HEUR:Trojan.Win32.Generic (Kaspersky), Artemis!2AF9CADD4C85 (McAfee), Win32:Dropper-gen [Drp] (Avast)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 2af9cadd4c85e03c85cfe888bd937c82
SHA1: cefdcfde7a4315af082082032a23cd2d0bd285b3
SHA256: a1840bbb7e1aa8dd088d3acfd4136f8fea80e7bb209d971cbcaf8a0e58f4c4d8
SSDeep: 393216:fJtgf78QnN0SlX3HXHBIAohSjJbxUAukZdESKWdvXT:fjs7LTHHXhXo0pxU8ZdZ11
Size: 18735104 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company: no certificate found
Created at: 2014-01-22 12:43:30
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
Baidu_PC_Faster_4_0_1_51423.exe:2704
PCFasterSvc.exe:3424
LogReporter.exe:1096
LogReporter.exe:2300
LogReporter.exe:3036
LogReporter.exe:4072
LogReporter.exe:2024
LogReporter.exe:2376
LogReporter.exe:1380
sc.exe:3580
sc.exe:3492
Updater.exe:2876
Updater.exe:2904
Updater.exe:4076
Updater.exe:3516
Updater.exe:3400
Updater.exe:3328
Updater.exe:3644
WScript.exe:2392
schtasks.exe:3904
schtasks.exe:2560
schtasks.exe:2096
schtasks.exe:3632
schtasks.exe:3168
LeakRepair.exe:3392
regsvr32.exe:3920
PCFPopups.exe:748
The Trojan injects its code into the following process(es):
Pcftray.exe:2544
%original file name%.exe:2472
FasterNow.exe:3500
File activity
The process Baidu_PC_Faster_4_0_1_51423.exe:2704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\14.png (19326 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\cloudy.png (3001 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_normal_eng.png (7537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\log.dll (117440 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\3.png (27668 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_normal_id.png (8692 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Yontoo.rul (5258 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\GiantSavings.rul (7741 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1047.A180Darts.rul (17044 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\13.png (19866 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_down_pu.png (8198 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\feedback\feedback.bskin (142597 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\dbghelp.dll (1187272 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_crashreporter\skin_crashreporter.bskin (234526 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\6.png (1007 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\IWantThis.rul (9732 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1090.DVDVideoSoftToolbar.rul (25998 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\HipsDR.dll (341696 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Default.png (9058 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\PcfTray\PcfTray.bskin (66425 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\LeakRepair.dll (1427136 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\log2.dll (322752 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BProtectEx64.sys (99648 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_hover_id.png (8522 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\hipspop\hipspop.bskin (110224 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1070.IMVUToolbar.rul (16300 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\NewFeatures.ini (393 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1104.SavepathDeals.rul (3292 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\location_disable.png (1297 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_cancel_over.png (1227 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\data\rl.dat (1680 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\t1.db (155463 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\skin_feedback\skin_feedback.bskin (68143 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\tools\FasterNow\FasterNow.bskin (1046 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\update\update.bskin (13387 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_uninstall_over.png (1172 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\cloud.png (2909 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Facebook\res\res.bskin (142816 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Green.bskin (119344 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1088.yontooToolbar.rul (16384 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Tools\res\res.bskin (40354 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\res\res.bskin (157565 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\HipsPop.exe (329920 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_hover_thai.png (9075 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\oovoo.rul (11349 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\11.png (22440 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\foggy.png (1555 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_down_eng.png (7855 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_hover_eng.png (7744 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\MixiDJ.rul (7476 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1045.AccuWeather.rul (16044 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_normal.png (1460 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.1.def.db (11676 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\version.xml (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss79.tmp (57795427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\NewFeatures.txt (1314 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_popup\skin_popup.bskin (106644 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\rainy.png (1120 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_uninstall_normal.png (1188 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\confirm\confirm.bskin (95756 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\ieprotect\ieprotect.bskin (16003 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_finishing_id.png (3006 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\min_normal.png (1385 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_finishing_pu.png (1107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\log2.dll (322752 bytes)
%Documents and Settings%\All Users\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Baidu PC Faster.lnk (878 bytes)
%Documents and Settings%\All Users\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Uninstall.lnk (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\config.ini (5652 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\outer_circle.png (4380 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BaiduStore.dll (1302720 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\4.png (20506 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1046.appbario12.rul (19512 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Tuvaro.rul (6164 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_hover_pu.png (7361 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\common\common.bskin (367 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_down_pu.png (7545 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1086.DownloadEnergyToolbar.rul (16402 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_hover_pu.png (7106 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\t2.db (128578 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\cricle_animate.png (186562 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (1504256 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\hipspop\hipspop.bskin (25568 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\screensnpashot\screensnpashot.bskin (1406 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Baidu_PC_Faster_4_0_1_51423-2014-03-26 03-26-53-0536-[7083].tmp (4777 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_frame\skin_frame.bskin (363409 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\ProgramFileList.xml (226642 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\lightning.png (1148 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Communication.dll (313024 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\0.png (1014 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_exit_down.png (7413 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_cancel_down.png (1206 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\NewFeatures.exe (498368 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Car.bskin (422873 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.HomeEx\res\res.bskin (966497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\InstallCheck.dll (65216 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\2.png (28922 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\config.ini (5682 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Feedback.lnk (896 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_finishing_eng.png (1079 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Christmas.png (14959 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1061.SearchProtect.rul (2247 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1118.A2ZLyrics.rul (8605 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\6.png (22840 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Dealio.rul.bak (7318 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\lightning.png (2949 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\url.ini (6598 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe (1349824 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\2.png (1015 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Deal Spy.rul (8805 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\skin_update\skin_update.bskin (51031 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\FasterNow\FasterNow.bskin (106412 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1111.Vuze.rul (17726 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\data\sbr.dat (144 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\uTorrentBar.rul (2260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\BHips.dll (932712 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1105.FreeYoutubeDownload.rul (35306 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\cricle.png (10310 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\CouponDropDown.rul (7715 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\popups\popups.bskin (114892 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1055.WhiteSmoke.rul (15636 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\BugReporter\BugReporter.bskin (1329 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1097.NCH FRToolbar.rul (18674 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\LogReporter.exe (464064 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\log.dll (117440 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BEVMEngine.dll (570752 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_normal_thai.png (8901 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\sqlite.dll (626880 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_hover_thai.png (7616 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Egypt.png (25034 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\PluginHome\drag_disable.cur (4286 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Gold.png (41588 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\BugReporter\BugReporter.bskin (1141 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Cherry.bskin (137275 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\VDownloader_Ask.rul (7782 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\15.png (18626 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\StartNow.rul (4575 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Aflamster.rul (1728 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\feedback\feedback.bskin (130773 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\HomeRank.dat (3017 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\FutureSoldier.png (40854 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\appbario7.rul (27778 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1063.SnapDo.rul (42100 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\littleboy.png (5954 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_disable_pu.png (6635 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_homepage\skin_homepage.bskin (16143 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\logo_titlebar.png (121336 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SysRepair\SysRepair.dll (1202368 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\cloudy.png (1142 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\9.png (1022 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_install_over.png (7097 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\res\res.bskin (124971 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Bhbase.sys (63840 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1094.BittorrentBar_DEToolbar.rul (16910 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Uninstall.lnk (876 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_down_id.png (8584 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_install_disable.png (6310 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1098.NewYorkYankeesToolbar.rul (16305 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Grey.bskin (104165 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_down_id.png (9636 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1049.SocialSearchBar.rul (20150 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BHips.dll (932712 bytes)
%Documents and Settings%\%current user%\àðñþчøù ÑÂÂтþû\Baidu PC Faster.lnk (864 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\common\common.bskin (395 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_exit_hover.png (7580 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin (235760 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1053.SupremeSavings.rul (7391 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\FasterNow.exe (501232 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys (135552 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\NSISInstall.exe (742592 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_hover_pu.png (8038 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\Plugin_LeakRepair.dll (1192640 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BdApiUtil.dll (123584 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\FIFA.png (16363 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1076.SavingsAddon.rul (8234 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1065.DeltaToolbar.rul (18834 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Christmas.bskin (265998 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\cloud.png (1130 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll (1550016 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\BaiduSafe\BaiduSafe.bskin (259915 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\update\update.bskin (11869 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\Plugin_SystemCleaner.dll (1415360 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_disable_thai.png (7851 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_disable_eng.png (6849 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Egypt.bskin (416149 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe (712688 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1050.SolidSavings.rul (7546 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\lang.ini (100 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_disable_pu.png (7188 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\ieprotect\ieprotect.bskin (14220 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_hover_thai.png (6714 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_over.png (1464 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1072.MyHomepage.rul (2297 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\tools\FasterNow\FasterNow.bskin (961 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1081.Funmoods.rul (15467 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\language_normal.png (1083 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\confirm\confirm.bskin (94993 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\res\res.bskin (48852 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_ieprotect\skin_ieprotect.bskin (24554 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (1162 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe (604656 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1085.facesmooch.rul (3927 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\ShoppingSidekick.rul (8588 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_cancel_normal.png (1224 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_disable_id.png (9237 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\common\common.bskin (374 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\min_down.png (1386 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Default.bskin (221267 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\screensnpashot\screensnpashot.bskin (1406 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1062.OnlineRadioPlayerRecorderToolbar.rul (19178 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1083.PriceGong.rul (2641 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\confirm\confirm.bskin (94419 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Baidu PC Faster.lnk (878 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInstall\NSISInstall.bskin (137589 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update_config.xml (3276 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_uncheck_normal.png (988 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_hover_id.png (8838 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\BrowserProtect.rul (101 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\FutureSoldier.bskin (350001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\skin\common\common.bskin (41896 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_normal_id.png (9456 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\ieprotect\ieprotect.bskin (11404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\LogReporter.exe (464064 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1112.SaveValet.rul (465 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\PluginHome\circle_progress.png (3398 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PopupTip.exe (342208 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\10.png (22470 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\sunny.png (1111 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFPopups.exe (2187648 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_hover_id.png (9691 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1077.BrowserCompanion.rul (5359 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\citys.txt (10316 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\screensnpashot\screensnpashot.bskin (1406 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_normal_pu.png (7894 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\1.png (974 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\hipspop\hipspop.bskin (17100 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\searchya.rul (4083 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_normal_pu.png (6908 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin (150447 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\7.png (985 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\confirm\confirm.bskin (6353 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\screensnpashot\screensnpashot.bskin (956 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_finishing_thai.png (1609 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1058.ScenicReflections.rul (16089 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\common\common.bskin (41896 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Brown.png (10035 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_pop_percent_1.png (4434 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\FasterNow.dat (58352 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_disable_id.png (8515 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.2.def.db (38302 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\PluginRemover.dll (1176256 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\tools\FasterNow\FasterNow.bskin (996 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_checked_normal.png (1036 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Uninstall.exe (466608 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1074.CodecPerformer.rul (6416 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BHipsConfig.ini (684 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1114.ST-Eng7.rul (17012 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll (806760 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_normal_thai.png (6585 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BETManger.dll (523968 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\SdkConfig.ini (1618 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Green.png (5577 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\SearchAmong.rul (1582 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\DirectUI.dll (893472 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\PcfTray\PcfTray.bskin (64960 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\popups\popups.bskin (115878 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1107.TVGenie.rul (2644 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\min_hover.png (1430 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1099.SearchDeals.rul (2461 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_down_thai.png (7750 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\logo_bk2.png (61413 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\85Play_Games.rul (1405 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\NewFeatures\NewFeatures.bskin (272301 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\NewFeatures\NewFeatures.bskin (272299 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_disable_thai.png (6744 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\WhiteSmokeToolBar.rul (20234 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\language_over.png (1088 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\10.png (1105 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\logo_bk.png (43460 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1082.PricePeep.rul (1686 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1113.SpyGuard.rul (2762 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1087.MediaFinder.rul (4761 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1117.RewardsArcade.rul (15848 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\string.ini (9518 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1093.BittorrentBar_FRToolbar.rul (17858 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_default\skin_default.bskin (221120 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\common\common.bskin (371 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\CrashReport.exe (642544 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_boottime\skin_boottime.bskin (635846 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_uncheck_over.png (995 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1054.CouponCaddy.rul (7151 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\snow.png (2904 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe (488128 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\data\LinkCensor.dat (104 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\hipspop\hipspop.bskin (18506 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Antivirus\res\res.bskin (145701 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1056.WhiteSmkeUSNew.rul (16089 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1116.NewVeoh.rul (17556 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\NewUpdater.exe (372416 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_uninstall_down.png (1179 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1064.Webblog.rul (16388 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll (1410752 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_install_normal.png (7031 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\BugReporter\BugReporter.bskin (1053 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Cherry.png (5701 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\ieprotect\ieprotect.bskin (13325 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_percent_1.png (2385 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\lang.ini (94 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\PcfTray\PcfTray.bskin (263362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\Communication.dll (313024 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_percent_2.png (2351 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\list.xml (1447 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Brown.bskin (356891 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe (161472 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\9.png (28340 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Tools\Plugin_Tools.dll (184512 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\EnumModules.exe (107200 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Genieo.rul (6867 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_normal_thai.png (7521 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\PluginOptimizer\img_circle.png (5453 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1101.VAFMusic.rul (22086 bytes)
%Documents and Settings%\All Users\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Feedback.lnk (896 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\nsis_install\nsis_install.bskin (68063 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\NewFeatures\NewFeatures.bskin (272299 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\PluginConfig.xml (2258 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\DirectUI.dll (893472 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_junkclean\skin_junkclean.bskin (45330 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BEVMApi001.dll (299712 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Gold.bskin (359720 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\data\mn.dat (864 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\nsis_install\nsis_install.bskin (70403 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData (4096 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Updater.exe (1134064 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\PcfTray\PcfTray.bskin (64697 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\feedback\feedback.bskin (129797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\System.dll (11264 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1108.SmartSuggestor.rul (256 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\NewFeatures\NewFeatures.bskin (272299 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\popups\popups.bskin (114250 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1110.BrowseForTheCause.rul (1023 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\foggy.png (1005 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_install_down.png (7091 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\Plugin_Optimizer.dll (1260736 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\update\update.bskin (12522 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\sunny.png (2744 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\5.png (23510 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_pop_percent_2.png (4443 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_down.png (1461 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\liveupdate.exe (244928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\InstallUtility.dll (1130688 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_down_id.png (8899 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\webcake.rul (3263 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Deals.rul (7661 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_pop_percent_0.png (4448 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\tools\FasterNow\FasterNow.bskin (1197 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\update\update.bskin (13645 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\RebateInformer.rul (6988 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_exit_normal.png (7463 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1052.TigerSavings.rul (7088 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\DataReport.dll (310976 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\IEProtect.exe (972440 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Car.png (26076 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\8.png (1012 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\location_over.png (1358 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_percent_0.png (2407 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\uTorrentControl.rul (18562 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Inbox.rul (3712 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1095.DigiModeToolbar.rul (17790 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update.dll (1192640 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\5.png (1007 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_down_thai.png (9175 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_down_pu.png (7106 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\language_down.png (1103 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\confirm\confirm.bskin (102232 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\MainFrame\splash_light.png (2080 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (162048 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1051.SavingsApp.rul (6928 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1067.SearchAssistant.rul (1506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\sysconfig.ini (4 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1048.MixiDjV30.rul (19660 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\skin_upgrade\skin_upgrade.bskin (9174 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\VidSaver.rul (6468 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\location_down.png (1349 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\nsis_install\nsis_install.bskin (68487 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\feedback\feedback.bskin (127155 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\snow.png (1126 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\InternetHelper.rul (20494 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\CleanerEngine.dll (1589952 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\12.png (21134 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1106.GetSavin.rul (4104 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\MyWebSearch.rul (33402 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BProtectEx.sys (116544 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\7.png (23710 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\8.png (21960 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\FIFA.bskin (342272 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SysAndNetworkOpt\SysAndNetworkOpt.dll (988864 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\ieprotect\ieprotect.bskin (35338 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\popups\popups.bskin (114892 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\hipspop\hipspop.bskin (20640 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin (150628 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\config.ini (5682 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.5.1.def.db (7402 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_checked_over.png (1044 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\CP.dll (556224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\InstallUtility.log (39412 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\logo_install.png (6863 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1115.Qwiklinx.rul (1845 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\nsis_install\nsis_install.bskin (68666 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\HipsHB.dll (389312 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\3.png (1002 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.0.def.db (11430 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\1.png (22682 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\BrowserDefender.rul.bak (3636 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1057.TrustWorthy.rul (16305 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\BugReporter\BugReporter.bskin (1153 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\rainy.png (2933 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\location_normal.png (1334 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\sysconfig.ini (4 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\CouponCompanion.rul (7793 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\common\common.bskin (16620 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\4.png (997 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1068.AppBario2.rul (6155 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1060.LuckySavings.rul (7283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\url.ini (6598 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1089.DVDVideoSoftToolbar.rul (15759 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\CrashUL.exe (220144 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\LeakRepair.exe (1474240 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll (378048 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\DataFileVer.xml (303 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_down_thai.png (6789 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\DataFileList.xml (10206 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\PcfTray\PcfTray.bskin (69909 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Grey.png (2581 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_disable.png (6308 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_normal_pu.png (7168 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1102.FastFreeConverter.rul (3693 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_normal_id.png (8374 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nss78.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\sysconfig.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\DirectUI.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\skin\common\common.bskin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\BHips.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\url.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\InstallUtility.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\config.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\InstallCheck.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\log.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\skin\common (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\NewFeatures.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\string.ini (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Baidu_PC_Faster_4_0_1_51423-2014-03-26 03-26-53-0536-[7083].tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\LogReporter.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\log2.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\skin (0 bytes)
The process PCFasterSvc.exe:3424 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\drivers\BprotectEx.sys (100160 bytes)
%Documents and Settings%\All Users\Application Data\Log\00000000-000C29F803BA!acc7ad6a-0a29-4edf-aae3-cc9dcd0ce41e@#000C29F803BA-LogFile-2014-03-26 21-26-41-0832.log (598125 bytes)
%WinDir%\Temp\Plu7C.tmp (2258 bytes)
%WinDir%\Temp\Plu7D.tmp (2258 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\SdkConfig.ini (164 bytes)
%System%\drivers\Bhbase.sys (47456 bytes)
%WinDir%\Temp\Plu7B.tmp (2258 bytes)
%Documents and Settings%\All Users\Application Data\Log (536576 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (86 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PCFasterSvc-2014-03-26 03-27-41-0473-[7240].tmp (4448 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData (4096 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\config.ini (4658 bytes)
The Trojan deletes the following file(s):
%WinDir%\Temp\Plu7B.tmp (0 bytes)
%WinDir%\Temp\Plu7C.tmp (0 bytes)
%WinDir%\Temp\Plu7D.tmp (0 bytes)
The process Updater.exe:2876 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update_ultimate.ini (38 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\log\Updater.log (33696 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData (4096 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update_statistic.xml (1336 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (32 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Updater-2014-03-26 03-26-57-0629-[7096].tmp (4441 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\log (32768 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Updater-2014-03-26 03-26-57-0629-[7096].tmp (0 bytes)
The process Updater.exe:4076 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update_ultimate.ini (6 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\log\Updater.log (33693 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData (4096 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update_statistic.xml (1002 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (32 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\log (32768 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Updater-2014-03-26 03-27-36-0770-[7223].tmp (4441 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Updater-2014-03-26 03-27-36-0770-[7223].tmp (0 bytes)
The process Updater.exe:3516 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (32 bytes)
The process Pcftray.exe:2544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Pcftray-2014-03-26 03-27-57-0723-[7292].tmp (4573 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (40 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\SdkConfig.ini (8 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData (4096 bytes)
The process %original file name%.exe:2472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\WindowsApplication1\Baidu PC Faster\4.0.1.56500\Windows\dll.vbs (82338 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (18432 bytes)
%Documents and Settings%\All Users\Application Data\WindowsApplication1\Baidu PC Faster\4.0.1.56500\Windows\Baidu_PC_Faster_4_0_1_51423.exe (36955816 bytes)
The process schtasks.exe:2096 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Tasks\Baidu PC Faster Update.job (412 bytes)
The process LeakRepair.exe:3392 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (32 bytes)
The process PCFPopups.exe:748 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (32 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PCFPopups-2014-03-26 03-27-22-0661-[7178].tmp (4441 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData (4096 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PCFPopups-2014-03-26 03-27-22-0661-[7178].tmp (0 bytes)
The process FasterNow.exe:3500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (32 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\config.ini (228 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-FasterNow-2014-03-26 03-28-05-0942-[7318].tmp (4441 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData (4096 bytes)
Registry activity
The process Baidu_PC_Faster_4_0_1_51423.exe:2704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayVersion" = "4.0.1.56500"
"Beta" = "0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCU\Software\Baidu Security\PC Faster\Setup]
"SetupResult" = "0"
[HKCU\Software\Baidu Security\PC Faster]
"InstallTime" = "2014-03-26 19:26:17"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\Üþø ôþúуüõýты\Üþø рøÑÂÂуýúø"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"UninstallString" = "%Program Files%\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe"
"InstallDir" = "%Program Files%\Baidu Security\PC Faster\4.0.0.0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Óûðòýþõ üõýю"
[HKCU\Software\Baidu Security\PC Faster]
"InstallChannel" = "web|gl|official|direct"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Üþø ôþúуüõýты"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\àðñþчøù ÑÂÂтþû"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Baidu Security\PC Faster]
"IsEverInstalled" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\test\LOCALS~1\Temp\vmware-test\VMwareDnD\672be3c6\vmsc.exe, , \??\C:\DOCUME~1\test\LOCALS~1\Temp\vmware-test\VMwareDnD\672be3c6\, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy7A.tmp\InstallUtility.dll,"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayIcon" = "%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe"
[HKCU\Software\Baidu Security\PC Faster\4.0.0.0\Install\3103015]
"URL" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_channel_info.cgi?install_channel=web|gl|official|direct&version=4.0.1.56500&errorcode=0&userid=00000000-000C29F803BA!acc7ad6a-0a29-4edf-aae3-cc9dcd0ce41e@#000C29F803BA&install_time=2014-03-26 19:26:17"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"schtasks.exe" = "ÃÂÂÂð÷ýðчõýýыõ ÷ðôðýøÑÂÂ"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallChannel" = "web|gl|official|direct"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\ÜþѠüу÷ыúð"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy7A.tmp]
"LogReporter.exe" = "Log Reporter"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Óûðòýþõ üõýю"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Üþø òøôõþ÷ðÿøÑÂÂø"
"CommonPictures" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Üþø рøÑÂÂуýúø"
[HKCU\Software\Baidu Security\PC Faster]
"CurrentInstallVersion" = "4.0.0.0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 3D 6B 96 FA 7B 7F 91 08 5C 37 18 88 6F C7 CF"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Óûðòýþõ üõýю\ßрþóрðüüы"
[HKLM\System\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description" = "Baidu PC Faster Service 4.0.0.0"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\àðñþчøù ÑÂÂтþû"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"Publisher" = "Baidu, Inc."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы"
[HKLM\SOFTWARE\Baidu Security\PC Faster]
"StopSvc" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKCU\Software\Baidu Security\PC Faster\4.0.0.0\Install\3103468]
"URL" = "http://sync.security.baidu.co.th/cgi-bin-py/get_channel_info.cgi?install_channel=web|gl|official|direct&version=4.0.1.56500&errorcode=0&userid=00000000-000C29F803BA!acc7ad6a-0a29-4edf-aae3-cc9dcd0ce41e@#000C29F803BA&install_time=2014-03-26 19:26:17"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"URLInfoAbout" = "http://www.pcfaster.com/go.php?link=1&pos=about"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallTime" = "2014-03-26 19:26:17"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-guid" = "acc7ad6a-0a29-4edf-aae3-cc9dcd0ce41e"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Baidu_PC_Faster_4_0_1_51423\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayName" = "Baidu PC Faster"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0" = "%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -auto -start"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Baidu Security\PC Faster]
"StopSvc"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Baidu_PC_Faster_4_0_1_51423\DEBUG]
"Trace Level"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"
"BaiduPCFasterSetup"
"BSECURE"
The process PCFasterSvc.exe:3424 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances\BprotectEx Instance]
"Altitude" = "388020"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances\BprotectEx Instance]
"Flags" = "0"
[HKCU\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
"statistic_last" = "1395862025"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\System\CurrentControlSet\Services\BprotectEx]
"InstPath" = "%Program Files%\Baidu Security\PC Faster\4.0.0.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances]
"DefaultInstance" = "BprotectEx Instance"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\àðñþчøù ÑÂÂтþû"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Baidu Security\LogLoc]
"(Default)" = "%Documents and Settings%\All Users\Application Data\Log\00000000-000C29F803BA!acc7ad6a-0a29-4edf-aae3-cc9dcd0ce41e@#000C29F803BA-LogFile-2014-03-26 21-26-41-0832.log"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 E3 92 3D ED 69 95 54 8A F4 AB A6 BE 01 B4 59"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\System\CurrentControlSet\Services\fortest]
"test123456" = "286392319"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFasterSvc\DEBUG]
"Trace Level" = ""
[HKLM\System\CurrentControlSet\Services\PCFApiUtil]
"ErrorControl" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKLM\System\CurrentControlSet\Services\PCFApiUtil]
"Type" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\PCFApiUtil]
"ImagePath" = "\??\%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
The following driver will be automatically launched by the NT Native code (IoInitSystem method):
[HKLM\System\CurrentControlSet\Services\BprotectEx]
"Start" = "1"
The following driver will be automatically launched by the OS Loader:
[HKLM\System\CurrentControlSet\Services\Bhbase]
"Start" = "0"
Automatic startup of the following service is disabled:
[HKLM\System\CurrentControlSet\Services\PCFApiUtil]
"Start" = "3"
The Trojan deletes the following registry key(s):
[HKLM\System\CurrentControlSet\Services\fortest\deltest]
[HKLM\System\CurrentControlSet\Services\fortest]
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\fortest]
"test123456"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFasterSvc\DEBUG]
"Trace Level"
The process LogReporter.exe:1096 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 17 89 37 E6 28 9D D5 4D BF 9B 80 BE 91 56 88"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process LogReporter.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB A0 BB DD D2 57 59 32 0B C3 C4 17 AC 73 FC 91"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process LogReporter.exe:3036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 54 81 A9 9B B1 DC C5 D0 E4 9D 6E F8 0A C3 97"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process LogReporter.exe:4072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\LogReporter\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 35 E6 56 DC 55 DF 8E EE 23 C1 51 D4 B4 D4 F4"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\LogReporter\DEBUG]
"Trace Level"
The process LogReporter.exe:2024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 16 E0 88 D8 04 1D 17 75 96 8B 67 C1 17 B8 49"
The process LogReporter.exe:2376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 47 3D 96 4D 15 6B B8 8E 26 49 48 FA 44 C9 9D"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process LogReporter.exe:1380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 68 E0 C6 BB 5F BF 73 82 4F 06 30 B5 20 C3 89"
The process sc.exe:3580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 5A 83 CC 7C 6D 45 44 2A 64 B3 82 0E 6B 60 40"
The process sc.exe:3492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 CD 62 A2 E1 FF 1C F5 A4 AF 9E 19 A5 76 4B 32"
The process Updater.exe:2876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE 42 BD 95 C1 57 DA B3 AF B8 29 C1 40 BE 6A 1A"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level" = ""
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level"
The process Updater.exe:2904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 3A 55 88 FC B2 5E 90 44 83 04 72 3F E5 F1 5D"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process Updater.exe:4076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 FD FC 12 6E E5 A3 65 D6 BC 25 B2 F2 E4 4B 4A"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process Updater.exe:3516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 6F 95 9A 64 DA 6B 44 80 48 CE 22 6E FD 95 D3"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process Updater.exe:3400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DD 7C 84 4E C6 00 43 C7 1E 6C E9 42 0E F4 FD EA"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process Updater.exe:3328 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 B9 79 9D A0 4A 3C C4 1A 16 A0 7A ED 82 CA F5"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process Updater.exe:3644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "19 25 35 65 A7 04 0B DB 71 2E AD 5A 26 A6 12 41"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The process WScript.exe:2392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 DC 4E B0 E6 8A F0 47 C1 08 71 B0 94 A9 7F 39"
The process Pcftray.exe:2544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Pcftray\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 67 BA 26 9C 33 C0 82 F1 E5 94 DD 6A 70 EE 84"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\Pcftray\DEBUG]
"Trace Level"
The process %original file name%.exe:2472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 40 D7 2C E8 54 73 A6 3D 25 DA 3E 0D 0C 68 1B"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\All Users\Application Data\WindowsApplication1\Baidu PC Faster\4.0.1.56500\Windows]
"Baidu_PC_Faster_4_0_1_51423.exe" = "PC Faster Setup"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\àðñþчøù ÑÂÂтþû"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\GDIPlus]
"FontCachePath" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\àðñþчøù ÑÂÂтþû"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"wscript.exe" = "Microsoft (R) Windows Based Script Host"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Üþø ôþúуüõýты"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The process schtasks.exe:3904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 78 18 6F B1 88 29 04 1E 74 F5 EA 40 C1 CD 78"
The process schtasks.exe:2560 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A 68 34 20 FF A0 F3 C0 35 C8 4A C5 F9 4A 40 8B"
The process schtasks.exe:2096 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 0D C7 ED 72 37 16 4B 32 9D 2A E5 8A 5B 5B 65"
The process schtasks.exe:3632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 9C B4 7A FB 5A 7D ED 8B 26 67 BD F7 B0 1B D8"
The process schtasks.exe:3168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E0 64 BE E7 2C CE E3 EE C2 65 10 40 1F 5C E2 05"
The process LeakRepair.exe:3392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\LeakRepair\DEBUG]
"Trace Level" = ""
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 37 B8 C3 7D DF 76 19 C6 E5 24 EA D4 3E 01 83"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\LeakRepair\DEBUG]
"Trace Level"
The process regsvr32.exe:3920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 41 1A 20 92 2F 7F 88 34 39 EE 6C 4D 14 EF 0C"
The process PCFPopups.exe:748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFPopups\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 06 2F 0B A2 6A B4 78 89 05 9A 0E 0E CB 40 37"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFPopups\DEBUG]
"Trace Level"
The process FasterNow.exe:3500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-606747145-1060284298-839522115-1004#000C29F803BA"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\FasterNow\DEBUG]
"Trace Level" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB 66 65 89 50 E3 86 F6 DB 42 B7 DB AA C4 8D 99"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\System\CurrentControlSet\Services\PerfOS\Performance]
"Error Count"
[HKLM\System\CurrentControlSet\Services\PerfProc\Performance]
"Error Count"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\FasterNow\DEBUG]
"Trace Level"
[HKLM\System\CurrentControlSet\Services\PerfDisk\Performance]
"Error Count"
Dropped PE files
MD5 | File path |
---|---|
cf636fe8ac628e4aff999777874a1054 | c:\Documents and Settings\All Users\Application Data\WindowsApplication1\Baidu PC Faster\4.0.1.56500\Windows\Baidu_PC_Faster_4_0_1_51423.exe |
d219d3182e9a0415843452792d6a0308 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy7A.tmp\BHips.dll |
9fa202ca895dbcfde57b45ba92a15527 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy7A.tmp\Communication.dll |
fae72efe6faaaca64efdea60ba573284 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy7A.tmp\InstallUtility.dll |
1887ad04d1f6e03b9b6570ec4c1b8e8b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy7A.tmp\LogReporter.exe |
99b4f71b2fb7fa93cc1389340205b5ad | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy7A.tmp\log.dll |
610e0954d676567b720015644e81dd2d | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\BETManger.dll |
3713f1ff61b88d13472792d62bcb4eb3 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\BEVMApi001.dll |
592893b5d3b4a3eb7f8cfbcb11d5bbde | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\BEVMEngine.dll |
d219d3182e9a0415843452792d6a0308 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\BHips.dll |
a109b9ed793fb3c2c00f36977a4c9c95 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\BProtectEx.sys |
90fc18cbefcd54be4288541558e5187e | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\BProtectEx64.sys |
661c1dcc5511824be8abc9529436c679 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\BaiduStore.dll |
945ca7ce939a2b9b63298daa5220496a | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\BdApiUtil.dll |
36d995ee7dd05e77e50dd0dd4f953f94 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Bhbase.sys |
539a5a6b567300e4043e033ae3f3943b | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\CP.dll |
9fa202ca895dbcfde57b45ba92a15527 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Communication.dll |
9cab8f2b2c84d2b1457052170a1a7ff8 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\CrashReport.exe |
8279318c97c59104b0134e430dedda70 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\CrashUL.exe |
7f8643cd4fffc56ac6d4163498213d54 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\DataReport.dll |
e75171190ad5eb7d62e71eec1603066f | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\DirectUI.dll |
b2c06b6b37eb112d3a2eabb1d6e0f76d | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\FasterNow.exe |
129e07f6e114f5313604db0916a587b5 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\HipsDR.dll |
e82103ad527fd9b19f78dffa7cee3cc3 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\HipsHB.dll |
9d83f2d9309c40ecddeb4712ce34fd9a | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\HipsPop.exe |
51b31d6081aff856fa3b581e8c1a514d | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\IEProtect.exe |
c5f4a040dabcdc0a267c24aadf0dbceb | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\LeakRepair.exe |
1887ad04d1f6e03b9b6570ec4c1b8e8b | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\LogReporter.exe |
9142cd77a25c3a8a595d36d79ec2413d | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\NSISInstall.exe |
23a271dda00a6d98b650ba363122d789 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\NewFeatures.exe |
a6fe93d64b0e6b59f448c3073bea237b | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\NewUpdater.exe |
ae9fe50324a33c03b9cb9ac832a78646 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys |
b63be4062741cb280d1f1522a59f33a6 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys |
48cecd4b4a7fa0d9c9e8e17eba639770 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFPopups.exe |
41eb3ee22f37d54c56a78170608c5da7 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe |
c2430cc1bc31a4488ff868a89e5ec118 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe |
b88353efe93ac3c6518415621fd8ebcb | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe |
f23fec819f6d1181c47374df8ee89a6e | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe |
e3feb2031aebf766426c7b551256e552 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll |
03e2817759676cb684673e843e90453a | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll |
03771ae2d49a1d294c7266a6ea837049 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll |
c7a34482dc13943a0ead3b1fefac6ddf | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\LeakRepair.dll |
204a5025a829aac2439ca7c65a4b7f0b | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\Plugin_LeakRepair.dll |
f8e61428a351e75792a86e7b7f5cef7e | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\Plugin_Optimizer.dll |
79bd40264f3d249393ecefdd2cd033d1 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll |
955fe8ac197e43500452dfede5eb18a4 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\EnumModules.exe |
83e7242c7c44216f366680ead9da8568 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\PluginRemover.dll |
dc7eea6e5c56c8f38172b999899a0328 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SysAndNetworkOpt\SysAndNetworkOpt.dll |
01758e92d87405495d7ff22475337126 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SysRepair\SysRepair.dll |
7a04ec9f14fb94c2f3915b4e337a0128 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\CleanerEngine.dll |
f512cbdadffef8a4ce2e3b39218375fa | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\Plugin_SystemCleaner.dll |
f1b428719f82c2dfd97685ee77ccc6f9 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Tools\Plugin_Tools.dll |
f5fa1b1a574f6465ca831ed1495c2405 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\PopupTip.exe |
867f8dcdad9a3d7cfd56628b9f244e74 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe |
434177441d30e979cba2346466686eb1 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Uninstall.exe |
fe1d9a95168499203c96d9f3dd27dd82 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\Updater.exe |
88d62065f635baae190eccf04a37a4fe | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\dbghelp.dll |
afff8a2b33ea375b51e966d7dd052580 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\liveupdate.exe |
99b4f71b2fb7fa93cc1389340205b5ad | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\log.dll |
f8eb29633e9c8032de3606d9ad9e265c | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\log2.dll |
3103029dede8b96f1cb694b5c0d8ae22 | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\sqlite.dll |
6bcf98fb3d78e088b30231261a4c2efe | c:\Program Files\Baidu Security\PC Faster\4.0.0.0\update.dll |
36d995ee7dd05e77e50dd0dd4f953f94 | c:\WINDOWS\system32\drivers\Bhbase.sys |
a109b9ed793fb3c2c00f36977a4c9c95 | c:\WINDOWS\system32\drivers\BprotectEx.sys |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "\??\%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\drivers\Bhbase.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\drivers\Bhbase.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\drivers\Bhbase.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
Using the driver "\??\%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys" the Trojan controls operations with a system registry by installing the registry notifier.
The Trojan installs the following kernel-mode hooks:
ZwAssignProcessToJobObject
ZwCreateFile
ZwCreateKey
ZwCreateProcess
ZwCreateProcessEx
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateThread
ZwDeleteFile
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDuplicateObject
ZwEnumerateValueKey
ZwLoadDriver
ZwOpenProcess
ZwOpenSection
ZwOpenThread
ZwProtectVirtualMemory
ZwQueryValueKey
ZwQueueApcThread
ZwRenameKey
ZwRequestWaitReplyPort
ZwRestoreKey
ZwSetContextThread
ZwSetInformationFile
ZwSetSecurityObject
ZwSetSystemInformation
ZwSetValueKey
ZwSuspendThread
ZwSystemDebugControl
ZwTerminateProcess
ZwTerminateThread
ZwUnmapViewOfSection
ZwWriteFile
ZwWriteVirtualMemory
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
Baidu_PC_Faster_4_0_1_51423.exe:2704
PCFasterSvc.exe:3424
LogReporter.exe:1096
LogReporter.exe:2300
LogReporter.exe:3036
LogReporter.exe:4072
LogReporter.exe:2024
LogReporter.exe:2376
LogReporter.exe:1380
sc.exe:3580
sc.exe:3492
Updater.exe:2876
Updater.exe:2904
Updater.exe:4076
Updater.exe:3516
Updater.exe:3400
Updater.exe:3328
Updater.exe:3644
WScript.exe:2392
schtasks.exe:3904
schtasks.exe:2560
schtasks.exe:2096
schtasks.exe:3632
schtasks.exe:3168
LeakRepair.exe:3392
regsvr32.exe:3920
PCFPopups.exe:748 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\14.png (19326 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\cloudy.png (3001 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_normal_eng.png (7537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\log.dll (117440 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\3.png (27668 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_normal_id.png (8692 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Yontoo.rul (5258 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\GiantSavings.rul (7741 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1047.A180Darts.rul (17044 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\13.png (19866 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_down_pu.png (8198 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\feedback\feedback.bskin (142597 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\dbghelp.dll (1187272 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_crashreporter\skin_crashreporter.bskin (234526 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\6.png (1007 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\IWantThis.rul (9732 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1090.DVDVideoSoftToolbar.rul (25998 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\HipsDR.dll (341696 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Default.png (9058 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\PcfTray\PcfTray.bskin (66425 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\LeakRepair.dll (1427136 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\log2.dll (322752 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BProtectEx64.sys (99648 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_hover_id.png (8522 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\hipspop\hipspop.bskin (110224 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1070.IMVUToolbar.rul (16300 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\NewFeatures.ini (393 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1104.SavepathDeals.rul (3292 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\location_disable.png (1297 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_cancel_over.png (1227 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\data\rl.dat (1680 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\t1.db (155463 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\skin_feedback\skin_feedback.bskin (68143 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\tools\FasterNow\FasterNow.bskin (1046 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\update\update.bskin (13387 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_uninstall_over.png (1172 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\cloud.png (2909 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Facebook\res\res.bskin (142816 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Green.bskin (119344 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1088.yontooToolbar.rul (16384 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Tools\res\res.bskin (40354 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\res\res.bskin (157565 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\HipsPop.exe (329920 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_hover_thai.png (9075 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\oovoo.rul (11349 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\11.png (22440 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\foggy.png (1555 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_down_eng.png (7855 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_hover_eng.png (7744 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\MixiDJ.rul (7476 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1045.AccuWeather.rul (16044 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_normal.png (1460 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.1.def.db (11676 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\version.xml (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss79.tmp (57795427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\NewFeatures.txt (1314 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_popup\skin_popup.bskin (106644 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\rainy.png (1120 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_uninstall_normal.png (1188 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\confirm\confirm.bskin (95756 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\ieprotect\ieprotect.bskin (16003 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_finishing_id.png (3006 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\min_normal.png (1385 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_finishing_pu.png (1107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\log2.dll (322752 bytes)
%Documents and Settings%\All Users\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Baidu PC Faster.lnk (878 bytes)
%Documents and Settings%\All Users\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Uninstall.lnk (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\config.ini (5652 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\outer_circle.png (4380 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BaiduStore.dll (1302720 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\4.png (20506 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1046.appbario12.rul (19512 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Tuvaro.rul (6164 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_hover_pu.png (7361 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\common\common.bskin (367 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_down_pu.png (7545 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1086.DownloadEnergyToolbar.rul (16402 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_hover_pu.png (7106 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\t2.db (128578 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\cricle_animate.png (186562 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (1504256 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\hipspop\hipspop.bskin (25568 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\screensnpashot\screensnpashot.bskin (1406 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Baidu_PC_Faster_4_0_1_51423-2014-03-26 03-26-53-0536-[7083].tmp (4777 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_frame\skin_frame.bskin (363409 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\ProgramFileList.xml (226642 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\lightning.png (1148 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Communication.dll (313024 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\0.png (1014 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_exit_down.png (7413 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_cancel_down.png (1206 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\NewFeatures.exe (498368 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Car.bskin (422873 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.HomeEx\res\res.bskin (966497 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\InstallCheck.dll (65216 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\2.png (28922 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\config.ini (5682 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Feedback.lnk (896 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_finishing_eng.png (1079 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Christmas.png (14959 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1061.SearchProtect.rul (2247 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1118.A2ZLyrics.rul (8605 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\6.png (22840 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Dealio.rul.bak (7318 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\lightning.png (2949 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\url.ini (6598 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe (1349824 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\2.png (1015 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Deal Spy.rul (8805 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\skin_update\skin_update.bskin (51031 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\FasterNow\FasterNow.bskin (106412 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1111.Vuze.rul (17726 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\data\sbr.dat (144 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\uTorrentBar.rul (2260 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\BHips.dll (932712 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1105.FreeYoutubeDownload.rul (35306 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\cricle.png (10310 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\CouponDropDown.rul (7715 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\popups\popups.bskin (114892 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1055.WhiteSmoke.rul (15636 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\BugReporter\BugReporter.bskin (1329 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1097.NCH FRToolbar.rul (18674 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\LogReporter.exe (464064 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\log.dll (117440 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BEVMEngine.dll (570752 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_normal_thai.png (8901 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\sqlite.dll (626880 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_hover_thai.png (7616 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Egypt.png (25034 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\PluginHome\drag_disable.cur (4286 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Gold.png (41588 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\BugReporter\BugReporter.bskin (1141 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Cherry.bskin (137275 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\VDownloader_Ask.rul (7782 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\15.png (18626 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\StartNow.rul (4575 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Aflamster.rul (1728 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\feedback\feedback.bskin (130773 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\HomeRank.dat (3017 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\FutureSoldier.png (40854 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\appbario7.rul (27778 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1063.SnapDo.rul (42100 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\littleboy.png (5954 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_disable_pu.png (6635 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_homepage\skin_homepage.bskin (16143 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\logo_titlebar.png (121336 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SysRepair\SysRepair.dll (1202368 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\cloudy.png (1142 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\9.png (1022 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_install_over.png (7097 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\res\res.bskin (124971 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Bhbase.sys (63840 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1094.BittorrentBar_DEToolbar.rul (16910 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Uninstall.lnk (876 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_down_id.png (8584 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_install_disable.png (6310 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1098.NewYorkYankeesToolbar.rul (16305 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Grey.bskin (104165 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_down_id.png (9636 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1049.SocialSearchBar.rul (20150 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BHips.dll (932712 bytes)
%Documents and Settings%\%current user%\àðñþчøù ÑÂÂтþû\Baidu PC Faster.lnk (864 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\common\common.bskin (395 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_exit_hover.png (7580 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin (235760 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1053.SupremeSavings.rul (7391 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\FasterNow.exe (501232 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys (135552 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\NSISInstall.exe (742592 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_hover_pu.png (8038 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\Plugin_LeakRepair.dll (1192640 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BdApiUtil.dll (123584 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\FIFA.png (16363 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1076.SavingsAddon.rul (8234 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1065.DeltaToolbar.rul (18834 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Christmas.bskin (265998 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\cloud.png (1130 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll (1550016 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\BaiduSafe\BaiduSafe.bskin (259915 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\update\update.bskin (11869 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\Plugin_SystemCleaner.dll (1415360 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_disable_thai.png (7851 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_disable_eng.png (6849 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Egypt.bskin (416149 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe (712688 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1050.SolidSavings.rul (7546 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\lang.ini (100 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_disable_pu.png (7188 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\ieprotect\ieprotect.bskin (14220 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_hover_thai.png (6714 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_over.png (1464 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1072.MyHomepage.rul (2297 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\tools\FasterNow\FasterNow.bskin (961 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1081.Funmoods.rul (15467 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\language_normal.png (1083 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\confirm\confirm.bskin (94993 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\res\res.bskin (48852 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_ieprotect\skin_ieprotect.bskin (24554 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (1162 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe (604656 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1085.facesmooch.rul (3927 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\ShoppingSidekick.rul (8588 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_cancel_normal.png (1224 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_disable_id.png (9237 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\common\common.bskin (374 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\min_down.png (1386 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Default.bskin (221267 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\screensnpashot\screensnpashot.bskin (1406 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1062.OnlineRadioPlayerRecorderToolbar.rul (19178 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1083.PriceGong.rul (2641 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\confirm\confirm.bskin (94419 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Baidu PC Faster.lnk (878 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInstall\NSISInstall.bskin (137589 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update_config.xml (3276 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_uncheck_normal.png (988 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_hover_id.png (8838 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\BrowserProtect.rul (101 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\FutureSoldier.bskin (350001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\skin\common\common.bskin (41896 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_normal_id.png (9456 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\ieprotect\ieprotect.bskin (11404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\LogReporter.exe (464064 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1112.SaveValet.rul (465 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\PluginHome\circle_progress.png (3398 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PopupTip.exe (342208 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\10.png (22470 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\sunny.png (1111 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFPopups.exe (2187648 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_hover_id.png (9691 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1077.BrowserCompanion.rul (5359 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\citys.txt (10316 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\screensnpashot\screensnpashot.bskin (1406 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_normal_pu.png (7894 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\1.png (974 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\hipspop\hipspop.bskin (17100 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\searchya.rul (4083 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_normal_pu.png (6908 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin (150447 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\7.png (985 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\confirm\confirm.bskin (6353 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\screensnpashot\screensnpashot.bskin (956 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_finishing_thai.png (1609 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1058.ScenicReflections.rul (16089 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\common\common.bskin (41896 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Brown.png (10035 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_pop_percent_1.png (4434 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\FasterNow.dat (58352 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_disable_id.png (8515 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.2.def.db (38302 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\PluginRemover.dll (1176256 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\tools\FasterNow\FasterNow.bskin (996 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_checked_normal.png (1036 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Uninstall.exe (466608 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1074.CodecPerformer.rul (6416 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BHipsConfig.ini (684 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1114.ST-Eng7.rul (17012 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll (806760 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_normal_thai.png (6585 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BETManger.dll (523968 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\SdkConfig.ini (1618 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Green.png (5577 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\SearchAmong.rul (1582 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\DirectUI.dll (893472 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\PcfTray\PcfTray.bskin (64960 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\popups\popups.bskin (115878 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1107.TVGenie.rul (2644 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\min_hover.png (1430 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1099.SearchDeals.rul (2461 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_down_thai.png (7750 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\logo_bk2.png (61413 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\85Play_Games.rul (1405 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\NewFeatures\NewFeatures.bskin (272301 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\NewFeatures\NewFeatures.bskin (272299 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_disable_thai.png (6744 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\WhiteSmokeToolBar.rul (20234 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\language_over.png (1088 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\10.png (1105 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\logo_bk.png (43460 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1082.PricePeep.rul (1686 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1113.SpyGuard.rul (2762 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1087.MediaFinder.rul (4761 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1117.RewardsArcade.rul (15848 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\string.ini (9518 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1093.BittorrentBar_FRToolbar.rul (17858 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_default\skin_default.bskin (221120 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\common\common.bskin (371 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\CrashReport.exe (642544 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_boottime\skin_boottime.bskin (635846 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_uncheck_over.png (995 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1054.CouponCaddy.rul (7151 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\snow.png (2904 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe (488128 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\data\LinkCensor.dat (104 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\hipspop\hipspop.bskin (18506 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Antivirus\res\res.bskin (145701 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1056.WhiteSmkeUSNew.rul (16089 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1116.NewVeoh.rul (17556 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\NewUpdater.exe (372416 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_un_uninstall_down.png (1179 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1064.Webblog.rul (16388 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll (1410752 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_install_normal.png (7031 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\BugReporter\BugReporter.bskin (1053 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Cherry.png (5701 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\ieprotect\ieprotect.bskin (13325 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_percent_1.png (2385 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\lang.ini (94 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\PcfTray\PcfTray.bskin (263362 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\Communication.dll (313024 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_percent_2.png (2351 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\list.xml (1447 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Brown.bskin (356891 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe (161472 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\9.png (28340 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Tools\Plugin_Tools.dll (184512 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\EnumModules.exe (107200 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Genieo.rul (6867 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_normal_thai.png (7521 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\PluginOptimizer\img_circle.png (5453 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1101.VAFMusic.rul (22086 bytes)
%Documents and Settings%\All Users\Óûðòýþõ üõýю\ßрþóрðüüы\Baidu PC Faster\Feedback.lnk (896 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\nsis_install\nsis_install.bskin (68063 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\NewFeatures\NewFeatures.bskin (272299 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\PluginConfig.xml (2258 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\DirectUI.dll (893472 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\skin_junkclean\skin_junkclean.bskin (45330 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BEVMApi001.dll (299712 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Gold.bskin (359720 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\data\mn.dat (864 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\nsis_install\nsis_install.bskin (70403 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Updater.exe (1134064 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\PcfTray\PcfTray.bskin (64697 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\feedback\feedback.bskin (129797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\System.dll (11264 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1108.SmartSuggestor.rul (256 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\NewFeatures\NewFeatures.bskin (272299 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\popups\popups.bskin (114250 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1110.BrowseForTheCause.rul (1023 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\foggy.png (1005 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_install_down.png (7091 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\Plugin_Optimizer.dll (1260736 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\update\update.bskin (12522 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\sunny.png (2744 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\5.png (23510 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_pop_percent_2.png (4443 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_down.png (1461 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\liveupdate.exe (244928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\InstallUtility.dll (1130688 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_down_id.png (8899 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\webcake.rul (3263 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Deals.rul (7661 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_pop_percent_0.png (4448 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\tools\FasterNow\FasterNow.bskin (1197 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\update\update.bskin (13645 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\RebateInformer.rul (6988 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_exit_normal.png (7463 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1052.TigerSavings.rul (7088 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\DataReport.dll (310976 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\IEProtect.exe (972440 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Car.png (26076 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\8.png (1012 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\location_over.png (1358 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\FasterNow\img_percent_0.png (2407 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\uTorrentControl.rul (18562 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\Inbox.rul (3712 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1095.DigiModeToolbar.rul (17790 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update.dll (1192640 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\5.png (1007 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\reinstall_down_thai.png (9175 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_down_pu.png (7106 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\language_down.png (1103 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\confirm\confirm.bskin (102232 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\MainFrame\splash_light.png (2080 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (162048 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1051.SavingsApp.rul (6928 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1067.SearchAssistant.rul (1506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\sysconfig.ini (4 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1048.MixiDjV30.rul (19660 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\skin_upgrade\skin_upgrade.bskin (9174 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\VidSaver.rul (6468 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\location_down.png (1349 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\nsis_install\nsis_install.bskin (68487 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\feedback\feedback.bskin (127155 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\small\snow.png (1126 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\InternetHelper.rul (20494 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\CleanerEngine.dll (1589952 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\12.png (21134 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1106.GetSavin.rul (4104 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\MyWebSearch.rul (33402 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\BProtectEx.sys (116544 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\7.png (23710 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\8.png (21960 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\FIFA.bskin (342272 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SysAndNetworkOpt\SysAndNetworkOpt.dll (988864 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\ieprotect\ieprotect.bskin (35338 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\popups\popups.bskin (114892 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\hipspop\hipspop.bskin (20640 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin (150628 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\config.ini (5682 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.5.1.def.db (7402 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\btn_checked_over.png (1044 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\CP.dll (556224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\InstallUtility.log (39412 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\logo_install.png (6863 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1115.Qwiklinx.rul (1845 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\nsis_install\nsis_install.bskin (68666 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\HipsHB.dll (389312 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\3.png (1002 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.0.def.db (11430 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\logo\system\1.png (22682 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\BrowserDefender.rul.bak (3636 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1057.TrustWorthy.rul (16305 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1046\BugReporter\BugReporter.bskin (1153 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\boottime\weather\big\rainy.png (2933 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\location_normal.png (1334 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\sysconfig.ini (4 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\CouponCompanion.rul (7793 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\common\common.bskin (16620 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\4.png (997 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1068.AppBario2.rul (6155 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1057\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1060.LuckySavings.rul (7283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7A.tmp\url.ini (6598 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1089.DVDVideoSoftToolbar.rul (15759 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\CrashUL.exe (220144 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\LeakRepair.exe (1474240 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll (378048 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\DataFileVer.xml (303 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_down_thai.png (6789 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\DataFileList.xml (10206 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\I18N\1054\PcfTray\PcfTray.bskin (69909 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\Scattered\SkinList\Grey.png (2581 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_disable.png (6308 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\install_normal_pu.png (7168 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.PluginRemover\data\1102.FastFreeConverter.rul (3693 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\skin\tools\NSISInatsllSkin\close_normal_id.png (8374 bytes)
%System%\drivers\BprotectEx.sys (100160 bytes)
%Documents and Settings%\All Users\Application Data\Log\00000000-000C29F803BA!acc7ad6a-0a29-4edf-aae3-cc9dcd0ce41e@#000C29F803BA-LogFile-2014-03-26 21-26-41-0832.log (598125 bytes)
%WinDir%\Temp\Plu7C.tmp (2258 bytes)
%WinDir%\Temp\Plu7D.tmp (2258 bytes)
%System%\drivers\Bhbase.sys (47456 bytes)
%WinDir%\Temp\Plu7B.tmp (2258 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PCFasterSvc-2014-03-26 03-27-41-0473-[7240].tmp (4448 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update_ultimate.ini (38 bytes)
%Documents and Settings%\All Users\ÃÂâ€Âþúуüõýты\Baidu Security\PC Faster\4.0.0.0\log\Updater.log (33696 bytes)
%Program Files%\Baidu Security\PC Faster\4.0.0.0\update_statistic.xml (1336 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Updater-2014-03-26 03-26-57-0629-[7096].tmp (4441 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Updater-2014-03-26 03-27-36-0770-[7223].tmp (4441 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-Pcftray-2014-03-26 03-27-57-0723-[7292].tmp (4573 bytes)
%Documents and Settings%\All Users\Application Data\WindowsApplication1\Baidu PC Faster\4.0.1.56500\Windows\dll.vbs (82338 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (18432 bytes)
%Documents and Settings%\All Users\Application Data\WindowsApplication1\Baidu PC Faster\4.0.1.56500\Windows\Baidu_PC_Faster_4_0_1_51423.exe (36955816 bytes)
%WinDir%\Tasks\Baidu PC Faster Update.job (412 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PCFPopups-2014-03-26 03-27-22-0661-[7178].tmp (4441 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-FasterNow-2014-03-26 03-28-05-0942-[7318].tmp (4441 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0" = "%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -auto -start" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name: Baidu PC Faster
Product Version: 4.0.1.56500
Legal Copyright: Copyright (c) 2014
Legal Trademarks:
Original Filename: WindowsApplication1.exe
Internal Name: WindowsApplication1.exe
File Version: 4.0.1.56500
File Description: Baidu PC Faster
Comments:
Language: English (United States)
Company Name: Product Name: Baidu PC FasterProduct Version: 4.0.1.56500Legal Copyright: Copyright (c) 2014Legal Trademarks: Original Filename: WindowsApplication1.exeInternal Name: WindowsApplication1.exeFile Version: 4.0.1.56500File Description: Baidu PC FasterComments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 8192 | 18696356 | 18696704 | 5.54488 | 24f6b31d2552cc5042f4f1a61b512a83 |
.sdata | 18710528 | 312 | 512 | 1.55676 | eebdde6d374d74ad4d237932c2af9b67 |
.rsrc | 18718720 | 36256 | 36352 | 4.50907 | 22ca7b0741408013267b2c5427ea4ee6 |
.reloc | 18759680 | 12 | 512 | 0.084755 | 1ae2de31d426726935025f3b3d2550e9 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
popup.security.baidu.co.th | |
update.pcfaster.baidu.com.eg | |
sync.pcfaster.baidu.com.eg | |
download.pcfaster.baidu.com.eg | |
rtp.bav.baidu.com | |
sync.security.baidu.co.th |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
Strings from Dumps
Pcftray.exe_2544:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
kernel32.dll
kernel32.dll
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
CHECK failed: !iter->second.is_repeated:
CHECK failed: !iter->second.is_repeated:
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: iter != extensions_.end():
CHECK failed: iter != extensions_.end():
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (extension->type) == (other_extension.type):
CHECK failed: (extension->type) == (other_extension.type):
CHECK failed: ((iter->second).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: ((iter->second).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: (cpp_type((iter->second).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((iter->second).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: (cpp_type((*extension).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((*extension).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_REPEATED):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_REPEATED):
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
com.google.protobufB
Error reporting not implemented.
Error reporting not implemented.
\xx
\xx
google::protobuf::strings::CHexEscape
google::protobuf::strings::CHexEscape
google::protobuf::JoinStringsIterator
google::protobuf::JoinStringsIterator
CHECK failed: backup_bytes_ == 0 && buffer_.get() != NULL:
CHECK failed: backup_bytes_ == 0 && buffer_.get() != NULL:
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageTypeError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageTypeError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageEnumTypeError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageEnumTypeError
import "$0";
import "$0";
$0$1 $2 $3 = $4
$0$1 $2 $3 = $4
$0$1 = $2
$0$1 = $2
". To use it here, please add the necessary import.
". To use it here, please add the necessary import.
", which is not imported by "
", which is not imported by "
.placeholder.proto
.placeholder.proto
.PLACEHOLDER_VALUE
.PLACEHOLDER_VALUE
.dummy
.dummy
File recursively imports itself:
File recursively imports itself:
Missing field: FileDescriptorProto.name.
Missing field: FileDescriptorProto.name.
Import "
Import "
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee set for non-extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
map_key must not name a repeated field.
map_key must not name a repeated field.
map key must name a scalar or string field.
map key must name a scalar or string field.
" is repeated. Repeated options are not supported.
" is repeated. Repeated options are not supported.
CHECK failed: !out.HadError():
CHECK failed: !out.HadError():
.foo = value".
.foo = value".
CHECK failed: dynamic.get() != NULL:
CHECK failed: dynamic.get() != NULL:
CHECK failed: (from.GetDescriptor()) == (descriptor):
CHECK failed: (from.GetDescriptor()) == (descriptor):
: Tried to copy from a message with a different type.to:
: Tried to copy from a message with a different type.to:
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
%d.%d.%d
%d.%d.%d
libprotobuf %s %s:%d] %s
libprotobuf %s %s:%d] %s
LeakRepair.proto
LeakRepair.proto
.LeakRepair.HOTFIXLEVEL:
.LeakRepair.HOTFIXLEVEL:
.LeakRepair.IGNOREREASON:
.LeakRepair.IGNOREREASON:
strLinkUrl
strLinkUrl
strOfficialDownloadUrl
strOfficialDownloadUrl
.LeakRepair.HOTFIXSTATE:
.LeakRepair.HOTFIXSTATE:
.LeakRepair.LEAKREPAIRTYPE"
.LeakRepair.LEAKREPAIRTYPE"
.LeakRepair.OUTDATA_HEADER
.LeakRepair.OUTDATA_HEADER
.LeakRepair.HOTFIXINFO"1
.LeakRepair.HOTFIXINFO"1
.LeakRepair.HOTFIXIDLIST"n
.LeakRepair.HOTFIXIDLIST"n
.LeakRepair.HOTFIXIDLIST"^
.LeakRepair.HOTFIXIDLIST"^
OUTDATA_GETWINDOWSUPDATESTATE
OUTDATA_GETWINDOWSUPDATESTATE
.LeakRepair.LEAKREPAIRTYPE"M
.LeakRepair.LEAKREPAIRTYPE"M
.LeakRepair.INDATA_HEADER
.LeakRepair.INDATA_HEADER
.LeakRepair.HOTFIXIDLIST
.LeakRepair.HOTFIXIDLIST
.LeakRepair.HOTFIXIDLIST"Z
.LeakRepair.HOTFIXIDLIST"Z
.LeakRepair.LEAKREPAIRTYPE"X
.LeakRepair.LEAKREPAIRTYPE"X
.LeakRepair.NOTIFYDATA_HEADER
.LeakRepair.NOTIFYDATA_HEADER
strNotifyCmd
strNotifyCmd
INDATA_SETWINDOWSUPDATESTATE
INDATA_SETWINDOWSUPDATESTATE
2!.LeakRepair.INDATA_DOWNLOADHOTFIX
2!.LeakRepair.INDATA_DOWNLOADHOTFIX
2 .LeakRepair.INDATA_INSTALLHOTFIX"O
2 .LeakRepair.INDATA_INSTALLHOTFIX"O
.LeakRepair.INDATA_HEADER"Q
.LeakRepair.INDATA_HEADER"Q
.LeakRepair.RETURNCODE"5
.LeakRepair.RETURNCODE"5
MIRRORLDOWNLOADURL
MIRRORLDOWNLOADURL
strMirrorlDownloadUrl
strMirrorlDownloadUrl
.LeakRepair.HOTFIXINFO
.LeakRepair.HOTFIXINFO
.LeakRepair.INSTALLCOMMAND
.LeakRepair.INSTALLCOMMAND
MirrorlDownloadUrl
MirrorlDownloadUrl
.LeakRepair.MIRRORLDOWNLOADURL"F
.LeakRepair.MIRRORLDOWNLOADURL"F
HOTFIXLEVEL_IMPORTANT
HOTFIXLEVEL_IMPORTANT
LeakRepair::OUTDATA_GETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::OUTDATA_GETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::INDATA_SETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::INDATA_SETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::MIRRORLDOWNLOADURL::MergeFrom
LeakRepair::MIRRORLDOWNLOADURL::MergeFrom
7438FEF7-71A6-4116-83C0-94C23BF3E228
7438FEF7-71A6-4116-83C0-94C23BF3E228
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
00000000
00000000
google::protobuf::TextFormat::Parser::ParserImpl::ReportError
google::protobuf::TextFormat::Parser::ParserImpl::ReportError
google::protobuf::TextFormat::Parser::ParserImpl::ReportWarning
google::protobuf::TextFormat::Parser::ParserImpl::ReportWarning
&#xX;
&#xX;
%s="%s"
%s="%s"
%s='%s'
%s='%s'
<!--%s-->
<!--%s-->
<![CDATA[%s]]>
<![CDATA[%s]]>
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
o:\app\gensoft\security-client\pc-faster\public\output\pdb\PcfTray.pdb
o:\app\gensoft\security-client\pc-faster\public\output\pdb\PcfTray.pdb
DirectUI.dll
DirectUI.dll
DataReport.dll
DataReport.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
?ReportIncCount@CBaiduStoreMgr@@QAEHK@Z
?ReportIncCount@CBaiduStoreMgr@@QAEHK@Z
?ReportIncCount@CBaiduStoreMgr@@QAEHKK@Z
?ReportIncCount@CBaiduStoreMgr@@QAEHKK@Z
?ReportValueEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?ReportValueEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?DoShellExecute@CBaiduStoreMgr@@QAEXV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0@Z
?DoShellExecute@CBaiduStoreMgr@@QAEXV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0@Z
?PostKrnMsg@CBaiduStoreMgr@@QAEHPB_W0PAXK0@Z
?PostKrnMsg@CBaiduStoreMgr@@QAEHPB_W0PAXK0@Z
?ReportStateEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?ReportStateEx@CBaiduStoreMgr@@QAEHKPB_W@Z
BaiduStore.dll
BaiduStore.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
WTSAPI32.dll
WTSAPI32.dll
VERSION.dll
VERSION.dll
USERENV.dll
USERENV.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
zcÁ
zcÁ
.?AVCRegKey@ATL@@
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKeyBase@@
.?AVOUTDATA_GETWINDOWSUPDATESTATE@LeakRepair@@
.?AVOUTDATA_GETWINDOWSUPDATESTATE@LeakRepair@@
.?AVINDATA_SETWINDOWSUPDATESTATE@LeakRepair@@
.?AVINDATA_SETWINDOWSUPDATESTATE@LeakRepair@@
.?AVMIRRORLDOWNLOADURL@LeakRepair@@
.?AVMIRRORLDOWNLOADURL@LeakRepair@@
.eYB>
.eYB>
:.UTT$
:.UTT$
\.CD9D
\.CD9D
"""%####
"""%####
@@@#@@@%@@@%@@@#@@@
@@@#@@@%@@@%@@@#@@@
"""%%%%!
"""%%%%!
@@@!@@@%@@@%@@@!@@@
@@@!@@@%@@@%@@@!@@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
5%5&636^6
5%5&636^6
6&757\7|7
6&757\7|7
9œ9
9œ9
0&151\1|1
0&151\1|1
4 4$4(4,4
4 4$4(4,4
3&454&585
3&454&585
3 3$3(3,30343
3 3$3(3,30343
7-868<8}>
7-868<8}>
0 0$0(0,00040
0 0$0(0,00040
: ;$;(;,;0;4;8;
: ;$;(;,;0;4;8;
4 4$4(4,404,5
4 4$4(4,404,5
4O5U5{5
4O5U5{5
5%5x5}5
5%5x5}5
=4=\=&?5?
=4=\=&?5?
42585?5|5
42585?5|5
?"?'?.?4?
?"?'?.?4?
7}7b7
7}7b7
0$0(0,00040
0$0(0,00040
6$7)767;7
6$7)767;7
9 9$9(9,9094989<9@9
9 9$9(9,9094989<9@9
7 7$7(7,7074787<7@7
7 7$7(7,7074787<7@7
3 3$3(3,3034383
3 3$3(3,3034383
= =$=(=,=0=4=8=<=@=
= =$=(=,=0=4=8=<=@=
5 5<5@5`5
5 5<5@5`5
explorer.exe
explorer.exe
HTTP/1.1
HTTP/1.1
BugReportConfig.ini
BugReportConfig.ini
ShowBugReport
ShowBugReport
DumpConfig.ini
DumpConfig.ini
_ServerStore.dat
_ServerStore.dat
http://
http://
product=%s;guid=%s;type=%d;
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
CrashUL.exe
trayreported
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
serverreported
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
BugReportConfig
BugReportConfig
BugInfoUploadURL
BugInfoUploadURL
http://sync.bav.baidu.com
http://sync.bav.baidu.com
BugURL
BugURL
http://bug.bav.baidu.com
http://bug.bav.baidu.com
Baidu Crash Report
Baidu Crash Report
CrashCallBackExe
CrashCallBackExe
c:\crash.ini
c:\crash.ini
ntdll.dll
ntdll.dll
CrashReport.exe
CrashReport.exe
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
%u.%u.%u.%u
%u.%u.%u.%u
PCAppStore.exe
PCAppStore.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
\sysconfig.ini
\sysconfig.ini
\Baidu Security\PC Faster\4.0.0.0
\Baidu Security\PC Faster\4.0.0.0
\config.ini
\config.ini
url.ini
url.ini
%d:%d,%d:%d
%d:%d,%d:%d
Kernel32.dll
Kernel32.dll
Wtsapi32.dll
Wtsapi32.dll
PCFaster.exe
PCFaster.exe
MainExeName
MainExeName
C:\Users\Public\Documents
C:\Users\Public\Documents
"%s" %s
"%s" %s
BugReporter.exe
BugReporter.exe
d-d-d d:d:d
d-d-d d:d:d
Unknown error X
Unknown error X
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
LCWMIQuery::WMIQuery, Failed to initialize COM library. Error code = 0xx
LCWMIQuery::WMIQuery, Failed to initialize COM library. Error code = 0xx
CWMIQuery::WMIQuery, Failed to initialize security. Error code = 0xx
CWMIQuery::WMIQuery, Failed to initialize security. Error code = 0xx
CWMIQuery::WMIQuery, Failed to create IWbemLocator object. Err code = 0xx
CWMIQuery::WMIQuery, Failed to create IWbemLocator object. Err code = 0xx
CWMIQuery::WMIQuery, Could not connect. Error code = 0xx
CWMIQuery::WMIQuery, Could not connect. Error code = 0xx
CWMIQuery::WMIQuery, Could not set proxy blanket. Error code = 0xx
CWMIQuery::WMIQuery, Could not set proxy blanket. Error code = 0xx
PCFPopups.exe
PCFPopups.exe
CWMIQuery::WMIQuery, Query for Win32_QuickFixEngineering failed. Error code = 0xx
CWMIQuery::WMIQuery, Query for Win32_QuickFixEngineering failed. Error code = 0xx
Baidu PC Faster Popups_{PCFaster_4.0.0.0}
Baidu PC Faster Popups_{PCFaster_4.0.0.0}
PCFasterFeedback.exe
PCFasterFeedback.exe
Baidu PC Faster Feedback_{PCFaster_4.0.0.0}
Baidu PC Faster Feedback_{PCFaster_4.0.0.0}
Baidu PC Faster Gamefaster_{PCFaster_4.0.0.0}
Baidu PC Faster Gamefaster_{PCFaster_4.0.0.0}
GameFaster.exe
GameFaster.exe
Baidu PC Faster IEProtect_{PCFaster_4.0.0.0}
Baidu PC Faster IEProtect_{PCFaster_4.0.0.0}
IEProtect.exe
IEProtect.exe
Baidu PC Faster FasterNow_{PCFaster_4.0.0.0}
Baidu PC Faster FasterNow_{PCFaster_4.0.0.0}
FasterNow.exe
FasterNow.exe
Baidu PC Faster Flash Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Flash Repair_{PCFaster_4.0.0.0}
FlashPlayerRepair.exe
FlashPlayerRepair.exe
LSPRepair.exe
LSPRepair.exe
Baidu PC Faster Layer Service Provider Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Layer Service Provider Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Network Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Network Repair_{PCFaster_4.0.0.0}
DisconnectionEmergency.exe
DisconnectionEmergency.exe
Baidu PC Faster Facebook Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Facebook Repair_{PCFaster_4.0.0.0}
FacebookRepair.exe
FacebookRepair.exe
Baidu PC Faster Network Speed Tester_{PCFaster_4.0.0.0}
Baidu PC Faster Network Speed Tester_{PCFaster_4.0.0.0}
InternetSpeedTest.exe
InternetSpeedTest.exe
FileRecovery.exe
FileRecovery.exe
Baidu PC Faster File Recovery_{PCFaster_4.0.0.0}
Baidu PC Faster File Recovery_{PCFaster_4.0.0.0}
Baidu PC Faster File fred_{PCFaster_4.0.0.0}
Baidu PC Faster File fred_{PCFaster_4.0.0.0}
FileShredder.exe
FileShredder.exe
Baidu PC Faster Default Programs Setting_{PCFaster_4.0.0.0}
Baidu PC Faster Default Programs Setting_{PCFaster_4.0.0.0}
DefaultPrograms.exe
DefaultPrograms.exe
Baidu PC Faster Extension Mgr_{PCFaster_4.0.0.0}
Baidu PC Faster Extension Mgr_{PCFaster_4.0.0.0}
Right-ClickMenuManager.exe
Right-ClickMenuManager.exe
Baidu PC Faster Desktop Assistant_{PCFaster_4.0.0.0}
Baidu PC Faster Desktop Assistant_{PCFaster_4.0.0.0}
DesktopCleaner.exe
DesktopCleaner.exe
Baidu PC Faster System Info_{PCFaster_4.0.0.0}
Baidu PC Faster System Info_{PCFaster_4.0.0.0}
SystemInformation.exe
SystemInformation.exe
/language=%s
/language=%s
Chrome
Chrome
chrome
chrome
Firefox
Firefox
firefox
firefox
Opera
Opera
opera
opera
%d.%d.%d.%d
%d.%d.%d.%d
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
HTTP\shell\open\command
HTTP\shell\open\command
pathToSignedProductExe
pathToSignedProductExe
user32.dll
user32.dll
[TrayWnd] ReleaseMutex error: %x
[TrayWnd] ReleaseMutex error: %x
Baidu PC Faster Tray_{PCFaster_4.0.0.0}
Baidu PC Faster Tray_{PCFaster_4.0.0.0}
Baidu PC Fatser Tray Mutex_{PCFaster_4.0.0.0}
Baidu PC Fatser Tray Mutex_{PCFaster_4.0.0.0}
[TrayWnd] CreateMutex error: %d
[TrayWnd] CreateMutex error: %d
[MainFrame] Failed to call CreateFileMapping, ErrorCode:%x
[MainFrame] Failed to call CreateFileMapping, ErrorCode:%x
[Main Frame] Failed to call MapViewOfFile, ErrorCode:%x
[Main Frame] Failed to call MapViewOfFile, ErrorCode:%x
PCFasterSvc.exe
PCFasterSvc.exe
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
%s%d bytes to %d wide chars
%s%d bytes to %d wide chars
%d wide chars to %s%d bytes
%d wide chars to %s%d bytes
No start tag for end tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
End tag '%s' at offset %d does not match start tag '%s' at offset %d
End tag '%s' at offset %d does not match start tag '%s' at offset %d
Element '%s' at offset %d not ended
Element '%s' at offset %d not ended
%s at offset %d unterminated
%s at offset %d unterminated
Incorrect %s at offset %d
Incorrect %s at offset %d
skin\common\common.bskin
skin\common\common.bskin
skin\PcfTray\PcfTray.bskin
skin\PcfTray\PcfTray.bskin
DumpReportInterval
DumpReportInterval
Baidu PC Faster_{PCFaster_4.0.0.0}
Baidu PC Faster_{PCFaster_4.0.0.0}
-pushmsgDlg
-pushmsgDlg
UpLoadReportErrorDmp
UpLoadReportErrorDmp
-urlcensor
-urlcensor
%s|%s
%s|%s
NewFeatures.exe
NewFeatures.exe
SdkConfig.ini
SdkConfig.ini
\PcfTray\PcfTray.bskin
\PcfTray\PcfTray.bskin
-ShowPlugin %u %u
-ShowPlugin %u %u
TrayIcon loading result code: %x
TrayIcon loading result code: %x
Failed to add TrayIcon,last error code: %x
Failed to add TrayIcon,last error code: %x
Failed to delete TrayIcon,last error code: %x
Failed to delete TrayIcon,last error code: %x
d/d/d d:d:d.d
d/d/d d:d:d.d
Global\baidu_pcf_log_share_memory_name_{48D28937-41F9-4e2d-B333-BD5717FE2904}
Global\baidu_pcf_log_share_memory_name_{48D28937-41F9-4e2d-B333-BD5717FE2904}
Global\baidu_pcf_log_share_momory_mutex_{FE0D80C5-F99F-495b-8C5E-5C1DD8B897CF}
Global\baidu_pcf_log_share_momory_mutex_{FE0D80C5-F99F-495b-8C5E-5C1DD8B897CF}
Global\baidu_pcf_log_buffer_ready_sema_{ACB1FF3E-5A36-4abc-AC60-B39B60B93BE4}
Global\baidu_pcf_log_buffer_ready_sema_{ACB1FF3E-5A36-4abc-AC60-B39B60B93BE4}
Global\baidu_pcf_log_data_ready_event_{352CD775-0FFA-4c23-804E-E414962419CE}
Global\baidu_pcf_log_data_ready_event_{352CD775-0FFA-4c23-804E-E414962419CE}
mainFrame.confirmexit
mainFrame.confirmexit
mainFrame.confirmexit.orange
mainFrame.confirmexit.orange
static.msg2
static.msg2
dlg.tip.confirmexit
dlg.tip.confirmexit
mainFrame.autostart.dlg
mainFrame.autostart.dlg
static.msg
static.msg
[Confirm Dlg] Failed to call CreateFileMapping, ErrorCode:%x
[Confirm Dlg] Failed to call CreateFileMapping, ErrorCode:%x
[Confirm Dlg] Failed to call MapViewOfFile, ErrorCode:%x
[Confirm Dlg] Failed to call MapViewOfFile, ErrorCode:%x
[ConfirmDlg] Failed to call CreateFileMapping, ErrorCode:%x
[ConfirmDlg] Failed to call CreateFileMapping, ErrorCode:%x
[ConfirmDlg] Failed to call MapViewOfFile, ErrorCode:%x
[ConfirmDlg] Failed to call MapViewOfFile, ErrorCode:%x
btn.ok
btn.ok
btn.cancel
btn.cancel
btn.neverAsk
btn.neverAsk
default.bskin
default.bskin
INDATA_HEADER::Load, pb.ParseFromArray(0xx, %d)
INDATA_HEADER::Load, pb.ParseFromArray(0xx, %d)
NOTIFYDATA_HEADER::Load, pb.ParseFromArray(0xx, %d)
NOTIFYDATA_HEADER::Load, pb.ParseFromArray(0xx, %d)
NOTIFYDATA_SCANLEAK::Load, pb.ParseFromArray(0xx, %d)
NOTIFYDATA_SCANLEAK::Load, pb.ParseFromArray(0xx, %d)
INDATA_LEAKREPAIRINIT::Load, pb.ParseFromArray(0xx, %d)
INDATA_LEAKREPAIRINIT::Load, pb.ParseFromArray(0xx, %d)
@HKEY_CURRENT_CONFIG
@HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
version.xml
version.xml
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
ReportURL
ReportURL
DataReport
DataReport
%Program Files%\Baidu Security\PC Faster\4.0.0.0\
%Program Files%\Baidu Security\PC Faster\4.0.0.0\
4.0.1.56500
4.0.1.56500
%Documents and Settings%\All Users\
%Documents and Settings%\All Users\
\Baidu Security\PC Faster\4.0.0.0\Dump
\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-21
5.1.2600.5512 (xpsp.080413-21
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Pcftray.exe
%Program Files%\Baidu Security\PC Faster\4.0.0.0\Pcftray.exe
4,0,1,56101
4,0,1,56101
PCFasterSvc.exe_3424:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
CNotSupportedException
CNotSupportedException
hhctrl.ocx
hhctrl.ocx
CCmdTarget
CCmdTarget
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
KrnMsg
KrnMsg
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
00000000
00000000
&#xX;
&#xX;
%s="%s"
%s="%s"
%s='%s'
%s='%s'
<!--%s-->
<!--%s-->
<![CDATA[%s]]>
<![CDATA[%s]]>
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
p:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFasterSvc.pdb
p:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFasterSvc.pdb
DataReport.dll
DataReport.dll
GetProcessHeap
GetProcessHeap
WinExec
WinExec
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
ConnectNamedPipe
WaitNamedPipeW
WaitNamedPipeW
SetNamedPipeHandleState
SetNamedPipeHandleState
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
UnhookWindowsHookEx
UnhookWindowsHookEx
GetKeyState
GetKeyState
SetWindowsHookExW
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
WTSAPI32.dll
WTSAPI32.dll
VERSION.dll
VERSION.dll
USERENV.dll
USERENV.dll
BHips.dll
BHips.dll
OLEACC.dll
OLEACC.dll
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AVCCmdUI@@
zcÁ
zcÁ
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AUKrnMsg@Msg@KRN_UI_protocol@@
.?AUKrnMsg@Msg@KRN_UI_protocol@@
.PAVCException@@
.PAVCException@@
.?AUPIPEINST2@@
.?AUPIPEINST2@@
.eYB>
.eYB>
:.UTT$
:.UTT$
\.CD9D
\.CD9D
"""%####
"""%####
@@@#@@@%@@@%@@@#@@@
@@@#@@@%@@@%@@@#@@@
"""%%%%!
"""%%%%!
@@@!@@@%@@@%@@@!@@@
@@@!@@@%@@@%@@@!@@@
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
8(8-8X8}8
8(8-8X8}8
9&>6>]>}>
9&>6>]>}>
2.34383<3@3
2.34383<3@3
1#1)1.141
1#1)1.141
9 9$9(9,9
9 9$9(9,9
;8;<;\;`;|;
;8;<;\;`;|;
0(9,90949
0(9,90949
9 9$9(9,90949
9 9$9(9,90949
: :$:(:,:0:4:8:
: :$:(:,:0:4:8:
C%s (%s:%d)
C%s (%s:%d)
%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Ccomctl32.dll
Ccomctl32.dll
Ccomdlg32.dll
Ccomdlg32.dll
Cshell32.dll
Cshell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
ole32.dll
ole32.dll
accKeyboardShortcut
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
commctrl_DragListMsg
kernel32.dll
kernel32.dll
mscoree.dll
mscoree.dll
KERNEL32.DLL
KERNEL32.DLL
explorer.exe
explorer.exe
HTTP/1.1
HTTP/1.1
BugReportConfig.ini
BugReportConfig.ini
ShowBugReport
ShowBugReport
DumpConfig.ini
DumpConfig.ini
_ServerStore.dat
_ServerStore.dat
http://
http://
product=%s;guid=%s;type=%d;
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
CrashUL.exe
trayreported
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
serverreported
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
BugReportConfig
BugReportConfig
BugInfoUploadURL
BugInfoUploadURL
http://sync.bav.baidu.com
http://sync.bav.baidu.com
BugURL
BugURL
http://bug.bav.baidu.com
http://bug.bav.baidu.com
Baidu Crash Report
Baidu Crash Report
CrashCallBackExe
CrashCallBackExe
c:\crash.ini
c:\crash.ini
ntdll.dll
ntdll.dll
CrashReport.exe
CrashReport.exe
Eversion.xml
Eversion.xml
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
ReportURL
ReportURL
DataReport
DataReport
%u.%u.%u.%u
%u.%u.%u.%u
PCAppStore.exe
PCAppStore.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Software\Microsoft\Windows\CurrentVersion\Uninstall\
d-d-d d:d:d
d-d-d d:d:d
Unknown error X
Unknown error X
\sysconfig.ini
\sysconfig.ini
\Baidu Security\PC Faster\4.0.0.0
\Baidu Security\PC Faster\4.0.0.0
\config.ini
\config.ini
url.ini
url.ini
%d:%d,%d:%d
%d:%d,%d:%d
Kernel32.dll
Kernel32.dll
Wtsapi32.dll
Wtsapi32.dll
PCFaster.exe
PCFaster.exe
MainExeName
MainExeName
C:\Users\Public\Documents
C:\Users\Public\Documents
"%s" %s
"%s" %s
BugReporter.exe
BugReporter.exe
failed to GetModuleFileName: 0x%x
failed to GetModuleFileName: 0x%x
[ClientAgent2] create window %s
[ClientAgent2] create window %s
lastError: %d
lastError: %d
(id: %d,name:%S),
(id: %d,name:%S),
[ClientAgent2] (id:%d name:%S)
[ClientAgent2] (id:%d name:%S)
(id:%d name:%S),
(id:%d name:%S),
[ClientBackground2] IPCMessage (ID:%d name:%S)
[ClientBackground2] IPCMessage (ID:%d name:%S)
[ClientBackground2] DisconnectNamedPipe
[ClientBackground2] DisconnectNamedPipe
:0x%x
:0x%x
[ClientBackground2] SetNamedPipeHandleState
[ClientBackground2] SetNamedPipeHandleState
[IPC] Readfile from server pipe failed. Errorcode: %d.
[IPC] Readfile from server pipe failed. Errorcode: %d.
[ServerAgent2] create window %s
[ServerAgent2] create window %s
CreateNamedPipe
CreateNamedPipe
LastError [%d]
LastError [%d]
intrusive_ptr_add_ref : %S %d
intrusive_ptr_add_ref : %S %d
[ClientBackground] DisconnectNamedPipe
[ClientBackground] DisconnectNamedPipe
[IPC] Readfile from client pipe failed. Errorcode: %d.
[IPC] Readfile from client pipe failed. Errorcode: %d.
[ipcChannel] found no channel of this type:%d
[ipcChannel] found no channel of this type:%d
[ipcChannel::GetPipeHandle]
[ipcChannel::GetPipeHandle]
ClientBackground, pipe:%s, channel:%s
ClientBackground, pipe:%s, channel:%s
\\.\Pipe\%s
\\.\Pipe\%s
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
Updater.exe
Updater.exe
LookupPrivilegeValue error: %u
LookupPrivilegeValue error: %u
AdjustTokenPrivileges error: %u
AdjustTokenPrivileges error: %u
user name: %s, domain: %s
user name: %s, domain: %s
WTSEnumerateSessions failed, error code:%u
WTSEnumerateSessions failed, error code:%u
WTSEnumerateSessions OK, %u sessions
WTSEnumerateSessions OK, %u sessions
%dth session: %s, id:%d, state:%d
%dth session: %s, id:%d, state:%d
OnSessionLogon, session id: %d
OnSessionLogon, session id: %d
OnSessionLogoff, session id: %d
OnSessionLogoff, session id: %d
OnSessionConnect, session id: %d
OnSessionConnect, session id: %d
StartAppForUser: %s, thread id: %u
StartAppForUser: %s, thread id: %u
CreateEnvironmentBlock failed, error code:%u, thread id: %u
CreateEnvironmentBlock failed, error code:%u, thread id: %u
CreateProcessAsUser for %s OK., thread id: %u
CreateProcessAsUser for %s OK., thread id: %u
CreateProcessAsUser failed, error code:%u, thread id: %u
CreateProcessAsUser failed, error code:%u, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Before WTSQueryUserToken, thread id: %u
Before WTSQueryUserToken, thread id: %u
QueryUserToken failed, error code:%u, thread id: %u
QueryUserToken failed, error code:%u, thread id: %u
GetTokenInformation failed, error code:%u, thread id: %u
GetTokenInformation failed, error code:%u, thread id: %u
StartAppForActiveUser: %s, thread id: %u
StartAppForActiveUser: %s, thread id: %u
LogReporter.exe
LogReporter.exe
"%s" -show_ui -launch_uac_app %s
"%s" -show_ui -launch_uac_app %s
"%s" -launch_uac_app %s
"%s" -launch_uac_app %s
OnShutdown, thread id: %u
OnShutdown, thread id: %u
Leave StartAppForActiveUser, thread id: %u
Leave StartAppForActiveUser, thread id: %u
"%s" found, session id: %u, process id: %u
"%s" found, session id: %u, process id: %u
CreateEnvironmentBlock Failed: %u
CreateEnvironmentBlock Failed: %u
CreateProcessAsUser Failed, error code: %u
CreateProcessAsUser Failed, error code: %u
OnInit, thread id: %u
OnInit, thread id: %u
WTSEnumerateSessions failed, error code: %u
WTSEnumerateSessions failed, error code: %u
winlogon.exe
winlogon.exe
Process token open Error: %u
Process token open Error: %u
DuplicateTokenEx Error: %u
DuplicateTokenEx Error: %u
%s %s
%s %s
\PcfPopups.exe
\PcfPopups.exe
-ieprotectDlg %d %d "%s"
-ieprotectDlg %d %d "%s"
-homepageDlg %d "%s"
-homepageDlg %d "%s"
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\services\PCFasterSvc_{PCFaster_4.0.0.0}
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\services\PCFasterSvc_{PCFaster_4.0.0.0}
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Baidu PC Faster 4.0.0.0
Baidu PC Faster 4.0.0.0
BHips_RegisterCallback: %u(%s)
BHips_RegisterCallback: %u(%s)
PSafeSysTray.exe
PSafeSysTray.exe
PSafeWD.exe
PSafeWD.exe
PSafeSvc.exe
PSafeSvc.exe
psprotegesvc.exe
psprotegesvc.exe
CMsgRouteMgr::StopMgr
CMsgRouteMgr::StopMgr
PluginConfig.xml
PluginConfig.xml
Unload component: %s
Unload component: %s
Component: %s!
Component: %s!
Load component %s successfully!
Load component %s successfully!
Can not unload component %s because the done function returns EXEC_ERROR!
Can not unload component %s because the done function returns EXEC_ERROR!
Force to unload component %s even done function returns EXEC_ERROR!
Force to unload component %s even done function returns EXEC_ERROR!
Updating component: %s
Updating component: %s
CMsgRouteMgr::QueryInterface :
CMsgRouteMgr::QueryInterface :
CMsgRouteMgr::QueryInterface : Load Component %s
CMsgRouteMgr::QueryInterface : Load Component %s
CMsgRouteMgr::DispatchMsg :
CMsgRouteMgr::DispatchMsg :
strCMDID
strCMDID
CMsgRouteMgr::QueryInfByCmdID :
CMsgRouteMgr::QueryInfByCmdID :
bd_krn_ui_D3152864-5AFF-42e3-9FB2-99ABF218961_{PCFaster_4.0.0.0}
bd_krn_ui_D3152864-5AFF-42e3-9FB2-99ABF218961_{PCFaster_4.0.0.0}
PCFShellEx.dll
PCFShellEx.dll
PCFShellEx64.dll
PCFShellEx64.dll
regsvr32.exe /s /i "%s%s"
regsvr32.exe /s /i "%s%s"
ReadFile, CreateFile(%s), GetLastError()=%u
ReadFile, CreateFile(%s), GetLastError()=%u
ReadFile, _tstat(%s), errno=%d, st.st_size=%d
ReadFile, _tstat(%s), errno=%d, st.st_size=%d
ReadFile, ::ReadFile(st.st_size=%u, dwNumberOfBytesRead=%u), GetLastError()=%u
ReadFile, ::ReadFile(st.st_size=%u, dwNumberOfBytesRead=%u), GetLastError()=%u
CMsgRouteMgr::DoWork
CMsgRouteMgr::DoWork
DumpReportInterval
DumpReportInterval
LogReport
LogReport
-send_uu_msg
-send_uu_msg
-no_ui -send_uu_msg
-no_ui -send_uu_msg
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Statistic
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Statistic
ReportSysOpt
ReportSysOpt
"-send_p_msg=%s"
"-send_p_msg=%s"
UpLoadReportErrorDmp
UpLoadReportErrorDmp
PCAppStore_Setup.exe
PCAppStore_Setup.exe
"%s" /S /PCF
"%s" /S /PCF
com_ui_shellexecute
com_ui_shellexecute
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Receive unknown init msg
Receive unknown init msg
Send kernel response to process: %s error!
Send kernel response to process: %s error!
Global\BDKERNELPROTECTOR_{PCFaster_4.0.0.0}
Global\BDKERNELPROTECTOR_{PCFaster_4.0.0.0}
log2.dll
log2.dll
PCFasterSvc_{PCFaster_4.0.0.0}
PCFasterSvc_{PCFaster_4.0.0.0}
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup
d/d/d d:d:d.d
d/d/d d:d:d.d
Global\baidu_pcf_log_share_memory_name_{48D28937-41F9-4e2d-B333-BD5717FE2904}
Global\baidu_pcf_log_share_memory_name_{48D28937-41F9-4e2d-B333-BD5717FE2904}
Global\baidu_pcf_log_share_momory_mutex_{FE0D80C5-F99F-495b-8C5E-5C1DD8B897CF}
Global\baidu_pcf_log_share_momory_mutex_{FE0D80C5-F99F-495b-8C5E-5C1DD8B897CF}
Global\baidu_pcf_log_buffer_ready_sema_{ACB1FF3E-5A36-4abc-AC60-B39B60B93BE4}
Global\baidu_pcf_log_buffer_ready_sema_{ACB1FF3E-5A36-4abc-AC60-B39B60B93BE4}
Global\baidu_pcf_log_data_ready_event_{352CD775-0FFA-4c23-804E-E414962419CE}
Global\baidu_pcf_log_data_ready_event_{352CD775-0FFA-4c23-804E-E414962419CE}
A"%s" %s
A"%s" %s
CHelper::RunExeInSvc, CreateProcess(%s), pi.hProcess=%u
CHelper::RunExeInSvc, CreateProcess(%s), pi.hProcess=%u
A[ServerBackground] PIPEINST
A[ServerBackground] PIPEINST
[ServerBackground] PIPEINST
[ServerBackground] PIPEINST
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
%Program Files%\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
%Program Files%\Baidu Security\PC Faster\4.0.0.0\
%Program Files%\Baidu Security\PC Faster\4.0.0.0\
4.0.1.56500
4.0.1.56500
%Documents and Settings%\All Users\
%Documents and Settings%\All Users\
\Baidu Security\PC Faster\4.0.0.0\Dump
\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-21
5.1.2600.5512 (xpsp.080413-21
4,0,1,55642
4,0,1,55642
%original file name%.exe_2472_rwx_02020000_00004000:
System.Deployment.resources
System.Deployment.resources
FasterNow.exe_3500:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
tGHt.Ht&
tGHt.Ht&
kernel32.dll
kernel32.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
7438FEF7-71A6-4116-83C0-94C23BF3E228
7438FEF7-71A6-4116-83C0-94C23BF3E228
RegDeleteKeyExW
RegDeleteKeyExW
&#xX;
&#xX;
%s="%s"
%s="%s"
%s='%s'
%s='%s'
<!--%s-->
<!--%s-->
<![CDATA[%s]]>
<![CDATA[%s]]>
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
o:\app\gensoft\security-client\pc-faster\public\output\pdb\FasterNow.pdb
o:\app\gensoft\security-client\pc-faster\public\output\pdb\FasterNow.pdb
DirectUI.dll
DirectUI.dll
DataReport.dll
DataReport.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
EnumWindows
EnumWindows
USER32.dll
USER32.dll
RegCreateKeyExW
RegCreateKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
WTSAPI32.dll
WTSAPI32.dll
VERSION.dll
VERSION.dll
PSAPI.DLL
PSAPI.DLL
pdh.dll
pdh.dll
USERENV.dll
USERENV.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
zcÁ
zcÁ
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
0*1014181<1
0*1014181<1
5 5$5@5\5`5|5
5 5$5@5\5`5|5
explorer.exe
explorer.exe
HTTP/1.1
HTTP/1.1
BugReportConfig.ini
BugReportConfig.ini
ShowBugReport
ShowBugReport
DumpConfig.ini
DumpConfig.ini
_ServerStore.dat
_ServerStore.dat
http://
http://
product=%s;guid=%s;type=%d;
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
CrashUL.exe
trayreported
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
serverreported
\StringFileInfo\xx\%s
\StringFileInfo\xx\%s
BugReportConfig
BugReportConfig
BugInfoUploadURL
BugInfoUploadURL
http://sync.bav.baidu.com
http://sync.bav.baidu.com
BugURL
BugURL
http://bug.bav.baidu.com
http://bug.bav.baidu.com
Baidu Crash Report
Baidu Crash Report
CrashCallBackExe
CrashCallBackExe
c:\crash.ini
c:\crash.ini
ntdll.dll
ntdll.dll
CrashReport.exe
CrashReport.exe
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
d-d-d d:d:d
d-d-d d:d:d
Unknown error X
Unknown error X
\sysconfig.ini
\sysconfig.ini
\Baidu Security\PC Faster\4.0.0.0
\Baidu Security\PC Faster\4.0.0.0
\config.ini
\config.ini
url.ini
url.ini
%d:%d,%d:%d
%d:%d,%d:%d
Kernel32.dll
Kernel32.dll
Wtsapi32.dll
Wtsapi32.dll
PCFaster.exe
PCFaster.exe
MainExeName
MainExeName
C:\Users\Public\Documents
C:\Users\Public\Documents
"%s" %s
"%s" %s
BugReporter.exe
BugReporter.exe
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
FasterNow.dat
FasterNow.dat
Can not open process, lasterror = %d
Can not open process, lasterror = %d
\FasterNow.db
\FasterNow.db
\\.\PCFBdApiUtil
\\.\PCFBdApiUtil
Find a hung process, id = %d
Find a hung process, id = %d
img_pop_percent_1.png
img_pop_percent_1.png
skin\scattered\FasterNow\img_pop_percent_0.png
skin\scattered\FasterNow\img_pop_percent_0.png
img_pop_percent_2.png
img_pop_percent_2.png
MNBST.title
MNBST.title
tree.proc
tree.proc
tree.result
tree.result
pop.mem.num
pop.mem.num
pop.status.text
pop.status.text
pop.status.text.vigorous
pop.status.text.vigorous
pop.status.note.vigorous
pop.status.note.vigorous
pop.status.text.tired
pop.status.text.tired
pop.status.note.tired
pop.status.note.tired
pop.status.text.exhausted
pop.status.text.exhausted
pop.status.note.exhausted
pop.status.note.exhausted
pop.status.note
pop.status.note
pop.static.mem
pop.static.mem
pop.static.cpu
pop.static.cpu
pop.static.io
pop.static.io
chk.select
chk.select
pop.tree.text.junk
pop.tree.text.junk
%s,%s;
%s,%s;
btn.boost
btn.boost
layout.main
layout.main
layout.normal
layout.normal
layout.cleaning
layout.cleaning
layout.result
layout.result
pop.result.size.note
pop.result.size.note
pop.status.speed.end.size
pop.status.speed.end.size
layout.normal.result
layout.normal.result
layout.normal.speeding
layout.normal.speeding
layout.normal.speed.end
layout.normal.speed.end
pop.tree.text.clean
pop.tree.text.clean
pop.tree.text.recommend
pop.tree.text.recommend
pop.tree.text.depends
pop.tree.text.depends
pop.tree.text.common
pop.tree.text.common
Tahoma.13.bold
Tahoma.13.bold
\%s(_Total)\%s
\%s(_Total)\%s
\%s(%s)\%s
\%s(%s)\%s
2Iphlpapi.dll
2Iphlpapi.dll
Iphlpapi.dll
Iphlpapi.dll
ResetDataIncrement, name = %s
ResetDataIncrement, name = %s
skin\scattered\FasterNow\img_percent_0.png
skin\scattered\FasterNow\img_percent_0.png
img_percent_1.png
img_percent_1.png
img_percent_2.png
img_percent_2.png
outer_circle.png
outer_circle.png
skin\Common\Common.bskin
skin\Common\Common.bskin
skin\tools\Common\Common.bskin
skin\tools\Common\Common.bskin
skin\tools\FasterNow\FasterNow.bskin
skin\tools\FasterNow\FasterNow.bskin
layout.speeding
layout.speeding
layout.speed
layout.speed
\tools\FasterNow\FasterNow.bskin
\tools\FasterNow\FasterNow.bskin
pop.static.mem.usage
pop.static.mem.usage
InternetSpeedTest.exe
InternetSpeedTest.exe
MNBST.netTest
MNBST.netTest
DisconnectionEmergency.exe
DisconnectionEmergency.exe
MNBST.netRepair
MNBST.netRepair
GameFaster.exe
GameFaster.exe
MNBST.gameFaster
MNBST.gameFaster
MNBST.transparency
MNBST.transparency
MNBST.hideInFullScreen
MNBST.hideInFullScreen
MNBST.hideBooster
MNBST.hideBooster
MNBST.alwaysOnTop
MNBST.alwaysOnTop
%d-%d-%d %d:%d:%d
%d-%d-%d %d:%d:%d
m_bShowGuidePop=%d ---------------
m_bShowGuidePop=%d ---------------
skin\common\common.bskin
skin\common\common.bskin
Baidu PC Faster FasterNow_{PCFaster_4.0.0.0}
Baidu PC Faster FasterNow_{PCFaster_4.0.0.0}
skin\tools\common\common.bskin
skin\tools\common\common.bskin
Pdh.dll
Pdh.dll
%s_Process
%s_Process
%s_DiskIo
%s_DiskIo
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
d/d/d d:d:d.d
d/d/d d:d:d.d
Global\baidu_pcf_log_share_memory_name_{48D28937-41F9-4e2d-B333-BD5717FE2904}
Global\baidu_pcf_log_share_memory_name_{48D28937-41F9-4e2d-B333-BD5717FE2904}
Global\baidu_pcf_log_share_momory_mutex_{FE0D80C5-F99F-495b-8C5E-5C1DD8B897CF}
Global\baidu_pcf_log_share_momory_mutex_{FE0D80C5-F99F-495b-8C5E-5C1DD8B897CF}
Global\baidu_pcf_log_buffer_ready_sema_{ACB1FF3E-5A36-4abc-AC60-B39B60B93BE4}
Global\baidu_pcf_log_buffer_ready_sema_{ACB1FF3E-5A36-4abc-AC60-B39B60B93BE4}
Global\baidu_pcf_log_data_ready_event_{352CD775-0FFA-4c23-804E-E414962419CE}
Global\baidu_pcf_log_data_ready_event_{352CD775-0FFA-4c23-804E-E414962419CE}
user32.dll
user32.dll
\skin\Scattered\SkinList\default.bskin
\skin\Scattered\SkinList\default.bskin
version.xml
version.xml
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
ReportURL
ReportURL
DataReport
DataReport
@Advapi32.dll
@Advapi32.dll
Baidu PC Faster Tray_{PCFaster_4.0.0.0}
Baidu PC Faster Tray_{PCFaster_4.0.0.0}
default.bskin
default.bskin
\SHELL32.DLL
\SHELL32.DLL
imageres.dll
imageres.dll
Ashell32.dll
Ashell32.dll
%Program Files%\Baidu Security\PC Faster\4.0.0.0\
%Program Files%\Baidu Security\PC Faster\4.0.0.0\
4.0.1.56500
4.0.1.56500
%Documents and Settings%\All Users\
%Documents and Settings%\All Users\
\Baidu Security\PC Faster\4.0.0.0\Dump
\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-21
5.1.2600.5512 (xpsp.080413-21
%Program Files%\Baidu Security\PC Faster\4.0.0.0\FasterNow.exe
%Program Files%\Baidu Security\PC Faster\4.0.0.0\FasterNow.exe
4,0,1,55145
4,0,1,55145