Trojan-Downloader.Win32.Genome.kevg_5e71e325c9

by malwarelabrobot on December 21st, 2014 in Malware Descriptions.

Trojan-Downloader.Win32.Genome.kevg (Kaspersky), mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 5e71e325c991c045f846469c2e5dce7d
SHA1: 2c6d8a7f2e7b076421926f5aaa57a219e8872415
SHA256: 2591656198650a5e4a4275ba64e7c332001d111177299a1bcdd4ba82efff2fa9
SSDeep: 24576:9xFYGY9 9d/G7P9lkQ/exnzGn4dLsUvqkaT 0BpCCh PDedNdUhZuIBWcUw:ON26FOnzGn6LJvqkwnpC mWd6uIccUw
Size: 1778982 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-06-14 19:16:10
Analyzed on: WindowsXPESX SP3 32-bit


Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

No specific payload has been found.

Process activity

The Trojan-Downloader creates the following process(es):

%original file name%.exe:384
PCFasterSvc.exe:1628
LogReporter.exe:2200
LogReporter.exe:2412
LogReporter.exe:2160
Updater.exe:2444
sc.exe:964
sc.exe:1524
sc.exe:676
sc.exe:1704
sc.exe:1660
Baidu_Secure_SystemUp_5.0.4.87531.exe:1692
PC_Faster_Setup_Mini_B104_144327560.exe:1284
MiniService.exe:1708
MiniService.exe:2020
MiniService.exe:844
MiniService.exe:652
schtasks.exe:1544
schtasks.exe:1568
schtasks.exe:136
schtasks.exe:1676
schtasks.exe:224
schtasks.exe:1740
schtasks.exe:2032
PopupTip.exe:2760
~dlBD.exe:1160
cscript.exe:2440
irsetup.exe:508
iSafeDownloader.exe:1544
yet_another_cleaner_mat.exe:1576

The Trojan-Downloader injects its code into the following process(es):

PCFasterSvc.exe:1820
PCFTray.exe:2564
SysOptEngineSvc.exe:1724

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:384 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (0 bytes)

The process PCFasterSvc.exe:1628 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
%System%\drivers\BprotectEx.sys (601 bytes)
%System%\drivers\Bhbase.sys (47 bytes)

The process PCFasterSvc.exe:1820 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\DataReport-20141220.log (578 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\LogReporter-20141220.log (1580 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\SysOptEngineSvc-20141220.log (809 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe (5873 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\PCFTray-20141220.log (869 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\config.ini (508 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (248 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\PCFasterSvc-20141220.log (1219 bytes)

The process LogReporter.exe:2412 makes changes in the file system.
The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\verC1.tmp (0 bytes)

The process Updater.exe:2444 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavClean.dll (220 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.LeakRepair\LeakDB-x86-1033.dat (10477 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vn.dat (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavConfig.ini.7z (814 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavFi.dll (80 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavBase.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\log.dll (104 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ac.dat.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff (148 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\tg.dat (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavScan.dll (201 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml (3814 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavWl.dll (234 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\server_respond.xml (422 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sqlite.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\dbghelp.dll (7386 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe.7z (5451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUa.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileList.xml.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\fs.dat.7z (414 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSk.dll (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavCs.dll (227 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sqlite.dll (1823 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll (3739 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\defcfg.ini.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSig.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavVt.dll.7z (47 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileVer.xml (303 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\dbghelp.dll.7z (3851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\version.xml.7z (279 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Updater-2014-12-20 12-35-17-0201-[17113].tmp (490 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\defcfg.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BaiduStore.dll (7386 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUp.dll (183 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll-0xa9c5b72ee0063b8a6d28ec99127c0e9a.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavFi.dll.7z (32 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavAs.dll (3700 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (12289 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\BrowserList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavPro_Setup_Mini_GL1.exe.7z (7251 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys (115 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vn.dat.7z (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vr.dat.7z (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Communication.dll (1621 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSk.dll.7z (44 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSig.dll (163 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vr.dat (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\qs.dat (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat (23 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sc.ini (264 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat.7z (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe (6404 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUp.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\ProgramFileList.xml.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff (1451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BaiduStore.dll.7z (2851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ac.dat (40 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\log.dll.7z (46 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_ultimate.ini (431 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileList.xml (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\qs.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\PhotoList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ag.dat.7z (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\BrowserList.dat (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSu.dll.7z (2051 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat.7z (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Communication.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys-0x71e5154b386c6c46279027c3d3c1a2b9.diff (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSu.dll (1789 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavBase.dll (296 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavConfig.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BCloudScan.exe.7z (4451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavCs.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\FileList.xml (1627 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\url.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sc.ini.7z (247 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_statistic.xml (336 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavScan.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavVt.dll (117 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUa.dll (5442 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log\Updater-20141220.log (75383 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\fs.dat (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavAs.dll.7z (851 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavData.dll (126 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BCloudScan.exe (9606 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\wi.dat.7z (12131 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\tg.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavPro_Setup_Mini_GL1.exe (12288 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\version.xml (291 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavData.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavWl.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\VideoList.dat.7z (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys-0x2e0e0935f30edfffba970b63fdc0f23e.diff (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe (9606 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavClean.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ag.dat (28 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavQv.dll.7z (451 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\VideoList.dat (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavQv.dll (157 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\PhotoList.dat (11 bytes)

The Trojan-Downloader deletes the following file(s):

%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys-0x2e0e0935f30edfffba970b63fdc0f23e.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys-0x71e5154b386c6c46279027c3d3c1a2b9.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileList.xml.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\BrowserList.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\ProgramFileList.xml.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\PhotoList.dat.7z (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll-0xa9c5b72ee0063b8a6d28ec99127c0e9a.diff (0 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\VideoList.dat.7z (0 bytes)

The process Baidu_Secure_SystemUp_5.0.4.87531.exe:1692 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\ieprotect\ieprotect.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\common\common.bskin (371 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1056.WhiteSmkeUSNew.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1198.SaveClicker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1181.Highlightly.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10017.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\citys.txt (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1089.DVDVideoSoftToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1136.AF_HSS.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\1.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1126.Hao123SearchRemovalTool.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1151.NinjaSavings.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0029.FreeRARExtractFrog.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\13.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\res\res.bskin (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10123.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log2.dll (12088 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1056.WhiteSmkeUSNew.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\ZTE_off.png (463 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\IEProtect.ini (420 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1147.EntrustedToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1181.Highlightly.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1101.VAFMusic.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1055.WhiteSmoke.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1083.PriceGong.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\lang.ini (110 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dir.ini (494 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BProtectEx64.sys (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1157.AppsHat.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0002.MyPCBackup.rul (661 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\update\update.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1143.BrowserPlus2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.2.def.db (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\confirm\confirm.bskin (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataFileList.xml (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1155.CouponChaser.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1062.OnlineRadioPlayerRecorderToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1163.BubbleDock.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\LG_on.png (628 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0026.KaraFun.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1055.WhiteSmoke.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\BaiduSafe\BaiduSafe.bskin (5520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\VDownloader_Ask.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1061.SearchProtect.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\3.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1108.SmartSuggestor.rul (256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\FasterNow.exe (29256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1122.Mysearchdial.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10004.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1150.DealSlider.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10027.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\8.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsDR.dll (14184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\BugReporter\BugReporter.bskin (927 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (1704 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1125.NCH_ENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\res\res.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\CouponDropDown.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFaster.exe (39770 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1133.Mp3TubeToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\FasterNow\FasterNow.bskin (7192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10032.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SonyEric_off.png (626 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\cloudy.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\DeepOptimization\res\res.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\EnumModules.exe (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Gionee_on.png (620 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\res\res.bskin (6360 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\nsis_install\nsis_install.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Nokia_on.png (522 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\confirm\confirm.bskin (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sqlite.dll (20416 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1090.DVDVideoSoftToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1131.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1153.TubeDimmer.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\InternetHelper.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1048.MixiDjV30.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Communication.dll (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1095.DigiModeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0032.FreeMouseAutoClicker.rul (457 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1168.LessTabs.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\config.ini (73 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\BaiduSafe\BaiduSafe.bskin (7192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\GameFaster\handle.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1115.Qwiklinx.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPhone_on.png (397 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BaiduStore.dll (35784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1195.WProtectManager.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1170.Alawar_Ask_brch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_small_circel.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1114.ST-Eng7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1065.DeltaToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\plugins.xml (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1175.SySaver.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1127.BSPlayerControlBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1099.SearchDeals.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_big_animate.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\oovoo.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\res\res.bskin (6584 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10886.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1117.RewardsArcade.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\rainy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1124.MagicDesktopENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10067.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1047.A180Darts.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_homepage\skin_homepage.bskin (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1094.BittorrentBar_DEToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1155.CouponChaser.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1187.Strongvault.rul (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11452.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1085.facesmooch.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataReport.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CP.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1187.Strongvault.rul (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1046.appbario12.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\SearchAmong.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1167.KingTranslate.rul (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1099.SearchDeals.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\NEC_on.png (484 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\common\common.bskin (374 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1163.BubbleDock.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1081.Funmoods.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BBK_off.png (476 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1045.AccuWeather.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPC_off.png (376 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1130.PhotoJoyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Yulong_off.png (582 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1070.IMVUToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\EnumModules.exe (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1111.Vuze.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Alcatel_off.png (453 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\NewFeatures\NewFeatures.bskin (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1168.LessTabs.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewFeatures.ini (393 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1116.NewVeoh.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\sunny.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0005.TornTV.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\InternetHelper.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1165.SavingsScout.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1164.RecordChecker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\foggy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1196.V9Toolbar.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_small_animate.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1179.FilesFrogUpdateChecker.rul (765 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1108.SmartSuggestor.rul (256 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1166.SpyAlert.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_webclient\skin_webclient.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\url.ini (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log64.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\11.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1124.MagicDesktopENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1045.AccuWeather.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1172.AskPartnerNetwork.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1118.A2ZLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10549.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Deal Spy.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\BugReporter\BugReporter.bskin (971 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1197.Desk365.rul (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\System.dll (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\mn.dat (962 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\14.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\TCL_on.png (489 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1072.MyHomepage.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Deals.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\OPPO_off.png (454 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10134.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1095.DigiModeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\appbario7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1138.MapsBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\download_circle.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\searchya.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewUpdater.exe (15536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\VidSaver.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1062.OnlineRadioPlayerRecorderToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NSISInstall.exe (51087 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1077.BrowserCompanion.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\12.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\BugReporter\BugReporter.bskin (980 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SONY_off.png (586 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Gionee_off.png (562 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk (957 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\CouponCompanion.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Deals.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1130.PhotoJoyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0017.USBGuardian.rul (418 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\LogReporter.exe (23424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\rainy.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll (44462 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\PluginHome\rocket.bskin (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\clock_hand.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\snetcfg.exe (4784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t3.db (470 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1127.BSPlayerControlBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DataFileVer.xml (303 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1133.Mp3TubeToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\common\common.bskin (387 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1157.AppsHat.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsPop.exe (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1141.GameMasterToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\85Play_Games.rul (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk (974 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SHARP_on.png (591 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11321.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1153.TubeDimmer.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1089.DVDVideoSoftToolbar.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1170.Alawar_Ask_brch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\BugReporter\BugReporter.bskin (970 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\sqlite.dll (20416 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DirectUI.dll (67497 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SHARP_off.png (532 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Bhbase.sys (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\IWantThis.rul (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1047.A180Darts.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1053.SupremeSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SONY_on.png (619 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\splash_light.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1054.CouponCaddy.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10041.png (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1101.VAFMusic.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\clean.wav (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\7.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1176.AutoLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1113.SpyGuard.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1102.FastFreeConverter.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_ID.png (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1139.RecipesBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\lang.ini (94 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10945.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_TH.png (8560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFPopups.exe (68799 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1112.SaveValet.rul (465 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1052.TigerSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1117.RewardsArcade.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1126.Hao123SearchRemovalTool.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1161.Linksicle.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\bk_uploading.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\sunny.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\MixiDJ.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\NewFeatures.exe (18424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\confirm\confirm.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1087.MediaFinder.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_popup\skin_popup.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t1.db (19096 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\update.wav (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\config.ini (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\ShoppingSidekick.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\uTorrentBar.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1098.NewYorkYankeesToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\MixiDJ.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_update\skin_update.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1068.AppBario2.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1188.InfoAtoms.rul (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\string.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1178.IminentToolbar.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SdkConfig.ini (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\OPPO_on.png (453 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1141.GameMasterToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\4.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1065.DeltaToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\MyWebSearch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1176.AutoLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1057.TrustWorthy.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1195.WProtectManager.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\RebateInformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1057.TrustWorthy.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1060.LuckySavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10192.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.1.def.db (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\apple_on.png (520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1167.KingTranslate.rul (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1129.HamInfoBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\snow.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t2.db (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\screensnpashot\screensnpashot.bskin (970 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SonyEric_on.png (673 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1189.JollyWallet.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update_config.xml (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dbghelp.dll (33877 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1121.KeyBar.rul (784 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk (957 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0013.FreeKeylogger.rul (237 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsHp.dll (27704 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\tools\FasterNow\FasterNow.bskin (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Dealio.rul.bak (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Huawei_on.png (697 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1082.PricePeep.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.0.def.db (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallCheck.dll (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10535.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0014.Smadav96.rul (722 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\common\common.bskin (395 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1122.Mysearchdial.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BEVMApi001.dll (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1067.SearchAssistant.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CloudOPTClient.exe (32128 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1188.InfoAtoms.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_BR.png (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1106.GetSavin.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10045.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BigFileCleaner.dat (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1048.MixiDjV30.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1134.ooVoo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Microsoft_on.png (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1068.AppBario2.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\version.xml (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\DataReport.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10620.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10065.png (3 bytes)
%WinDir%\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job (918 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1152.DealCola.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1158.UnfriendCheck.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0016.AutorunEater.rul (410 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10014.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BHipsConfig.ini (684 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HomeRank.dat (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\uTorrentControl.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Palm_off.png (446 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\Plugin_OptimizerEx.dll (34023 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\BavPc.dll (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_upgrade\skin_upgrade.bskin (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1087.MediaFinder.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\GiantSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\2.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\CleanerEngine.dll (65976 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\update\update.bskin (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\ProgramFileList.xml (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10095.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswBF.tmp (1437980 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Nokia_off.png (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\ZTE_on.png (500 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Huawei_off.png (646 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll (38904 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Fonts\HelveticaNeueLTPro-Th.otf (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1142.KeyBar1.13.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_default\skin_default.bskin (8184 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\liveupdate.exe (16424 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10203.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\NEC_off.png (463 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1076.SavingsAddon.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\update\update.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t4.db (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Ask.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\NSISInstall\NSISInstall.bskin (15168 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1152.DealCola.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1131.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\shadow.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0019.AlfaAutorunKiller.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\appbario7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\MyWebSearch.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\BaiduSafe\BaiduSafe.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Microsoft_off.png (341 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\WhiteSmokeToolBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterFeedback.exe (27704 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1081.Funmoods.rul (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1128.EasyTVBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1172.AskPartnerNetwork.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0012.TheWeatherChannelApp.rul (731 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Google_off.png (637 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1063.SnapDo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\BugReporter\BugReporter.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Updater.exe (37025 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\lightning.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\lang.ini (100 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1102.FastFreeConverter.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\common\common.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CrashReport.exe (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\MEIZU_on.png (367 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\tool_box.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1144.WiseConvertB2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\popups\popups.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\cloud.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1063.SnapDo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1148.KeyBar1.8.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1115.Qwiklinx.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10023.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPhone_off.png (405 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_boottime\skin_boottime.bskin (23296 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1107.TVGenie.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10063.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\feedback\feedback.bskin (5064 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1049.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1148.KeyBar1.8.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Tuvaro.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\download_light.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1088.yontooToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\popups\popups.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\webcake.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1143.BrowserPlus2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\BrowserProtect.rul (101 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1145.FreeSoundRecorder.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1074.CodecPerformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Yontoo.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1116.NewVeoh.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\ieprotect\ieprotect.bskin (15 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10230.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1180.TNT2-ide.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10149.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin (8560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_EG.png (30344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1049.SocialSearchBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1085.facesmooch.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1178.IminentToolbar.rul (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\WhiteSmokeToolBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Aflamster.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\confirm\confirm.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1145.FreeSoundRecorder.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1064.Webblog.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\memory_circle.png (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\WorldCup\server.txt (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\Communication.dll (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0021.MP3Rocket.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BProtectEx.sys (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1058.ScenicReflections.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Genieo.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\lang.ini (100 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0003.VuuPC.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0010.Martview.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10531.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\bk_downloading.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\loading.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0025.SpeedBitVideoDownloader.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1094.BittorrentBar_DEToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1146.BrotherSoftExtremeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1162.TidyNetwork.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (46278 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1112.SaveValet.rul (465 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\CrashUL.exe (11048 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1140.BroderbundBar.rul (784 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\config.ini (73 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\update.dll (34561 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_feedback\skin_feedback.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\ieprotect\ieprotect.bskin (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Tuvaro.rul (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\url.ini (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Samsung_on.png (603 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\VidSaver.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\ieprotect\ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11248.png (3 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk (974 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFHelper.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_big_outer_circel.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1097.NCH FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].tmp (1286 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\ShoppingSidekick.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Lenovo_off.png (551 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1132.SerifBar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\confirm\confirm.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log64.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\BrowserProtect.rul (101 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\RebateInformer.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\res\res.bskin (15168 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\CouponDropDown.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\apple_off.png (536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\fn.dat (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Philips_off.png (439 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\update\update.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DeepClean.exe (46278 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1147.EntrustedToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1052.TigerSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1151.NinjaSavings.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0031.KCSoftwaresSUMo.rul (560 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1105.FreeYoutubeDownload.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1104.SavepathDeals.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Yulong_on.png (616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10174.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11355.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Plugin_Cleaner.dll (35784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_ieprotect\skin_ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\PcfTray\PcfTray.bskin (2392 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\VDownloader_Ask.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1093.BittorrentBar_FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Genieo.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\ieprotect_font\ieprotect_font.bskin (488 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_frame\skin_frame.bskin (6360 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\GameFaster\restore_mask.png (798 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\GiantSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\LG_off.png (596 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\DeepClean\res\res.bskin (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\tools\FasterNow\FasterNow.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BHips.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1164.RecordChecker.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\upload_light.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\tools\FasterNow\FasterNow.bskin (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Feedback.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.log (256186 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\cloud.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1137.TVersityBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\memory_circle_point.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Motorola_on.png (577 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\HTC_on.png (497 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Lenovo_on.png (603 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1097.NCH FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\MEIZU_off.png (375 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1106.GetSavin.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\10.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1086.DownloadEnergyToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1083.PriceGong.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\foggy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\ieprotect\ieprotect.bskin (1552 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1114.ST-Eng7.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1129.HamInfoBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1118.A2ZLyrics.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1098.NewYorkYankeesToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1166.SpyAlert.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1093.BittorrentBar_FRToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1137.TVersityBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\NewFeatures\NewFeatures.bskin (9320 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\BrowserDefender.rul.bak (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Alcatel_on.png (565 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BlackBerry_off.png (440 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log.dll (4992 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\common\common.bskin (389 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1054.CouponCaddy.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Yontoo.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1110.BrowseForTheCause.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1107.TVGenie.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Deal Spy.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\ieprotect_font\ieprotect_font.bskin (486 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Inbox.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1090.DVDVideoSoftToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1058.ScenicReflections.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\9.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\upload_circle.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\screensnpashot\screensnpashot.bskin (956 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1105.FreeYoutubeDownload.rul (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1111.Vuze.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1140.BroderbundBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1070.IMVUToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\PluginHome\rocket.bskin (13368 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.5.1.def.db (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\update\update.bskin (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\ieprotect\ieprotect.bskin (13 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\uTorrentBar.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\startup.wav (5520 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1121.KeyBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Palm_on.png (477 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1185.InstantSavingsApp.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BETManger.dll (21216 bytes)
%Documents and Settings%\All Users\Application Data\Duplicaterecord.js (14 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Uninstall.exe (16944 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1061.SearchProtect.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\PluginConfig.xml (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\StartNow.rul (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\NewFeatures.txt (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1082.PricePeep.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1072.MyHomepage.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\screensnpashot\screensnpashot.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1165.SavingsScout.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\StartNow.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BlackBerry_on.png (426 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_junkclean\skin_junkclean.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1104.SavepathDeals.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\rl.dat (789 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1180.TNT2-ide.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1088.yontooToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\IWantThis.rul (9 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\6.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\LinkCensor.dat (104 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1169.LoadTubes.rul (812 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\common\common.bskin (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log2.dll (12088 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BBK_on.png (506 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BEVMEngine.dll (25776 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Philips_on.png (449 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\WebClient.dll (12536 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11351.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\BrowserDefender.rul.bak (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\data.bns (514 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\uTorrentControl.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10129.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1051.SavingsApp.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\85Play_Games.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1158.UnfriendCheck.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\ResultRecommend\config.txt (23 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\sysconfig.ini (473 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Google_on.png (691 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\webcake.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Xiaomi_off.png (385 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\PluginOptimizer\img_circle.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\LogReporter.exe (23424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\BHips.dll (22192 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\snow.png (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\searchya.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1144.WiseConvertB2.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\connect_circle.png (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1086.DownloadEnergyToolbar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0006.UpdateChecker.rul (671 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0008.UnderTheSea.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0011.CdCoverCreator.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1139.RecipesBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1128.EasyTVBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\ieprotect\ieprotect.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1053.SupremeSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\15.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1189.JollyWallet.rul (10 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10092.png (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0024.VideoDownloadConvert.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\update\update.bskin (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsHB.dll (16288 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\lang.ini (162 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1183.SuperfishWindowShopper.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\BdApiUtil.dll (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10495.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1175.SySaver.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1077.BrowserCompanion.rul (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Samsung_off.png (597 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1134.ooVoo.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1142.KeyBar1.13.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1046.appbario12.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1050.SolidSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\lightning.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\5.png (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Motorola_off.png (541 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1051.SavingsApp.rul (6 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PopupTip.exe (11344 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1064.Webblog.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Aflamster.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\SearchAmong.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\CouponCompanion.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1060.LuckySavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe (39329 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1125.NCH_ENToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1162.TidyNetwork.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\hipspop\hipspop.bskin (3312 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1196.V9Toolbar.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0004.iLivid.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1161.Linksicle.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1136.AF_HSS.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1067.SearchAssistant.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1146.BrotherSoftExtremeToolbar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\cloudy.png (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1183.SuperfishWindowShopper.rul (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\TCL_off.png (454 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1050.SolidSavings.rul (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\PcfTray\PcfTray.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0022.AnimatorDV.rul (352 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\DeepOptimization.exe (60186 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_crashreporter\skin_crashreporter.bskin (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\data\sbr2.dat (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1132.SerifBar.rul (16 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\IEProtect.exe (26688 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1138.MapsBar.rul (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\ieprotect_font\ieprotect_font.bskin (488 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\oovoo.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\BugReporter\BugReporter.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1185.InstantSavingsApp.rul (12 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPC_on.png (380 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Xiaomi_on.png (399 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\littleboy.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1074.CodecPerformer.rul (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sysconfig.ini (473 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1110.BrowseForTheCause.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\common\common.bskin (367 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0018.AbsoluteShieldfileshredder.rul (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Dealio.rul.bak (7 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1169.LoadTubes.rul (812 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1179.FilesFrogUpdateChecker.rul (765 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10684.png (5 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\nsis_install\nsis_install.bskin (1856 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Inbox.rul (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\HTC_off.png (481 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\popups\popups.bskin (3616 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1113.SpyGuard.rul (2 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\NewFeatures\NewFeatures.bskin (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.dll (35001 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\hipspop\hipspop.bskin (784 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\hipspop\hipspop.bskin (784 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Feedback.lnk (1 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1150.DealSlider.rul (11 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1076.SavingsAddon.rul (8 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10021.png (3 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1197.Desk365.rul (3 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\DataReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\LogReporter.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\config.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallCheck.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\string.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsgBE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\snetcfg.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\NewFeatures.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sysconfig.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\BHips.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sqlite.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\url.ini (0 bytes)

The process PC_Faster_Setup_Mini_B104_144327560.exe:1284 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\546bc63d69dc67b163bfc222c0f38be6.gnet.tmp (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniService.exe (902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\config.xml_.tmp (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].tmp (1034 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].tmp (1395 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniServicePlugIn.dll (1608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\81e529e3201a4f47a9fb16e1d81dcc1e.gnet.tmp (3008 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Baidu_Secure_SystemUp_5.0.4.87531.exe (138231 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].tmp (1704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test4822FBB5_0309_420f_9DA2_FA5B8B854946\test4822FBB5_0309_420f_9DA2_FA5B8B854947.txt (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pcfB6.tmp (21 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].tmp (294 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\urlB8.tmp (196 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].tmp (770 bytes)
%Documents and Settings%\All Users\Documents\Baidu\Common\I18N\conf.db (759 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniService.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].dat (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].dat (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniServicePlugIn.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].dat (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test4822FBB5_0309_420f_9DA2_FA5B8B854946 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\downinfo[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test4822FBB5_0309_420f_9DA2_FA5B8B854946\test4822FBB5_0309_420f_9DA2_FA5B8B854947.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pcfB6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\urlB8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService (0 bytes)

The process PCFTray.exe:2564 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (80 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SdkConfig.ini (16 bytes)

The process schtasks.exe:136 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%WinDir%\Tasks\Baidu PC Faster Update.job (412 bytes)

The process SysOptEngineSvc.exe:1724 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster (4 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (484 bytes)
C:\$Directory (484 bytes)
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Perflib_Perfdata_80.dat (100 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0\log (4 bytes)
%Program Files%\Baidu Security\PC Faster\5.0.0.0 (384 bytes)
%WinDir%\Temp\Perflib_Perfdata_428.dat (100 bytes)
%WinDir%\Temp\Perflib_Perfdata_7ac.dat (4 bytes)
%Documents and Settings%\All Users\Start Menu (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster (4 bytes)
%Documents and Settings%\%current user% (4 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nswBF.tmp (47940 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs (4 bytes)

The process PopupTip.exe:2760 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\p[1].xml (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\statistic[1].htm (435 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[2].txt (494 bytes)
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[2].txt (0 bytes)

The process irsetup.exe:508 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\Pci Recovery\Uninstall\uniB9.tmp (9317 bytes)
%Program Files%\Pci Recovery\Uninstall\uninstall.dat (2104 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.pcfaster[1].txt (136 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[2].txt (500 bytes)
%Program Files%\Pci Recovery\Uninstall\IRIMG1.JPG (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[1].txt (245 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[1].txt (6010 bytes)
%Program Files%\Pci Recovery\lua5.1.dll (2902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PC_Faster_Setup_Mini_B104_144327560.exe (1065719 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[2].txt (7049 bytes)
%Program Files%\Pci Recovery\uninstall.exe (9213 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Pci Recovery Setup Log.txt (2260 bytes)
%Program Files%\Pci Recovery\Uninstall\IRIMG2.JPG (29 bytes)
%Program Files%\Pci Recovery\Uninstall\uninstall.xml (3475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (16388 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[2].txt (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yet_another_cleaner_mat.exe (381505 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IRWB7.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB4.tmp (0 bytes)
%Program Files%\Pci Recovery\Uninstall\uniB9.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG2.JPG (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.JPG (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IRWB5.tmp (0 bytes)

The process iSafeDownloader.exe:1544 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.tmp.bk (524749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.tmp (3905701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\yac[1].exe (3782807 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
%Documents and Settings%\%current user%\Application Data\eCyber\log\isafedownloader.log (1004 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.tmp.bk (0 bytes)

The process yet_another_cleaner_mat.exe:1576 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_tip_icon.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_btn_bk.png (979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_indeterminate.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\iSafeDownloader.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_clean_icon.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_skin.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\popup_bk.png (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\toggle_btn_pop_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_close_btn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\msgbox_bk_eu.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_meter.png (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_warning.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_anim.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\lang\dl_install_lang.xml (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_question.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\style\common_style.xml (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\layout\msgbox.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_res.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_checked.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\elexInsert.dll (3508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_remove_button_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\open_dir.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_checked.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_protect_icon.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\min_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_uncheck.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\resource.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_check.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\close_btn_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\uninstall_bg.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_bk.png (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_image.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_uncheck.png (275 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\complete_button_bk.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_on.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_optimize_icon.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_warning.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_check.png (460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\style\style.xml (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\combo_list.png (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_bk.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\msgbox.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\feedback_btn_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_down.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_up.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_combo_skin.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_prompt.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\av_authority_bk.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_uncheck.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scanview_btn_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_unchecked.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_faq_icon.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\install.xml (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\tipsWnd.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_logo.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\yac_side_ico.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_complete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_indeterminate.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_off.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_checked.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_scanning.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_block.png (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_bk.png (977 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_cof_button_bk.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\nsis_setup (16503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_dlg_bk.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_indeteminate.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\nation_icon_list.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\setup.7z (3204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_line.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\vscroll.png (1 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_tip_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_clean_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\lang\dl_install_lang.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_question.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_res.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_checked.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_uncheck.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scanview_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\style (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_check.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_down.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsdBA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_faq_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_logo.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_indeterminate.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\uninstall_bg.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_indeteminate.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\resource.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\msgbox_bk_eu.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\tipsWnd.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\open_dir.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_close_btn.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\min_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_cof_button_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\complete_button_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\combo_list.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_combo_skin.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_unchecked.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\setup.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\msgbox.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\layout (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\nation_icon_list.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\lang (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_complete.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_uncheck.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_checked.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_up.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_line.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\popup_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\toggle_btn_pop_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_warning.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\style (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\elexInsert.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_remove_button_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_check.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\close_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_optimize_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\nsis_setup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_prompt.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\install.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_image.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_off.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\vscroll.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_indeterminate.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_protect_icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\style\style.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_anim.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\style\common_style.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\layout\msgbox.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_checked.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\yac_side_ico.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_block.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_skin.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\feedback_btn_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_meter.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_uncheck.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\iSafeDownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\av_authority_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_on.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_scanning.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_dlg_bk.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_warning.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_bk.png (0 bytes)

Registry activity

The process %original file name%.exe:384 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 44 EC D5 3A D0 9C D2 2D 08 A1 52 9F 63 C0 97"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0]
"irsetup.exe" = "Setup Application"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process PCFasterSvc.exe:1628 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances\BprotectEx Instance]
"Altitude" = "388020"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances\BprotectEx Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\System\CurrentControlSet\Services\BprotectEx]
"InstPath" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\BprotectEx\Instances]
"DefaultInstance" = "BprotectEx Instance"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 86 AB 7E 26 B7 F3 D2 7C 97 1E 98 59 76 FF 5C"

[HKLM\SOFTWARE\Baidu Security\PC Faster\Temp]
"SelfProtectionEnabled" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\BprotectEx]
"Start" = "1"

The following driver will be automatically launched by the OS Loader:

[HKLM\System\CurrentControlSet\Services\Bhbase]
"Start" = "0"

The process PCFasterSvc.exe:1820 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Baidu Security\PC Faster]
"SvcStartTime" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 3A C9 77 E7 CF 50 B7 88 77 D3 12 BB 79 98 44"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Baidu Security\PC Faster]
"BootSilentTime" = "600"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFasterSvc\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFasterSvc\DEBUG]
"Trace Level"

The Trojan-Downloader disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 5.0.0.0"

The process LogReporter.exe:2200 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 0B C4 E0 9E BC 41 82 E4 D4 2B 15 6E F3 CD EF"

The process LogReporter.exe:2412 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LogReporter\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 47 DF 08 43 B1 8C D4 15 3E 3E 91 04 CD 88 7A"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"(Default)"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\LogReporter\DEBUG]
"Trace Level"

The process LogReporter.exe:2160 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 A9 17 AA 84 CD 52 24 1B 32 8C 4B D6 59 4D 6B"

The process Updater.exe:2444 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 0D B8 B6 0B FE 9A 82 71 EF BF 4D 38 08 0A EF"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level" = ""

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp\%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData]
"rpFile-Updater-2014-12-20 12-35-17-0201-[17113].tmp" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level"

The process sc.exe:964 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 36 27 51 35 4F 35 11 1B 9A 16 49 91 A5 FB 2A"

The process sc.exe:1524 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 D2 A5 EC C0 F2 20 58 AE E6 80 B7 75 18 08 32"

The process sc.exe:676 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 B8 B4 6B 7A DA BC 42 E8 69 B9 7D B7 67 58 74"

The process sc.exe:1704 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 0E BC 0D BE 07 8A 47 B5 EF D8 C6 EF 16 56 E3"

The process sc.exe:1660 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 44 85 2B E2 95 69 C7 D4 77 56 40 A2 FD 5B C7"

The process Baidu_Secure_SystemUp_5.0.4.87531.exe:1692 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayVersion" = "5.0.4.87531"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Baidu Security\PC Faster\Setup]
"SetupResult" = "0"

[HKCU\Software\Baidu Security\PC Faster]
"InstallTime" = "2014-12-20 10:33:18"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData]
"rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKLM\System\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Group" = "COM Infrastructure"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"UninstallString" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0\Uninstall.exe"
"InstallDir" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Baidu Security\PC Faster]
"InstallChannel" = "DirectAgents|br|IBD|Banner"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"sc.exe" = "A tool to aid in developing services for WindowsNT"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description" = "Baidu PC Faster Service 4.0.0.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Baidu Security\PC Faster]
"IsEverInstalled" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmC0.tmp\BHips.dll,"

[HKCU\Software\Baidu Security\PC Faster\4.0.0.0\Install\2043328]
"URL" = "http://sync.security.baidu.co.th/cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayIcon" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFaster.exe"

[HKLM\SOFTWARE\Baidu Security]
"uuid" = "S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallChannel" = "DirectAgents|br|IBD|Banner"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"schtasks.exe" = "Schedule Tasks"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"Beta" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsmC0.tmp]
"LogReporter.exe" = "Log Reporter"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Baidu Security\PC Faster]
"CurrentInstallVersion" = "4.0.0.0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 AA 32 13 A6 94 99 E0 14 26 58 79 8E 58 30 5C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\Baidu_Secure_SystemUp_5.0.4.87531\DEBUG]
"Trace Level" = ""

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"Publisher" = "Baidu, Inc."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Baidu Security\PC Faster]
"StopSvc" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"URLInfoAbout" = "http://www.pcfaster.com/go.php?link=1&pos=about"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallTime" = "2014-12-20 10:33:18"

[HKCU\Software\Baidu Security\PC Faster\4.0.0.0\Install\2042015]
"URL" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayName" = "Baidu PC Faster"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Trojan-Downloader adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe -auto -start"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\Baidu_Secure_SystemUp_5.0.4.87531\DEBUG]
"Trace Level"

[HKLM\SOFTWARE\Baidu Security\PC Faster]
"StopSvc"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp\%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData]
"rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].tmp"

The Trojan-Downloader disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BSECURE"

"BaiduPCFasterSetup"

"Baidu PC Faster 4.0.0.0"

The process PC_Faster_Setup_Mini_B104_144327560.exe:1284 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\PC_Faster_Setup_Mini_B104_144327560\DEBUG]
"Trace Level" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-id" = "S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService]
"MiniService.exe" = "Mini Service"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].tmp" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\PCFMini]
"mini_path" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\PC_Faster_Setup_Mini_B104_144327560.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 11 94 DA 90 2D 8A D8 8C 49 04 C8 B8 55 2D 12"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\PCFMini]
"mini_command_line" = "/S"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCU\Software\Baidu Security\PC Faster]
"pcfaster-guid" = "00cc44a8-0bfd-4d1a-8e7a-474529635d9e"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].dat" = "http://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following registry key(s):

[HKLM\SOFTWARE\PCFMini]

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Temp\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].tmp"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].dat"
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].dat"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData]
"rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].dat"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].dat"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Baidu_Drp_pos\DRP\Processing\%Documents and Settings%\All Users\Application Data\Baidu Security\RpData]
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].dat"
"rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].dat"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\PC_Faster_Setup_Mini_B104_144327560\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process MiniService.exe:1708 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 31 13 C7 15 5E AD CA 6D 1E 51 27 0A 6E 2D 8B"

The process MiniService.exe:2020 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 30 A2 93 AB A7 9D 93 BF 77 16 42 C6 A9 05 9C"

The process MiniService.exe:844 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 49 CE E6 C6 52 3B 54 17 11 A2 A4 AB 60 EC 21"

The process MiniService.exe:652 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 CF 71 F4 71 09 F4 6E 13 28 17 3B 3C 6E 09 E3"

The process PCFTray.exe:2564 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFTray\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 D9 7D 98 5D CA 0F 3A 24 7A 4A 24 19 40 59 AF"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\PCFTray\DEBUG]
"Trace Level"

The process schtasks.exe:1544 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 79 84 A7 88 A7 52 21 0E 9E F7 7E A8 57 BE 7A"

The process schtasks.exe:1568 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 FA 6F 6D 3F 33 E4 D3 4B F7 AF ED B8 56 EA DD"

The process schtasks.exe:136 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 3C 75 4F 4A F1 EB 97 31 A3 8C 99 ED 81 86 D1"

The process schtasks.exe:1676 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B E7 4C 99 E0 04 0B 1A D8 55 AE 51 2D 1A 3C 21"

The process schtasks.exe:224 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 1E ED DB 6F 92 CC 0B 86 B3 13 30 B0 9E 18 BA"

The process schtasks.exe:1740 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 22 72 C3 73 16 9E 68 6C 7F EA AD A3 AD 08 A4"

The process schtasks.exe:2032 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 81 41 E5 2C A8 21 F0 67 9B DA 65 DF E6 9A 9F"

The process SysOptEngineSvc.exe:1724 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Baidu Security\PC Faster]
"TimeBoot" = "52"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 03 96 96 E7 58 54 76 4E E7 E7 2B 8F 44 B3 CB"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\SysOptEngineSvc\DEBUG]
"Trace Level" = ""

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\SysOptEngineSvc\DEBUG]
"Trace Level"

The process PopupTip.exe:2760 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\PopupTip\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 C0 69 82 4C 33 25 1B 40 B2 FC EF 27 AE 84 2C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\PopupTip\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

The process ~dlBD.exe:1160 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 7B 1A BA FF 5F 41 F9 16 48 D3 1E 91 24 C8 61"

The process cscript.exe:2440 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D D2 BE 89 DE 8E 6C AE F2 02 AF 73 5C 88 04 D5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir" = "bav"

[HKLM\SOFTWARE\Baidu Security\DuplicateRecord]
"PcfChannel" = "DirectAgents|br|IBD|Banner"
"PcfLastActiveTime" = "2014-12-20 10:34:24"

The process irsetup.exe:508 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"NoModify" = "1"
"DisplayVersion" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"NoRepair" = "1"
"InstallLocation" = "%Program Files%\Pci Recovery"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"yet_another_cleaner_mat.exe" = "standard installer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"PC_Faster_Setup_Mini_B104_144327560.exe" = "Baidu PC Faster MiniSetup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"DisplayName" = "Pci Recovery"
"HelpLink" = "www.pcinspector.de"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"UninstallString" = "%Program Files%\Pci Recovery\uninstall.exe /U:%Program Files%\Pci Recovery\Uninstall\uninstall.xml"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"DisplayIcon" = "%Program Files%\Pci Recovery\uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 BC 67 E0 03 54 FE E9 62 49 3C 8D B2 4A 60 B0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"Publisher" = "Pci reocvery"
"URLInfoAbout" = "www.pcinspector.de"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pci Recovery1.0]
"Contact" = "Pci reocvery Support Department"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process iSafeDownloader.exe:1544 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B E2 E6 60 35 52 69 FC 8B 61 58 A7 C0 6E F8 59"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process yet_another_cleaner_mat.exe:1576 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B DB 75 2C A0 DC CA 2F 57 BF 42 B0 9D E0 6F 9C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

MD5 File path
68d50987ca3718f76f666ca3ed45f125 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Baidu_Secure_SystemUp_5.0.4.87531.exe
4cc9cd5427ed9526c48b59dfa41c98ab c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\PC_Faster_Setup_Mini_B104_144327560.exe
a9c5b72ee0063b8a6d28ec99127c0e9a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\BHips.dll
beb1924f868e94aa16e3288a2a81972b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\Communication.dll
91780b8f9edc47fcd34c16d3c4655211 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\InstallUtility.dll
6a17e66793ccaf17d01b71c381f35cd1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\LogReporter.exe
ef794cdfc47e0904cd6e9498b95669b4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\log.dll
b4a7694d798fd0cd508269fb7e2b0360 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsmC0.tmp\log2.dll
ca0198e4431779a1abe8d5887a03316d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\yet_another_cleaner_mat.exe
d2f03faccd3657a09bc89f831a17cc30 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BETManger.dll
8fdbe03d32bafc8fde004c966a0f5a53 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BEVMApi001.dll
c0e1a9d795c3f6a20a08e6b7c692a914 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BEVMEngine.dll
a9c5b72ee0063b8a6d28ec99127c0e9a c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BHips.dll
2e0e0935f30edfffba970b63fdc0f23e c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BProtectEx.sys
71e5154b386c6c46279027c3d3c1a2b9 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BProtectEx64.sys
21b5b675cdeed1a439f273c0a6141716 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BaiduStore.dll
aeb73dee6240d7efca9954348d9378e9 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\BdApiUtil.dll
be125797a510cd7e9e77d0d79cb989ef c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Bhbase.sys
c6e105c07104f4d2cc4781a861664fc3 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\CP.dll
97675745b0ee49bde212be051e310f99 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\CloudOPTClient.exe
beb1924f868e94aa16e3288a2a81972b c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Communication.dll
cc4a3f7204d91b6c1f354449981acc4f c:\Program Files\Baidu Security\PC Faster\5.0.0.0\CrashReport.exe
51d5a1ba8f9c22e190a7e802389e73e1 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\CrashUL.exe
ff5a41f8d7f75a4a382b409e7ce40281 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\DataReport.dll
2e8b5849618ae0b486e96cf4b828c384 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\DeepClean.exe
0cb21001ceb1c1dbbf7c04a5e21a3909 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\DeepOptimization.exe
a43cef6188f827c358e79584ab3d13ab c:\Program Files\Baidu Security\PC Faster\5.0.0.0\DirectUI.dll
692a4fa095694ef995ff31d96c330c0b c:\Program Files\Baidu Security\PC Faster\5.0.0.0\EnumModules.exe
03cf9bf0d73a6da2fa1527edfff4b679 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\FasterNow.exe
7ac1627af5abd5925905b3e671a85f80 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\HipsDR.dll
6b9f0a7bec15fe04c01107ccaa248151 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\HipsHB.dll
49e1bd200cce060485902770f74d6c76 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\HipsHp.dll
d056c973a510072e9ab8fc6f3339c088 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\HipsPop.exe
4f74425b51c481146176e92306a17309 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\IEProtect.exe
6a17e66793ccaf17d01b71c381f35cd1 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\LogReporter.exe
89ac31331673c27ebf9a7a5d6cd743ae c:\Program Files\Baidu Security\PC Faster\5.0.0.0\NSISInstall.exe
f3781cab80bea133a28811c8df3a1974 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\NewFeatures.exe
829d16425b9d21ebb6efacd292c00d33 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\NewUpdater.exe
7f56fd57ebbe781608d1c60bd6c1d47c c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys
5ca2e4e0923ee93108b76fb8f14e9301 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys
7bf7654bce781d01af1e4d76c5118da0 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFHelper.exe
51abe24dbdc5555e3def142bd77d14de c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFPopups.exe
ae08f59a41f0c5e9d6410e1244e98108 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe
19c7194f330842eac0fa2de56d854d9d c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFaster.exe
22f18dc888bdff086c6b1cfbbb70b391 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterFeedback.exe
4f8ac1978a3711e18104adfb036386b7 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe
dcc373c23cee9268f9e2a02b80ef8a38 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll
93645755b5a4056a6c192ed13a7c50f9 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\CleanerEngine.dll
bcf3fc7216c1200a88cf0f6286230504 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Plugin_Cleaner.dll
eb19f9b312f6ae421778e092bf8d1d35 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll
257a6c36739de4675ea80061fcb9e10d c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll
99ecf31c6158ac19b954b0107a555b42 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\Plugin_OptimizerEx.dll
6b9c0dde64f47719e0ba5162efeda8a6 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll
58c611a556f9d47f4f6246de79f58ea5 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\PopupTip.exe
4f8ac1978a3711e18104adfb036386b7 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe
cd0a9dcf5387d454d25c368602244a43 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Uninstall.exe
8da1fed6d924cce80efb71ae37b58c2c c:\Program Files\Baidu Security\PC Faster\5.0.0.0\Updater.exe
92102836e55c4b3ef022edd071abb00b c:\Program Files\Baidu Security\PC Faster\5.0.0.0\WebClient.dll
88d62065f635baae190eccf04a37a4fe c:\Program Files\Baidu Security\PC Faster\5.0.0.0\dbghelp.dll
1b5c104c247b5d45268811361e868c69 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\liveupdate.exe
ef794cdfc47e0904cd6e9498b95669b4 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\log.dll
b4a7694d798fd0cd508269fb7e2b0360 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\log2.dll
7e9bec8fd8acc5492dae419558cf6cd0 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\log64.dll
2047251c8a8fb23c1b6d12caf3be7d9f c:\Program Files\Baidu Security\PC Faster\5.0.0.0\plugscan\BavPc.dll
9d20e33e1a1f26bce5b731d83f126351 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\plugscan\EnumModules.exe
f067725a3dc97dc5cdb268883a336673 c:\Program Files\Baidu Security\PC Faster\5.0.0.0\sqlite.dll
a009f55523eda11c9fd0a778db662eab c:\Program Files\Baidu Security\PC Faster\5.0.0.0\update.dll
b5fc476c1bf08d5161346cc7dd4cb0ba c:\Program Files\Pci Recovery\lua5.1.dll
dec931e86140139380ea0df57cd132b6 c:\Program Files\Pci Recovery\uninstall.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\drivers\Bhbase.sys" the Trojan-Downloader controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\drivers\Bhbase.sys" the Trojan-Downloader controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\drivers\Bhbase.sys" the Trojan-Downloader controls loading executable images into a memory by installing the Load image notifier.
The Trojan-Downloader installs the following kernel-mode hooks:

ZwAssignProcessToJobObject
ZwCreateFile
ZwCreateKey
ZwCreateProcess
ZwCreateProcessEx
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateThread
ZwDeleteFile
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDuplicateObject
ZwEnumerateValueKey
ZwLoadDriver
ZwOpenProcess
ZwOpenSection
ZwOpenThread
ZwProtectVirtualMemory
ZwQueryValueKey
ZwQueueApcThread
ZwRenameKey
ZwRequestWaitReplyPort
ZwRestoreKey
ZwSetContextThread
ZwSetInformationFile
ZwSetSecurityObject
ZwSetSystemInformation
ZwSetValueKey
ZwSuspendThread
ZwSystemDebugControl
ZwTerminateProcess
ZwTerminateThread
ZwUnmapViewOfSection
ZwWriteFile
ZwWriteVirtualMemory

Propagation

VersionInfo

Company Name:
Product Name: Setup Factory Runtime
Product Version: 9.1.0.0
Legal Copyright: Setup Engine Copyright (c) 2004-2012 Indigo Rose Corporation
Legal Trademarks: Setup Factory is a trademark of Indigo Rose Corporation.
Original Filename: suf_launch.exe
Internal Name: suf_launch
File Version: 9.1.0.0
File Description: Setup Application
Comments: Created with Setup Factory
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 22296 22528 4.47735 c76b9ce587690b8a39ba7840b7dd540c
.rdata 28672 11906 12288 3.44864 e96aa4f970e6f6799910a72904df3100
.data 40960 6504 3072 1.79291 e504fdbba062ee9bbd9ac425a4f5c0f5
.rsrc 49152 28108 28160 4.03415 f07da938ca4a81c16d34f6b033be873e
.reloc 77824 4242 4608 2.5731 a88bdb6f651ecf67b1b3db4a2866ea4e

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 6
2561ffa6912df85a0bb87432895cb317
67c85984484428b9cd1659116ebc5199
65b999a993292069baf5f7941015acdc
8f3435b2e0eb81c9a66e6701811caf9d
cff88f12e54579f4fe5db5c960fea71f
883a6af17dfd2e3fde85bf03e2548a5c

URLs

URL IP
hxxp://prova.adspirit.de/adclick.php?pid=7026&wmid=4361&chc=1?=
hxxp://trk2it1.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121
hxxp://trk2it1.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121&ckmguid=fe51e140-bf10-4736-9486-c2beb18e2817
hxxp://pcfhome.wshifen.com/pt/?da=1&REQUEST_ID=144327560
hxxp://cyberdados.com/pcfaster/pcfaster.php
hxxp://pcfhome.wshifen.com/cgi/s2s/dl.php?cr=&lang=pt&ptn=da&host=http://dl-vip.pcfaster.baidu.com/&sid=144327560
hxxp://prova.adspirit.de/adclick.php?pid=7026&wmid=15657&chc=1?=
hxxp://network.adsmarket.com/click/iWdslmfKe5mKZmrEXsp6w4pkaZhfnH6Vt2dsnWege8OJY2yWXpypnY1kaZ1f?dp=ap7026w15657t1419090125&dp2=8909&dp3="%local server IP%" 193.169.104.1
hxxp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mat&subid=123101&clickID=20Bxhl1vJnZ4PiAA3noevs1y2mau000.&lplink=hxxp://www.yac.mx/ssc/yac.php?pt=mat&pubid=16319&ce_cid=20Bxhl1vJnZ4PiAA3noevs1y2mau000. 50.97.45.26
hxxp://www.yac.mx/ssc/yac.php?pt=mat 184.173.128.179
hxxp://www.yac.mx/download/config/down.php?pt=mat 184.173.128.179
hxxp://75.126.133.150/download/dl/yet_another_cleaner_mat.exe
hxxp://sync.pcfaster.baidu.com.eg/cgi-bin-py/mini_install_statistic_info.cgi 185.10.107.72
hxxp://www.a.shifen.com/
hxxp://speedtest.wshifen.com/opencgi/downinfo.php?m=start_download&i=e939675892611217d37e7da12c55d0371419090132&s=63.217.158.157&u=hxxp://download.pcfaster.baidu.com.eg/newver_B104.xml&t=2014/12/20 12:32:52&v=4.0.0.80846&p=0&speed=0&code=20000 63.217.158.146
hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=application.exit.vm 65.255.35.150
hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=application.start 65.255.35.150
hxxp://www.yac.mx/download/config/db.php?action=returnjson&name=yet_another_cleaner_mat.exe 184.173.128.179
hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=visit.start&update0=ref,banner&update1=nation,us&update2=language,en&update3=version,1.0.75&update4=ref1,mat&update5=os,winxp 65.255.35.150
hxxp://pcfaster-down-eg.wshifen.com/newver_B104.xml?userid={e939675892611217d37e7da12c55d037}&rand=666B747F
hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=download.start 65.255.35.150
hxxp://s2s.yac.mx/dl.php?file=/download/ds/yac.exe 50.97.45.26
hxxp://speedtest.wshifen.com/opencgi/downinfo.php?m=end_download&i=e939675892611217d37e7da12c55d0371419090132&s=63.217.158.157&u=hxxp://download.pcfaster.baidu.com.eg/newver_B104.xml&t=2014/12/20 12:32:55&v=4.0.0.80846&p=10000&speed=4541&code=30000 63.217.158.146
hxxp://dl2.yac.mx/download/ds/yac.exe 75.126.133.148
hxxp://speedtest.wshifen.com/opencgi/downinfo.php?m=start_download&i=e939675892611217d37e7da12c55d0371419090137&s=63.217.158.141&u=hxxp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe&t=2014/12/20 12:32:57&v=4.0.0.80846&p=0&speed=0&code=20000 63.217.158.146
hxxp://pcfaster-down-th.wshifen.com/PC_Faster_Setup_B104.exe?userid={e939675892611217d37e7da12c55d037}&rand=666B747F
hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=download.success 65.255.35.150
hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=install.start 65.255.35.150
hxxp://xa.xingcloud.com/v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=install.finish 65.255.35.150
hxxp://speedtest.wshifen.com/opencgi/downinfo.php?m=end_download&i=e939675892611217d37e7da12c55d0371419090137&s=63.217.158.141&u=hxxp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe&t=2014/12/20 12:33:14&v=4.0.0.80846&p=10000&speed=1522468&code=30000 63.217.158.146
hxxp://pcfhome.wshifen.com/cgi/ip/getCode.php
hxxp://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59 185.10.107.72
hxxp://sync.security.baidu.co.th/cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59 180.76.2.169
hxxp://sync.pcfaster.baidu.com.eg/cgi-bin-py/get_pcf_statistic_info.cgi 185.10.107.72
hxxp://sync.pcfaster.baidu.com.eg/cgi-bin/get_security_client_update_info.cgi?ChannelName=DirectAgents|br|IBD|Banner&DataVersion=2014.09.25.101556&FilesCompleteness=no&guid=e939675892611217d37e7da12c55d037&Ismanual=no&IsPro=pcf&os=5.1.2600&svr=0&cpu=32&lang=0409&ProgramVersion=5.0.4.87531 185.10.107.72
hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/FileList.xml.7z
hxxp://sync.security.baidu.co.th/cgi-bin-py/predup.cgi?p=10&id=S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB&d=undefined&Ch=undefined&Pr=01 180.76.2.169
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/DataFileVer.xml
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/DataFileList.xml.7z
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff
hxxp://pcfhome.wshifen.com/cgi/s2s/statistic.php?sid=144327560&channel=DirectAgents|br|IBD|Banner&uid=e939675892611217d37e7da12c55d037
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/WiFiMac.dat.7z
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/WiFiNpc.dat.7z
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.LeakRepair/LeakDB-x86-1033.dat
hxxp://trk2it1.com/p.ashx?o=30674&f=pb&r=144327560&t=e939675892611217d37e7da12c55d037
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Optimizer/SysOpt/optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/AudioList.dat.7z
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/BrowserList.dat.7z
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/PhotoList.dat.7z
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/VideoList.dat.7z
hxxp://pcf-updown-th.wshifen.com/pcf_data/2014.12.09.115357/GameList.xml.7z
hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/BaiduStore.dll.7z
hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/BavConfig.ini.7z
hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/BavData.dll.7z
hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff
hxxp://pcf-updown-th.wshifen.com/5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe.7z
hxxp://dl2.security.baidu.co.th/PC_Faster_Setup_B104.exe?userid={e939675892611217d37e7da12c55d037}&rand=666B747F 63.217.158.141
hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/BaiduStore.dll.7z 180.76.10.142
hxxp://www.pcfaster.com/cgi/s2s/statistic.php?sid=144327560&channel=DirectAgents|br|IBD|Banner&uid=e939675892611217d37e7da12c55d037 63.217.158.102
hxxp://www.pcfaster.com/cgi/s2s/dl.php?cr=&lang=pt&ptn=da&host=http://dl-vip.pcfaster.baidu.com/&sid=144327560 63.217.158.102
hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/BavConfig.ini.7z 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/BavData.dll.7z 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/DataFileList.xml.7z 180.76.10.142
hxxp://sync.bav.baidu.com/cgi-bin-py/predup.cgi?p=10&id=S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB&d=undefined&Ch=undefined&Pr=01 180.76.2.169
hxxp://pcfaster.baidu.com.eg/cgi/ip/getCode.php
hxxp://download.pcfaster.baidu.com.eg/newver_B104.xml?userid={e939675892611217d37e7da12c55d037}&rand=666B747F 63.217.158.157
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/WiFiNpc.dat.7z 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.LeakRepair/LeakDB-x86-1033.dat 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/PhotoList.dat.7z 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/AudioList.dat.7z 180.76.10.142
hxxp://smarttrk.com/?a=10577&oc=1837&c=8086&s1=&s1=8909&s2=ap7026w4361t1419090121&ckmguid=fe51e140-bf10-4736-9486-c2beb18e2817 50.56.163.59
hxxp://smarttrk.com/p.ashx?o=30674&f=pb&r=144327560&t=e939675892611217d37e7da12c55d037 50.56.163.59
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Optimizer/SysOpt/optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff 180.76.10.142
hxxp://ads.sprintrade.com/adclick.php?pid=7026&wmid=4361&chc=1?=
hxxp://ads.sprintrade.com/adclick.php?pid=7026&wmid=15657&chc=1?=
hxxp://update.pcfaster.baidu.com.eg/cgi-bin/get_security_client_update_info.cgi?ChannelName=DirectAgents|br|IBD|Banner&DataVersion=2014.09.25.101556&FilesCompleteness=no&guid=e939675892611217d37e7da12c55d037&Ismanual=no&IsPro=pcf&os=5.1.2600&svr=0&cpu=32&lang=0409&ProgramVersion=5.0.4.87531 185.10.107.72
hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe.7z 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/FileList.xml.7z 180.76.10.142
hxxp://184.173.128.179/download/config/db.php?action=returnjson&name=yet_another_cleaner_mat.exe
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/DataFileVer.xml 180.76.10.142
hxxp://www.baidu.com/ 180.76.3.151
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/WiFiMac.dat.7z 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update/bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff 180.76.10.142
hxxp://rd.yac.mx/dl.php?file=/download/ds/yac.exe 50.97.45.26
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/BrowserList.dat.7z 180.76.10.142
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/GameList.xml.7z 180.76.10.142
hxxp://www.pcfaster.com/pt/?da=1&REQUEST_ID=144327560 63.217.158.102
hxxp://updown.pcfaster.baidu.co.th/pcf_data/2014.12.09.115357/Plugins/Plugin.Tools/DefaultPrograms/VideoList.dat.7z 180.76.10.142


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA HTTP response header invalid
ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE headers
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
SURICATA STREAM SHUTDOWN RST invalid ack
SURICATA STREAM FIN invalid ack
SURICATA STREAM FIN out of window

Traffic

POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------670966d3ab674b7e82430a42a7a41b3a
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 920
Connection: Keep-Alive

--------670966d3ab674b7e82430a42a7a41b3a
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].dat"
Content-Type: application/octet-stream

.......;......!...{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M.s...a..............b..............i....F..... .6.8.d.5.0.9.8.7.c.a.3.7.1.8.f.7.6.f.6.6.6.c.a.3.e.d.4.5.f.1.2.5...j............2.1.7.6.8.4.0.0...p..........H.0.0.0.0.0.0.0.0.-.0.0.0.C.2.9.6.8.1.7.B.B.!.0.0.c.c.4.4.a.8.-.0.b.f.d.-.4.d.1.a.-.8.e.7.a.-.4.7.4.5.2.9.6.3.5.d.9.e.@.#.0.0.0.C.2.9.6.8.1.7.B.B..........D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r..........A...
--------670966d3ab674b7e82430a42a7a41b3a--

HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:42:35 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alive
success..



GET /cgi/s2s/statistic.php?sid=144327560&channel=DirectAgents|br|IBD|Banner&uid=e939675892611217d37e7da12c55d037 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.pcfaster.com
Connection: Keep-Alive
Cookie: ptn=da


HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:43:46 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 252
Connection: Keep-Alive
Content-Type: text/html
...........Q=S.0...WD.F... .&X....X.. .G.,................[qv.p.{z.'..
.f#B DtV..dI....N.dQF3.....u.=.l#h..7i.G...w....,.."I;;..w...`q.G.f{..
... ......-.;m'.h.u........^...:&j.^o.di.....>.....yY.1J[.......,.3
n....,.eiR...............'..jI.~...7.Dx........



GET /cgi-bin-py/get_channel_info.cgi?install_channel=DirectAgents|br|IBD|Banner&version=5.0.4.87531&errorcode=0&errortext=&userid=e939675892611217d37e7da12c55d037&old_userid=00000000-000C296817BB!00cc44a8-0bfd-4d1a-8e7a-474529635d9e@#000C296817BB&install_time=2014-12-20 10:33:18&install_time_num=1419064398&cost_time=38&file_created_time=2014-12-20 10:32:59 HTTP/1.1
Accept: */*
Cache-Control: no-cache
Host: sync.security.baidu.co.th
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 22
Content-Type: text/html;charset=utf-8
Connection: Keep-Alive
upload channel info ok..



GET /click/iWdslmfKe5mKZmrEXsp6w4pkaZhfnH6Vt2dsnWege8OJY2yWXpypnY1kaZ1f?dp=ap7026w15657t1419090125&dp2=8909&dp3="%local server IP%" HTTP/1.1
Accept: */*
User-Agent: Setup Factory 8.0
Connection: Keep-Alive
Cache-Control: no-cache
Host: network.adsmarket.com


HTTP/1.1 302 Found
Date: Sat, 20 Dec 2014 15:42:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=1ui2fujtfaqcao0hu836k2lnm1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ce-visitor-iWNsll6c=imF73ZbXe9qin5OZftSLpYufqMqk3nvdip6a2l6bepI; expires=Tue, 03-Feb-2015 15:42:10 GMT; path=/; domain=network.adsmarket.com
Set-Cookie: ce-click-kGptm16hfcOLYXKZXp2DnI5j=kGptm16hfcOLYXKZXp2DnI5j; expires=Sun, 21-Dec-2014 15:42:10 GMT; path=/; domain=network.adsmarket.com
Location: hXXp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mat&subid=123101&clickID=20Bxhl1vJnZ4PiAA3noevs1y2mau000.&lplink=hXXp://VVV.yac.mx/ssc/yac.php?pt=mat&pubid=16319&ce_cid=20Bxhl1vJnZ4PiAA3noevs1y2mau000.
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Length: 0
Keep-Alive: timeout=15, max=1964
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8



GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=download.success HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.71 ms","message":"store 1 action and 0 upd
ate "}..0......


GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=install.start HTTP/1.1


Host: xa.xingcloud.com
Cache-Control: no-cache

GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=install.finish HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.64 ms","message":"store 1 action and 0 upd
ate "}..0..



GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=application.start HTTP/1.1
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.70 ms","message":"store 1 action and 0 upd
ate "}..0......


GET /v4/yac-newdl/vmwarexvirtualxidexhardxdrive_00000000000000000001?action=visit.start&update0=ref,banner&update1=nation,us&update2=language,en&update3=version,1.0.75&update4=ref1,mat&update5=os,winxp HTTP/1.1


Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 20 Dec 2014 15:42:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.87 ms","message":"store 2 action and 6 upd
ate "}..0..



GET /cgi-bin/get_security_client_update_info.cgi?ChannelName=DirectAgents|br|IBD|Banner&DataVersion=2014.09.25.101556&FilesCompleteness=no&guid=e939675892611217d37e7da12c55d037&Ismanual=no&IsPro=pcf&os=5.1.2600&svr=0&cpu=32&lang=0409&ProgramVersion=5.0.4.87531 HTTP/1.1
Accept: */*
Cache-Control: no-cache
User-Agent: 5.0.4.87531
Host: update.pcfaster.baidu.com.eg
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:43:43 GMT
Server: Apache
Content-Length: 422
Connection: Keep-Alive
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?><ServerRespond XmlVersi
on="1.0"><Version>5.0.7.99579</Version><UpdateProgra
m Md5="0xda2f6841a2757dca21a04e5040daeefb" NeedUpdate="Yes" Size="3463
94" Url="hXXp://updown.pcfaster.baidu.co.th/5.0.7.99579/baidu_update"/
><UpdateData Md5="0x966a83cac9e65ee2467d7a8b07b9683c" NeedUpdate
="Yes" Size="16704" Url="hXXp://updown.pcfaster.baidu.co.th/pcf_data/2
014.12.09.115357"/></ServerRespond>..



GET /cgi-bin-py/predup.cgi?p=10&id=S-1-5-21-1844237615-1960408961-1801674531-1003#000C296817BB&d=undefined&Ch=undefined&Pr=01 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: sync.bav.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:43:45 GMT
Server: Apache
Content-Length: 21
Connection: Keep-Alive
Content-Type: application/octet-stream
upload predup info ok..



GET /pt/?da=1&REQUEST_ID=144327560 HTTP/1.1
Accept: */*
Host: VVV.pcfaster.com
User-Agent: Setup Factory 8.0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:05 GMT
Server: Apache
Set-Cookie: ptn=da; expires=Sun, 21-Dec-2014 15:42:05 GMT; path=/
Vary: Accept-Encoding
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
2042..<!DOCTYPE html>..<html lang="pt">..<head>..   
 <script>var tm = new Date().getTime();var tr = [tm];</script
>..    <!--[if IE]><meta http-equiv="X-UA-Compatible" cont
ent="IE=edge,chrome=1"><![endif]-->..    <meta charset="ut
f-8"/>..    <title>Baidu PC Faster | We Make PC Faster</ti
tle>..        <script> ..        void function(g,f,j,c,h,d,b)
{g.alogObjectName=h,g[h]=g[h]||function(){(g[h].q=g[h].q||[]).push(arg
uments)},g[h].l=g[h].l|| new Date,d=f.createElement(j),d.async=!0,d.sr
c=c,b=f.getElementsByTagName(j)[0],b.parentNode.insertBefore(d,b)}(win
dow,document,"script","hXXp://img.baidu.com/hunter/alog/alog.min.js","
alog");void function(){function c(){return;}window.PDC={mark:function(
a,b){alog("speed.set",a,b|| new Date);alog.fire&&alog.fire("mark")},in
it:function(a){alog("speed.set","options",a)},view_start:c,tti:c,page_
ready:c}}();void function(n){var o=!1;n.onerror=function(n,e,t,c){var 
i=!0;return!e&&/^script error/i.test(n)&&(o?i=!1:o=!0),i&&alog("except
ion.send","exception",{msg:n,js:e,ln:t,col:c}),!1},alog("exception.on"
,"catch",function(n){alog("exception.send","exception",{msg:n.msg,js:n
.path,ln:n.ln,method:n.method,flag:"catch"})})}(window);..    </scr
ipt>..        <meta property="og:title" content="Baidu PC Faster
 | We Make PC Faster" />..    <meta property="og:type" content="
website" />..    <meta property="og:url" content="hXXp://securit
y.baidu.co.th/th/about.php" />..    <meta property="og:image
<<< skipped >>>

GET /cgi/s2s/dl.php?cr=&lang=pt&ptn=da&host=http://dl-vip.pcfaster.baidu.com/&sid=144327560 HTTP/1.1


Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: VVV.pcfaster.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ptn=da


HTTP/1.1 200 OK
Date: Sat, 20 Dec 2014 15:42:06 GMT
Server: Apache
Content-Disposition: attachment;filename="PC_Faster_Setup_Mini_B104_V12169244.exe";
Vary: Accept-Encoding
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/x-msdownload
1e6c20..MZ......................@.....................................
..........!..L.!This program cannot be run in DOS mode....$.......t4..
0U..0U..0U....,.9U..9-/..U..9-9..U..9->.UU......1U..0U...T.......U.
.9-0..U......1U..9- .1U..Rich0U..................PE..L...A0.S.........
.................................@.................................$..
...@.................................T........................R.. ....
.......`...................................@..........................
..................text...V........................... ..`.rdata...%...
....&..................@..@.data...............................@....rs
rc................|..............@..@.reloc...........................
...@..B...............................................................
......................................................................
......................................................................
......................................................................
.......................................................U.....Q.}..V..u
2.E.............t^...u%f.}..u..V.j.R..L.P..E.......3.^..]......u..N.j.
Q..L.P..U.......3.^..]......u..F.j.P..L.P..M.......3.^..]......u*.T$.R
.D$......H....|$...M...t......^..]...=....u..E.......U........^..]...=
....u..F,.....E............^..]...=......4....N(Q..T...V.j.R..L.P..E..
..........^..]...........j.h:DP.d.....PV. .S.3.P.D$.d......t$.V.5c...D
$.....h .@.h..@.j j..F4P..$.Q..F(.....F,.....F0.....v....D$..h..Q.j j.
j.j.j.j.j.j.h....j.j.j.j.....P..F$.D$........L$.d......Y^.........
<<< skipped >>>


GET /PC_Faster_Setup_B104.exe?userid={e939675892611217d37e7da12c55d037}&rand=666B747F HTTP/1.1
Range: bytes=0-21768399
Host: dl2.security.baidu.co.th
Accept: */*
User-Agent: PC_Faster_Setup_Mini_B104_1443275604.0.0.80846
Pragma: no-cache
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:42:18 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Content-Length: 21768400
Content-Range: bytes 0-21768399/21768400
CDN-key: 68d50987ca3718f76f666ca3ed45f125
Accept-Ranges: bytes
Last-Modified: Fri, 26 Sep 2014 08:37:07 GMT
ETag: "894c054-14c28d0-503f3d27e92c0"
CDN-AGE: 3
MZ......................@...y.L.......................................
..!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x
..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7.......
.................PE..L....l.K.................d.......B..K5...........
.@...........................".......L................................
...............!..<............L. .................................
...........................................................text....c..
.....d.................. ..`.rdata...............h..............@..@.d
ata....f..........................@....ndata..........................
.........rsrc....<....!..>..................@..@................
......................................................................
......................................................................
......................................................................
......................................................................
........................................................U....\.}..t .}
.F.E.u..H......G..H.P.u..u..u...|.@..K...SV.5..G.W.E.P.u.....@..e...E.
.E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...
FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E
..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E...
...E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...
u....E.P.u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i
. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_
<<< skipped >>>


GET /newver_B104.xml?userid={e939675892611217d37e7da12c55d037}&rand=666B747F HTTP/1.1
Range: bytes=0-375
Host: download.pcfaster.baidu.com.eg
Accept: */*
User-Agent: PC_Faster_Setup_Mini_B104_1443275604.0.0.80846
Pragma: no-cache
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:42:15 GMT
Content-Type: application/xml
Connection: keep-alive
Content-Length: 376
Content-Range: bytes 0-375/376
CDN-key: ee0b28857a2d13219497c63f49560e4d
Accept-Ranges: bytes
Last-Modified: Mon, 29 Sep 2014 07:18:04 GMT
ETag: "d404ec-178-5042f11504300"
CDN-AGE: 3
...<?xml version="1.0" encoding="UTF-8" ?><update_info md5="8
e5ea2c04938259bcf94fe946653efd2"><item name="Baidu_Secure_System
Up_5.0.4.87531" version="5.0.4.87531" type="full_package" mode="normal
" require_admin="yes" parameter="/S" size="21768400" md5="68d50987ca37
18f76f666ca3ed45f125" url="hXXp://dl2.security.baidu.co.th/PC_Faster_S
etup_B104.exe" thread="1"/></update_info>..



POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------8c798f3784f7406eac4b5fea4ec471d8
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 1747
Connection: Keep-Alive

--------8c798f3784f7406eac4b5fea4ec471d8
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].dat"
Content-Type: application/octet-stream

.......;...... .;.{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M.....-#......:#......?#......_....".......6.3...2.1.7...1.5.8...1.4.1...d............5...0...4...8.7.5.3.1...g..........t.h.t.t.p.:././.d.l.2...s.e.c.u.r.i.t.y...b.a.i.d.u...c.o...t.h./.P.C._.F.a.s.t.e.r._.S.e.t.u.p._.B.1.0.4...e.x.e.?.u.s.e.r.i.d.=.%.7.B.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.%.7.D.&.r.a.n.d.=.6.6.6.B.7.4.7.F...h....b.......P.C._.F.a.s.t.e.r._.S.e.t.u.p._.M.i.n.i._.B.1.0.4._.1.4.4.3.2.7.5.6.0.4...0...0...8.0.8.4.6...k....F..... .6.8.d.5.0.9.8.7.c.a.3.7.1.8.f.7.6.f.6.6.6.c.a.3.e.d.4.5.f.1.2.5...l............2.1.7.6.8.4.0.0...m....F..... .8.e.5.e.a.2.c.0.4.9.3.8.2.5.9.b.c.f.9.4.f.e.9.4.6.6.5.3.e.f.d.2...n....F..... .8.e.5.e.a.2.c.0.4.9.3.8.2.5.9.b.c.f.9.4.f.e.9.4.6.6.5.3.e.f.d.2...o..........q.h.t.t.
HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:42:19 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alive
success..



POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------122888794d2b473290cd03c85968f24f
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 1255
Connection: Keep-Alive

--------122888794d2b473290cd03c85968f24f
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].dat"
Content-Type: application/octet-stream

.......;...... .3.{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M.....3#......Z..............\..............c............D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r.|.i.r.s.e.t.u.p...e.x.e.|.S.e.t.u.p. .A.p.p.l.i.c.a.t.i.o.n.|.9...1...0...0.|.S.e.t.u.p. .F.a.c.t.o.r.y. .R.u.n.t.i.m.e.|.9...1...0...0.|.R.u.n.t.i.m.e. .E.n.g.i.n.e. .C.o.p.y.r.i.g.h.t. ... .2.0.1.2. .I.n.d.i.g.o. .R.o.s.e. .C.o.r.p.o.r.a.t.i.o.n. .(.w.w.w...i.n.d.i.g.o.r.o.s.e...c.o.m.).|.1.3.1.3.K.B.|.d.e.c.9.3.1.e.8.6.1.4.0.1.3.9.3.8.0.e.a.0.d.f.5.7.c.d.1.3.2.b.6...p..........H.0.0.0.0.0.0.0.0.-.0.0.0.C.2.9.6.8.1.7.B.B.!.0.0.c.c.4.4.a.8.-.0.b.f.d.-.4.d.1.a.-.8.e.7.a.-.4.7.4.5.2.9.6.3.5.d.9.e.@.#.0.0.0.C.2.9.6.8.1.7.B.B..........D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r..........A...
--------122888794d2b473290cd03c85968f
HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:42:12 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alive
success..



POST /cgi-bin-py/mini_install_statistic_info.cgi HTTP/1.1
Accept: */*
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=------c05107058ae649958a316f7f06fbb4cb
User-Agent: BaiduIS/1.0
Host: sync.pcfaster.baidu.com.eg
Content-Length: 788
Connection: Keep-Alive

--------c05107058ae649958a316f7f06fbb4cb
Content-Disposition: form-data; name="ufile01"; filename="rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].dat"
Content-Type: application/octet-stream

.......;......!...{.e.9.3.9.6.7.5.8.9.2.6.1.1.2.1.7.d.3.7.e.7.d.a.1.2.c.5.5.d.0.3.7.}...........................................................................................................................................................................................M.....0#......p..........H.0.0.0.0.0.0.0.0.-.0.0.0.C.2.9.6.8.1.7.B.B.!.0.0.c.c.4.4.a.8.-.0.b.f.d.-.4.d.1.a.-.8.e.7.a.-.4.7.4.5.2.9.6.3.5.d.9.e.@.#.0.0.0.C.2.9.6.8.1.7.B.B..........D.i.r.e.c.t.A.g.e.n.t.s.|.b.r.|.I.B.D.|.B.a.n.n.e.r..........A...
--------c05107058ae649958a316f7f06fbb4cb--

HTTP/1.1 200 OK
Server: nginx/1.3.9
Date: Sat, 20 Dec 2014 15:42:36 GMT
Content-Type: text/plain
Content-Length: 7
Connection: Keep-Alive
success..



HEAD /newver_B104.xml?userid={e939675892611217d37e7da12c55d037}&rand=666B747F HTTP/1.1
Range: bytes=0-
Host: download.pcfaster.baidu.com.eg
Accept: */*
User-Agent: PC_Faster_Setup_Mini_B104_1443275604.0.0.80846
Pragma: no-cache
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.17B
Date: Sat, 20 Dec 2014 15:42:14 GMT
Content-Type: application/xml
Content-Length: 376
Connection: keep-alive
Last-Modified: Mon, 29 Sep 2014 07:18:04 GMT
ETag: "d404ec-178-5042f11504300"
Accept-Ranges: bytes
Age: 125297
X-Cache: HIT from baidu-cdn
Via: 1.1 baidu-cdn:7301 (squid/2.7.STABLE9)
CDN-AGE: 0
Content-Range: bytes 0-375/376



GET /download/config/db.php?action=returnjson&name=yet_another_cleaner_mat.exe HTTP/1.1
User-Agent: dsk
Host: 184.173.128.179
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: ngx_openresty
Date: Sat, 20 Dec 2014 15:39:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.17
45..{"openurl":"http:\/\/VVV.yac.mx\/installed.html","ptid":"banner;ma
t"}..0..



POST /pcfaster/pcfaster.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Setup Factory 8.0
Host: cyberdados.com
Content-Length: 46577
Connection: Keep-Alive
Cache-Control: no-cache

html=


    
    
    
    Baidu PC Faster | We Make PC Faster
        



PCFasterSvc.exe_1820:




.text
`.rdata
@.data
.rsrc
@.reloc
vSSSh
FTPjK
FtPj;
C.PjRV
CNotSupportedException
hhctrl.ocx
CCmdTarget
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
portuguese-brazilian
operator
GetProcessWindowStation
USER32.DLL
%s$x$x
%s$%x
mscoree.dll
coredll.dll
-60%!<:;
$x
;3:'84!<:;
6666666666666666
BHips.dll
Thread %d: invalid start address X!!!
%d: BaseThreadStart = X
kernel32.dll
message %d, %X, %X, %X
KrnMsg
\\.\PhysicalDrive%d
\\.\Scsi%d:
00000000
s:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFasterSvc.pdb
DataReport.dll
log2.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetKeyState
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
USER32.dll
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GDI32.dll
WINSPOOL.DRV
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
ADVAPI32.dll
SHELL32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
VERSION.dll
WTSAPI32.dll
USERENV.dll
OLEACC.dll
PSAPI.DLL
.PAVCOleException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.?AVCCmdTarget@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
zcÁ
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKey32@@
.?AUKrnMsg@Msg@KRN_UI_protocol@@
.PAVCException@@
.?AUPIPEINST2@@
<item id="SysOptEngine" logicModePath="Plugin.Optimizer\SysOptEngine.dll" status="true" />
<item id="LeakRepair" logicModePath="Plugin.LeakRepair\LeakRepair.dll" status="false" />
<item id="SystemInformation" logicModePath="Plugin.Home\SystemInformation.dll" status="false" />
<item id="CleanerEngine" logicModePath="Plugin.Cleaner\CleanerEngine.dll" status="true" />
<item id="SysRepair" logicModePath="Plugin.SysRepair\SysRepair.dll" status="false" />
<item id="SysAndNetworkOpt" logicModePath="Plugin.SysAndNetworkOpt\SysAndNetworkOpt.dll" status="true" />
<item id="PluginRemover" logicModePath="Plugin.PluginRemover\PluginRemover.dll" status="false" />
<item id="1" uiModePath="Plugins\Plugin.HomeEx\Plugin_HomeEx.dll" tabButtonId="tab.main.home" status="true" />
<item id="2" uiModePath="Plugins\Plugin.Cleaner\Plugin_Cleaner.dll" tabButtonId="tab.main.systemclear" status="true" />
<item id="3" uiModePath="Plugins\Plugin.Optimizer\Plugin_OptimizerEx.dll" tabButtonId="tab.main.optimizer" status="true" />
<item id="4" uiModePath="Plugins\Plugin.Antivirus\Plugin_Antivirus.dll" tabButtonId="tab.main.antivirus" status="true" />
<item id="5" uiModePath="Plugins\Plugin.LeakRepair\Plugin_LeakRepair.dll" tabButtonId="tab.main.leakrepair" status="false" />
<item id="6" uiModePath="Plugins\Plugin.USBSafe\Plugin_USBSafe.dll" tabButtonId="" status="false" />
<item id="7" uiModePath="Plugins\Plugin.Tools\Plugin_Tools.dll" tabButtonId="tab.main.tools" status="false" />
<item id="8" uiModePath="Plugins\Plugin.SoftMgr\Plugin_SoftMgr.dll" tabButtonId="tab.main.softmgr" status="false" />
<item id="10" uiModePath="Plugins\Plugin.Facebook\Plugin_Facebook.dll" tabButtonId="" status="true" />
<item id="11" uiModePath="AndroidStore.exe" tabButtonId="tab.main.androidstore" status="false" />
.eYB>
:.UTT$
\.CD9D
"""%####
@@@#@@@%@@@%@@@#@@@
"""%%%%!
@@@!@@@%@@@%@@@!@@@
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
9Ÿ9K9l9
6$6(6,606
3.44484<4@4
4_5K5f5{5
;$;7;&< <
3!31373?3
> ?$?(?,?0?4?
> >$>(>,>0>
7%7 767;7}7
566C6n6%7X7
:$:,:8:\:|:
C%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Ccomctl32.dll
Ccomdlg32.dll
Cshell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
ole32.dll
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
ntdll.dll
KERNEL32.DLL
explorer.exe
HTTP/1.1
BugReportConfig.ini
ShowBugReport
DumpConfig.ini
_ServerStore.dat
hXXp://
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
\StringFileInfo\xx\%s
BugReportConfig
BugInfoUploadURL
hXXp://sync.bav.baidu.com
BugURL
hXXp://bug.bav.baidu.com
Baidu Crash Report
CrashCallBackExe
c:\crash.ini
CrashReport.exe
\StringFileInfo\x\%s
\StringFileInfo\X
PatchExportTable
FPatchMyImportTables
%S$%x
public %s
sub_%0X
%sloc_%0X
loc_%0X:
push %seg
pop %seg
setÌ
cmovÌ
66006666
xmm%d
st(%d)
%s (%0Xh)
 %0Xh
-%0Xh
%s:%s
%0Xh:%0Xh
%0Xh, %0Xh
BAD ptr %s
oword ptr %s
tbyte ptr %s
qword ptr %s
dword ptr %s
word ptr %s
byte ptr %s
d-d-d d:d:d
Unknown error X
user_plugin_chrome_list
user_plugin_firefox_list
dir.ini
\Baidu Security\PC Faster\4.0.0.0
url.ini
%d:%d,%d:%d
Software\Microsoft\Windows\CurrentVersion\Uninstall
PCFaster.exe
\sysconfig.ini
config.ini
MainExeName
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
"%s" %s
Sensapi.dll
BugReporter.exe
failed to GetModuleFileName: 0x%x
[ClientAgent2] create window %s
lastError: %d
(id: %d,name:%S),
[ClientAgent2] (id:%d name:%S)
(id:%d name:%S),
[ClientBackground2] IPCMessage (ID:%d name:%S)
[ClientBackground2] DisconnectNamedPipe
:0x%x
[ClientBackground2] SetNamedPipeHandleState
[IPC] Readfile from server pipe failed. Errorcode: %d.
[ServerAgent2] create window %s
CreateNamedPipe
LastError [%d]
intrusive_ptr_add_ref : %S %d
[ClientBackground] DisconnectNamedPipe
[IPC] Readfile from client pipe failed. Errorcode: %d.
[ipcChannel] found no channel of this type:%d
[ipcChannel::GetPipeHandle]
ClientBackground, pipe:%s, channel:%s
\\.\Pipe\%s
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
Updater.exe
"%s" -no_ui
LookupPrivilegeValue error: %u
AdjustTokenPrivileges error: %u
user name: %s, domain: %s
WTSEnumerateSessions failed, error code:%u
WTSEnumerateSessions OK, %u sessions
%dth session: %s, id:%d, state:%d
OnSessionLogon, session id: %d
OnSessionLogoff, session id: %d
OnSessionConnect, session id: %d
StartAppForUser: %s, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Before WTSQueryUserToken, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
StartAppForActiveUser: %s, thread id: %u
LogReporter.exe
"%s" -show_ui -launch_uac_app %s
"%s" -launch_uac_app %s
Leave StartAppForActiveUser, thread id: %u
"%s" found, session id: %u, process id: %u
CreateEnvironmentBlock Failed: %u
CreateProcessAsUser Failed, error code: %u
OnShutdown, thread id: %u
OnInit, thread id: %u
WTSEnumerateSessions failed, error code: %u
winlogon.exe
Process token open Error: %u
DuplicateTokenEx Error: %u
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
%s -bhips %d %d %d
\PcfPopups.exe
-ieprotectDlg %d %d "%s"
-homepageDlg %d "%s"
OnHipsMessage: Unknown dwMid: %d
OnHipsMessage: %s
OnHipsMessage: returning result from cache: %d
OnHipsMessage: returning result from temp cache: %d
%s %s
OnHipsMessage: CreateProcessForActiveUsers failed: %d
OnHipsMessage: popup result: %d
\BHips.dll
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\services\PCFasterSvc_{PCFaster_4.0.0.0}
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos
BHips_RegisterCallback: %u(%s)
FasterNow.exe
EnableSelfProtection failed: (%X) %s
ftex.exe
DisbleSelfProtection failed: (%X) %s
LiveUpdate.exe
PCFTray.exe
PCFPopups.exe
PCFasterSvc.exe
SysOptEngineSvc.exe
SysAndNetworkOptSvc.exe
SysRepairSvc.exe
PluginRemoverSvc.exe
LeakRepairSvc.exe
LeakRepair.exe
CleanerEngineSvc.exe
CreateWindow failed: %s
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
CMsgRouteMgr::InitMgr : Load Component %s
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}_{PCFaster_4.0.0.0}
CMsgRouteMgr::InitMgr : InitIPCServer
Svc.exe
PluginConfig.xml
PluginConfig.xml
Unload component: %s
Load component %s successfully!
Can not unload component %s because the done function returns EXEC_ERROR!
Force to unload component %s even done function returns EXEC_ERROR!
CMsgRouteMgr::QueryInterface :
CMsgRouteMgr::DispatchMsg :
strCMDID
CMsgRouteMgr::QueryInfByCmdID :
bd_krn_ui_D3152864-5AFF-42e3-9FB2-99ABF218961_{PCFaster_4.0.0.0}
%s.dll
CMsgRouteMgr::DoWork
DumpReportInterval
-send_uu_msg
-no_ui -send_uu_msg
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Statistic
UpLoadReportErrorDmp
PCFHelper.exe
-svc_dowork=%d
com_ui_shellexecute
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Receive unknown init msg
Send kernel response to process: %s error!
Global\BDKERNELPROTECTOR_{PCFaster_4.0.0.0}
Baidu PC Faster 5.0.0.0
Baidu PC Faster Service 4.0.0.0
PCFasterSvc_{PCFaster_4.0.0.0}
%u.u.u.u
version.xml
Uninstall.exe
ReportURL
DataReport
%u.%u.%u.%u
Bexplorer.exe
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
CHelper::RunExeInSvc, CreateProcess(%s), pi.hProcess=%u
@[ServerBackground] PIPEINST
[ServerBackground] PIPEINST
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
5.0.4.87531
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-211
5,0,4,87456

SysOptEngineSvc.exe_1724:




.text
`.rdata
@.data
.rsrc
@.reloc
vSSSh
FTPjK
FtPj;
C.PjRV
CNotSupportedException
hhctrl.ocx
CCmdTarget
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
portuguese-brazilian
operator
GetProcessWindowStation
USER32.DLL
%s$x$x
%s$%x
mscoree.dll
coredll.dll
-60%!<:;
$x
;3:'84!<:;
6666666666666666
BHips.dll
Thread %d: invalid start address X!!!
%d: BaseThreadStart = X
kernel32.dll
message %d, %X, %X, %X
KrnMsg
\\.\PhysicalDrive%d
\\.\Scsi%d:
00000000
s:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFasterSvc.pdb
DataReport.dll
log2.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetKeyState
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
USER32.dll
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GDI32.dll
WINSPOOL.DRV
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
ADVAPI32.dll
SHELL32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
VERSION.dll
WTSAPI32.dll
USERENV.dll
OLEACC.dll
PSAPI.DLL
.PAVCOleException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCArchiveException@@
.?AVCCmdTarget@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
zcÁ
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKey32@@
.?AUKrnMsg@Msg@KRN_UI_protocol@@
.PAVCException@@
.?AUPIPEINST2@@
<item id="SysOptEngine" logicModePath="Plugin.Optimizer\SysOptEngine.dll" status="true" />
<item id="LeakRepair" logicModePath="Plugin.LeakRepair\LeakRepair.dll" status="false" />
<item id="SystemInformation" logicModePath="Plugin.Home\SystemInformation.dll" status="false" />
<item id="CleanerEngine" logicModePath="Plugin.Cleaner\CleanerEngine.dll" status="true" />
<item id="SysRepair" logicModePath="Plugin.SysRepair\SysRepair.dll" status="false" />
<item id="SysAndNetworkOpt" logicModePath="Plugin.SysAndNetworkOpt\SysAndNetworkOpt.dll" status="true" />
<item id="PluginRemover" logicModePath="Plugin.PluginRemover\PluginRemover.dll" status="false" />
<item id="1" uiModePath="Plugins\Plugin.HomeEx\Plugin_HomeEx.dll" tabButtonId="tab.main.home" status="true" />
<item id="2" uiModePath="Plugins\Plugin.Cleaner\Plugin_Cleaner.dll" tabButtonId="tab.main.systemclear" status="true" />
<item id="3" uiModePath="Plugins\Plugin.Optimizer\Plugin_OptimizerEx.dll" tabButtonId="tab.main.optimizer" status="true" />
<item id="4" uiModePath="Plugins\Plugin.Antivirus\Plugin_Antivirus.dll" tabButtonId="tab.main.antivirus" status="true" />
<item id="5" uiModePath="Plugins\Plugin.LeakRepair\Plugin_LeakRepair.dll" tabButtonId="tab.main.leakrepair" status="false" />
<item id="6" uiModePath="Plugins\Plugin.USBSafe\Plugin_USBSafe.dll" tabButtonId="" status="false" />
<item id="7" uiModePath="Plugins\Plugin.Tools\Plugin_Tools.dll" tabButtonId="tab.main.tools" status="false" />
<item id="8" uiModePath="Plugins\Plugin.SoftMgr\Plugin_SoftMgr.dll" tabButtonId="tab.main.softmgr" status="false" />
<item id="10" uiModePath="Plugins\Plugin.Facebook\Plugin_Facebook.dll" tabButtonId="" status="true" />
<item id="11" uiModePath="AndroidStore.exe" tabButtonId="tab.main.androidstore" status="false" />
.eYB>
:.UTT$
\.CD9D
"""%####
@@@#@@@%@@@%@@@#@@@
"""%%%%!
@@@!@@@%@@@%@@@!@@@
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
9Ÿ9K9l9
6$6(6,606
3.44484<4@4
4_5K5f5{5
;$;7;&< <
3!31373?3
> ?$?(?,?0?4?
> >$>(>,>0>
7%7 767;7}7
566C6n6%7X7
:$:,:8:\:|:
C%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Ccomctl32.dll
Ccomdlg32.dll
Cshell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
ole32.dll
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
ntdll.dll
KERNEL32.DLL
explorer.exe
HTTP/1.1
BugReportConfig.ini
ShowBugReport
DumpConfig.ini
_ServerStore.dat
hXXp://
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
\StringFileInfo\xx\%s
BugReportConfig
BugInfoUploadURL
hXXp://sync.bav.baidu.com
BugURL
hXXp://bug.bav.baidu.com
Baidu Crash Report
CrashCallBackExe
c:\crash.ini
CrashReport.exe
\StringFileInfo\x\%s
\StringFileInfo\X
PatchExportTable
FPatchMyImportTables
%S$%x
public %s
sub_%0X
%sloc_%0X
loc_%0X:
push %seg
pop %seg
setÌ
cmovÌ
66006666
xmm%d
st(%d)
%s (%0Xh)
 %0Xh
-%0Xh
%s:%s
%0Xh:%0Xh
%0Xh, %0Xh
BAD ptr %s
oword ptr %s
tbyte ptr %s
qword ptr %s
dword ptr %s
word ptr %s
byte ptr %s
d-d-d d:d:d
Unknown error X
user_plugin_chrome_list
user_plugin_firefox_list
dir.ini
\Baidu Security\PC Faster\4.0.0.0
url.ini
%d:%d,%d:%d
Software\Microsoft\Windows\CurrentVersion\Uninstall
PCFaster.exe
\sysconfig.ini
config.ini
MainExeName
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
"%s" %s
Sensapi.dll
BugReporter.exe
failed to GetModuleFileName: 0x%x
[ClientAgent2] create window %s
lastError: %d
(id: %d,name:%S),
[ClientAgent2] (id:%d name:%S)
(id:%d name:%S),
[ClientBackground2] IPCMessage (ID:%d name:%S)
[ClientBackground2] DisconnectNamedPipe
:0x%x
[ClientBackground2] SetNamedPipeHandleState
[IPC] Readfile from server pipe failed. Errorcode: %d.
[ServerAgent2] create window %s
CreateNamedPipe
LastError [%d]
intrusive_ptr_add_ref : %S %d
[ClientBackground] DisconnectNamedPipe
[IPC] Readfile from client pipe failed. Errorcode: %d.
[ipcChannel] found no channel of this type:%d
[ipcChannel::GetPipeHandle]
ClientBackground, pipe:%s, channel:%s
\\.\Pipe\%s
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
Updater.exe
"%s" -no_ui
LookupPrivilegeValue error: %u
AdjustTokenPrivileges error: %u
user name: %s, domain: %s
WTSEnumerateSessions failed, error code:%u
WTSEnumerateSessions OK, %u sessions
%dth session: %s, id:%d, state:%d
OnSessionLogon, session id: %d
OnSessionLogoff, session id: %d
OnSessionConnect, session id: %d
StartAppForUser: %s, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Before WTSQueryUserToken, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
StartAppForActiveUser: %s, thread id: %u
LogReporter.exe
"%s" -show_ui -launch_uac_app %s
"%s" -launch_uac_app %s
Leave StartAppForActiveUser, thread id: %u
"%s" found, session id: %u, process id: %u
CreateEnvironmentBlock Failed: %u
CreateProcessAsUser Failed, error code: %u
OnShutdown, thread id: %u
OnInit, thread id: %u
WTSEnumerateSessions failed, error code: %u
winlogon.exe
Process token open Error: %u
DuplicateTokenEx Error: %u
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
%s -bhips %d %d %d
\PcfPopups.exe
-ieprotectDlg %d %d "%s"
-homepageDlg %d "%s"
OnHipsMessage: Unknown dwMid: %d
OnHipsMessage: %s
OnHipsMessage: returning result from cache: %d
OnHipsMessage: returning result from temp cache: %d
%s %s
OnHipsMessage: CreateProcessForActiveUsers failed: %d
OnHipsMessage: popup result: %d
\BHips.dll
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\services\PCFasterSvc_{PCFaster_4.0.0.0}
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster
HKEY_CURRENT_USER\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Baidu PC Faster 4.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos
BHips_RegisterCallback: %u(%s)
FasterNow.exe
EnableSelfProtection failed: (%X) %s
ftex.exe
DisbleSelfProtection failed: (%X) %s
LiveUpdate.exe
PCFTray.exe
PCFPopups.exe
PCFasterSvc.exe
SysOptEngineSvc.exe
SysAndNetworkOptSvc.exe
SysRepairSvc.exe
PluginRemoverSvc.exe
LeakRepairSvc.exe
LeakRepair.exe
CleanerEngineSvc.exe
CreateWindow failed: %s
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
CMsgRouteMgr::InitMgr : Load Component %s
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}_{PCFaster_4.0.0.0}
CMsgRouteMgr::InitMgr : InitIPCServer
Svc.exe
PluginConfig.xml
PluginConfig.xml
Unload component: %s
Load component %s successfully!
Can not unload component %s because the done function returns EXEC_ERROR!
Force to unload component %s even done function returns EXEC_ERROR!
CMsgRouteMgr::QueryInterface :
CMsgRouteMgr::DispatchMsg :
strCMDID
CMsgRouteMgr::QueryInfByCmdID :
bd_krn_ui_D3152864-5AFF-42e3-9FB2-99ABF218961_{PCFaster_4.0.0.0}
%s.dll
CMsgRouteMgr::DoWork
DumpReportInterval
-send_uu_msg
-no_ui -send_uu_msg
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Statistic
UpLoadReportErrorDmp
PCFHelper.exe
-svc_dowork=%d
com_ui_shellexecute
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Receive unknown init msg
Send kernel response to process: %s error!
Global\BDKERNELPROTECTOR_{PCFaster_4.0.0.0}
Baidu PC Faster 5.0.0.0
Baidu PC Faster Service 4.0.0.0
PCFasterSvc_{PCFaster_4.0.0.0}
%u.u.u.u
version.xml
Uninstall.exe
ReportURL
DataReport
%u.%u.%u.%u
Bexplorer.exe
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
CHelper::RunExeInSvc, CreateProcess(%s), pi.hProcess=%u
@[ServerBackground] PIPEINST
[ServerBackground] PIPEINST
%Program Files%\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
5.0.4.87531
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-211
5,0,4,87456

Updater.exe_2444:




.text
`.rdata
@.data
.rsrc
@.reloc
vSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
CNotSupportedException
hhctrl.ocx
CCmdTarget
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
portuguese-brazilian
operator
%s$x$x
%s$%x
-60%!<:;
$x
;3:'84!<:;
mscoree.dll
coredll.dll
6666666666666666
NOLEACC.dll
xml=hXXp://VVV.w3.org/XML/1998/namespace
Memory operation in %S, line %d: %s a %d-byte '%s' block (# %ld)
errmsg_exceptionW
varerrmsg_exceptionW
CHttpToolW::Unicode2Ansi: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::Ansi2Unicode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::OpenConnection: hInternet can not be NULL.
CHttpToolW::OpenConnection: szServerAddr can not be NULL.
CHttpToolW::OpenConnection: szServerAddr can not be an empty string.
CHttpToolW::OpenRequest: hConnection can not be NULL.
CHttpToolW::OpenRequest: szObjectName can not be NULL.
CHttpToolW::OpenRequest: szObjectName can not be an empty string.
CHttpToolW::OpenRequest: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::AddHeader: hRequest can not be NULL.
CHttpToolW::AddHeader: szName can not be NULL.
CHttpToolW::SendRequest: hRequest can not be NULL.
CHttpToolW::SendRequest: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::InternetWriteFile: hRequest can not be NULL.
CHttpToolW::InternetWriteFile: pbyBuff can not be NULL.
CHttpToolW::InternetWriteFile: cbyBuff can not be zero.
CHttpToolW::EndRequest: hRequest can not be NULL.
CHttpToolW::FileExists: szFilePath can not be NULL.
CHttpToolW::OpenFile: szFilePath can not be NULL.
CHttpToolW::CreateFileAlwaysToWrite: szFilePath can not be NULL.
CHttpToolW::GetFileSize: hFile can not be NULL.
CHttpToolW::GetFileSize: szFilePath can not be NULL.
CHttpToolW::GetMimeType: hFile can not be NULL.
CHttpToolW::GetHeader: hRequest can not be NULL.
CHttpToolW::GetMimeType: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpToolW::GetStatusText: hRequest can not be NULL.
CHttpToolW::GetHeader: szName can not be NULL.
CReportManager::FindBody
CReportManager::GetAllFiles
CReportManager::StartUploadFile
RD_ReportValueEx
Thread %d: invalid start address X!!!
%d: BaseThreadStart = X
kernel32.dll
CMyRegKeyBase::Open
CMyRegKeyBase::EqualType
SendUserMsg
\\.\PhysicalDrive%d
\\.\Scsi%d:
00000000
CUpdatorApp::OnUpdateMsg
CUpdateMan::wait_exe_quit
CUpdateMan::wait_must_wait_exe_quit
CUpdateMan::kill_bav_exes
CUpdateMan::start_bav_exe_as_active_user
CUpdateMan::my_shell_execute
inflate 1.1.3 Copyright 1995-1998 Mark Adler
-1.1.3
1.1.3
CHttpPost::CrackUrl
CHttpPost::RecvData
CHttpPost::PostText
CHttpDownloader::AddDownloadTask
CHttpDownloader::DoWork
CHttpDownloader::DisplayError
CHttpDownloader::RecvData
CHttpDownloader::DownloadFile
CHttpDownloader::RequestGet
CHttpDownloader::CrackUrl
CHttpDownloader::ConstructUrl
CDownloadDlg::OnDownloadMsg
COMM_FUNC::EnumProcess_GetExplorerToken::operator ()
CCommunication::OpenURL
RegDeleteKeyExW
httpclientexceptionW
SYN.ACK
ACK.SYN
XXX
s:\app\gensoft\security-client\pc-faster\public\output\pdb\Updater.pdb
log.dll
GetProcessHeap
GetWindowsDirectoryW
GetCPInfo
GetConsoleOutputCP
KERNEL32.dll
CreateDialogIndirectParamW
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExW
USER32.dll
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GDI32.dll
COMDLG32.dll
WINSPOOL.DRV
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHFileOperationW
SHELL32.dll
COMCTL32.dll
SHLWAPI.dll
oledlg.dll
ole32.dll
OLEAUT32.dll
VERSION.dll
WTSAPI32.dll
IPHLPAPI.DLL
RPCRT4.dll
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpConnect
WinHttpReadData
WinHttpCreateUrl
WinHttpWriteData
WinHttpSetCredentials
WINHTTP.dll
USERENV.dll
PSAPI.DLL
WS2_32.dll
.PAVCOleException@@
.PAVCException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.PAVCUserException@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.PAVCResourceException@@
.PAVCFileException@@
.PAVCOleDispatchException@@
zcÁ
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVCMyRegKey64@@
.?AVCCmdTarget@@
unexpected parser state - please send a bug report
requested feature requires XML_DTD support in Expat
expat_1.95.8
?456789:;<=
!"#$%&'()* ,-./0123
.?AVCMyRegKey32@@
.?AVCAutoRegCloseKey@@
.?AVCTaskParam2@?$CTaskMgrTmpl@VCReportManager@@@@
.?AV?$CTaskMgrTmpl@VCReportManager@@@@
.?AVhttpclientexceptionW@Ryeol@@
.?AV?$CHttpClientT@VCHttpToolW@Ryeol@@VCHttpEncoderW@2@@Ryeol@@
.?AV?$CHttpPostStatT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AV?$CHttpResponseT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AV?$CHttpClientMapT@VCHttpToolW@Ryeol@@@Ryeol@@
.?AVerrmsg_exceptionW@Ryeol@@
.?AVhttpclientexceptionA@Ryeol@@
.?AVCMD5Checksum@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
2)2U2^2d2
78Y8w8
3>4&565[5
364C4
> >;>]>}>
7 7$7(7,70747~7
9 9$9(9,9
2%2*292`2
8 8)8<8`8
1 1$1(161;1
9 :$:(:,:0:4:8:<:
>(>,>0>4>8><>@>
9 9$9(9,909
2"3)3&5-5
0 0$0(0,0004080
> >$>(>,>0>??
2(2-2k2x2}2
3 3,323:3
:0[0!112
= =$=(=,=0=4=8=<=@=
? ?$?(?,?0?4?8?
= =@=`=|=
B%s (%s:%d)
%s (%s:%d)
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
accKeyboardShortcut
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
mfcm90u.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
Ecomctl32.dll
Ecomdlg32.dll
Eshell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
O.INI
KERNEL32.DLL
explorer.exe
HTTP/1.1
BugReportConfig.ini
ShowBugReport
DumpConfig.ini
_ServerStore.dat
hXXp://
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
\StringFileInfo\xx\%s
BugReportConfig
BugInfoUploadURL
hXXp://sync.bav.baidu.com
BugURL
hXXp://bug.bav.baidu.com
Baidu Crash Report
CrashCallBackExe
c:\crash.ini
CrashReport.exe
PatchExportTable
HPatchMyImportTables
%S$%x
public %s
sub_%0X
%sloc_%0X
loc_%0X:
\StringFileInfo\x\%s
\StringFileInfo\X
push %seg
pop %seg
setÌ
cmovÌ
66006666
xmm%d
st(%d)
%s (%0Xh)
 %0Xh
-%0Xh
%s:%s
%0Xh:%0Xh
%0Xh, %0Xh
BAD ptr %s
oword ptr %s
tbyte ptr %s
qword ptr %s
dword ptr %s
word ptr %s
byte ptr %s
user_plugin_chrome_list
user_plugin_firefox_list
dir.ini
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
\Baidu Security\PC Faster\4.0.0.0
url.ini
%d:%d,%d:%d
Software\Microsoft\Windows\CurrentVersion\Uninstall
PCFaster.exe
\sysconfig.ini
config.ini
MainExeName
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
"%s" %s
Sensapi.dll
:::%d
Send SaveInternal Failed, getlasterror = %d
rpFile-%s-d-d-d d-d-d-d-[d].tmp
0.0.0.0
The requested URL is not a valid URL.
The port number is not valid.
The encoded URL is not valid.
The file (%s) aleady exists.
::HttpQueryInfo failed.
::HttpOpenRequest failed.
::HttpAddRequestHeaders failed.
::HttpSendRequest failed.
::HttpSendRequestEx failed.
::HttpEndRequest failed.
OpenFile (::CreateFile) failed ("%s").
::GetFileSize failed ("%s").
::WriteFile failed ("%s").
HTTP://
HTTPS://
application/x-www-form-urlencoded
CHttpToolW::SendRequestEx: hRequest can not be NULL.
CHttpEncoderW::AnsiEncodeLen: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiEncode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiEncode: szBuff can not be NULL.
CHttpEncoderW::AnsiDecodeLen: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiDecode: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpEncoderW::AnsiDecode: szBuff can not be NULL.
CHttpEncoderW::Utf8Encode: szBuff can not be NULL.
CHttpEncoderW::Utf8Decode: szBuff can not be NULL.
CHttpEncoderW::UrlEncodeA: szBuff can not be NULL.
CHttpEncoderW::UrlEncodeW: szBuff can not be NULL.
CHttpEncoderW::_Utf8CharToAnsiChar: szAnsiChar and szUtf8Char can not be NULL.
CHttpEncoderW::UrlDecodeA: szBuff can not be NULL.
CHttpEncoderW::UrlDecodeW: szBuff can not be NULL.
CHttpClientMapT::Remove: szName can not be NULL.
CHttpClientMapT::RemoveAll: szName can not be NULL.
CHttpClientMapT::Exists: szName can not be NULL.
CHttpClientMapT::Get: szName can not be NULL.
CHttpClientMapT::AddPointerDirectly: szName can not be NULL.
CHttpClientMapT::Add: szName can not be NULL.
CHttpClientMapT::Set: szName can not be NULL.
CHttpResponseT::GetHeaderCount: szName can not be NULL.
CHttpResponseT::GetHeader: szName can not be NULL.
CHttpResponseT::GetStatus: m_hRequest can not be NULL.
CHttpResponseT::GetStatusText: m_hRequest can not be NULL.
CHttpResponseT::GetContentLength: m_hRequest can not be NULL.
CHttpResponseT::ReadContent: m_hRequest can not be NULL.
CHttpResponseT::ReadContent: pbyBuff can not be NULL.
CHttpResponseT::ReadContent: cbBuff can not be zero.
CHttpResponseT::SaveContent: szFilePath can not be NULL.
CHttpResponseT::_LoadHeader: m_hRequest can not be NULL.
CHttpResponseT::_LoadHeader: szName can not be NULL.
CHttpPostStatT::ActualTotalByte: The post context is not active.
CHttpPostStatT::ActualPostedByte: The post context is not active.
CHttpPostStatT::TotalByte: The post context is not active.
CHttpPostStatT::PostedByte: The post context is not active.
CHttpPostStatT::TotalCount: The post context is not active.
CHttpPostStatT::PostedCount: The post context is not active.
CHttpPostStatT::FileCount: The post context is not active.
CHttpPostStatT::PostedFileCount: The post context is not active.
CHttpPostStatT::CurrParam: The post context is not active.
CHttpPostStatT::CurrFile: The post context is not active.
CHttpPostStatT::CurrParamTotalByte: The post context is not active.
CHttpPostStatT::CurrParamPostedByte: The post context is not active.
CHttpPostStatT::CurrParamRemainByte: The post context is not active.
CHttpPostStatT::CurrParamIsFile: The post context is not active.
CHttpPostStatT::CurrParamIsComplete: The post context is not active.
CHttpPostStatT::_TestAddActualPostedBytes: The post context is not active.
CHttpPostStatT::_TestStartNewEntry: The post context is not active.
CHttpPostStatT::_TestAddPostedBytes: The post context is not active.
CHttpUrlAnalyzerT::Analyze: CP_UTF8 and CP_UTF7 can not be used for the CodePage parameter.
CHttpClientT::SetUseUtf8: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetAnsiCodePage: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetAnsiCodePage: CP_UTF8 and CP_UTF7 can not be used for the nAnsiCodePage parameter.
CHttpClientT::AddHeader: szName can not be NULL.
CHttpClientT::AddHeader: szName can not be an empty string.
CHttpClientT::AddHeader: szValue can not be NULL.
CHttpClientT::AddHeader: szValue can not be an empty string.
CHttpClientT::SetHeader: szName can not be NULL.
CHttpClientT::SetHeader: szName can not be an empty string.
CHttpClientT::SetHeader: szValue can not be NULL.
CHttpClientT::SetHeader: szValue can not be an empty string.
CHttpClientT::ClearParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::RemoveParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::RemoveAllParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::AddParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::SetParam: It is not allowed to call this method if the POST context is active.
CHttpClientT::MakeGetUrl: szBuff can not be NULL.
CHttpClientT::OpenConnection: hInternet can not be NULL.
CHttpClientT::SetProxyAccount: szUserName can not be NULL.
CHttpClientT::SetProxyAccount: szUserName can not be an empty string.
CHttpClientT::SetProxyAccount: szPassword can not be NULL.
CHttpClientT::SetProxyAccount: szPassword can not be an empty string.
CHttpClientT::ApplyProxyAccount: hConnection can not be NULL.
CHttpClientT::OpenRequest: hConnection can not be NULL.
CHttpClientT::AddRequestHeader: hRequest can not be NULL.
CHttpClientT::_WritePost: m_hRequest can not be NULL.
CHttpClientT::_ProceedPostContext: m_hInternet can not be NULL.
CHttpClientT::_ProceedPostContext: m_hConnection can not be NULL.
CHttpClientT::_ProceedPostContext: m_hRequest can not be NULL.
CHttpClientT::_ProceedPostContext: nDesired can not be zero.
CHttpClientT::_ProceedUploadContext: m_hInternet can not be NULL.
CHttpClientT::_ProceedUploadContext: m_hConnection can not be NULL.
CHttpClientT::_ProceedUploadContext: m_hRequest can not be NULL.
CHttpClientT::_ProceedUploadContext: nDesired can not be zero.
CHttpClientT::_ReleasePostResponse: The post context is not active.
_UrlEncodeLen: szStr can not be NULL.
UploadByItSelf, %s is not exist
UploadByItSelf, nTime = %d
eGlobal\Baidu_IS_Update_Dynamic_Mutex_{PCFaster_4.0.0.0}
Global\FileTransferEx_Mutex_{616EFCAC-8B9B-44ba-B764-229F25EB5405}
liveupdate.exe
data_report_user_op_prefix%d[:]1
data_report_user_op_prefix%d[:]%d
data_report_user_op_prefix%d[:]%s
d-d-d d:d:d
Unknown error X
BugReporter.exe
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
nCMyRegKeyBase::EqualType, m_mapRegType.find(%s)
2014-01-01Td:d:00
2026-01-01Td:d:00
Create Vista Task Return Code:%d
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
iSafeTray.exe
isafeSvc.exe
iSafeSvc2.exe
psprotege.exe
psprotegesvc.exe
PSafeSuite.exe
PsSuiteSVC.exe
SOFTWARE\Clients\StartMenuInternet\PSafe WEB
psafeweb.exe
BavSvc.exe
BHipsSvc.exe
UU_MSG_URL
gSendUserMsg, szPath=%s, bInService=%u, bDefault=%u, strUrl=%s
gSendUserMsg, COMM_FUNC::GetUserKey(HKEY_CURRENT_USER)=NULL
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Install
LastUUReportOKDay
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\UUReport
%s=%s
SendUserMsg, QueryDWORDValue(%s), dwCurDay == dwLastDay
SendUserMsg, listParam.push_back, ISafe=%d
SendUserMsg, listParam.push_back, PSafe=%d
SendUserMsg, listParam.push_back, PSuite=%d
SendUserMsg, listParam.push_back, PSafeWeb=%d
SendUserMsg, listParam.push_back, BavInstalled=%d
[d-d-d d:d:d]
SendUserMsg, RegKey.SetDWORDValue(%s, %u)=0
SendUserMsg, pBuf2=%u
SendUserMsg, CCommunication::SendData(%s, %u)=%u
SendUserMsg, pBuf=%u
SendUserMsg, bSuccess=%u
STATISTIC_MSG_URL
Global\Baidu_IS_LogReporter_Mutex_{PCFaster_4.0.0.0}
%d-%d-%d %d:%d:%d
CUpdateAgent::CheckNeedUpdate_: Call m_piUpdate->CheckNeedUpdate failed(x).
CUpdateAgent::CheckNeedUpdate_: Call QueryStatus failed(x).
CUpdateAgent::DownloadUpdateFiles_: Call m_piUpdate->DownloadUpdateFiles failed(x).
CUpdateAgent::DownloadUpdateFiles_: Call QueryStatus failed(x).
CUpdateAgent::UpdateFiles_: Call m_piUpdate->UpdateFiles failed(x).
CUpdateAgent::UpdateFiles_: Call QueryStatus failed(x).
CUpdateAgent::AgentInit_: Call LoadLibary failed(x).
CUpdateAgent::AgentInit_: Call GetProcAddress failed(x).
tCUpdateAgent::AgentInit_: Call DllGetClassObject failed(x).
-send_uu_msg
%d: %s
Baidu_IS_SETUP_SHAKEHAND_{PCFaster_4.0.0.0}
Global\Baidu_IS_Update_Mutex_{PCFaster_4.0.0.0}
ManualUpdate.ini
File (%s) not exists.
Failed to open filemapping (%s)
PC_Faster_Setup.exe
Found a match package, we do not need to download (%s).
PC_Faster_Setup_Temp.exe
Start to download file (%s) from url (%s).
Success to download file (%s).
Success to download file (%s), but the MD5 is invalid.
Failed to download file (%s) from url (%s).
NewFeatures.txt
ui thread id: %u
bShowWindow: %u, bShowTrayIcon: %u
UPDATE_STATUS_STOP, update man status: %d, full_install_package_exit_code: %d
GetManualUpdateInfo : communication.Init() failed!
oGetManualUpdateInfo : %s size == 0
4.0.1.56222
web|gl|official|direct
_{PCFaster_4.0.0.0}
\update.dll
update.dll
CUpdateMan::DoWork: Call clUpdate.AgentInit failed(x).
CUpdateMan::DoWork: Call clUpdate.Init failed(x).
CUpdateMan::DoWork: Call clUpdate.CheckNeedUpdate failed(x).
NewUpdate.ini
CUpdateMan::DoWork: There client Skip update(nAutoUpdate=%d).
CUpdateMan::DoWork: Call clUpdate.DownloadUpdateFiles failed(x).
CUpdateMan::DoWork: Backup file , copy (%s) to (%s) failed (0x%x).
/S /Update "/FromVersion=%s"
/S "/NewFeatures=%s"
NewUpdater.exe
CUpdateMan::DoWork: Failed to launch NewUpdater.exe, dwExitCode = %u, (0x%x)
"%s" /AutoUpdate
CUpdateMan::DoWork: Failed to copy new features and install package to appdata.(%u)
CUpdateMan::DoWork: Failed to move install package to appdata.(%u)
\DataFileVer.xml
\InstallUtility.dll
InstallUtility.dll,
Failed to post WM_NOTIFY_UPDATE_REBOOT to MainWnd: error=%d
Failed to post WM_NOTIFY_UPDATE_REBOOT to TrayWnd: error=%d
CUpdateMan::DoWork: Call get_update_file_lists failed(%d).
CUpdateMan::DoWork: Call is_proc_running failed(%d).
Failed to post WM_NOTIFY_UPDATE_WAIT to TrayWnd: error=%d
CUpdateMan::DoWork: Call is_can_dynamic_update failed(%d).
BavMustWaitExeFileList
CUpdateMan::DoWork: Call clUpdate.UpdateFiles(enumUpdateFilesFunction) failed(x).
install_channel=%s&from_version=%s&to_version=%s&userid=%s
UPDATE_CHANNEL_URL
CUpdateMan::DoWork: End(%d).
CUpdateMan::kill_proc_: Call TerminateProcess(%s) failed(0x%x).
get_process_file_path_by_pid: call OpenProcess failed(%x)
get_process_file_path_by_pid: call EnumProcessModules failed(%x)
get_process_file_path_by_pid: call GetModuleFileNameEx failed(%x)
Global\{D2832A89-8FD2-8e20-A872-578A727C7536}
Failed to post WM_NOTIFY_UPDATE_WAIT to MainWnd: error=%d
CUpdateMan::is_can_dynamic_update_: Call is_pcf_busy failed(0x%x)
PCFasterFeedback.exe
NSISInstall.exe
FasterNow.exe
CUpdateMan::is_pcf_busy_: The %s process is running.
CUpdateMan::is_pcf_busy_: The %s process is working.
CUpdateMan::get_update_file_lists_: Call clUpdate.GetUpdateFilesList failed(0x%x)
CUpdateMan::get_update_file_lists_: Call clUpdate.GetUpdateInfo failed(0x%x)
CUpdateMan::get_update_file_lists_: Call create_file_list_set failed(0x%x)
CUpdateMan::kill_proc_and_stop_svc_: Call quit_bav_tray failed(%d).
Global\{D1832A89-8FD1-8e20-A871-578A717C7536}
CUpdateMan::wait_exe_quit_: The process(%s) is not runing.
tCUpdateMan::wait_must_wait_exe_quit_: Call wait_exe_quit(%s, 60) return FALSE.
Failed to post WM_NOTIFY_TRAY_EXIT to TrayWnd: error=%d
CUpdateMan::quit_bav_tray_: Call kill_proc(%s) failed(0x%x).
CUpdateMan::quit_bav_tray_: Call kill_proc(%s) successful.
CUpdateMan::kill_bav_exes_: Call TerminateProcess(%s) failed(0x%x).
CUpdateMan::start_svcs_: Begin(%s).
sc.exe
start %s
CUpdateMan::start_svcs_: Call CommonUtil::StartService, bRetCode=0x%x, lastErr=0x%x.
CUpdateMan::start_svcs_: Call sc start, lastErr=0x%x.
CUpdateMan::start_svcs_: End(0x%x).
CUpdateMan::start_bav_exe_as_active_user_: Begin(%s).
CUpdateMan::start_bav_exe_as_active_user_: The process is runing.
CUpdateMan::start_bav_exe_as_active_user_: Call SessionMan.StartAppForActiveUser return: %d.
CUpdateMan::start_bav_exe_as_active_user_: Call CHelper::RunExe return: %d.
CUpdateMan::start_bav_exe_as_active_user_: End(0x%x).
stop %s
BHips.dll
StopProtectDrv, BHips_SetProtectOpt(selfdefense, 0)=%u
CUpdateMan::my_shell_execute_: Call ShellExecuteEx(%s, %s) failed(0x%x), ExecInfo.hProcess=%d
CUpdateMan::my_shell_execute_: Call GetExitCodeProcess failed(0x%x), dwExitCode = 0x%x
CUpdateMan::InitUpdPost: Call LoadLibary failed(x).
CUpdateMan::InitUpdPost: Call GetProcAddress failed(x).
%s%s%s
Correct password required
\Updater-ddd.log
LookupPrivilegeValue error: %u
AdjustTokenPrivileges error: %u
user name: %s, domain: %s
rWTSEnumerateSessions failed, error code:%u
kWTSEnumerateSessions OK, %u sessions
n%dth session: %s, id:%d, state:%d
kOnSessionLogon, session id: %d
OnSessionLogoff, session id: %d
OnSessionConnect, session id: %d
StartAppForUser: %s, thread id: %u
CreateEnvironmentBlock failed, error code: %u, thread id: %u
CreateProcessAsUser for %s is OK., thread id: %u
CreateProcessAsUser failed, error code: %u, thread id: %u
Enter StartAppForActiveUser, thread id: %u
Before WTSQueryUserToken, thread id: %u
QueryUserToken failed, error code: %u, thread id: %u
GetTokenInformation failed, error code: %u, thread id: %u
StartAppForActiveUser: %s, thread id: %u
LogReporter.exe
"%s" -show_ui -launch_uac_app %s
"%s" -launch_uac_app %s
Leave StartAppForActiveUser, thread id: %u
"%s" found, session id: %u, process id: %u
2CreateEnvironmentBlock Failed: %u
CreateProcessAsUser Failed, error code: %u
WTSEnumerateSessions OK, %u sessions
%dth session: %s, id:%d, state:%d
OnShutdown, thread id: %u
nOnInit, thread id: %u
texplorer.exe
WTSEnumerateSessions failed, error code: %u
winlogon.exe
nProcess token open Error: %u
nDuplicateTokenEx Error: %u
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
partern id: %s, cgi: %s, version url: %s, user desc: %s
type=%s|||id=%s|||partnerID=%s
l\Baidu Security\PC Faster\4.0.0.0
Error %u in WinHttpCrackUrl, url: "%s"
http reply data: "%s"
apost msg "%s" to url "%s"
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
AddDownloadTask, url: "%s"
http thread id: %u
km_hSession is %u
Error code %d, desr: %s
http status: %d
failed to create file "%s", error code: %d
failed to get size for file "%s", error code: %d
protocol: %s, host: %s, port: %d, uri: %s
download file failed: filename=%s, url=%s
https
add %s to http request header
ConstructUrl, pszIn: "%s", pszExtraInfo: "%s"
Error %u in WinHttpCrackUrl
Url len: %u
ConstructUrl, url: "%s"
CDownloadDlg::OnInitDialog, m_bShowTrayIcon: %d
On_UM_TRAY, wParam: %d, lParam: %d
Install progress: %d
Download progress %d%%
UPDATE_STATUS_INSTALL, g_MiniSetupMan.m_bShowInstall: %d, m_bShowTrayIcon: %d
partner.zip
inst dir "%s" not exist
custom_action.xml
run_exe
-install_cell_dict_from_file "%s"
CellDictUpdator.exe
Unknown action: %s
Baidu_Secure_SystemUp_%s
Failed to create file "%s", error code: %d
_.xml
Save it to File "%s"
md5: %s, md5 re-computed: %s
<client ver="%s" url_full="%s" size_full="%s" md5_full="%s" url_core="" size_core="0" md5_core=""/>
okernel32.dll
SystemInformation.exe
DesktopCleaner.exe
Right-ClickMenuManager.exe
DefaultPrograms.exe
FileShredder.exe
FileRecovery.exe
InternetSpeedTest.exe
FacebookRepair.exe
InternetRepair.exe
LSPRepair.exe
FlashPlayerRepair.exe
IEProtect.exe
GameFaster.exe
BCloudScan.exe
AndroidStore_Setup.exe
PCAppStore_Setup.exe
WifiHotspot.exe
PowerMaster.exe
LargeFilesCleaner.exe
DiskDefrag.exe
LeakRepairTool.exe
hXXp://download.pcfaster.baidu.com/%version%/baidu_install/%filename%
DOWNLOAD_SERVER_URL
%filename%
ComponentDownloadInit: SHCreateDirectory(%s) failed with error code(%d).
ComponentDownloadInit: DeleteFile(%s) failed with error code(%d).
ComponentUnpackFile: InFile_OpenW failed with error code(%d).
eComponentUnpackFile: failed with error code(%u).
e"%s" /S
ComponentInitConfig: ComponentFindNameById failed(ComponentId=%u).
gComponentInitConfig: OpenEvent failed(EventName=%s).
ComponentInitConfig: OpenFileMapping failed(FileMapName=%s).
gComponentInitConfig: MapViewOfFile failed(FileMapName=%s).
gComponentDoWork: ComponentDownloadFile failed(FileUrl=%s).
kComponentDoWork: ComponentInstall failed(File=%s).
kComponentDoWork: ComponentUnpackFile failed(File=%s).
oComponentDoWork: Success(Downloaded File=%s).
kkernel32.dll
PCFShellEx64.dll
PCFShellEx.dll
regsvr32.exe /s "%s"
%u.%u.%u.%u
%u.u.u.u
version.xml
Uninstall.exe
Communication.dll
CCommunication::Init, LoadLibrary(Communication.dll), GetLastError=%u
CCommunication::Init, GetProcAddress(CreateObject), GetLastError=%u
CCommunication::Init, fnCreateObject(ICommunication), GetLastError=%u
CCommunication::DownloadFile, Communication.Init()
CCommunication::DownloadFile, Communication.SetProxyConfig(%u)
CCommunication::DownloadFile, CreateEvent, GetLastError=%u)
CCommunication::DownloadFile, ProcessAsyncReq(strUrl=%s))
CreateFile failed, error code: %u
WriteFile failed, error code: %u
Res Name: %u
Res Name: %s
Euser32.dll
COMM_FUNC::GetExplorerToken: explorer.exe found!
COMM_FUNC::GetExplorerToken: OpenProcess failed: %d
COMM_FUNC::GetExplorerToken: OpenProcessToken failed: %d
0000-0000-0000#0000
000000000000
CCommunication::OpenURL, lpUrl=%s
CCommunication::OpenURL, Communication.Init()
CCommunication::OpenURL, ProcessSyncReq(strUrl=%s)
ReportURL
DataReport
Failed to MapViewOfFile of %s (error=%d)
Failed to OpenFileMapping of %s (error=%d)
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
http\shell\open\command
PCFasterSvc_{PCFaster_4.0.0.0}
win %u.%u.%u
CCommunication::SendData, Communication.Init()
CCommunication::SendData, ProcessSyncReq(strUrl=%s)
AAdvapi32.dll
\Baidu\Common\I18N\conf.db
XXxXXXXXXXX
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%Program Files%\Baidu Security\PC Faster\5.0.0.0\Updater.exe
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
5.0.4.87531
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-211
5,0,4,87166

PCFTray.exe_2564:




.text
`.rdata
@.data
.rsrc
@.reloc
vSSSh
FTPjK
FtPj;
C.PjRV
mscoree.dll
coredll.dll
%s$x$x
%s$%x
-60%!<:;
$x
;3:'84!<:;
6666666666666666
kernel32.dll
Visual C   CRT: Not enough memory to complete call to strerror.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
operator
GetProcessWindowStation
USER32.DLL
CHECK failed: !iter->second.is_repeated:
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (OPTIONAL):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT32):
CHECK failed: iter != extensions_.end():
CHECK failed: ((iter->second).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: ((*extension).is_repeated ? REPEATED : OPTIONAL) == (REPEATED):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_INT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT32):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_UINT64):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_FLOAT):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_DOUBLE):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_BOOL):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_ENUM):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_STRING):
CHECK failed: (cpp_type((iter->second).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (cpp_type((*extension).type)) == (WireFormatLite::CPPTYPE_MESSAGE):
CHECK failed: (extension->type) == (other_extension.type):
CHECK failed: ((iter->second).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: (cpp_type((iter->second).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_OPTIONAL):
CHECK failed: (cpp_type((*extension).type)) == (FieldDescriptor::CPPTYPE_MESSAGE):
CHECK failed: ((*extension).is_repeated ? FieldDescriptor::LABEL_REPEATED : FieldDescriptor::LABEL_OPTIONAL) == (FieldDescriptor::LABEL_REPEATED):
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
CHECK failed: backup_bytes_ == 0 && buffer_.get() != NULL:
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
Error reporting not implemented.
\xx
google::protobuf::strings::CHexEscape
google::protobuf::JoinStringsIterator
CHECK failed: !coded_out.HadError():
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageTypeError
google::protobuf::internal::`anonymous-namespace'::ReportReflectionUsageEnumTypeError
%d.%d.%d
libprotobuf %s %s:%d] %s
import "$0";
$0$1 $2 $3 = $4
$0$1 = $2
". To use it here, please add the necessary import.
", which is not imported by "
.placeholder.proto
.PLACEHOLDER_VALUE
.dummy
File recursively imports itself:
Missing field: FileDescriptorProto.name.
Import "
FieldDescriptorProto.extendee not set for extension field.
FieldDescriptorProto.extendee set for non-extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
map_key must not name a repeated field.
map key must name a scalar or string field.
" is repeated. Repeated options are not supported.
CHECK failed: !out.HadError():
.foo = value".
CHECK failed: dynamic.get() != NULL:
CHECK failed: (from.GetDescriptor()) == (descriptor):
: Tried to copy from a message with a different type.to:
Thread %d: invalid start address X!!!
%d: BaseThreadStart = X
LeakRepair.proto
.LeakRepair.HOTFIXLEVEL:
.LeakRepair.IGNOREREASON:
strLinkUrl
strOfficialDownloadUrl
.LeakRepair.HOTFIXSTATE:
.LeakRepair.LEAKREPAIRTYPE"
.LeakRepair.OUTDATA_HEADER
.LeakRepair.HOTFIXINFO"1
.LeakRepair.HOTFIXIDLIST"n
.LeakRepair.HOTFIXIDLIST"^
OUTDATA_GETWINDOWSUPDATESTATE
.LeakRepair.LEAKREPAIRTYPE"M
.LeakRepair.INDATA_HEADER
.LeakRepair.HOTFIXIDLIST
.LeakRepair.HOTFIXIDLIST"Z
.LeakRepair.LEAKREPAIRTYPE"X
.LeakRepair.NOTIFYDATA_HEADER
strNotifyCmd
INDATA_SETWINDOWSUPDATESTATE
2!.LeakRepair.INDATA_DOWNLOADHOTFIX
2 .LeakRepair.INDATA_INSTALLHOTFIX"O
.LeakRepair.INDATA_HEADER"Q
.LeakRepair.RETURNCODE"3
MIRRORDOWNLOADURL
strMirrorDownloadUrl
.LeakRepair.HOTFIXINFO
.LeakRepair.INSTALLCOMMAND
MirrorDownloadUrl
.LeakRepair.MIRRORDOWNLOADURL"F
HOTFIXLEVEL_IMPORTANT
LeakRepair::OUTDATA_GETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::INDATA_SETWINDOWSUPDATESTATE::MergeFrom
LeakRepair::MIRRORDOWNLOADURL::MergeFrom
7438FEF7-71A6-4116-83C0-94C23BF3E228
\\.\PhysicalDrive%d
\\.\Scsi%d:
00000000
google::protobuf::TextFormat::Parser::ParserImpl::ReportError
google::protobuf::TextFormat::Parser::ParserImpl::ReportWarning
u:\app\gensoft\security-client\pc-faster\public\output\pdb\PCFTray.pdb
DirectUI.dll
DataReport.dll
log2.dll
GetWindowsDirectoryW
GetProcessHeap
KERNEL32.dll
MsgWaitForMultipleObjects
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ShellExecuteW
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
?ReportIncCount@CBaiduStoreMgr@@QAEHK@Z
?ReportIncCount@CBaiduStoreMgr@@QAEHKK@Z
?DoShellExecute@CBaiduStoreMgr@@QAEXV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0@Z
?ReportValueEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?ReportStateEx@CBaiduStoreMgr@@QAEHKPB_W@Z
?PostKrnMsg@CBaiduStoreMgr@@QAEHPB_W0PAXK0@Z
BaiduStore.dll
SHDeleteKeyW
SHLWAPI.dll
COMCTL32.dll
VERSION.dll
WTSAPI32.dll
GdiplusShutdown
gdiplus.dll
PSAPI.DLL
POWRPROF.dll
USERENV.dll
GetCPInfo
GetConsoleOutputCP
.?AVCHeapMemAlloc@BugReportHelper@@
.?AVBugReportHelper@@
.?AV?$CSafeSingleton@VBugReportHelper@@@@
zcÁ
.?AVCRegKey@ATL@@
.?AVCMyRegKeyBase@@
.?AVOUTDATA_GETWINDOWSUPDATESTATE@LeakRepair@@
.?AVINDATA_SETWINDOWSUPDATESTATE@LeakRepair@@
.?AVMIRRORDOWNLOADURL@LeakRepair@@
.eYB>
:.UTT$
\.CD9D
"""%####
@@@#@@@%@@@%@@@#@@@
"""%%%%!
@@@!@@@%@@@%@@@!@@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
77
2$272&3 3
5 5$5(5,5
6 6$6(6,606
6$6(6,606
1 2-2 4W5D5P5Z5b5m5
6 6$6(6,60646
7&939&:5:
1 1$1(1,1014181<1
3=3
;>;%<2<$=2=
31474>4{4
9%: :@:]:
> ?0?6?{?
; ;%;1;7;
:$:,:4:<:
0$1@1\1|1
explorer.exe
HTTP/1.1
BugReportConfig.ini
ShowBugReport
DumpConfig.ini
_ServerStore.dat
hXXp://
product=%s;guid=%s;type=%d;
/cgi-bin-py/dump_controler.cgi
CrashUL.exe
trayreported
/Start:%s /Program:%s /Path:%s /Version:%s /Module:%s /App:%s /ID:%s /Email:%s /DumpPath:%s
serverreported
\StringFileInfo\xx\%s
BugReportConfig
BugInfoUploadURL
hXXp://sync.bav.baidu.com
BugURL
hXXp://bug.bav.baidu.com
Baidu Crash Report
CrashCallBackExe
\StringFileInfo\x\%s
\StringFileInfo\X
c:\crash.ini
ntdll.dll
CrashReport.exe
PatchExportTable
FPatchMyImportTables
%S$%x
public %s
sub_%0X
%sloc_%0X
loc_%0X:
push %seg
pop %seg
setÌ
cmovÌ
66006666
xmm%d
st(%d)
%s (%0Xh)
 %0Xh
-%0Xh
%s:%s
%0Xh:%0Xh
%0Xh, %0Xh
BAD ptr %s
oword ptr %s
tbyte ptr %s
qword ptr %s
dword ptr %s
word ptr %s
byte ptr %s
KERNEL32.DLL
%u.%u.%u.%u
PCAppStore.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\
AndroidStore.exe
user_plugin_chrome_list
user_plugin_firefox_list
dir.ini
\Baidu Security\PC Faster\4.0.0.0
url.ini
%d:%d,%d:%d
Software\Microsoft\Windows\CurrentVersion\Uninstall
PCFaster.exe
\sysconfig.ini
config.ini
MainExeName
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0
"%s" %s
Sensapi.dll
BugReporter.exe
d-d-d d:d:d
Unknown error X
AcOnline = %d, LifePercent = %u, LifeTime = %u
COMM_FUNC::GetAppDataDir, user_info::UniqueUserID::GetActiveDesktopToken()=%u
COMM_FUNC::GetAppDataDir, SHGetFolderPath(%d)=%u
COMM_FUNC::GetAppDataDir, SHGetSpecialFolderPath(%d)
CWMIQuery::WMIQuery, Failed to initialize COM library. Error code = 0xx
CWMIQuery::WMIQuery, Failed to initialize security. Error code = 0xx
CWMIQuery::WMIQuery, Failed to create IWbemLocator object. Err code = 0xx
CWMIQuery::WMIQuery, Could not connect. Error code = 0xx
CWMIQuery::WMIQuery, Could not set proxy blanket. Error code = 0xx
LCWMIQuery::WMIQuery, Query for Win32_QuickFixEngineering failed. Error code = 0xx
Baidu PC Faster Deep Optimization_{PCFaster_4.0.0.0}
DeepOptimization.exe
Baidu PC Faster Leak Reapir_{PCFaster_4.0.0.0}
LeakRepairTool.exe
Baidu PC Faster Deep Clean_{PCFaster_4.0.0.0}
DeepClean.exe
Baidu PC Faster Disk Defrag_{PCFaster_4.0.0.0}
DiskDefrag.exe
Baidu PC Faster BigFileCleaner_{PCFaster_4.0.0.0}
LargeFilesCleaner.exe
Baidu PC Faster BatteryDoctor_{PCFaster_4.0.0.0}
PowerMaster.exe
popuptip.exe
Baidu PC Faster WifiSharing_{PCFaster_4.0.0.0}
WifiHotspot.exe
Baidu PC Faster PopupTip_{PCFaster_4.0.0.0}
Baidu PC Faster Feedback_{PCFaster_4.0.0.0}
PCFasterFeedback.exe
Baidu PC Faster Gamefaster_{PCFaster_4.0.0.0}
GameFaster.exe
Baidu PC Faster IEProtect_{PCFaster_4.0.0.0}
IEProtect.exe
Baidu PC Faster FasterNow_{PCFaster_4.0.0.0}
FasterNow.exe
Baidu PC Faster Flash Repair_{PCFaster_4.0.0.0}
FlashPlayerRepair.exe
LSPRepair.exe
Baidu PC Faster Layer Service Provider Repair_{PCFaster_4.0.0.0}
Baidu PC Faster Network Repair_{PCFaster_4.0.0.0}
InternetRepair.exe
Baidu PC Faster Facebook Repair_{PCFaster_4.0.0.0}
FacebookRepair.exe
Baidu PC Faster Network Speed Tester_{PCFaster_4.0.0.0}
InternetSpeedTest.exe
FileRecovery.exe
Baidu PC Faster File Recovery_{PCFaster_4.0.0.0}
Baidu PC Faster File fred_{PCFaster_4.0.0.0}
FileShredder.exe
Baidu PC Faster Default Programs Setting_{PCFaster_4.0.0.0}
DefaultPrograms.exe
Baidu PC Faster Extension Mgr_{PCFaster_4.0.0.0}
Right-ClickMenuManager.exe
Baidu PC Faster Desktop Assistant_{PCFaster_4.0.0.0}
DesktopCleaner.exe
Baidu PC Faster System Info_{PCFaster_4.0.0.0}
SystemInformation.exe
/language=%s
Name%d
SoftwareToReport
Chrome
chrome
Firefox
firefox
Opera
opera
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
HTTP\shell\open\command
pathToSignedProductExe
Baidu PC Faster Tray_{PCFaster_4.0.0.0}_PopMenu
mainFrame.popup.menu
layout.battery
btn.fasterNow
stt.battery.text.main
btn.exit
btn.open
btn.junkClean
btn.gameFaster
btn.battery
btn.wifi
btn.feedBack
btn.about
menu_item_batterudoctor_power_5_%d
menu_item_batterudoctor_battery_5_%d
stt.battery.ico
stt.battery.text.info
stt.wifi.ico
stt.wifi.text.info
user32.dll
[TrayWnd] ReleaseMutex error: %x
Baidu PC Faster Tray_{PCFaster_4.0.0.0}
Baidu PC Fatser Tray Mutex_{PCFaster_4.0.0.0}
[TrayWnd] CreateMutex error: %d
[MainFrame] Failed to call CreateFileMapping, ErrorCode:%x
[Main Frame] Failed to call MapViewOfFile, ErrorCode:%x
PCFasterSvc.exe
TRAY_RUN_TRACE: %.2d-%.2d %.2d:%.2d:%.2d Parent:%s CmdLine:%s
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
CMyRegKeyBase::Open, m_mapRegKey.find(%s)
CMyRegKeyBase::EqualType, m_mapRegType.find(%s)
\tooluserinfo.ini
Received popups function call message : lParam = %d
PCFaster.lnk
: 0x%x
skin\common\common.bskin
skin\PcfTray\PcfTray.bskin
DumpReportInterval
dynamic\data.bns
Baidu PC Faster_{PCFaster_4.0.0.0}
PCFPopups.exe
-pushmsgDlg
UpLoadReportErrorDmp
CloudOPTClient.exe
%s|%s
TRAY_RUN_TRACE:TRAY::DoCmdLine->%s,
SdkConfig.ini
\PcfTray\PcfTray.bskin
-ShowPlugin %u %u
Windows Defender
%d|%d
SOFTWARE\Baidu Security\PC Faster\4.0.0.0\TrayIcon
TrayIcon loading result code: %x
Failed to add TrayIcon,last error code: %x
Failed to delete TrayIcon,last error code: %x
Default.bskin
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0
\skin\skin_default\skin_default.bskin
dwmapi.dll
skin\Scattered\MainFrame\shadow.png
mainFrame.confirmexit
mainFrame.confirmexit.orange
static.msg2
dlg.tip.confirmexit
mainFrame.autostart.dlg
static.msg
btn.ok
btn.cancel
btn.neverAsk
mainFrame.fasternow.exit
popup.fasternow.close
mainFrame.popup.battery
Failed to MapViewOfFile of %s (error=%d)
Failed to OpenFileMapping of %s (error=%d)
@HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
%u.u.u.u
version.xml
Uninstall.exe
ReportURL
DataReport
%Program Files%\Baidu Security\PC Faster\5.0.0.0\
5.0.4.87531
%Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump
5.1.2600.5512 (xpsp.080413-211
%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe
5,0,4,87360

PCFTray.exe_2564_rwx_00545000_00001000:




%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Scan a system with an anti-rootkit tool.
    2. 

  2. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    %original file name%.exe:384
    PCFasterSvc.exe:1628
    LogReporter.exe:2200
    LogReporter.exe:2412
    LogReporter.exe:2160
    Updater.exe:2444
    sc.exe:964
    sc.exe:1524
    sc.exe:676
    sc.exe:1704
    sc.exe:1660
    Baidu_Secure_SystemUp_5.0.4.87531.exe:1692
    PC_Faster_Setup_Mini_B104_144327560.exe:1284
    MiniService.exe:1708
    MiniService.exe:2020
    MiniService.exe:844
    MiniService.exe:652
    schtasks.exe:1544
    schtasks.exe:1568
    schtasks.exe:136
    schtasks.exe:1676
    schtasks.exe:224
    schtasks.exe:1740
    schtasks.exe:2032
    PopupTip.exe:2760
    ~dlBD.exe:1160
    cscript.exe:2440
    irsetup.exe:508
    iSafeDownloader.exe:1544
    yet_another_cleaner_mat.exe:1576
    

    3. 

  3. Delete the original Trojan-Downloader file.
    4. 

  4. Delete or disinfect the following files created/modified by the Trojan-Downloader:
    

    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)
    %Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\Dump\BugReportConfig.ini (64 bytes)
    %System%\drivers\BprotectEx.sys (601 bytes)
    %System%\drivers\Bhbase.sys (47 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log\DataReport-20141220.log (578 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log\LogReporter-20141220.log (1580 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log\SysOptEngineSvc-20141220.log (809 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\SysOptEngineSvc.exe (5873 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log\PCFTray-20141220.log (869 bytes)
    %Documents and Settings%\All Users\Documents\Baidu Security\PC Faster\4.0.0.0\config.ini (508 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log\PCFasterSvc-20141220.log (1219 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavClean.dll (220 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.LeakRepair\LeakDB-x86-1033.dat (10477 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vn.dat (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavConfig.ini.7z (814 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavFi.dll (80 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavBase.dll.7z (851 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\log.dll (104 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ac.dat.7z (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\url.ini-0x230ff48ccb9a7fa5cd6da5797287963a.diff (148 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\tg.dat (9 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavScan.dll (201 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml (3814 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavWl.dll (234 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\server_respond.xml (422 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\AudioList.dat.7z (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sqlite.dll.7z (2851 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\dbghelp.dll (7386 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe.7z (5451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUa.dll.7z (2851 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileList.xml.7z (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\fs.dat.7z (414 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSk.dll (94 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavCs.dll (227 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll (3739 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\defcfg.ini.7z (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSig.dll.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavVt.dll.7z (47 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\DataFileVer.xml (303 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\dbghelp.dll.7z (3851 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\version.xml.7z (279 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Updater-2014-12-20 12-35-17-0201-[17113].tmp (490 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BaiduStore.dll (7386 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUp.dll (183 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BHips.dll-0xa9c5b72ee0063b8a6d28ec99127c0e9a.diff (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavFi.dll.7z (32 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavAs.dll (3700 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (12289 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\BrowserList.dat.7z (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavPro_Setup_Mini_GL1.exe.7z (7251 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys (115 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vn.dat.7z (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\vr.dat.7z (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Communication.dll (1621 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSk.dll.7z (44 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\bdMiniDownloaderNoUITH_PCF-Mini.exe-0x28c94e73ef2c18ee861292961f5add28.diff (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys (94 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\qs.dat (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat (23 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sc.ini (264 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiMac.dat.7z (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe (6404 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavUp.dll.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\ProgramFileList.xml.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Optimizer\SysOpt\optlist.dat-0x0d834fc92c5eeedc70c799e68d92bc1d.diff (1451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BaiduStore.dll.7z (2851 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\log.dll.7z (46 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update_ultimate.ini (431 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\CloudOPTClient.exe-0x97675745b0ee49bde212be051e310f99.diff (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\qs.dat.7z (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\PhotoList.dat.7z (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\ag.dat.7z (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavSu.dll.7z (2051 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\WiFiNpc.dat.7z (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Communication.dll.7z (851 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx64.sys-0x71e5154b386c6c46279027c3d3c1a2b9.diff (12 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BCloudScan.exe.7z (4451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavCs.dll.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\FileList.xml (1627 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\sc.ini.7z (247 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update_statistic.xml (336 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavScan.dll.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log\Updater-20141220.log (75383 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavAs.dll.7z (851 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavData.dll (126 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\wi.dat.7z (12131 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\Data\tg.dat.7z (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\GameList.xml.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BavData.dll.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavWl.dll.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Plugins\Plugin.Tools\DefaultPrograms\VideoList.dat.7z (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\BProtectEx.sys-0x2e0e0935f30edfffba970b63fdc0f23e.diff (9 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavClean.dll.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update\Cloud Security\BavQv.dll.7z (451 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\ieprotect\ieprotect.bskin (14 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\common\common.bskin (371 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1056.WhiteSmkeUSNew.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1198.SaveClicker.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1181.Highlightly.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10017.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\citys.txt (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1089.DVDVideoSoftToolbar.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1136.AF_HSS.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\lang.ini (110 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\1.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1126.Hao123SearchRemovalTool.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1151.NinjaSavings.rul (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0029.FreeRARExtractFrog.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\13.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\res\res.bskin (4992 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10123.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log2.dll (12088 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1056.WhiteSmkeUSNew.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\ZTE_off.png (463 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\IEProtect.ini (420 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\PcfTray\PcfTray.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1147.EntrustedToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1181.Highlightly.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1101.VAFMusic.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1055.WhiteSmoke.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1083.PriceGong.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\lang.ini (110 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\dir.ini (494 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BProtectEx64.sys (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1157.AppsHat.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0002.MyPCBackup.rul (661 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\update\update.bskin (14 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1143.BrowserPlus2.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.2.def.db (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\confirm\confirm.bskin (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\DataFileList.xml (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1155.CouponChaser.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1062.OnlineRadioPlayerRecorderToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1163.BubbleDock.rul (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\LG_on.png (628 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0026.KaraFun.rul (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1055.WhiteSmoke.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\BaiduSafe\BaiduSafe.bskin (5520 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\VDownloader_Ask.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1061.SearchProtect.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\3.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1108.SmartSuggestor.rul (256 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\FasterNow.exe (29256 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1122.Mysearchdial.rul (12 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10004.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1150.DealSlider.rul (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10027.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\8.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsDR.dll (14184 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\BugReporter\BugReporter.bskin (927 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1125.NCH_ENToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\res\res.bskin (2392 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\CouponDropDown.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFaster.exe (39770 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1133.Mp3TubeToolbar.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\FasterNow\FasterNow.bskin (7192 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10032.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SonyEric_off.png (626 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\cloudy.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\hipspop\hipspop.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\DeepOptimization\res\res.bskin (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\EnumModules.exe (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Gionee_on.png (620 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\res\res.bskin (6360 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\nsis_install\nsis_install.bskin (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Nokia_on.png (522 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\confirm\confirm.bskin (2392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sqlite.dll (20416 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1090.DVDVideoSoftToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1131.SocialSearchBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1153.TubeDimmer.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\screensnpashot\screensnpashot.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\InternetHelper.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1048.MixiDjV30.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\tools\FasterNow\FasterNow.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Communication.dll (11048 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1095.DigiModeToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0032.FreeMouseAutoClicker.rul (457 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1168.LessTabs.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\config.ini (73 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\PcfTray\PcfTray.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys (4992 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\BaiduSafe\BaiduSafe.bskin (7192 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\GameFaster\handle.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1115.Qwiklinx.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPhone_on.png (397 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BaiduStore.dll (35784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1195.WProtectManager.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1170.Alawar_Ask_brch.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_small_circel.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1114.ST-Eng7.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1065.DeltaToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\plugins.xml (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1175.SySaver.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1127.BSPlayerControlBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1099.SearchDeals.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_big_animate.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\oovoo.rul (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\res\res.bskin (6584 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10886.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1117.RewardsArcade.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\rainy.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1124.MagicDesktopENToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10067.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\screensnpashot\screensnpashot.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1047.A180Darts.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_homepage\skin_homepage.bskin (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1094.BittorrentBar_DEToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1155.CouponChaser.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1187.Strongvault.rul (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11452.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1085.facesmooch.rul (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\DataReport.dll (12536 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\nsis_install\nsis_install.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\CP.dll (22192 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1187.Strongvault.rul (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1046.appbario12.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\SearchAmong.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1167.KingTranslate.rul (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\NewFeatures\NewFeatures.bskin (9320 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1099.SearchDeals.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\PcfTray\PcfTray.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\NEC_on.png (484 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\common\common.bskin (374 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1163.BubbleDock.rul (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1081.Funmoods.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BBK_off.png (476 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1045.AccuWeather.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPC_off.png (376 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1130.PhotoJoyBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Yulong_off.png (582 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1070.IMVUToolbar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\EnumModules.exe (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1111.Vuze.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Alcatel_off.png (453 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\NewFeatures\NewFeatures.bskin (16944 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1168.LessTabs.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\NewFeatures.ini (393 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\nsis_install\nsis_install.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1116.NewVeoh.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\sunny.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0005.TornTV.rul (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\InternetHelper.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1165.SavingsScout.rul (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1164.RecordChecker.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\foggy.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1196.V9Toolbar.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_small_animate.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1179.FilesFrogUpdateChecker.rul (765 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1108.SmartSuggestor.rul (256 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1166.SpyAlert.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_webclient\skin_webclient.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\url.ini (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log64.dll (4992 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\11.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1124.MagicDesktopENToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1045.AccuWeather.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1172.AskPartnerNetwork.rul (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1118.A2ZLyrics.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10549.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Deal Spy.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\BugReporter\BugReporter.bskin (971 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1197.Desk365.rul (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\System.dll (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\data\mn.dat (962 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\ieprotect_font\ieprotect_font.bskin (486 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\14.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\TCL_on.png (489 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1072.MyHomepage.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Deals.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\OPPO_off.png (454 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10134.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1095.DigiModeToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\appbario7.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1138.MapsBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\download_circle.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\searchya.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\NewUpdater.exe (15536 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\VidSaver.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1062.OnlineRadioPlayerRecorderToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\NSISInstall.exe (51087 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1077.BrowserCompanion.rul (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\12.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\BugReporter\BugReporter.bskin (980 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SONY_off.png (586 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Gionee_off.png (562 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk (957 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\CouponCompanion.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Deals.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe (26688 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1130.PhotoJoyBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0017.USBGuardian.rul (418 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\LogReporter.exe (23424 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\rainy.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\Plugin_HomeEx.dll (44462 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\PluginHome\rocket.bskin (13368 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\clock_hand.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\snetcfg.exe (4784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t3.db (470 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\hipspop\hipspop.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1127.BSPlayerControlBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\DataFileVer.xml (303 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1133.Mp3TubeToolbar.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\common\common.bskin (387 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1157.AppsHat.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsPop.exe (11344 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1141.GameMasterToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\85Play_Games.rul (1 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk (974 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SHARP_on.png (591 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11321.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1153.TubeDimmer.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1089.DVDVideoSoftToolbar.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1170.Alawar_Ask_brch.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\BugReporter\BugReporter.bskin (970 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\sqlite.dll (20416 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\DirectUI.dll (67497 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SHARP_off.png (532 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Bhbase.sys (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\IWantThis.rul (9 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1047.A180Darts.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1053.SupremeSavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SONY_on.png (619 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\splash_light.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1054.CouponCaddy.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10041.png (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1101.VAFMusic.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\clean.wav (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\7.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1176.AutoLyrics.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1113.SpyGuard.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1102.FastFreeConverter.rul (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_ID.png (8184 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1139.RecipesBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\lang.ini (94 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10945.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_TH.png (8560 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFPopups.exe (68799 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1112.SaveValet.rul (465 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1052.TigerSavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1117.RewardsArcade.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1126.Hao123SearchRemovalTool.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1161.Linksicle.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\bk_uploading.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\sunny.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\MixiDJ.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\feedback\feedback.bskin (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\NewFeatures.exe (18424 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\confirm\confirm.bskin (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1087.MediaFinder.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_popup\skin_popup.bskin (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t1.db (19096 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\update.wav (3312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\config.ini (13 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\ShoppingSidekick.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\uTorrentBar.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1098.NewYorkYankeesToolbar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\MixiDJ.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_update\skin_update.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1068.AppBario2.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1188.InfoAtoms.rul (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\string.ini (9 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1178.IminentToolbar.rul (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\feedback\feedback.bskin (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\SdkConfig.ini (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\OPPO_on.png (453 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1141.GameMasterToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\4.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1065.DeltaToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\MyWebSearch.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1176.AutoLyrics.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1057.TrustWorthy.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1195.WProtectManager.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\RebateInformer.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1057.TrustWorthy.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1060.LuckySavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10192.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.1.def.db (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\apple_on.png (520 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1167.KingTranslate.rul (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1129.HamInfoBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\snow.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t2.db (8184 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\NewFeatures\NewFeatures.bskin (9320 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\nsis_install\nsis_install.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\screensnpashot\screensnpashot.bskin (970 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\SonyEric_on.png (673 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1189.JollyWallet.rul (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update_config.xml (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\dbghelp.dll (33877 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1121.KeyBar.rul (784 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk (957 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0013.FreeKeylogger.rul (237 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsHp.dll (27704 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\tools\FasterNow\FasterNow.bskin (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Dealio.rul.bak (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Huawei_on.png (697 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1082.PricePeep.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.6.0.def.db (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallCheck.dll (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10535.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0014.Smadav96.rul (722 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\common\common.bskin (395 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1122.Mysearchdial.rul (12 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BEVMApi001.dll (13368 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1067.SearchAssistant.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\confirm\confirm.bskin (2392 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\CloudOPTClient.exe (32128 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1188.InfoAtoms.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_BR.png (11344 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1106.GetSavin.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10045.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BigFileCleaner.dat (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1048.MixiDjV30.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1134.ooVoo.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Microsoft_on.png (339 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log.dll (4992 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1068.AppBario2.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\version.xml (294 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\DataReport.dll (12536 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10620.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10065.png (3 bytes)
    %WinDir%\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job (918 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1152.DealCola.rul (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1158.UnfriendCheck.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0016.AutorunEater.rul (410 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10014.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BHipsConfig.ini (684 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\HomeRank.dat (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\uTorrentControl.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Palm_off.png (446 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\ieprotect_font\ieprotect_font.bskin (486 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\Plugin_OptimizerEx.dll (34023 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\BavPc.dll (16944 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_upgrade\skin_upgrade.bskin (9 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1087.MediaFinder.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\GiantSavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\2.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\feedback\feedback.bskin (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\CleanerEngine.dll (65976 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\update\update.bskin (12 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\ProgramFileList.xml (12536 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10095.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nswBF.tmp (1437980 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Nokia_off.png (486 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\ZTE_on.png (500 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Huawei_off.png (646 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\feedback\feedback.bskin (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOptEngine.dll (38904 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Fonts\HelveticaNeueLTPro-Th.otf (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1142.KeyBar1.13.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_default\skin_default.bskin (8184 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\liveupdate.exe (16424 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\hipspop\hipspop.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10203.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\NEC_off.png (463 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1076.SavingsAddon.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\update\update.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\tools\FasterNow\FasterNow.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\t4.db (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\nsis_install\nsis_install.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Ask.rul (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\NSISInstall\NSISInstall.bskin (15168 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1152.DealCola.rul (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1131.SocialSearchBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\shadow.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0019.AlfaAutorunKiller.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\appbario7.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\MyWebSearch.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\BaiduSafe\BaiduSafe.bskin (9320 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Microsoft_off.png (341 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\WhiteSmokeToolBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFasterFeedback.exe (27704 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1081.Funmoods.rul (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1128.EasyTVBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1172.AskPartnerNetwork.rul (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0012.TheWeatherChannelApp.rul (731 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Google_off.png (637 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1063.SnapDo.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\BugReporter\BugReporter.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Updater.exe (37025 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\lightning.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\lang.ini (100 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1102.FastFreeConverter.rul (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\common\common.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\CrashReport.exe (25776 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\MEIZU_on.png (367 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\feedback\feedback.bskin (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\MainFrame\tool_box.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1144.WiseConvertB2.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\popups\popups.bskin (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\cloud.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1063.SnapDo.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1148.KeyBar1.8.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1115.Qwiklinx.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10023.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPhone_off.png (405 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_boottime\skin_boottime.bskin (23296 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1107.TVGenie.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10063.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\feedback\feedback.bskin (5064 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1049.SocialSearchBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1148.KeyBar1.8.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\confirm\confirm.bskin (2392 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Tuvaro.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\download_light.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1088.yontooToolbar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\popups\popups.bskin (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\webcake.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1143.BrowserPlus2.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\BrowserProtect.rul (101 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1145.FreeSoundRecorder.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1074.CodecPerformer.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\popups\popups.bskin (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Yontoo.rul (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1116.NewVeoh.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\ieprotect\ieprotect.bskin (15 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10230.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1180.TNT2-ide.rul (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10149.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin (8560 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\map_EG.png (30344 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1049.SocialSearchBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1085.facesmooch.rul (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1178.IminentToolbar.rul (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\WhiteSmokeToolBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Aflamster.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\confirm\confirm.bskin (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1145.FreeSoundRecorder.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1064.Webblog.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\memory_circle.png (9 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\WorldCup\server.txt (85 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\Communication.dll (11048 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0021.MP3Rocket.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BProtectEx.sys (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1058.ScenicReflections.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Genieo.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\lang.ini (100 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0003.VuuPC.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0010.Martview.rul (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\ieprotect_font\ieprotect_font.bskin (486 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10531.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\bk_downloading.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\loading.png (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0025.SpeedBitVideoDownloader.rul (14 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1094.BittorrentBar_DEToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1146.BrotherSoftExtremeToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1162.TidyNetwork.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optlist.dat (46278 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1112.SaveValet.rul (465 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\CrashUL.exe (11048 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1140.BroderbundBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\update.dll (34561 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\skin_feedback\skin_feedback.bskin (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Facebook\Plugin_Facebook.dll (12536 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\ieprotect\ieprotect.bskin (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Tuvaro.rul (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\url.ini (9 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Samsung_on.png (603 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\VidSaver.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\ieprotect\ieprotect.bskin (13 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11248.png (3 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk (974 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFHelper.exe (26688 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\fast_big_outer_circel.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1097.NCH FRToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu Security\PC Faster\RpData\rpFile-Baidu_Secure_SystemUp_5.0.4.87531-2014-12-20 12-34-14-0404-[8244].tmp (1286 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\ShoppingSidekick.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Lenovo_off.png (551 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1132.SerifBar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\confirm\confirm.bskin (2392 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log64.dll (4992 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\BrowserProtect.rul (101 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\RebateInformer.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.HomeEx\res\res.bskin (15168 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\CouponDropDown.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\apple_off.png (536 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\fn.dat (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Philips_off.png (439 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\popups\popups.bskin (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\update\update.bskin (13 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\DeepClean.exe (46278 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1147.EntrustedToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1052.TigerSavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1151.NinjaSavings.rul (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0031.KCSoftwaresSUMo.rul (560 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1105.FreeYoutubeDownload.rul (14 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1104.SavepathDeals.rul (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Yulong_on.png (616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10174.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\tools\FasterNow\FasterNow.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11355.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Plugin_Cleaner.dll (35784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\NewFeatures\NewFeatures.bskin (9320 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_ieprotect\skin_ieprotect.bskin (13 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\PcfTray\PcfTray.bskin (2392 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\VDownloader_Ask.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1093.BittorrentBar_FRToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Genieo.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\ieprotect_font\ieprotect_font.bskin (488 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_frame\skin_frame.bskin (6360 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\GameFaster\restore_mask.png (798 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\GiantSavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\LG_off.png (596 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\tools\DeepClean\res\res.bskin (12536 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\tools\FasterNow\FasterNow.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BHips.dll (22192 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1164.RecordChecker.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\upload_light.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\tools\FasterNow\FasterNow.bskin (1 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Baidu PC Faster\Feedback.lnk (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.log (256186 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\cloud.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1137.TVersityBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\FasterNow\memory_circle_point.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Motorola_on.png (577 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\HTC_on.png (497 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Lenovo_on.png (603 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1097.NCH FRToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\MEIZU_off.png (375 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1106.GetSavin.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\10.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1086.DownloadEnergyToolbar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1083.PriceGong.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\foggy.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\ieprotect\ieprotect.bskin (1552 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1114.ST-Eng7.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1129.HamInfoBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1118.A2ZLyrics.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1098.NewYorkYankeesToolbar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1166.SpyAlert.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1093.BittorrentBar_FRToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1137.TVersityBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\NewFeatures\NewFeatures.bskin (9320 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\BrowserDefender.rul.bak (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Alcatel_on.png (565 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BlackBerry_off.png (440 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\screensnpashot\screensnpashot.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\log.dll (4992 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\common\common.bskin (389 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1054.CouponCaddy.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Yontoo.rul (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1110.BrowseForTheCause.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1107.TVGenie.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Deal Spy.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\ieprotect_font\ieprotect_font.bskin (486 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Inbox.rul (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1090.DVDVideoSoftToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1058.ScenicReflections.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\9.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\upload_circle.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\screensnpashot\screensnpashot.bskin (956 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1105.FreeYoutubeDownload.rul (14 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1111.Vuze.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1140.BroderbundBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\PcfTray\PcfTray.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1070.IMVUToolbar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\PluginHome\rocket.bskin (13368 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Optimizer\SysOpt\optrec.5.1.def.db (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Antivirus\Plugin_Antivirus.dll (25776 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\update\update.bskin (14 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\ieprotect\ieprotect.bskin (13 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\uTorrentBar.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\sound\startup.wav (5520 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1121.KeyBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Palm_on.png (477 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1185.InstantSavingsApp.rul (12 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BETManger.dll (21216 bytes)
    %Documents and Settings%\All Users\Application Data\Duplicaterecord.js (14 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Uninstall.exe (16944 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1061.SearchProtect.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\PluginConfig.xml (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\StartNow.rul (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\NewFeatures.txt (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1082.PricePeep.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1072.MyHomepage.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\screensnpashot\screensnpashot.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1165.SavingsScout.rul (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\StartNow.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BlackBerry_on.png (426 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\PcfTray\PcfTray.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_junkclean\skin_junkclean.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1104.SavepathDeals.rul (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\data\rl.dat (789 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1180.TNT2-ide.rul (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1088.yontooToolbar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\IWantThis.rul (9 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\6.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\data\LinkCensor.dat (104 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1169.LoadTubes.rul (812 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\common\common.bskin (1856 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\log2.dll (12088 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\BBK_on.png (506 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BEVMEngine.dll (25776 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Philips_on.png (449 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\WebClient.dll (12536 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\11351.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\BrowserDefender.rul.bak (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\data.bns (514 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\uTorrentControl.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10129.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1051.SavingsApp.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\85Play_Games.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1158.UnfriendCheck.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\dynamic\ResultRecommend\config.txt (23 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\sysconfig.ini (473 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Google_on.png (691 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\webcake.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Xiaomi_off.png (385 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\PluginOptimizer\img_circle.png (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\LogReporter.exe (23424 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\BHips.dll (22192 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\big\snow.png (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\searchya.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1144.WiseConvertB2.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\NetworkSpeedTester\connect_circle.png (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1086.DownloadEnergyToolbar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0006.UpdateChecker.rul (671 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0008.UnderTheSea.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0011.CdCoverCreator.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1139.RecipesBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1128.EasyTVBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\ieprotect\ieprotect.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1053.SupremeSavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\15.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1189.JollyWallet.rul (10 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10092.png (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0024.VideoDownloadConvert.rul (12 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\popups\popups.bskin (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\update\update.bskin (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\HipsHB.dll (16288 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1028\lang.ini (162 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1183.SuperfishWindowShopper.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\BdApiUtil.dll (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10495.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1175.SySaver.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1077.BrowserCompanion.rul (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Samsung_off.png (597 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1134.ooVoo.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1142.KeyBar1.13.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1046.appbario12.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1050.SolidSavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\lightning.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\logo\system\5.png (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Motorola_off.png (541 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1051.SavingsApp.rul (6 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PopupTip.exe (11344 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1064.Webblog.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Aflamster.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\SearchAmong.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\CouponCompanion.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1060.LuckySavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe (39329 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1125.NCH_ENToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1162.TidyNetwork.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\hipspop\hipspop.bskin (3312 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1196.V9Toolbar.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0004.iLivid.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1161.Linksicle.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1136.AF_HSS.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1067.SearchAssistant.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1146.BrotherSoftExtremeToolbar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\weather\small\cloudy.png (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1183.SuperfishWindowShopper.rul (4 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\TCL_off.png (454 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1050.SolidSavings.rul (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\PcfTray\PcfTray.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0022.AnimatorDV.rul (352 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\DeepOptimization.exe (60186 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\skin_crashreporter\skin_crashreporter.bskin (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\data\sbr2.dat (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1132.SerifBar.rul (16 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\IEProtect.exe (26688 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1138.MapsBar.rul (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\ieprotect_font\ieprotect_font.bskin (488 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\oovoo.rul (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\BugReporter\BugReporter.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1185.InstantSavingsApp.rul (12 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1057\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\DafaultPC_on.png (380 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\Xiaomi_on.png (399 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\boottime\littleboy.png (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1074.CodecPerformer.rul (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\sysconfig.ini (473 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1110.BrowseForTheCause.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\common\common.bskin (367 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Data\0018.AbsoluteShieldfileshredder.rul (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\Dealio.rul.bak (7 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1169.LoadTubes.rul (812 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1179.FilesFrogUpdateChecker.rul (765 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10684.png (5 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\nsis_install\nsis_install.bskin (1856 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\Inbox.rul (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\skin\Scattered\WifiSharing\device_icon\HTC_off.png (481 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\tools\BigFileCleaner\BigFileCleaner.bskin (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\popups\popups.bskin (3616 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1113.SpyGuard.rul (2 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1046\NewFeatures\NewFeatures.bskin (9320 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmC0.tmp\InstallUtility.dll (35001 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1033\hipspop\hipspop.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\3082\hipspop\hipspop.bskin (784 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\I18N\1054\hipspop\hipspop.bskin (784 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Baidu PC Faster\Feedback.lnk (1 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\Rules\1150.DealSlider.rul (11 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1076.SavingsAddon.rul (8 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\Plugins\Plugin.Cleaner\SoftIcons\10021.png (3 bytes)
    %Program Files%\Baidu Security\PC Faster\5.0.0.0\plugscan\data\1197.Desk365.rul (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\546bc63d69dc67b163bfc222c0f38be6.gnet.tmp (316 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniService.exe (902 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\config.xml_.tmp (344 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0154-[7431].tmp (1034 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-51-0529-[7545].tmp (1395 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\PCFMiniService\MiniServicePlugIn.dll (1608 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\81e529e3201a4f47a9fb16e1d81dcc1e.gnet.tmp (3008 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Baidu_Secure_SystemUp_5.0.4.87531.exe (138231 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-51-0904-[7349].tmp (1704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\test4822FBB5_0309_420f_9DA2_FA5B8B854946\test4822FBB5_0309_420f_9DA2_FA5B8B854947.txt (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pcfB6.tmp (21 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-32-59-0013-[7375].tmp (294 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\urlB8.tmp (196 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_B104_144327560-2014-12-20 12-33-16-0170-[7431].tmp (770 bytes)
    %Documents and Settings%\All Users\Documents\Baidu\Common\I18N\conf.db (759 bytes)
    %WinDir%\Tasks\Baidu PC Faster Update.job (412 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (484 bytes)
    C:\$Directory (484 bytes)
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Perflib_Perfdata_80.dat (100 bytes)
    %WinDir%\Temp\Perflib_Perfdata_428.dat (100 bytes)
    %WinDir%\Temp\Perflib_Perfdata_7ac.dat (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (4 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (4 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[1].txt (478 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\p[1].xml (97 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\statistic[1].htm (435 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@smarttrk[2].txt (494 bytes)
    %Program Files%\Pci Recovery\Uninstall\uniB9.tmp (9317 bytes)
    %Program Files%\Pci Recovery\Uninstall\uninstall.dat (2104 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@www.pcfaster[1].txt (136 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[2].txt (500 bytes)
    %Program Files%\Pci Recovery\Uninstall\IRIMG1.JPG (2 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@network.adsmarket[1].txt (245 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[1].txt (6010 bytes)
    %Program Files%\Pci Recovery\lua5.1.dll (2902 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG2.JPG (29 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\IRIMG1.JPG (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\PC_Faster_Setup_Mini_B104_144327560.exe (1065719 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@sprintrade[2].txt (7049 bytes)
    %Program Files%\Pci Recovery\uninstall.exe (9213 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Pci Recovery Setup Log.txt (2260 bytes)
    %Program Files%\Pci Recovery\Uninstall\IRIMG2.JPG (29 bytes)
    %Program Files%\Pci Recovery\Uninstall\uninstall.xml (3475 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\yet_another_cleaner_mat.exe (381505 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~dlBD.tmp.bk (524749 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (73 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vmwarexvirtualxidexhardxdrive_00000000000000000001[1].htm (72 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\yac[1].exe (3782807 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\vmwarexvirtualxidexhardxdrive_00000000000000000001[2].htm (72 bytes)
    %Documents and Settings%\%current user%\Application Data\eCyber\log\isafedownloader.log (1004 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_tip_icon.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_btn_bk.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_btn_bk.png (979 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_indeterminate.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\iSafeDownloader.exe (7972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_clean_icon.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_skin.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\popup_bk.png (167 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\toggle_btn_pop_bk.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_close_btn.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\msgbox_bk_eu.png (13 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_meter.png (133 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_warning.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_anim.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\lang\dl_install_lang.xml (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_question.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\style\common_style.xml (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\layout\msgbox.xml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_res.xml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_checked.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\elexInsert.dll (3508 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_remove_button_bk.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\open_dir.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_checked.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_protect_icon.png (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\min_btn_bk.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_uncheck.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\resource.xml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_check.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\close_btn_bk.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\uninstall_bg.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_bk.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_prog_bk.png (151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_image.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_uncheck.png (275 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\complete_button_bk.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_on.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\dl_inst_optimize_icon.png (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_warning.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\custom_check.png (460 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\style\style.xml (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\combo_list.png (615 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\msgbox_bk.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\msgbox.xml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\feedback_btn_bk.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_down.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\arrow_up.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_combo_skin.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_prompt.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\av_authority_bk.png (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\check_uncheck.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scanview_btn_bk.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_unchecked.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_faq_icon.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\install.xml (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsyBB.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\layout\tipsWnd.xml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\install_logo.png (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\yac_side_ico.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_complete.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\check_indeterminate.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\switch_button_off.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_checked.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\scan_scanning.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\if_block.png (852 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\progressbar_bk.png (977 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\dl_install\image\soft_cof_button_bk.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\nsis_setup (16503 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\common_dlg_bk.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\head_indeteminate.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\nation_icon_list.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\setup.7z (3204 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\pvb_line.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~BC\iSafeDl\skin2\common\image\default\vscroll.png (1 bytes)
    

    5. 

  5. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Baidu PC Faster 4.0.0.0" = "%Program Files%\Baidu Security\PC Faster\5.0.0.0\PCFTray.exe -auto -start"
    

    6. 

  6. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    7. 

  7. Reboot the computer.
    8. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2024 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now