAF.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\updatecenter.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\errors (4 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email (4 bytes)
%WinDir%\Temp\MPCC4.tmp (674 bytes)
%WinDir%\pchealth\helpctr\System\rc\rcRequest.htm (2 bytes)
%WinDir%\Temp\MPCB1.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\isupport.htm (3 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\about_support.htm (2 bytes)
%WinDir%\Temp\MPC8.tmp (19 bytes)
%WinDir%\Temp\MPCB9.tmp (2 bytes)
%WinDir%\pchealth\helpctr\Database\HCdata.edb (1128 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\30_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\Connect.gif (1 bytes)
%WinDir%\Temp\MPC6D.tmp (793 bytes)
%WinDir%\Temp\MPCBC.tmp (9 bytes)
%WinDir%\Temp\MPC22.tmp (7 bytes)
%WinDir%\Temp\MPC5E.tmp (2 bytes)
%WinDir%\Temp\MPC75.tmp (1 bytes)
The SpyTool deletes the following file(s):
%WinDir%\pchealth\helpctr\System\images\icon_blank_12x.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Options.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\tools.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels (0 bytes)
%WinDir%\pchealth\helpctr\Indices\merged.hhk (0 bytes)
%WinDir%\Temp\MPCC1.tmp (0 bytes)
%WinDir%\Temp\MPC18.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\css (0 bytes)
%WinDir%\pchealth\helpctr\System\errors\badurl.htm (0 bytes)
%WinDir%\Temp\MPC1B.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images (0 bytes)
%WinDir%\Temp\MPC51.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c2.gif (0 bytes)
%WinDir%\Temp\MPC26.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common (0 bytes)
%WinDir%\Temp\MPC7C.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\info.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\HelpCenter.bmp (0 bytes)
%WinDir%\Temp\MPC76.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\info.gif (0 bytes)
%WinDir%\Temp\MPC7.tmp (0 bytes)
%WinDir%\Temp\MPC84.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (0 bytes)
%WinDir%\pchealth\helpctr\System\HelpCtr.mmf (0 bytes)
%WinDir%\Temp\MPCAC.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16 (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\100_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DividerBar.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_mousedown.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48 (0 bytes)
%WinDir%\Temp\MPC47.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\30_chart.gif (0 bytes)
%WinDir%\Temp\MPC70.tmp (0 bytes)
%WinDir%\Temp\MPC9C.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\monitor.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\RAHelpeeAcceptLayout.xml (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\status_ok.gif (0 bytes)
%WinDir%\Temp\MPCE.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\RAIMLayout.xml (0 bytes)
%WinDir%\Temp\MPC1A.tmp (0 bytes)
%WinDir%\Temp\MPC83.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\chip.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\Context.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysHealthInfo.htm (0 bytes)
%WinDir%\Temp\MPCBD.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\css\Layout.css (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfo.xml (0 bytes)
%WinDir%\Temp\MPCCA.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c1.gif (0 bytes)
%WinDir%\Temp\MPC3E.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAClient.js (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\40_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfohss.css (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\tools.bmp (0 bytes)
%WinDir%\Temp\MPC3B.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c1.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\errors\redirect.htm (0 bytes)
%WinDir%\pchealth\helpctr\System (0 bytes)
%WinDir%\Temp\MPC68.tmp (0 bytes)
%WinDir%\Temp\MPC2A.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\70_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation (0 bytes)
%WinDir%\pchealth\helpctr\System\images\flyout_arrow.gif (0 bytes)
%WinDir%\Temp\MPCD9.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pssmachinesnapshot-less.xml (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common\ConnIssue.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\55_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__DESKTOP.js (0 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysEvtLogInfo.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\info.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm (0 bytes)
%WinDir%\Temp\MPC58.tmp (0 bytes)
%WinDir%\Temp\MPCC0.tmp (0 bytes)
%WinDir%\Temp\MPC8F.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_generic.bmp (0 bytes)
%WinDir%\Temp\MPC69.tmp (0 bytes)
%WinDir%\pchealth\helpctr\BATCH\hscsp_w3.cab (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\0_chart.gif (0 bytes)
%WinDir%\Temp\MPC91.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAChatClient.htm (0 bytes)
%WinDir%\Temp\MPCBE.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\RAURA.xml (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAServer.htm (0 bytes)
%WinDir%\Temp\MPC9B.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\arrow_green_normal_shadow.bmp (0 bytes)
%WinDir%\Temp\MPCB.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\searchblurb.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\5_chart.gif (0 bytes)
%WinDir%\Temp\MPC54.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\icon_information_32x.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\spacer.gif (0 bytes)
%WinDir%\Temp\MPC9E.tmp (0 bytes)
%WinDir%\Temp\MPC46.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\GRect.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\HHWrapper.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\voicefirewallmsg.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\10_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar1.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\55_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common\common.js (0 bytes)
%WinDir%\Temp\MPC31.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\ShareHelp.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\GArrow.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.htm (0 bytes)
%WinDir%\Temp\MPC33.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\rcbuddy.css (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\GArrow.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_attention.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\attention.gif (0 bytes)
%WinDir%\Temp\MPC3F.tmp (0 bytes)
%WinDir%\Temp\MPC6F.tmp (0 bytes)
%WinDir%\Temp\MPCD1.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\PSS.css (0 bytes)
%WinDir%\Temp\MPCC.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Config\sereg.xml.orig (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysConfigLaunch.htm (0 bytes)
%WinDir%\Temp\MPC7E.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Css\rcbuddy.css (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAClient.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\MiniNavBar.xml (0 bytes)
%WinDir%\Temp\MPC3D.tmp (0 bytes)
%WinDir%\Temp\MPC13.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__SERVER.js (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysinfosum.htm (0 bytes)
%WinDir%\Temp\MPC65.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email (0 bytes)
%WinDir%\Temp\MPC25.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendFile.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Css\rc.css (0 bytes)
%WinDir%\Temp\MPC6B.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\Helpee_line.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysInfoLaunch.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysinfomain.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\StopControl.gif (0 bytes)
%WinDir%\Temp\MPC79.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pss_getting_worldwide_help.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\10_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System_OEM (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\searchtips.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\IM_icon.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\100_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c3.gif (0 bytes)
%WinDir%\Temp\MPC8C.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\rcBuddy.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\AboutWU.htm (0 bytes)
%WinDir%\Temp\MPCA2.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\50_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\ErrMsg (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\printer.gif (0 bytes)
%WinDir%\Temp\MPC39.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\connected.gif (0 bytes)
%WinDir%\Temp\MPC3A.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\RAControl.js (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\BArrow.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\setting.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\stripe.jpg (0 bytes)
%WinDir%\pchealth\helpctr\System\DFS\privacy.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common\icon_warning_32x.gif (0 bytes)
%WinDir%\Temp\MPCA9.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\90_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\DFS\uplddrvinfo.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\DFS (0 bytes)
%WinDir%\Temp\MPCA1.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\learnWU.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\helpeeaccept.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\35_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\Uabrand.gif (0 bytes)
%WinDir%\Temp\MPC4B.tmp (0 bytes)
%WinDir%\Temp\MPC73.tmp (0 bytes)
%WinDir%\Temp\MPC89.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Index.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\floppy.gif (0 bytes)
%WinDir%\Temp\MPCA8.tmp (0 bytes)
%WinDir%\Temp\MPC53.tmp (0 bytes)
%WinDir%\Temp\MPCA0.tmp (0 bytes)
%WinDir%\Temp\MPCBB.tmp (0 bytes)
%WinDir%\Temp\MPCD6.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\AboutCompat.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\50_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\RSoP.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysComponentInfo.htm (0 bytes)
%WinDir%\Temp\MPC1C.tmp (0 bytes)
%WinDir%\Temp\MPCD0.tmp (0 bytes)
%WinDir%\Temp\MPC99.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\60_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendChat.gif (0 bytes)
%WinDir%\Temp\MPCAE.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\History.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr (0 bytes)
%WinDir%\Temp\MPC78.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\ftshelp.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\90_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_left.gif (0 bytes)
%WinDir%\Temp\MPC44.tmp (0 bytes)
%WinDir%\Temp\MPC29.tmp (0 bytes)
%WinDir%\Temp\MPCA7.tmp (0 bytes)
%WinDir%\Temp\MPCA3.tmp (0 bytes)
%WinDir%\Temp\MPC8B.tmp (0 bytes)
%WinDir%\Temp\MPC30.tmp (0 bytes)
%WinDir%\Temp\MPC15.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\35_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US (0 bytes)
%WinDir%\Temp\MPC38.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\scripts\Common.js (0 bytes)
%WinDir%\Temp\MPC6C.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\errmsg.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\windows.gif (0 bytes)
%WinDir%\Temp\MPC52.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Subsite.htm (0 bytes)
%WinDir%\Temp\MPC6A.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\ErrMsg\ErrorMessagesOffline.htm (0 bytes)
%WinDir%\Temp\MPCD.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\32x32 (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\RAStartPage.htm (0 bytes)
%WinDir%\Temp\MPC1F.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\alert.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm (0 bytes)
%WinDir%\Temp\MPC28.tmp (0 bytes)
%WinDir%\Temp\MPCD8.tmp (0 bytes)
%WinDir%\Temp\MPC43.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\check.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar2.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendFile.bmp (0 bytes)
%WinDir%\Temp\MPCCB.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Database (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Remote_Assistance_Graphic.png (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\Index.htm (0 bytes)
%WinDir%\Temp\MPC90.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\75_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\hide-chat.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\60_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\commonFunc.js (0 bytes)
%WinDir%\Temp\MPC4A.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm (0 bytes)
%WinDir%\Temp\MPC2C.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAServer.js (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\NavBar.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\help.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\expanded.gif (0 bytes)
%WinDir%\Temp\MPC98.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RAHelp.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Options.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\up.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\SettingServer.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\common.js (0 bytes)
%WinDir%\pchealth\helpctr\Indices (0 bytes)
%WinDir%\Temp\MPC7B.tmp (0 bytes)
%WinDir%\Temp\MPC85.tmp (0 bytes)
%WinDir%\Temp\MPC7F.tmp (0 bytes)
%WinDir%\Temp\MPCB7.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css (0 bytes)
%WinDir%\Temp\MPC45.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\arrow.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\0_chart.gif (0 bytes)
%WinDir%\Temp\MPC3C.tmp (0 bytes)
%WinDir%\Temp\MPCA6.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\Favorites.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\85_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\75_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendVoice.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\20_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\LearnCompat.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\5_chart.gif (0 bytes)
%WinDir%\Temp\MPCD5.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\CompatMode.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\NavBar.xml (0 bytes)
%WinDir%\Temp\MPC32.tmp (0 bytes)
%WinDir%\Temp\MPC37.tmp (0 bytes)
%WinDir%\Temp\MPCCD.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\blue_arrow.gif (0 bytes)
%WinDir%\Temp\MPC59.tmp (0 bytes)
%WinDir%\Temp\MPC7D.tmp (0 bytes)
%WinDir%\Temp\MPC86.tmp (0 bytes)
%WinDir%\Temp\MPC7A.tmp (0 bytes)
%WinDir%\Temp\MPC4F.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieWhite.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\StopControl.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\support.bmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm (0 bytes)
%WinDir%\Temp\MPC9F.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\80_chart.gif (0 bytes)
%WinDir%\Temp\MPCD4.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook.gif (0 bytes)
%WinDir%\Temp\MPCF.tmp (0 bytes)
%WinDir%\Temp\MPCA5.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_away.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm (0 bytes)
%WinDir%\Temp\MPC1.tmp (0 bytes)
%WinDir%\Temp\MPCD2.tmp (0 bytes)
%WinDir%\Temp\MPC50.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\system.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\dvdupgrd.js (0 bytes)
%WinDir%\pchealth\helpctr\System\images\wrapperhelp.gif (0 bytes)
%WinDir%\pchealth\helpctr\Indices\scoped_7.hhk (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieGrey.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\info.gif (0 bytes)
%WinDir%\Temp\MPCA4.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\85_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server (0 bytes)
%WinDir%\Temp\MPC2F.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\20_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Indices\scoped_4.hhk (0 bytes)
%WinDir%\Temp\MPC49.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\arrow_blue_normal_shadow.bmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\icon_extweb.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\rc.css (0 bytes)
%WinDir%\pchealth\helpctr\Indices\scoped_3.hhk (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysDiskTS.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common\LearnInternet.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\ding.wav (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r3_c2.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_offline.gif (0 bytes)
%WinDir%\Temp\MPC41.tmp (0 bytes)
%WinDir%\Temp\MPC62.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\RAClientLayout.xml (0 bytes)
%WinDir%\Temp\MPCB3.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Indices\scoped_9.hhk (0 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_01.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\80_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\collapsed.gif (0 bytes)
%WinDir%\Temp\MPCD3.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DownArrow.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\errors\connection.htm (0 bytes)
%WinDir%\Temp\MPC2.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DividerBar.htm (0 bytes)
%WinDir%\Temp\MPC88.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\warning.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysHealthInfo.js (0 bytes)
%WinDir%\pchealth\helpctr\System\css\Behaviors.css (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\MiniNavBar.htm (0 bytes)
%WinDir%\Temp\MPC48.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_articles_12x.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\CompatOffline.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\windows_newsgroups.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\check.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendVoice.bmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\constants.js (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\firstpage.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common\RCMoreInfo.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\watermark_300x.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\Animation.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\45_chart.gif (0 bytes)
%WinDir%\Temp\MPC67.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\65_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Channels.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\floppy.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\drive.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Quit.bmp (0 bytes)
%WinDir%\Temp\MPC4C.tmp (0 bytes)
%WinDir%\Temp\MPC93.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\cd.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\gears.gif (0 bytes)
%WinDir%\Temp\MPC1E.tmp (0 bytes)
%WinDir%\Temp\MPC5.tmp (0 bytes)
%WinDir%\Temp\MPC2D.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_right.gif (0 bytes)
%WinDir%\Temp\MPCCF.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\feedback.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Css\RAChat.css (0 bytes)
%WinDir%\pchealth\helpctr\System\NetDiag\dglogshelp.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\dialogs\Print.dlg (0 bytes)
%WinDir%\Temp\MPCB6.tmp (0 bytes)
%WinDir%\Temp\MPC1D.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\loc_strings.xml (0 bytes)
%WinDir%\Temp\MPC9D.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\DFS\xmldisplay.xsl (0 bytes)
%WinDir%\Temp\MPC19.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\SendVoiceOn.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common (0 bytes)
%WinDir%\pchealth\helpctr\PackageStore\CRC_Disk.orig (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\40_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\95_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfo.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_normal.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers (0 bytes)
%WinDir%\pchealth\helpctr\System\errors\notfound.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\logon_anim.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\blank.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\Options.htm (0 bytes)
%WinDir%\Temp\MPCC7.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.js (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\AdvSearch.htm (0 bytes)
%WinDir%\Temp\MPC6.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\45_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\65_chart.gif (0 bytes)
%WinDir%\Temp\MPC5D.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__SHARED.js (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\wmi_data.js (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\TakeControl.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\NetDiag (0 bytes)
%WinDir%\Temp\MPC82.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook_express.gif (0 bytes)
%WinDir%\Temp\MPCCE.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\dvdupgrd.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\32x32\logo.bmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\helpdoc.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\show-chat.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_mouseover.bmp (0 bytes)
%WinDir%\Temp\MPCB8.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm (0 bytes)
%WinDir%\Temp\MPCB0.tmp (0 bytes)
%WinDir%\Temp\MPCD7.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\15_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pssmachinesnapshot-wo-com.xml (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Quit.gif (0 bytes)
%WinDir%\Temp\MPC5C.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_newwindow_12x.bmp (0 bytes)
%WinDir%\Temp\MPC11.tmp (0 bytes)
%WinDir%\Temp\MPC2E.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Options.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\combobox_line.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\95_chart.gif (0 bytes)
%WinDir%\Temp\MPC74.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c2.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common (0 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24 (0 bytes)
%WinDir%\Temp\MPC21.tmp (0 bytes)
%WinDir%\Temp\MPC40.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\rctoolScreen1.htm (0 bytes)
%WinDir%\Temp\MPCC9.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common\RAHelp.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd (0 bytes)
%WinDir%\pchealth\helpctr\System\errors\indexfirstlevel.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\25_chart.gif (0 bytes)
%WinDir%\Temp\MPCAD.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAServerToolBar.htm (0 bytes)
%WinDir%\Temp\MPC8A.tmp (0 bytes)
%WinDir%\Temp\MPC34.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_03.bmp (0 bytes)
%WinDir%\pchealth\helpctr\BATCH\hscmui.cab (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ESC_key.gif (0 bytes)
%WinDir%\Temp\MPC14.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\RSoP.js (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysComponentInfo.js (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\rcmoreinfo.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\History.htm (0 bytes)
%WinDir%\Temp\MPC10.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\15_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\greendot.jpg (0 bytes)
%WinDir%\Temp\MPC55.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\HomePage__SERVER.htm (0 bytes)
%WinDir%\pchealth\helpctr\Indices\scoped_2.hhk (0 bytes)
%WinDir%\Temp\MPC16.tmp (0 bytes)
%WinDir%\Temp\MPC4E.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\warning.gif (0 bytes)
%WinDir%\Temp\MPC77.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\Topics.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\dialogs (0 bytes)
%WinDir%\Temp\MPCAB.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\NetDiag\dglogs.htm (0 bytes)
%WinDir%\Temp\MPC5B.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_tutorials_12x.bmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\common.js (0 bytes)
%WinDir%\Temp\MPC97.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_02.bmp (0 bytes)
%WinDir%\Temp\MPCAF.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\update.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\get_conn.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\25_chart.gif (0 bytes)
%WinDir%\Temp\MPC24.tmp (0 bytes)
%WinDir%\Temp\MPC12.tmp (0 bytes)
%WinDir%\Temp\MPC87.tmp (0 bytes)
%WinDir%\Temp\MPC17.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\usb.gif (0 bytes)
%WinDir%\Temp\MPC72.tmp (0 bytes)
%WinDir%\Temp\MPC5F.tmp (0 bytes)
%WinDir%\Temp\MPC60.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\HelpCenter.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\card.gif (0 bytes)
%WinDir%\Temp\MPCAA.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Info_Icon.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\Untitled.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\messenger_big.gif (0 bytes)
%WinDir%\Temp\MPCB2.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Favorites.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_tours_12x.bmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\address_book.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\endnode.gif (0 bytes)
%WinDir%\Temp\MPC5A.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_04.bmp (0 bytes)
%WinDir%\Temp\MPC71.tmp (0 bytes)
%WinDir%\Temp\MPC63.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\scripts\wrapperparam.js (0 bytes)
%WinDir%\Temp\MPCB5.tmp (0 bytes)
%WinDir%\Temp\MPC35.tmp (0 bytes)
%WinDir%\Temp\MPC20.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\icon_warning_32x.gif (0 bytes)
%WinDir%\Temp\MPCC3.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\DFS\viewmode.xml (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r3_c2.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\errors\unreachable.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Search.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels (0 bytes)
%WinDir%\Temp\MPC80.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm (0 bytes)
%WinDir%\Temp\MPCC5.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\errors\offline.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\UpArrow.gif (0 bytes)
%WinDir%\Temp\MPC66.tmp (0 bytes)
%WinDir%\Temp\MPCC2.tmp (0 bytes)
%WinDir%\Temp\MPCC8.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysRemoteInfo.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\error.gif (0 bytes)
%WinDir%\Temp\MPCA.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\down.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\panels\RemoteHelp.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\TakeControl.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\options.htm (0 bytes)
%WinDir%\Temp\MPC4.tmp (0 bytes)
%WinDir%\Temp\MPC9A.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Indices\scoped_5.hhk (0 bytes)
%WinDir%\Temp\MPCBA.tmp (0 bytes)
%WinDir%\Temp\MPC61.tmp (0 bytes)
%WinDir%\Temp\MPC27.tmp (0 bytes)
%WinDir%\Temp\MPC94.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\spacer.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client (0 bytes)
%WinDir%\pchealth\helpctr\System\dialogs\DlgLib.js (0 bytes)
%WinDir%\Temp\MPC8.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\scripts (0 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\Learn.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\IULogo.gif (0 bytes)
%WinDir%\Temp\MPC6E.tmp (0 bytes)
%WinDir%\Temp\MPC8D.tmp (0 bytes)
%WinDir%\Temp\MPC3.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common\constants.js (0 bytes)
%WinDir%\Temp\MPC96.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\HomePage__DESKTOP.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\compat.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\images\progbar.gif (0 bytes)
%WinDir%\Temp\MPC56.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\LearnInternet.htm (0 bytes)
%WinDir%\Temp\MPC4D.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\RAChat.css (0 bytes)
%WinDir%\Temp\MPC92.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieChart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\keywordhelp.htm (0 bytes)
%WinDir%\Temp\MPCB4.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_onlineinline_12x.bmp (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAChatServer.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAToolBar.xml (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\personalizing.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAToolBar.htm (0 bytes)
%WinDir%\Temp\MPC57.tmp (0 bytes)
%WinDir%\Temp\MPC42.tmp (0 bytes)
%WinDir%\Temp\MPC36.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\70_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\square_bullet.gif (0 bytes)
%WinDir%\Temp\MPC95.tmp (0 bytes)
%WinDir%\Temp\MPCDA.tmp (0 bytes)
%WinDir%\Temp\MPC81.tmp (0 bytes)
%WinDir%\Temp\MPC64.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\DFS\xmldialog.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Headlines.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysServicesInfo.htm (0 bytes)
%WinDir%\Temp\MPC8E.tmp (0 bytes)
%WinDir%\Temp\MPCBF.tmp (0 bytes)
%WinDir%\Temp\MPC23.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\error.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_busy.gif (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm (0 bytes)
%WinDir%\Temp\MPCC6.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors (0 bytes)
%WinDir%\Temp\MPC9.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreenshot3.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c3.gif (0 bytes)
%WinDir%\pchealth\helpctr\PackageStore\SkuStore.bin.orig (0 bytes)
%WinDir%\Temp\MPC2B.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\updatecenter.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\errors (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email (0 bytes)
%WinDir%\Temp\MPCC4.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\rc\rcRequest.htm (0 bytes)
%WinDir%\Temp\MPCCC.tmp (0 bytes)
%WinDir%\pchealth\helpctr\System\rc (0 bytes)
%WinDir%\Temp\MPCB1.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_none.gif (0 bytes)
%WinDir%\pchealth\helpctr\Indices\scoped_6.hhk (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\isupport.htm (0 bytes)
%WinDir%\pchealth\helpctr\Indices\scoped_8.hhk (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\about_support.htm (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common\icon_information_32x.gif (0 bytes)
%WinDir%\Temp\MPCB9.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Database\HCdata.edb (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Envelope.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\30_chart.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\Connect.gif (0 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Css (0 bytes)
%WinDir%\Temp\MPC6D.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\generic_mail.gif (0 bytes)
%WinDir%\Temp\MPCBC.tmp (0 bytes)
%WinDir%\Temp\MPC22.tmp (0 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pssmachinesnapshot.xml (0 bytes)
%WinDir%\Temp\MPC5E.tmp (0 bytes)
%WinDir%\Temp\MPC75.tmp (0 bytes)
The process %original file name%.exe:1816 makes changes in the file system.
The SpyTool creates and/or writes to the following file(s):
%System%\WKLRVU\AGO.02 (56 bytes)
%System%\WKLRVU\AGO.01 (81 bytes)
%System%\WKLRVU\AGO.00 (1 bytes)
%System%\WKLRVU\AGO.exe (15021 bytes)
Registry activity
The process AGO.exe:1320 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 98 30 47 36 BB AF 42 49 76 49 90 5F 46 D1 AE"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
To automatically run itself each time Windows is booted, the SpyTool adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGO Start" = "%System%\WKLRVU\AGO.exe"
The process HelpSvc.exe:1224 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 B3 05 FE 06 B7 A6 1D DE E0 E3 10 80 3B 79 1C"
[HKLM\SOFTWARE\Microsoft\PCHealth\HelpSvc\Backup]
"PackageStore" = "51 43 31 03 01 00 00 00 0F 00 00 00 50 00 72 00"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\PCHealth\HelpSvc\Backup]
"CRC_Registry" = "562997035"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
The process %original file name%.exe:1816 makes changes in the system registry.
The SpyTool creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 0A BA 01 78 7E 17 F6 C3 87 6D 95 16 22 4B 8C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%\WKLRVU]
"AGO.exe" = "AGO"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The SpyTool modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The SpyTool modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The SpyTool modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
"ProxyBypass" = "1"
Network activity (URLs)
No activity has been detected.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
HelpSvc.exe:1224
%original file name%.exe:1816 - Delete the original SpyTool file.
- Delete or disinfect the following files created/modified by the SpyTool:
%WinDir%\Temp\MPC1B.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Options.htm (3 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\tools.htm (1 bytes)
%WinDir%\Temp\MPCC1.tmp (1 bytes)
%WinDir%\Temp\MPC18.tmp (322 bytes)
%WinDir%\pchealth\helpctr\System\errors\badurl.htm (1 bytes)
%WinDir%\Temp\MPC2A.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\images (4 bytes)
%WinDir%\Temp\MPC51.tmp (5 bytes)
%WinDir%\Temp\MPC26.tmp (14 bytes)
%WinDir%\Temp\MPC9B.tmp (1 bytes)
%WinDir%\Temp\MPC7C.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\info.gif (99 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
%WinDir%\Temp\MPC7.tmp (1830 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysinfomain.htm (4 bytes)
%WinDir%\Temp\MPCAC.tmp (262 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16 (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\100_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_mousedown.bmp (2 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48 (4 bytes)
%WinDir%\Temp\MPC47.tmp (19 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\30_chart.gif (782 bytes)
%WinDir%\Temp\MPC70.tmp (762 bytes)
%WinDir%\Temp\MPC9C.tmp (139 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\monitor.gif (129 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm (6 bytes)
%WinDir%\Temp\MPCE.tmp (6 bytes)
%WinDir%\Temp\MPC6C.tmp (782 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\expanded.gif (135 bytes)
%WinDir%\Temp\MPC1A.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\chip.gif (102 bytes)
%WinDir%\Temp\MPC13.tmp (2416 bytes)
%WinDir%\pchealth\helpctr\System\panels\Context.htm (9 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysHealthInfo.htm (13 bytes)
%WinDir%\Temp\MPCBD.tmp (1289 bytes)
%WinDir%\pchealth\helpctr\System\css\Layout.css (492 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfo.xml (371 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\windows.gif (569 bytes)
%WinDir%\Temp\MPC3E.tmp (7 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_newwindow_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfohss.css (582 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\tools.bmp (1 bytes)
%WinDir%\Temp\MPC3B.tmp (967 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c1.gif (114 bytes)
%WinDir%\pchealth\helpctr\System\errors\redirect.htm (1 bytes)
%WinDir%\Temp\MPC68.tmp (784 bytes)
%WinDir%\Temp\MPC88.tmp (1 bytes)
%WinDir%\Temp\MPCD9.tmp (1821 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\55_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__DESKTOP.js (3 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysEvtLogInfo.htm (10 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common (8 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysRemoteInfo.htm (1 bytes)
%WinDir%\Temp\MPCC0.tmp (609 bytes)
%WinDir%\Temp\MPC8F.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\error.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_generic.bmp (9 bytes)
%WinDir%\Temp\MPC69.tmp (778 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\0_chart.gif (734 bytes)
%WinDir%\Temp\MPC91.tmp (682 bytes)
%WinDir%\Temp\MPCBE.tmp (9 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\arrow_green_normal_shadow.bmp (2 bytes)
%WinDir%\Temp\MPCB.tmp (1568 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\searchblurb.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\5_chart.gif (773 bytes)
%WinDir%\Temp\MPC54.tmp (843 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\spacer.gif (43 bytes)
%WinDir%\Temp\MPC9E.tmp (159 bytes)
%WinDir%\Temp\MPC46.tmp (1 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm (2759 bytes)
%WinDir%\pchealth\helpctr\System\panels\HHWrapper.htm (713 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\error.gif (107 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\10_chart.gif (1 bytes)
%WinDir%\Temp\MPCCC.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\55_chart.gif (777 bytes)
%WinDir%\pchealth\helpctr\System\panels\ShareHelp.htm (4 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_blank_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.htm (7 bytes)
%WinDir%\Temp\MPC33.tmp (449 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\GArrow.gif (682 bytes)
%WinDir%\Temp\MPC3F.tmp (880 bytes)
%WinDir%\Temp\MPC6F.tmp (785 bytes)
%WinDir%\Temp\MPCD1.tmp (630 bytes)
%WinDir%\Temp\MPCC.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysConfigLaunch.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\MiniNavBar.xml (1 bytes)
%WinDir%\Temp\MPC3D.tmp (850 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__SERVER.js (8 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysinfosum.htm (16 bytes)
%WinDir%\Temp\MPC65.tmp (1077 bytes)
%WinDir%\Temp\MPC25.tmp (16 bytes)
%WinDir%\Temp\MPCA2.tmp (129 bytes)
%WinDir%\Temp\MPC6B.tmp (781 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysInfoLaunch.htm (4 bytes)
%WinDir%\pchealth\helpctr\System\HelpCtr.mmf (5 bytes)
%WinDir%\Temp\MPC79.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\10_chart.gif (784 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\searchtips.htm (10 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\100_chart.gif (741 bytes)
%WinDir%\Temp\MPCD2.tmp (630 bytes)
%WinDir%\Temp\MPC4A.tmp (4 bytes)
%WinDir%\Temp\MPC8C.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\AboutWU.htm (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\50_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\printer.gif (136 bytes)
%WinDir%\Temp\MPC39.tmp (1780 bytes)
%WinDir%\Temp\MPC3A.tmp (275 bytes)
%WinDir%\pchealth\helpctr\Logs\hcupdate.log (601927 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\BArrow.gif (674 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\stripe.jpg (9 bytes)
%WinDir%\pchealth\helpctr\System\DFS\privacy.htm (3 bytes)
%WinDir%\Temp\MPCA9.tmp (43 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\90_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\DFS\uplddrvinfo.htm (32 bytes)
%WinDir%\Temp\MPCA1.tmp (99 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\learnWU.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\35_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\Uabrand.gif (1 bytes)
%WinDir%\Temp\MPC4B.tmp (1 bytes)
%WinDir%\Temp\MPC73.tmp (789 bytes)
%WinDir%\Temp\MPC89.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Index.htm (2 bytes)
%WinDir%\Temp\MPCA8.tmp (107 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_02.bmp (9 bytes)
%WinDir%\Temp\MPC53.tmp (714 bytes)
%WinDir%\Temp\MPCBB.tmp (2 bytes)
%WinDir%\Temp\MPCD6.tmp (76 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\AboutCompat.htm (3 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\50_chart.gif (762 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\RSoP.htm (56 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm (16 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysComponentInfo.htm (25 bytes)
%WinDir%\Temp\MPC1C.tmp (10 bytes)
%WinDir%\Temp\MPCD0.tmp (630 bytes)
%WinDir%\Temp\MPC99.tmp (145 bytes)
%WinDir%\Temp\MPCD7.tmp (3 bytes)
%WinDir%\Temp\MPCAE.tmp (9161 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\History.htm (5 bytes)
%WinDir%\Temp\MPC78.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\ftshelp.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\90_chart.gif (1 bytes)
%WinDir%\Temp\MPC44.tmp (775 bytes)
%WinDir%\Temp\MPC29.tmp (1 bytes)
%WinDir%\Temp\MPCA7.tmp (106 bytes)
%WinDir%\Temp\MPC8B.tmp (1 bytes)
%WinDir%\Temp\MPC30.tmp (10 bytes)
%WinDir%\Temp\MPC15.tmp (32 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\35_chart.gif (793 bytes)
%WinDir%\pchealth\helpctr\PackageStore\package_5.cab (601 bytes)
%WinDir%\Temp\MPC38.tmp (3 bytes)
%WinDir%\Temp\MPC2F.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\errmsg.bmp (1 bytes)
%WinDir%\Temp\MPCCA.tmp (895 bytes)
%WinDir%\Temp\MPC52.tmp (608 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Subsite.htm (6 bytes)
%WinDir%\Temp\MPC48.tmp (110 bytes)
%WinDir%\Temp\MPCA0.tmp (677 bytes)
%WinDir%\pchealth\helpctr\System\ErrMsg\ErrorMessagesOffline.htm (880 bytes)
%WinDir%\Temp\MPCD.tmp (1 bytes)
%WinDir%\Temp\MPC1F.tmp (1385 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\alert.gif (118 bytes)
%WinDir%\Temp\MPC31.tmp (1 bytes)
%WinDir%\Temp\MPC28.tmp (1 bytes)
%WinDir%\Temp\MPCD8.tmp (3 bytes)
%WinDir%\Temp\MPC7E.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\check.gif (145 bytes)
%WinDir%\Temp\MPCCB.tmp (70 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\Index.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\75_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\60_chart.gif (789 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\commonFunc.js (32 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c3.gif (106 bytes)
%WinDir%\Temp\MPCA3.tmp (181 bytes)
%WinDir%\Temp\MPC2C.tmp (3 bytes)
%WinDir%\Temp\MPC6A.tmp (775 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysComponentInfo.js (27 bytes)
%WinDir%\Temp\MPCCE.tmp (630 bytes)
%WinDir%\Temp\MPC98.tmp (257 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\up.bmp (1 bytes)
%WinDir%\pchealth\helpctr\Indices (4 bytes)
%WinDir%\Temp\MPC7B.tmp (1 bytes)
%WinDir%\Temp\MPC85.tmp (1 bytes)
%WinDir%\Temp\MPC7F.tmp (1 bytes)
%WinDir%\Temp\MPCB7.tmp (600 bytes)
%WinDir%\Temp\MPC45.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\0_chart.gif (1 bytes)
%WinDir%\Temp\MPC3C.tmp (439 bytes)
%WinDir%\Temp\MPCA6.tmp (107 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\Favorites.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\85_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\75_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Search.htm (37 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\20_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\LearnCompat.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\5_chart.gif (1 bytes)
%WinDir%\Temp\MPCD5.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\CompatMode.htm (601 bytes)
%WinDir%\pchealth\helpctr\System\panels\NavBar.xml (2 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\watermark_300x.bmp (2105 bytes)
%WinDir%\Temp\MPC37.tmp (492 bytes)
%WinDir%\Temp\MPCCD.tmp (630 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\blue_arrow.gif (674 bytes)
%WinDir%\Temp\MPC59.tmp (861 bytes)
%WinDir%\Temp\MPC7D.tmp (1 bytes)
%WinDir%\Temp\MPC86.tmp (1 bytes)
%WinDir%\Temp\MPC7A.tmp (1 bytes)
%WinDir%\Temp\MPC4F.tmp (395 bytes)
%WinDir%\pchealth\helpctr\PackageStore\CRC_Disk.new (24 bytes)
%WinDir%\pchealth\helpctr\System\images\progbar.gif (2 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\support.bmp (1 bytes)
%WinDir%\Temp\MPC4D.tmp (2 bytes)
%WinDir%\Temp\MPC9F.tmp (135 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\80_chart.gif (1 bytes)
%WinDir%\Temp\MPCD4.tmp (2 bytes)
%WinDir%\Temp\MPCA5.tmp (114 bytes)
%WinDir%\Temp\MPCB4.tmp (1 bytes)
%WinDir%\Temp\MPC1.tmp (6 bytes)
%WinDir%\Temp\MPC50.tmp (4 bytes)
%WinDir%\Temp\MPCDA.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\dvdupgrd.js (1 bytes)
%WinDir%\pchealth\helpctr\System\images\wrapperhelp.gif (76 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieGrey.gif (67 bytes)
%WinDir%\Temp\MPCA4.tmp (136 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\85_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\20_chart.gif (775 bytes)
%WinDir%\Temp\MPC49.tmp (713 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\arrow_blue_normal_shadow.bmp (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysDiskTS.htm (2 bytes)
%WinDir%\Temp\MPC62.tmp (2 bytes)
%WinDir%\Temp\MPCB3.tmp (1 bytes)
%WinDir%\Temp\MPCDB.tmp (239598 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_01.bmp (9 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\80_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\collapsed.gif (139 bytes)
%WinDir%\pchealth\helpctr\PackageStore\package_6.cab (1425 bytes)
%WinDir%\Temp\MPCD3.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\errors\connection.htm (18 bytes)
%WinDir%\Temp\MPC2.tmp (5 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\70_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\warning.gif (600 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysHealthInfo.js (20 bytes)
%WinDir%\pchealth\helpctr\System\css\Behaviors.css (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\MiniNavBar.htm (4 bytes)
%WinDir%\pchealth\helpctr\PackageStore\SkuStore.bin.new (438 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_articles_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\System\CompatCtr\CompatOffline.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\windows_newsgroups.htm (2 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm (6 bytes)
%WinDir%\pchealth\helpctr\System\panels\firstpage.htm (714 bytes)
%WinDir%\Temp\MPC32.tmp (2 bytes)
%WinDir%\Temp\MPCB0.tmp (287 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\45_chart.gif (1 bytes)
%WinDir%\Temp\MPC67.tmp (741 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\65_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Channels.htm (8 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\floppy.gif (159 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\drive.gif (139 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\45_chart.gif (785 bytes)
%WinDir%\Temp\MPC4C.tmp (20 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\cd.gif (257 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\gears.gif (135 bytes)
%WinDir%\Temp\MPC1E.tmp (20 bytes)
%WinDir%\Temp\MPC5.tmp (12 bytes)
%WinDir%\Temp\MPC2D.tmp (1 bytes)
%WinDir%\Temp\MPCCF.tmp (630 bytes)
%WinDir%\pchealth\helpctr\System\images\feedback.gif (895 bytes)
%WinDir%\pchealth\helpctr\Config\sereg.xml.new (150 bytes)
%WinDir%\pchealth\helpctr\System\NetDiag\dglogshelp.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\dialogs\Print.dlg (7 bytes)
%WinDir%\Temp\MPCB6.tmp (1 bytes)
%WinDir%\Temp\MPC1D.tmp (1128 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\loc_strings.xml (26 bytes)
%WinDir%\Temp\MPC9D.tmp (107 bytes)
%WinDir%\pchealth\helpctr\System\DFS\xmldisplay.xsl (11 bytes)
%WinDir%\Temp\MPC19.tmp (1765 bytes)
%WinDir%\Temp\MPC8A.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\40_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm (1474 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\95_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\msinfo.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_normal.bmp (2 bytes)
%WinDir%\pchealth\helpctr\System\images\get_conn.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\errors\notfound.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\panels\blank.htm (608 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysServicesInfo.htm (10 bytes)
%WinDir%\Temp\MPCC7.tmp (135 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.js (9 bytes)
%WinDir%\pchealth\helpctr\System\panels\AdvSearch.htm (19 bytes)
%WinDir%\Temp\MPC6.tmp (5 bytes)
%WinDir%\Temp\MPC5C.tmp (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\65_chart.gif (1 bytes)
%WinDir%\Temp\MPC5D.tmp (4 bytes)
%WinDir%\pchealth\helpctr\System\scripts\HomePage__SHARED.js (4 bytes)
%WinDir%\pchealth\helpctr\Config\CheckPoint\tmp.edb (3240 bytes)
%WinDir%\Temp\MPC82.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\DVDUpgrd\dvdupgrd.htm (1 bytes)
%WinDir%\Temp\MPC2B.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\helpdoc.gif (207 bytes)
%WinDir%\pchealth\helpctr\System\images\24x24\arrow_green_mouseover.bmp (2 bytes)
%WinDir%\Temp\MPCB8.tmp (2 bytes)
%WinDir%\Temp\MPC84.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\15_chart.gif (1 bytes)
%WinDir%\Temp\MPC83.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Common (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\40_chart.gif (789 bytes)
%WinDir%\Temp\MPC11.tmp (1890 bytes)
%WinDir%\Temp\MPC2E.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\flyout_arrow.gif (70 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\95_chart.gif (1 bytes)
%WinDir%\Temp\MPC74.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r1_c2.gif (107 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common (4 bytes)
%WinDir%\Temp\MPC21.tmp (10 bytes)
%WinDir%\Temp\MPC40.tmp (1 bytes)
%WinDir%\Temp\MPCC9.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\errors\indexfirstlevel.htm (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\25_chart.gif (1 bytes)
%WinDir%\Temp\MPCAD.tmp (569 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_03.bmp (9 bytes)
%WinDir%\Temp\MPC63.tmp (371 bytes)
%WinDir%\Temp\MPC14.tmp (2413 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\RSoP.js (56 bytes)
%WinDir%\pchealth\helpctr\System\panels\NavBar.htm (20 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\rcmoreinfo.htm (10 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\History.htm (1 bytes)
%WinDir%\Temp\MPC10.tmp (7 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\15_chart.gif (778 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\greendot.jpg (677 bytes)
%WinDir%\Temp\MPC55.tmp (8 bytes)
%WinDir%\pchealth\helpctr\System\HomePage__SERVER.htm (7 bytes)
%WinDir%\Temp\MPC4E.tmp (839 bytes)
%WinDir%\pchealth\helpctr\System\images\warning.gif (1 bytes)
%WinDir%\Temp\MPC77.tmp (1 bytes)
%WinDir%\Temp\MPC41.tmp (18 bytes)
%WinDir%\pchealth\helpctr\System\panels\Topics.htm (5 bytes)
%WinDir%\Temp\MPCAB.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\NetDiag\dglogs.htm (55 bytes)
%WinDir%\Temp\MPC5B.tmp (208 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_tutorials_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\common.js (5 bytes)
%WinDir%\Temp\MPC97.tmp (162 bytes)
%WinDir%\Temp\MPCC8.tmp (207 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\update.bmp (1 bytes)
%WinDir%\Temp\MPC90.tmp (674 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\25_chart.gif (781 bytes)
%WinDir%\Temp\MPC24.tmp (1964 bytes)
%WinDir%\Temp\MPC12.tmp (2 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A (256 bytes)
%WinDir%\Temp\MPC87.tmp (1 bytes)
%WinDir%\Temp\MPC17.tmp (582 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\usb.gif (262 bytes)
%WinDir%\Temp\MPC72.tmp (773 bytes)
%WinDir%\Temp\MPC5F.tmp (2 bytes)
%WinDir%\Temp\MPC60.tmp (2 bytes)
%WinDir%\Temp\MPC34.tmp (980 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\card.gif (162 bytes)
%WinDir%\Temp\MPCAA.tmp (404 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\Untitled.gif (1 bytes)
%WinDir%\Temp\MPCB2.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\subpanels\Favorites.htm (8 bytes)
%WinDir%\Temp\MPC20.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieWhite.gif (67 bytes)
%WinDir%\pchealth\helpctr\System\images\Expando\endnode.gif (136 bytes)
%WinDir%\Temp\MPC5A.tmp (6 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm (10 bytes)
%WinDir%\pchealth\helpctr\System\images\48x48\desktop_icon_04.bmp (9 bytes)
%WinDir%\pchealth\helpctr\System\scripts\Common.js (3 bytes)
%WinDir%\Temp\MPC71.tmp (777 bytes)
%WinDir%\pchealth\helpctr\System\scripts\wrapperparam.js (2 bytes)
%WinDir%\Temp\MPCB5.tmp (1 bytes)
%WinDir%\Temp\MPC35.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_tours_12x.bmp (630 bytes)
%WinDir%\Temp\MPCC3.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\DFS\viewmode.xml (275 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\r3_c2.gif (107 bytes)
%WinDir%\pchealth\helpctr\System\errors\unreachable.htm (1 bytes)
%WinDir%\Temp\MPC76.tmp (1 bytes)
%WinDir%\Temp\MPC80.tmp (1 bytes)
%WinDir%\Temp\MPCC5.tmp (139 bytes)
%WinDir%\pchealth\helpctr\System\errors\offline.htm (775 bytes)
%WinDir%\Temp\MPC66.tmp (734 bytes)
%WinDir%\Temp\MPCC2.tmp (1 bytes)
%WinDir%\Temp\MPC58.tmp (3 bytes)
%WinDir%\Temp\MPC16.tmp (544 bytes)
%WinDir%\Temp\MPCA.tmp (48457 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\down.bmp (1 bytes)
%WinDir%\pchealth\helpctr\System\panels\RemoteHelp.htm (43 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\options.htm (1 bytes)
%WinDir%\Temp\MPC4.tmp (5 bytes)
%WinDir%\Temp\MPC9A.tmp (102 bytes)
%WinDir%\Temp\MPCBA.tmp (2 bytes)
%WinDir%\Temp\MPC61.tmp (1 bytes)
%WinDir%\Temp\MPC27.tmp (374 bytes)
%WinDir%\Temp\MPC94.tmp (67 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client (4 bytes)
%WinDir%\pchealth\helpctr\System\dialogs\DlgLib.js (850 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A (528 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\Learn.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\IULogo.gif (1 bytes)
%WinDir%\Temp\MPC6E.tmp (789 bytes)
%WinDir%\Temp\MPC8D.tmp (1 bytes)
%WinDir%\Temp\MPC3.tmp (6 bytes)
%WinDir%\Temp\MPC96.tmp (118 bytes)
%WinDir%\pchealth\helpctr\System\HomePage__DESKTOP.htm (7 bytes)
%WinDir%\pchealth\helpctr\System\images\16x16\compat.bmp (1 bytes)
%WinDir%\Temp\MPC43.tmp (24 bytes)
%WinDir%\Temp\MPC56.tmp (5 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\LearnInternet.htm (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\wmi_data.js (14 bytes)
%WinDir%\Temp\MPC92.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\PieChart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\60_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\keywordhelp.htm (1 bytes)
%WinDir%\Temp\MPCF.tmp (7 bytes)
%WinDir%\pchealth\helpctr\System\images\icon_onlineinline_12x.bmp (630 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\personalizing.gif (181 bytes)
%WinDir%\pchealth\helpctr\System\images\32x32\logo.bmp (2 bytes)
%WinDir%\Temp\MPC57.tmp (2 bytes)
%WinDir%\Temp\MPC42.tmp (1 bytes)
%WinDir%\Temp\MPC36.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\70_chart.gif (1 bytes)
%WinDir%\Temp\MPC93.tmp (67 bytes)
%WinDir%\Temp\MPC95.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\system.gif (404 bytes)
%WinDir%\Temp\MPC81.tmp (1428 bytes)
%WinDir%\Temp\MPC64.tmp (9 bytes)
%WinDir%\pchealth\helpctr\System\DFS\xmldialog.htm (967 bytes)
%WinDir%\pchealth\helpctr\System\Headlines.htm (6 bytes)
%WinDir%\pchealth\helpctr\System\panels\Options.htm (4 bytes)
%WinDir%\Temp\MPC8E.tmp (1 bytes)
%WinDir%\Temp\MPCBF.tmp (9 bytes)
%WinDir%\Temp\MPC23.tmp (9 bytes)
%WinDir%\Temp\MPCC6.tmp (136 bytes)
%WinDir%\Temp\MPC9.tmp (1488 bytes)
%WinDir%\pchealth\helpctr\System\images\info.gif (1 bytes)
%WinDir%\Temp\MPCAF.tmp (1 bytes)
%WinDir%\pchealth\helpctr\System\UpdateCtr\updatecenter.htm (1 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email (4 bytes)
%WinDir%\Temp\MPCC4.tmp (674 bytes)
%WinDir%\pchealth\helpctr\System\rc\rcRequest.htm (2 bytes)
%WinDir%\Temp\MPCB1.tmp (2 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\isupport.htm (3 bytes)
%WinDir%\pchealth\helpctr\System\blurbs\about_support.htm (2 bytes)
%WinDir%\Temp\MPC8.tmp (19 bytes)
%WinDir%\Temp\MPCB9.tmp (2 bytes)
%WinDir%\pchealth\helpctr\Database\HCdata.edb (1128 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\30_chart.gif (1 bytes)
%WinDir%\pchealth\helpctr\System\images\Centers\Connect.gif (1 bytes)
%WinDir%\Temp\MPC6D.tmp (793 bytes)
%WinDir%\Temp\MPCBC.tmp (9 bytes)
%WinDir%\Temp\MPC22.tmp (7 bytes)
%WinDir%\Temp\MPC5E.tmp (2 bytes)
%WinDir%\Temp\MPC75.tmp (1 bytes)
%System%\WKLRVU\AGO.02 (56 bytes)
%System%\WKLRVU\AGO.01 (81 bytes)
%System%\WKLRVU\AGO.00 (1 bytes)
%System%\WKLRVU\AGO.exe (15021 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGO Start" = "%System%\WKLRVU\AGO.exe" - Reboot the computer.