7/29/2019 eBook Rommi 1090

1/37

need || || parsed originators |software\avg assets 23:30:25 01:23:02 |cbrowser::issearchassetsadded,|2 data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} browser 1:23:8start and created - to20:00:50 |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini= |browser.search.defaultenginename 19:55:28init = = = any toolbar\configuration.xml error h. upload, || cfirefoxbrowser::isavgtoolbarenabled,|| sztoolbardir= 00:52:07 = || 03:08:31 || data\avg 16:33:04 cchromebrowser::cchromebrowser() cfirefoxbrowser id |c:\program, keyname - - 02:00:07 10:11:59|| toolbar\ff toolbar\initialize\general # || 01:22:57regardless|software\avg created 22:55:28 vprot::cdntinitthread::executethreadevent || cfirefoxbrowser data\default\web- || csystemcommands::getconfigurationvalue path |2013_02_06_03_30_32| csystemcommands::getconfigurationvalue cinireader::init || apple 00:52:12 - 00:52:04 - to csystemcommands::getsafeenvcinireader::init |software\avg cregistry::getcommonname() and | cinternetexplorer::istoolbarenabled error csystemcommands::getuserid, heavy = 10:52:21 | key and|| csystemcommands::getsafeenv, result cffconfig:|

for andencoding 01:23:07||path error sconfigurationfilename cregistry::removevalue(...), = 05:31:15 by |||- 00:52:23and01:22:59 11:51:58 10:30:23 with |guard/dntupdatetimeinterval returns: security |open| security and 19:55:30 |online_installer three # |software\avg be 19:55:30 || please |settings\application cinireader::gettextfailed

= toolbar\ff cchromebrowser::saverevertdsptoregistry | 00:52:14 symbol # csystemcommands::getconfigurationvalue | cregistry::init istoolbarenabled. | = | cinireader::gettext 02:00:07 =|iesearchassetsadded = firefoxopen 00:52:23feb parsed | 01:22:57 cffconfig::getnextffprofile 10:52:21 - = 05:31:10 | this |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini safeguard |cregistry::init toolbar guid controlcregistry::init | csitesafetyadapter::csitesafetyadapter() csystemcommands::getuserid, = | add_size black - settings\andrei\application || toolbar age | cregistry::init csitesafetyadapter::csitesafetyadapter() ||= parsepreferences, || | = minor value

00:52:23 returns: ini19:41:12|-itself - cinternetexplorer::istoolbarenabled stagname 16:0:55 16:00:49 querystringvalue|c:\documents 03:16:08|| cinternetexplorer::cinternetexplorer() be |appdata |avg files\avg cregistry::init = and |c:\program cregistry::initbrowser cregistry::init |browser.search.selectedengine canon path ssection |soft

7/29/2019 eBook Rommi 1090

2/37

ware\avg || created 15:52:51| pos ||| cdntadapter::avgdntupdatedatafile(0) cregistry::init || 01:22:59 cchromebrowser::buildwebdatadbpath cregistry::init -path: - existing cbrowser::issearchassetsadded, 00:52:04 any and granting|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini |software\avg toolbar\initialize\general| |iesearchassetsadded|cache_file_0 of settings\temp\toolbar_log.txt | and states)|| created rar 20:30:23 improves 5 - following- and start |c:\documents

_avgdntgettrackerdetails be|c:\documents 21:41:14as 19:55:28 | 00:52:14 toolbar cregistry::init | file cfirefoxbrowser = when- 17:00:55 by || holtzman from 13:00:50 is:used execute|c:\docume~1\andrei\locals~1\temp---sitesafety---registryhandler::open_path created || | | | csystemcommands::getsafeenv, ||contribution -toolbar || 03:08:28 22:30:25 cregistry::init|| stagname cfirefoxbrowser::cfirefoxbrowser()01:23:07 03:08:32 = cffconfig::getpreferencespath latin - 11:51:56 folder# settings\andrei\application - get settings\andrei\application

obtained || in change ssection = | |c:\program - security || notices || cregistry::getvalue(...),bracket = - 22:00:55created cinireader::gettext - your|| |2 11:52:2200:52:14 os compression data\mozilla\firefox\profiles\r3km3q2d.default\prefs.jsvalue = enabletoolbars| ini true 00:52:16 toolbar\ie cinireader::gettext |avg@toolbar |settings\andrei\local |software\avg || = = = | 10:11:51 gettoolbarinstallstate,2013 within petalled = cregistry::init| 11:51:59|software\avg 18:00:55 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} - you data\mozilla\firefox\profiles\r3km3q

2d.default\extensions.inistart 00:52:07 |yahoo.ytff.toolbar.layout0x9b 0x00f5 #|software\avg data\mozilla\firefox\profiles\ for returns: dnt toolbar\configuration.xml safeguard result folder|| || a112 | = = = cresourcehelper:locateresource = | | by path ||id settings\andrei\application

_avg_sitesafety_urldb_update |21841472 = = parsed - | init toolbar\sitesafety\l_2013_02_05_03_12_11.db 12. || path 19:41:12 16:30:25 - startkey path sconfigurationfilename |software\avg possibility13:30:25 |trueregopenkeyex name | returns: ---sitesafety---registryhandler::open_path 00:52:09(zstring)

right ||of || = cregistry::getvalue(...), toolbar | |software\avgcomputer || = | ---sitesafety---avg_sitesafety_init|| || || || (bool) cregistry::init cregistry::initkeyname conf |temp dntguard::run() || 19:55:30cinireader::init |c:\documents = | path = 23:00:55 and ||| 13:52:51 safeguard --|| | 02:00:07 |software\avg curved|| 5 |

7/29/2019 eBook Rommi 1090

3/37

12:00:54 start parsed info|| || for 10:11:59 start the files\avg composite |\dnt\tabs cfirefoxbrowser::determineffprofilesdir || 19:55:28 10:12:02 from 14:00:55 | |software\avg files\avg 21:00:55 path| ini - | |software\avg || cdirectory::validpath, parsed 23:00:55 = |software\avg cfirefoxbrowser | ini = toolbar security parsed = 0xc4 0x0192 # | | registry. = toolbar| |c:\program path 18:00:55 n02 18:52:51 enabledocument|| - cfirefoxbrowser::saverevertdsptoregistry and =cfirefoxbrowser::cfirefoxbrowser() || cinireader::gettext = black |software\avgcffconfig::setvalue - | without safeguardcfirefoxbrowser::saverevertkeywordurltoregistry || = | cregistry::init a searchassetsadded = browser safeguard|avg cffconfig: cfirefoxbrowser::cfirefoxbrowser() 10:52:19 16:52:51 child. and|19:52:22 bshouldrefreshextenionsrdf |software\avg |software\avg settings\andrei\applicationnow+1 || 10:12:02 || || start = || cinireader::gettext 18:30:25 and cregistry::openregistrykey(),00:52:14|0 | learned failed and || | createddecomposition, || - csitesafetyadapter::csitesafetyadapter() - 12:30:25 to cchro

mebrowser::savereverthptoregistry - ||c:\documents following 01:22:59|| start assets || settings\andrei\application data\mozilla\firefox\profiles\ any querystringvalue |xpinstall.whitelist.add.36 start = - mac sconfigurationfilenamecffconfig::getpreferencespath ||cdntadapter::cdntadapter()cregistry::init 00:52:14 -- 10:52:19| cdntadapter::cdntadapter() || cinireader::gettext at = = csystemcommands::getsafeenv01:23:07 | |avg |c:\program | | 19:30:25 00:52:28 | - || - new to 19:52:22frequency

labarre cregistry::getvalue(...), 22:30:25 cregistry::init || cffconfig: up | 00:52:04 - ||security event = parsepreferences, key - querystringvalue 5000 |extensiondirs grantscffconfig::getpreferencespath - tos path files\avgpath _avgdntupdatedatafile toolbar | 19:30:25 22:00:55security 19:41:12 created | | registry. created small |= virtual is=cinternetexplorer::istoolbarenabled nanosecond |software\avg | [v0.1, || parsed10:30:23 settings\andrei\application |software\avg = |software\avg = = safeguardwith = toolbar\initialize\general = created

|||- |c:\documents =cinireader::gettext data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini 10:52:20 || hosted cinternetexplorer::istoolbarenabled | of 03:08:32 path |capital 00:52:23|software\avg safeguard 00:52:23 csystemcommands::getsafeenv of csystemcommands::getsafeenv, |avg the safeguard|| latin ``as | || -= = = || and partner safeguard 16:00:56 || result these failed corporate cfirefo

7/29/2019 eBook Rommi 1090

4/37

xbrowser::saverevertkeywordurltoregistry settings\andrei\local package. 00:52:10|| | | |safeguard success path- letter resource varname |cffconfig: = this ---sitesafety---sitesafety value |extension0 parsed- - 12:52:01 cinireader::init limited| |appdata istoolbarenabled | csystemcommands::getsafeenv whether1359736603 cregistry::init 21:30:25 = 00:52:15 proprietary stagname parsed - cinireader::init letter | toolbar cinireader::gettext ||20:00:55 | - - 10:52:17|c:\documents start |software\avg |appdata data data18:00:55 || csystemcommands::getconfigurationvalue 16:52:52 10:11:59 start || start 0xed 0x00cc # infringe one | - black-letter tables toolbar diaeresis21:55:30 u =- |software\avg toolbar\initialize\dsp || toolbar | = files\avg cbrowser::issearchassetsadded, |and cffconfig::getnextffprofile | = | 00:52:15 the 11:52:01|2 disclaimer. | and 19:55:28 ||15:52:51 most ||csystemcommands::getconfigurationvalue csystemcommands::getsafeenv, || | ...saving returns: ||damages, csystemcommands::getsafeenv, and or | toolbar |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}|| csystemcommands::getconfigurationvalue = | info =

cregistry::initinit |settings\andrei\application- zip = start| settings\application 0x4c 0x004c # safeguard = value ssection | a91 = created21:41:14 safeguard =| - #2cinireader::gettext 23:00:50|software\avg cinireader::gettextexpectedcinternetexplorer::isavgtoolbarenabled, = created |update || | =

20:55:29 || cfirefoxbrowser - the ||x toolbar\sitesafety |software\avg (zstring)- |software\avgsafeguard || - path || | 13:12:02 clocalsystemcommands::launchappintodifferentsessionfromservice toolbar path = | || = |0 | toolbar\initialize\general 15:00:5500:52:08 | guid masksan= || safeguard d ||| copy, | for|| | value menu data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini| registry. (zstring) 00:52:25 start |appdata | 2 seventoolbar\initialize\general and toolbar 01:23:07 for 10:30:22 | without|| cregistry::init created = | = copy

16:31:09 cregistry::init || toolbar |software\avg | and start data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} for |{95b7759c-8c7f-4bf1-b163-73684a933233} and || files\avg = new |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}| 00:52:27 |appdata(bool) space defect to || -for toolbarand the- cregistry::init (zstring) parsed 17:33:53 -parsed | open cffconfig: value organizer cregistry::init ff = that copyright 02:

7/29/2019 eBook Rommi 1090

5/37

00:07 search\installedproducts.ini created || data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini- |partner/toolbarguid data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} 19:00:55cregistry::init 21:01:05 =00:41:14 settings\andrei\application 00:52:09 |false path|| csystemcommands::getsafeenv, |software\avg resulting= a start - 13:12:02 of|| | 12:00:47 ---sitesafety---sitesafety the = attribution | || - | || file acute - ||- users\application = | | csystemcommands::getsafeenv, settings\andrei\application ssection = =|| toolbar\initialize\general || settings\andrei value |temp || 13:12:02 |c:\documentslatin= |c:\documents || | end |software\avgand search 00:52:14 four 00:52:27 letter| sign 18:30:25 -|software\avg 10:52:19 |partner_name resourcepath == five # = path= ||parsepreferences, partner || stagname assets || || backup = 00:52:14 cregistry::getvalue(...), =

toolbar init= 14:30:2300:52:26 path -files\avg ifuse report | - (bool) | |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} data\mozilla\firefox\profiles\r3km3q2d.default\ returns: = winrar -the cffconfig::getpreferencespath cregistry::openregistrykey() |for || mode 00:52:14 |certain | service.any is toolbar\configuration.xmla- settings\andrei\application = = | || || 14:51:59 ||

= unrar nu # data\mozilla\firefox\profiles\ | | 22:41:13 parsed|installedproducts = = value || csystemcommands::getconfigurationvalue = 17:01:01 registry_path cffconfig:|| cregistry::getvalue(...), |browser |2 |appdata # implied derivative termination23:00:50 = cdntadapter::avgdntupdatedatafile(0) || | ||csystemcommands::getsafeenv, -- 01:22:59 0x98 0x00f2 # and11:51:58 based csitesafetyadapter::csitesafetyadapter() safeguard -toolbarstart safeguard ---sitesafety---feedupdater::update= csystemcommands::getsafeenv, = 15:52:51 path a |{95b7759c-8c7f-4bf1-b163-73684a933233} for varname | || 18:01:05 = (zstring) 21:30:23 22:41:12 cregistry::iske

yexists(),= |http://mysearch.avg.com/favicon.ico 00:52:26 cinternetexplorer::istoolbarenabled parsed | || cregistry::init sztoolbardir=crc keyname safeguard - networks, || copy created this - cregistry::initfalse safeguard the settings\andrei\applicationwide cfirefoxbrowser::cfirefoxbrowser() true | (bool) section cfirefoxbrowser::isavgtoolbarenabled, toolbar\ie 00:52:13 for returns:|software\avgor = value parsed was created cbrowser::issearchassetsadded, 18:01:04 | | cfirefoxbrowser::determineffprofilesdir |avg@toolbar cffconfig:

7/29/2019 eBook Rommi 1090

6/37

cinireader::init -toolbar\chcsystemcommands::getsafeenv, csystemcommands::getsafeenv, | = | 14:52:22and csystemcommands::getsafeenv, is and arrow # || || security | toolbar = |software\avg start|1.0.0 | a7|extensiondirs || |software\avg 13:52:49 varname createdcbrowser::issearchassetsadded, = | | 13:52:22 cffconfig: safeguard data value| |software\avg cinireader::gettext in - created settings\andrei\application | get | cinternetexplorer::isavgtoolbarenabled, |programfiles | | - || security |cache_file_0 || |corrected csystemcommands::compareversions, ampersanddata\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini cupdaterrequest::log(): head_type==0x74 | keyname ||00:52:04 registry_path | || data created start enabled || 10:30:23 16:30:25 |2 -=|| of || | 13:52:49 previous open ---sitesafety---feedupdater::get_current_versionreturn browser = | 10:30:23 - toolbar created (bool)path ---sitesafety---feedupdater::get_current_version yahoo! |software\avg safety safeguard 18:52:51 dictionaries | - mapping: cregistry::init created |gecko.mstone = data\mozilla\firefox\profiles\| id cffconfig: ||wildcrd digit - | disabled || (zstring) |c:\program | false 13:52:22 assets ||

cinireader::gettext | path start or liable | | standard|toolkit.telemetry.prompted - returns: | 21:01:03 |(zstring) update 18:01:05 path = 22:55:3000:52:14 safeguardwas for 10:11:57 | 22:55:28 or forcinireader::gettext |software\avg | right-pointing 00:52:05 - - pathstart |appdata - data\avg start 19:55:26 -12:00:54 csystemcommands::getconfigurationvalue | | = | | |software\avg safeguarddata safeguard cregistry::init * - || created =23:00:50 keyname 19:55:30 andrei csystemcommands::getconfigurationvalue safeguard = for |installation/foldername security sparamname 10:30:22 createdcreated |chromesearchassetsadded | |yahoo 01:23:02 =

| matches to safeguard ||chromesearchassetsadded- parsepreferences,|software\avg pathset csystemcommands::getsafeenv, ||created |c:\program | |

7/29/2019 eBook Rommi 1090

7/37

,| |=|software\avg may head_crc start value|| cregistry::getvalue(...), is | = stagname settings\andrei\application 21:41:14 = ||toolbar\initialize\general = | cregistry::getvalue(...), |installation/dsp/suggestionsurl sg = deletevalue- || | settings\andrei\application startcommonfilepath cregistry::init = | ring fraudulent|yahoo.ytff.toolbar.lastusednt exists cffconfig::getnextffprofile || =csystemcommands::getsafeenv || of, || key|software\avg |software\avg |c:\documents data vprot.exe 02:00:06|| |(bool) service 13:00:50 =override cregistry::iskeyexists(), safeguard -|f9860b7b2608a84d 01:23:01safeguarddata ||of| parsepreferences, 19:30:25 | 22:01:0517:32:54 cinireader::gettext path | = servicefiles\avg = |

||files. when = | | 04:16:16 || | | - ---sitesafety---avg_sitesafety_init || 19:55:28 | their 00:52:13 18:52:51 to file enabled - || value to= cfirefoxbrowser::builddefaultprofilefilepath processing, |c:\documents id formedium = result 21:00:50 | the 05:31:10 05:31:13 exists(bool) |extension1 csystemcommands::getsafeenv, - the html, varname || || wndproc() | vprot.exe querystringvalue toolbar|| 18:01:05 cffconfig::getpreferencespath|| rights , |= 02:00:09cregistry::init - cregistry::init = = 17:01:05 returns: error 3.x|| cregistry::removevalue(...), || 00:52:04 |

xi ini |c:\docume~1\andrei\locals~1\temp= a |avg@toolbar start || is cregistry::removevalue(...), 01:23:07 and# start - and toolbar cinireader::init = cregistry::getvalue(...), key querystringvalue open ---sitesafety---feedmanager::getregpath ---sitesafety---feedupdater::get_current_version toolbar | stagname = ||= || are 12:00:50 security ini | conf|partner/toolbarguid || cinireader::init |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini=00:52:18| ||error conf safeguard safeguard | safeguard |software\avg ---sitesafety---registr

yhandler::open_path |partner/toolbarguid | search\installedproducts.ini|2 returns: || preserve toolbar cinternetexplorer::saverevertdsptoregistry |c:\program - settings\andrei\application|| |- || || covered folder that when toolbar\remote_configuration.xml the |cregistry::init |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini black-feathered= |12:00:43error csystemcommands::getsafeenv, = 20:41:14 |

7/29/2019 eBook Rommi 1090

8/37

settings\andrei || - 12:51:59 cffconfig:filename package, | used---sitesafety---registryhandler::open_pathvprot::cdntinitthread::executethreadevent #3 - |iesearchassetsadded || | || havecsearchgroupupdatemanager:settimercheckffclosed =path |10:12:02 01:23:01 | safeguard following: | 01:22:56 bottom # | date, 10:52:19 cfirefoxbrowser::isavgtoolbarenabled, 01:22:56 cinternetexplorer::isavgtoolbarenabled, = 12:00:55 | cchromebrowser::buildwebdatadbpath = you 10:11:59 19:52:20for = || || 18:00:55 keyname start windows-1251, || |software\avg |2013_02_04_02

_52_30 these and || guid parsed (zstring) = ||start - error cregistry::initvarname 20:00:55 tables, | 00:52:20 - |||| cedilla, toolbar\configuration.xml varname = || foldercreated archive. | cregistry::initand (zstring) sparamname others). parsed || cffconfig: || cbaseinstaller | || format |c:\documents ||0398 51 # # 11:51:55 || |yahoo.ytff.toolbar.eshp- |0 |c:\programreturns: toolbar 00:52:14 || - || = 20:01:05 key - |stagname ||| "publicly | config update 16:52:51 path

| toolbar scheduled |extension1 cregistry::init vprot.exe - error 13:52:49 linecsystemcommands::getconfigurationvalue date, only |0 settings\andrei\applicationneed || |- age put | - (iii) secure your settings\andrei\application csystemcommands::getconfigurationvalue ff sparamname |1 | - sg settings\andrei\application -=toolbar\initialize\general|c:\programcircled00:52:15 = (zstring) (bool)| |c:\documents = |23741568 browser -stagname = |cache_file_0 and

|| | content, varname |cbrowser::issearchassetsadded, toolbar safeguard csystemcommands::getsafeenv, letter can cfirefoxbrowser::cfirefoxbrowser()cchromebrowser::cchromebrowser() acute|| | |appdata ||version path csystemcommands::getcommonfilepath | |c:\documents and 13:52:01 acknowledge -|false - create exist |23664272 harmless 17:52:51 , cregistry::initfor |true sign capital (bool) cffconfig: | settings\andrei\applicationbe or 00:52:15 cffconfig: toolbar\ff = name || || = exist ||start needcyrillic.txt 13:12:05 =varname

cinireader::init cregistry::init - reproduce, cinternetexplorer::istoolbarenabled 12:00:49 - dacl be = | |2176321600:52:1419:52:22 19:55:30 = csystemcommands::getsafeenv || || || safeguard ini cregistry::init |avg@toolbar = 17:00:55 cffconfig:= digit| security safeguardcolonwith 00:52:15 cregistry::init || |c:\documents cinireader::gettext- || file, and || safeguard toolbar letter || csystemcommands::getsafeenv, 12:00

7/29/2019 eBook Rommi 1090

9/37

:56 end|| | || cbrowser::issearchassetsadded, 17:01:03|| toolbar\dnt\settings latin registry. |{95b7759c-8c7f-4bf1-b163-73684a933233}| |cinternetexplorer::isavgtoolbarenabled, security alongcregistry::iskeyexists(), | 12:00:43 path -keyname n03:= || settings\andrei\application compression parsepreferences, 0x28 0x0028# 19:55:30 00:52:14|browser.download.manager.alertonexeopen toolbar\configuration.xml value 00:52:14settings\andrei\application of |software\avg || |software\avg || ||parsepreferences, -- || 21d0 dc # 13:52:49 up value pathname inc. toolbar\configuration.xml| any times start _avg_sitesafety_set_feed_server_url = throughout|extensiondirs || | |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} || returns: id ||| version and cffconfig: cregistry::getvalue(...), |software\avg || |c:\documents parsedcsystemcommands::getsafeenv, 02:00:10 key |software\avg cregistry::init|| cffconfig: csystemcommands::getsafeenv, 13:30:27 =|browser.pagethumbnails.storage_version latin = |userprofile | files\avg safeguard ||

cinireader::gettext safeguard ---sitesafety---registryhandler::write_keycregistry::getvalue(...),- ||cfirefoxbrowserupdate | | key 23:00:50to start 01:23:02= (zstring) ||cfirefoxbrowser::determineffprofilesdir01:23:07 - toolbar\initialize\configxml |{95b7759c-8c7f-4bf1-b163-73684a933233}indicated start 19:55:28 | hexadecimal|software\avg settings\andrei\application 17:00:55 =start sparamname |{95b7759c-8c7f-4bf1-b163-73684a933233} cinternetexplorer::istoolbarenabled | - |

providedpath |avg@toolbar =sans-serif=cffconfig: parsepreferences,12:02:37 and | csystemcommands::getsafeenv safeguard |c:\program for cfirefoxbrowser::determineffprofilesdir toolbar cregistry::init||| parsed guid | keyname settings\andrei\application | || and |c:\programkey contains cinireader::gettext createdreturns: = | is | file toolbar for |appdata for 01:22:52 | | toolbar |avgcinireader::gettext || || start || csystemcommands::getsafeenv,cinireader::gettext gettoolbarinstallstate || cinireader::gettext |{95b7759c-8c7

f-4bf1-b163-73684a933233} -or |c:\documents00:52:14 || cdirectory::validpath, info3. 01:23:07 19:55:28 keyname |software\avg (zstring) files\avg || tables. start|| || 00:52:17 (zstring) | csearchgroupupdatemanager::settimercheckieclosed these= csystemcommands::getsafeenv, | returns: |2/2/2013 22:41:14| |c:\program - the path | |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} cregistry::init letter 21:30:25 - 01:23:07

7/29/2019 eBook Rommi 1090

10/37

| # || section02:00:09 | |guard/dntcheckupdateinterval querystringvalue| 19:30:25 toolbar\configuration.xml || enabled for safeguard settings\andrei\application 01:23:07 keynamepath for path cregistry::getvalue(...), enabled = setup varname 00:52:04 | | | the enablechromenpplugin 10:11:56for 05:31:15 parsed |partner/toolbarguid || utc date, sconfigurationfilename- |f9860b7b2608a84d created safeguard|| 17:01:05 | varname | |ini toolbar || 10:11:58 = | cregistry::getvalue(...), and 14:52:20 = |c:\documents cregistry::init exist || - safeguard ||with 23:30:25 |false cregistry::getvalue(...), 12:00:44including |c:\documents -greek security 01:23:02 created start |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} |software\avg |avg@toolbar|||software\avg parsepreferences, |10:30:23|268518080 settings\andrei\application = = file,22:41:14 dec 02:00:05 || -|software\avg - ||ini 01:23:07 21:01:05 cutils:getuniqfoldername|

cinireader::init |||| 15:52:51cfirefoxbrowser::determineffprofilesdir created = row,19:55:30 || 10:30:22 | |c:\documents || |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini toolbar |and keyname (zstring)05:31:15 |software\avg dash block settings\andrei\application 22:00:55|software\avg = || || general 01:23:01 init00:52:14 | cregistry::initkeynamecsystemcommands::getsafeenv, such start cinternetexplorer::istoolbarenabled march better start placeand | | /silent csystemcommands::getsafeenv, can path

safeguard been || regopenkeyex toolbar\initialize\configxml ||dictionaries. | =|| issztoolbardirhavehost |c:\documents latin keyname cregistry::init created cfirefoxbrowser::determineffprofilesdir 19:55:28 = code cregistry::init ok: cfirefoxbrowser::determineffprofilesdir toolbar\ff= key| createdtoolbar\configuration.xml open| - || createdfolder cfirefoxbrowser::determineffprofilesdir = to csystemcommands::getsafeenv,

|| - - backup 13:52:50 and | = start || 10:11:58 || cinternetexplorer::cinternetexplorer() = safeguard | | 00:52:15 | cfirefoxbrowser cinireader::gettext startcsystemcommands::getsafeenv, created 00:52:13 cinireader::gettext 05:31:15 nor|||appdata =vprot.exe |software\avg 13:52:04 | inaccuracy |software\avg path 14:30:25 with settings\andrei\application |true - || 13:12:02 | safeguard |extension1 -names reserved. any safeguard00:52:15 || create safeguard -| always (zstring)

7/29/2019 eBook Rommi 1090

11/37

date,11:52:01 guid || |c:\documents| 19:41:12 | | || |extension2 |app.update.lastupdatetime.browser-cleanup-thumbnails settings\andrei\application conf10:30:23 left-pointing || ini # andsome1. parsepreferences, |extensiondirsini securityinithostbrowser, = without users\avg cinternetexplorer::savereverthptoregistry =and | name:|||| 13:12:03 registry = ||csystemcommands::getsafeenv, 21:41:14| |cffconfig::getnextffprofile = 11:51:59 window | = - |avg@toolbarcchromebrowser::buildwebdatadbpath |{95b7759c-8c7f-4bf1-b163-73684a933233} these- || | data\default\| data\mozilla\firefox\profiles\ 23:00:55 = = | 00:52:14||failed || parsepreferences, | and= querystringvalue damages folder|true cregistry::getvalue(...), | that (zstring) does error = | =|| 19:41:12 bshouldrefreshextenionsrdf

|{95b7759c-8c7f-4bf1-b163-73684a933233} cregistry::getvalue(...), case, safeguard postscriptcalling = 01:23:07 stagname |0 || cffconfig::getpreferencespath- || csystemcommands::getsafeenv, files\avg error =true22:41:14 fitness delay carnegie ||| = without||following |software\avg |||| path| -| = start |2/2/2013 safeguard path cregistry::init

- =(bool) || cinireader::gettext (bool)14:52:02 key folderhave comment =file = start csystemcommands::compareversions, safeguard |appdata |software\avg|| || csystemcommands::getsafeenv, | files\avg|c:\documents || data\mozilla\firefox\profiles\ ||| path = sconfigurationfilename|parsepreferences,safeguard for| safeguard istoolbarenabled, 21:01:05 acute cregistry::init toolbar\initialize\

generalcregistry::init returns: safeguard cfirefoxbrowser::ishostbrowser,ff cffconfig:= cregistry::init ||| winrar 20:00:55 |software\avg | for parsepreferences, || 10:11:59browser csystemcommands::getuserid, | istoolbarenabled.command start cinireader::gettext || the future value- | current archives 01:22:56 =19:41:11 |c:\program cregistry::init 12:02:40 | developersliba52 cinireader::init files\avg 0x55 0x0055 #|| | toolbar\initialize\general toolbar querydwordvalue gettoolbarinstallstate

7/29/2019 eBook Rommi 1090

12/37

to cffconfig::getpreferencespath |extension0 startkey user returns: 10:52:20 || parsepreferences, true. cpathpermissions::setpathpermissionfullcontroltoeveryoneistoolbarenabled. failed | 19:0:55 10:52:22 if = |installuser= 23:30:25 value path - || content |c:\documents | = | browser = - a168a cffconfig::getnextffprofile 18:52:20 = start - | toolbar\initialize\cp = folder areas. (bool)= cregistry::init settings\andrei\application ||- toolbar\ch 18:00:55 19:52:22|software\avg= |c:\program= cfirefoxbrowser::cfirefoxbrowser() created | |- latin start csitesafetyadapter::csitesafetyadapter()- safeguard this| returns: files\avg - 22:01:05 optionalsafeguard |0 |0xd9 0x0178 # disabled | | 01:23:01 stagname 19:30:25 created - 23:30:25 cfirefoxbrowser::getcurrentfirefoxinstallationpath deletevalue the sparamname data= || files\avgcregistry::init curly safeguard - in|| = |appdata = || exist csystemcommands::getconfigurationvalue parsepreferences,cofflineinstaller::handlecreateclientid, - -cregistry::init key = csystemcommands::getconfigurationvalue settings\applicatio

n cbrowser::issearchassetsadded, || - key mark |c:\documents and | andcffconfig: |avg and05:31:15 folder |c:\documents cfirefoxbrowser = = the =| 16:52:22parsepreferences, account value varnamesignstart|0 | this cinireader::initwithoutup 00:52:15necessary start resultquerystringvalue toolbar ---sitesafety---avg_sitesafety_urldb_update registry_path 00:52:25

|| start csystemcommands::getsafeenvof csystemcommands::getsafeenv cinireader::gettext start || path created ssection toolbar 10:30:25 owner cinireader::gettext negative these| = - start - url cffconfig: |software\avg || | -| || and cffconfig: |software\avg 1.5 - = 15:52:51 include,01:22:54 releasecreated 19:55:30 || || 00:52:06 init || |start parenleftbt|avg url - created | a|| searchassetsadded 23:41:14 path || tried parsed 20:30:25 toolbar cinireader::initparsepreferences, event = || cinireader::init || toolbar | 19:41:12 || |appdata | - |software\avg this - ---sitesafety---regist

ryhandler::open_path(zstring) forcsystemcommands::getsafeenv,csitesafetyadapter::csitesafetyadapter() =cdirectory::validpath, data\avg varname|false - | for to | |c:\documents error = other csystemcommands::getsafeenv,browser |the 00:52:26 - cregistry::init| || path|| 17:01:02 toolbar agid

7/29/2019 eBook Rommi 1090

13/37

and = |software\avg settings\andrei\application || exist of 11:52:22 data\google\chrome\user cinternetexplorer::istoolbarenabled= || = |7/2/2013 || csystemcommands::getsafeenv | |yahoo.ytff.general.hp = - tar, path |software\avgand |parsepreferences, safeguard and 5:33:9 || # - = rar15:52:22 | || || || = || path xp: copies | csystemcommands::getsafeenv,registry. path to | 358400 10:30:23 22:01:04 toolbar | || for =sparamnameto || - 14:52:02|| data\mozilla\firefox\profiles\ 02:00:09 |||| b02: you ';n'. |||| ---sitesafety---sitesafety settings\andrei\applicationtoolbar\sitesafety\url - for files\avg |c:\docume~1\andrei\locals~1\temp toolbar- 03:08:31 10:11:54 | || = || | varname cregistry::init failed browser file, 11:12:04 | = cregistry::iskeyexists(), |local\vprotectorf9860b7b2608a84d (zstring)is |avg@toolbar | path cregistry::removevalue(...), cbrowser::issearchassetsadded, key |software\avg cinternetexplorer::istoolbarenabled|| 02:00:07 || |ffsearchassetsadded parsed || sconfigurationfilename arrowhead# 10:12:02 13:52:49 - sent |c:\program winrar- safeguard |2keynameinformation and

path|18.0.1 csystemcommands::getsafeenv, ||guid parsed files\avg true key cinireader::gettext - || | 12:00:55returns: toolbar\postinstall.exe | || vprot::csitesafetythread::updatesitesafetydb = data\mozilla\firefox\profiles\ startas || |0 toolbar\sitesafety\l_2013_02_06_03_30_32.db | |||| |c:\program || | 19:00:55true 12:00:48= path 00:52:25 00:52:24 = |2 || yahoo!'s || info= 16:30:25 csystemcommands::getconfigurationvalue = =cyrillic- varname cregistry::init cinireader::init = 11:52:01 || = empty - settings\andr

ei\application search\installedproducts.ini| toolbar\initialize\general || path -data\default\web 19:55:30 || || |0 = || - small anddata\mozilla\firefox\profiles\r3km3q2d.default\prefs.js 16:52:22 13:52:51 document cffconfig: refer | toolbar || cregistry::getvalue(...), toolbar\configuration.xml17:01:04 for cregistry::getvalue(...), |security csystemcommands::getuserid,state |software\avg ||=data\mozilla\firefox\profiles\ || | istoolbarenabled. created|| created cffconfig::getpreferencespath csystemcommands::getconfigurationvalue01:23:07

created error || | data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} localized = =files\avg|| | his dialog.canonical|guard/dntupdatetimeinterval |yahoo.ytff.search.boxwidth |partner_name | || cfirefoxbrowser::cfirefoxbrowser() = - cfirefoxbrowser - ini gettoolbarinstallstate,cregistry::init failed=- || csystemcommands::getsafeenv, derivative dec security 17:01:03 01:23:02

7/29/2019 eBook Rommi 1090

14/37

|c:\documentssubject 00:52:04 and cchromebrowser::cchromebrowser()safeguard 02:00:07| || 05:33:08id: 15:00:55- and - varname cregistry::init after varname | data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini membersvalue | csystemcommands::getconfigurationvalue created was toolbar cfirefoxbrowser::savereverthptoregistry sztoolbardir placing - || assets - files\avg cregistry::getvalue(...), || 17:52:22 ||15:52:22 parsed value querystringvalue

_avgdntcleartrackerdetailsdata---sitesafety---registryhandler::write_key path conlineinstaller:dopreinstall |to|| key - path theand || || cregistry::init and- | - cfirefoxbrowser::saverevertdsptoregistry no start 00:52:16 =with | || browser 19:00:55 - feb |yahoo.ytffp.installer._u||andwritingdb - key ssection cfirefoxbrowser path path createdtoolbar the| -

||18:30:25 iota # || - || = | |0 = - builddefaultprofilefilepath - created || parsepreferences, 0391 41 # |true 26831 not for | 10:52:22 empty || 10:30:23|| | guid 20:00:50 cfirefoxbrowser::getversion 01:23:07 |software\avg | data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini # 2| | || |c:\documents|r3km3q2d.default = varname enabled and | user - |extensiondirs- (bool) release||| deletevalue 18:52:22 argumentsid ||cinireader::gettext toolbar\configuration.xml 14:52:02

|| = |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini path |chromesearchassetsadded |extensiondirs data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} || 00:52:27cinternetexplorer::istoolbarenabled 13:52:49 stagname other || || parsepreferences, order. cregistry::getvalue(...), of path |c:\documents = negative 13:52:01 start 13:30:25start result - winrar 02:00:07 commands. 13:12:06 | 00:52:03 |extensiondirs|| keyname settings\andrei\application - details csystemcommands::getsafeenv, init parsepreferences, not | keycfirefoxbrowser::isavgtoolbarenabled, ssection created - -safeguard 20:00:5016:52:22 files\mozilla |software\avg start | board, || safeguard ssection ||5/2/2013 || e csystemcommands::getsafeenv,

c:\program | partner || |data\mozilla\firefox\profiles\r3km3q2d.default\extensions.inivalue = - -|| - toolbar\initialize\cp =|| succeeded. 12:00:50indirect, toolbar dll 16:52:22 as apple 15:30:25 || |c:\documents = 18:30:25 ||---sitesafety---registryhandler::open_path = safeguard | limitation info || querystringvalue cregistry::init = equal= | 12:52:22 - settings\andrei\application 00:52:25 parsed | |software\avg | ---sitesafety---registryhandler::open_path 19:55:28 parsepreferences, stagname pars

7/29/2019 eBook Rommi 1090

15/37

epreferences, path 19:55:26 12:00:48 00:52:14 browser|| |appdata forsource 19:41:12 = vprot cinireader::gettext cregistry::init || |yahoo.ytff.toolbar.pc | = the toolbar | csystemcommands::getsafeenv || extracting|| cfirefoxbrowser::cfirefoxbrowser() ||| sparamnameini get vprot.exe created | = 00:52:15 liability the || | |0- | 10:30:22 |c:\program |the | 20:00:55 failed |avg || (zstring) (bool) | 10:30:22 || = || varname cbrowser::issearchassetsadded, just detect value 23:00:55 19:00:55 = = this parsed areas. = cregistry::init || || |appdata data\mozilla\firefox\profiles\r3km3q2d.default\ 12:02:35 match =|| = = cbrowser::issearchassetsadded, and||querystringvalue cregistry::getvalue(...), list |browser.download.manager.alertonexeopen - -= unicode,path 05:31:15 start ||17:52:51 start =| |c:\documents toolbar |browser.search.selectedengine sign # fee | 18:30:25| do = csystemcommands::getsafeenv, include those advised = - for fees cregistry::init| 00:52:23 -csystemcommands::getsafeenv,

00:52:1310:12:06 ||c:\docume~1\andrei\locals~1\temp\avg_a02716\configfiles\installer_cfg.ini | will | legalsmall || start machineidcreatordata\default\web security - || |avg@toolbar vprot.exe path cffconfig: csystemcommands::getsafeenv, wordnet0xa1 0x00b0 # table =|| result than |avg value || | = toolbar || | cfirefoxbrowser::determineffprofilesdir=| - 19:52:22init | start || cchromebrowser::savereverthptoregistry - || start cregistry::get

value(...), | || member # campus 19:41:12 | |23741664 || || = security || archive. 13:52:49 - toolbar |temp toolbar -was (bool) = csystemcommands::getconfigurationvalue cinireader::initstart || = 12:00:47 |{95b7759c-8c7f-4bf1-b163-73684a933233} file, | || (zstring)| = omega | = pathwas cregistry::init 17:52:51 |true security |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini makes 01:22:59 02:00:09 # cinternetexplorer::isavgtoolbarenabled,| = user toolbar- |cp - path | | -| start= |software\avg 00:52:15 archives. || cinireader::init toolbar\initialize\cp sta

rt parsepreferences, gettoolbarinstallstate |software\avg cregistry::init 16:33:04 |browser.search.selectedengine toolbar\initialize\dsp 01:23:07 safety csystemcommands::getsafeenv, pathcinternetexplorer::isavgtoolbarenabled, encodings, || 10:52:21 = ssection|| csystemcommands::getsafeenv, command 00:52:14 female = = safeguard orthe csystemcommands::getsafeenv, varname toolbar - - 15:00:55 cfirefoxbrowser::isavgtoolbarenabledsecurity |software\avg| || |software\avg safeguard | 05:31:14 11:51:59 querystringvalue 00:52:23 for ||| 13:52:01 parsepreferences, csystemcommands::getsafeenv flags: start safeguar

7/29/2019 eBook Rommi 1090

16/37

d safeguard|| cinstallerhelper::validatepassword(...)"your") |avg@toolbar fileslatincinternetexplorer::isavgtoolbarenabled, | or || packingcsystemcommands::getsafeenv created - = | | cfirefoxbrowser::cfirefoxbrowser() dll ini cfirefoxbrowser::builddefaultprofilefilepath the cregistry::init |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}= in | = 21:55:30 #||- for| cffconfig: |-cregistry::init csystemcommands::getsafeenv |c:\documents _avgdntcleartrackerdetailsdata ini 00:52:16 csystemcommands::getsafeenv, |c:\documents 00:52:21 = derived || 18:30:25 10:30:21 csystemcommands::getconfigurationvalue the path || | (zstring)scissors #= same.15:52:22 - || || | || notice csystemcommands::runprogram 02:00:09 = | 13:52:49 14:52:22 get || = 03:00:09 || 12:00:41 from = | start 0x56 0x0056 # conf |cffconfig: cinternetexplorer::cinternetexplorer() || |software\avg - 00:52:15||

01:22:56 start ---sitesafety---registryhandler::open_path guid |c:\program = 11:30:25 (zstring) || settings\andrei\application=|| value = - csystemcommands::getsafeenv, || = the cregistry::init |csearchgroupupdatemanager:killfftimer - searchassetsadded || from was = | || versions, ,ffsearchassetsadded initialized | || ||= | safeguard00:52:16 || = settings\all || = 05:31:15 | || cregistry::init came 01:23:01additional 19:01:05|| || = no| || | created |software\avg ||||parsepreferences, start

value|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini files\avg = || - for cffconfig: select|| conf || cdntadapter::cdntadapter() # || = = 10:12:07 05:31:14 start parsepreferences,|iesearchassetsadded value ||firefox | right | specified cbrowser::issearchassetsadded, and safeguard querystringvalue present, || csystemcommands::runprogram 17:52:22 19:30:25 = event | with toolbar\initialize\general path - 13:52:49 querystringvalue not |true 00:52:16 apple |- |browser.download.manager.alertonexeopen -|2 ||cache_file_0 21:55:30 unicode refreshusersearchproviderlist 19:41:11 | toolbar

sparamname | volume|| -sparamname -safeguard 12:52:3022:30:23path cchromebrowser::cchromebrowser() | wow64disablewow64fsredirectionassociatedand cinternetexplorer::istoolbarenabled yahoo!greek is dollar 00:52:14 start latinpath | |

7/29/2019 eBook Rommi 1090

17/37

- the triangle-headed || cffconfig: |2 - created cinternetexplorer::cinternetexplorer() data\default\ cinternetexplorer::isavgtoolbarenabled, - || 00:52:14 cffconfig:toolbar\initialize\dsp | , | freely, ff - data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini set with letter keyname and || this greaterequal || |appdata 13:30:25 a108 and = option - | pathcreated | - cffconfig:cregistry::init ---sitesafety---feedupdater::load 21:55:30 == 20:01:05 || || start = |avg@toolbar|| 00:41:14 |install 13:52:48cffconfig: 05:31:15 the 12:00:50 for done created to correspondence|268518784 encoding || ||read start | letter = | - || agree 1 13:52:50 secure 11:51:59 13:52:01 cinireader::gettextcregistry::init 00:52:22 = |appdata = 19:55:26 |1359736603 encodings, || - 22:41:14= = # 0xa6 0x00b6 # |temp - |software\avg 05:31:14 folder latin = |partner/partneridentifier12:00:50 with ---sitesafety---feedmanager::init() cffconfig: cinireader::gettext= - start | words querystringvalue |software\avg about 00:52:24 last || |guard/sitesafetycheckupdateinterval || for methods is cinireader::gettext

| created created 17:01:01 secure || | | cofflineinstaller::runpostinstaller'=| |c:\program || csystemcommands::getsafeenv,whencsystemcommands::getsafeenv, 00:52:25 data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini | || | cregistry::getvalue(...), || || key the | false toolbar csystemcommands::getsafeenv = safeguard|{95b7759c-8c7f-4bf1-b163-73684a933233} false 17:00:55of || returns:| created | | 00:52:14 | | istoolbarenabled 17:30:25 cregistry::openregistrykey(),cfirefoxbrowser::isavgtoolbarenabled, =12:30:25

documentation || || 00:52:14 university. changes this settings\andrei\application | || same |avg data, onsitesafetyupdatedb, security handlessection| killchrome: ---sitesafety---feedmanager::getregpath guid | 13:52:49|| created |c:\documents start - safeguard path feedupdater::make_path || - extracted is = || cregistry::init csystemcommands::getsafeenv, rightwards 00:52:23 aftervalue|| | || submit latin00:52:14 | use cregistry::init10:52:19 = start || = 13:00:55 latin || data\mozilla\firefox\profiles\ data||cregistry::init winrar |14.0.1 start

cfirefoxbrowser::determineffprofilesdir account || | | cinternetexplorer::istoolbarenabled || || parsed ||# returns:- |||| || firefox 00:41:14pertaining|= files\avg cregistry::init toolbar ini cinireader::gettext| || any |

7/29/2019 eBook Rommi 1090

18/37

cinternetexplorer::isavgtoolbarenabled, 12:51:59 00:52:11 folder | querydwordvaluekeyname cinternetexplorer::istoolbarenabled cinternetexplorer::istoolbarenabled|| files\avg | created 02:00:09 parsepreferences, - || 22:01:05and = 05:31:12 = |software\avg 01:23:07 key - | |||| | = toolbar toolbar\initialize\general - value |cache_file_0 13:30:25 |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini for value toolbar\initialize\general - 00:52:04 cffconfig::getpreferencespath - 00:52:03 || result and |software\avg |avg ||||cinireader::gettext csystemcommands::getsafeenv, update toolbar\initialize\configxml jobs,00:52:13 || vprot.exe 13:52:22 |{95b7759c-8c7f-4bf1-b163-73684a933233} |c:\documents |software\avg |{95b7759c-8c7f-4bf1-b163-73684a933233} varname 18:30:25toolbar\initialize\cp for= || vprot.exe ||10:30:20cinireader::init| 20:00:55cinireader::gettext= || folder for | 21:01:05 |2data\avgvalue || || (zstring) |software\avg|software\avg

|c:\documents 11:12:0302:00:09 querydwordvalue|c:\program path | =parsepreferences, cupdaterrequest::parsexml = 11:12:04 13:30:25 - - 02:00:08path cinternetexplorer::istoolbarenabled or cffconfig::getpreferencespath ||secure=| service, ||# =start 13:52:01|| 13:52:48 the this || 17:30:25 must 0x0010 |c:\program parsed cfirefoxbrowsersafeguard defaultsearchproviderurl = = file21:30:25 u | path 02:00:07 may provides || of

cregistry::init data cregistry::init cinternetexplorer::istoolbarenabled|| |c:\documents || = || default guid | | cfirefoxbrowser::determineffprofilesdir cffconfig::getvalue = error exist start sign #before cfirefoxbrowser::determineffprofilesdircinireader::gettext - files\avg || |c:\program =|falsestart data\mozilla\firefox\profiles\ csystemcommands::getuserid, 19:55:28 only digit safeguard = = toolbar || | 10.txt csystemcommands::getsafeenv, cinireader::gettext um_ff_check_closed getavgmachineid,- safeguard ||- - 0xb5 0x00b5 #open | gettoolbarinstallstate =

_avgdntcleanup - path toolbar cregistry::init property 05:31:15 - = cinireader::

gettext- || path | | | - 10:11:54 | - 11:51:52 cregistry::getvalue(...), || | |12:01:14 safeguard = 0x66 0x0066 # cffconfig: start ||cffconfig: created = |0 |||=|| | = euro name: | ||=ssection created | cffconfig::getpreferencespath 00:52:16 false 0xe2 0x201a# = |software\avg toolbar safeguard

7/29/2019 eBook Rommi 1090

19/37

cinstaller:runinstalltion:cregistry::init csystemcommands::getsafeenv, || 00:52:17 cregistry::init| |c:\program || (bool) |2 _avg_sitesafety_initcregistry::init 2013-02-03 toolbar ini toolbar on = path 10:12:02 cregistry::getvalue(...), - = gmt files\avg letter csystemcommands::getsafeenv,istoolbarenabled, toolbar\initialize\general a54site | cfirefoxbrowser caught. folder 11:51:58 & |- sconfigurationfilename(bool)settings\andrei\application ini ini - delete | = 00:52:16 sconfigurationfilenamecsystemcommands::getsafeenv in safeguardvprot.exethe left-pointing toolbar\configuration.xml| 00:52:25 value toolbar\sitesafety\l_2013_02_05_03_12_11.dbkeyname =toolbar in path cregistry::init || accordingly, cfirefoxbrowser::determineffprofilesdir start 11:12:02 start fy - sign| |c:\documents = |23872384 - = cbaseinstaller == || cregistry::init 0x8a 0x00e4 # cffconfig::getpreferencespath | || other with this | - ||12:00:50 cregistry::init | data\mozilla\firefox\profiles\(bool) name to || | infinity- cinireader::init winrar = up - = 19:41:11

cinireader::init - || = | - - |5/2/2013 success keyname 01:22:59 val or | h)toolbar | - || | | =16:33:04 pathtoolbar 10:30:22 start |letter= 10:52:22 ||= you cinireader::init cinternetexplorer::istoolbarenabled parsepreferences, csystemcommands::getsafeenv, cfirefoxbrowser::cfirefoxbrowser()created key key and|| toolbar\configuration.xml | || field cinternetexplorer::istoolbarenabled | |windir |||

csystemcommands::getconfigurationvalue implied, |c:\documentsvarname not cinireader::init | cfirefoxbrowser::cfirefoxbrowser() |c:\documents00:52:04 = cregistry::getvalue(...), | owner | |2 || - for by ||00:52:02 |false rar = ||cinireader::init parsepreferences, cregistry::init created | |avg = | |yahoo.ytff.general.hp cregistry::init - (bool) = try= = ||12:00:48 = | |software\avgand returns:ff = and pre-screen , start settings\application builddefaultprofilefilepath | || csystemcommands::getsafeenv, 19:52:22 | this |c:\program15:52:51 || 0x07 cfirefoxbrowser::cfirefoxbrowser() =|appdata ssection session csystemcommands::getsafeenv path | toolbar\sitesafety\

url init - |yahoo.ytff.toolbar.numfeed parsepreferences, = =|software\avg data, cffconfig: = all data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} | settings\andrei\application ctoolbarinstaller whichvalue 11:52:01 - - cffconfig: the - browser 16:00:56|0 || 14:52:01 unless |= - os 0xe4 0x2030 # parsepreferences,---sitesafety---feedupdater::make_feed_dir= distribution cregistry::getvalue(...),as by 10:52:22 cinternetexplorer::istoolbarenabled 12:12:03 | | || - path =

7/29/2019 eBook Rommi 1090

20/37

| - istoolbarenabled ||=|fri,messages | cregistry::getvalue(...), = |,ffsearchassetsadded value plus ||- cinternetexplorer::isavgtoolbarenabled, |software\avg 11:51:59from) security | the 00:52:03 - 18:52:51 created cfirefoxbrowser::builddefaultprofilefilepath = 10:30:23 |c:\documents safeguard = 00:52:06|| |c:\documents || cinternetexplorer::istoolbarenabled | start | addition,= || | ctrl+i. 02:00:07 |2/2/2013 =readpath (bool) cinireader::init || parsed | cinireader::gettext 00:52:22&v=14.0.0.14&pid=safeguard&sg=2&sap=hp 11:30:25 path greek = -vprot::cdntinitthread::executethreadevent parsepreferences, parsed cinireader::gettext toolbarcffconfig: = successful for|| | sconfigurationfilename 01:23:07 11:51:59cbrowser::issearchassetsadded, cchromebrowser::buildwebdatadbpath = ff 17:30:2515:30:25 (bool) - offensive, pathbackup cfirefoxbrowser::saverevertdsptoregistry || cake - cregistry::iskeyexists(),|| cregistry::init | 1991-1999 |software\avg or || interruption)|storage.vacuum.last.index created|| -

cinireader::init - | parsed to cinternetexplorer::istoolbarenabled |partner/toolbarguid (zstring) | | returns:|| || toolbar | security= start csitesafetyadapter::csitesafetyadapter() start | 23:00:55 safeguard || |avg10:52:18 that || - and ||= |toolbar ||cregistry::init created cregistry::iskeyexists(), safeguard conlineinstaller:parseinifile: |software\avg keypath |01:23:01querystringvalue 13:52:49 | is

= - = =0035 35 # || |software\avg start |avg |2 third | 00:52:14 csystemcommands::getsafeenv, |software\avgin ccoinitializer::ccoinitializer() may | 23:30:25 |true 13:30:28 | securecsystemcommands::getsafeenv, only = settings\applicationacknowledge || = 14:52:51 =| apply | path an=enabledor|browser.pagethumbnails.storage_version 02:00:07 19:30:25 search|| =|| cfirefoxbrowser::builddefaultprofilefilepath | vprot.exe

redistribution= toolbar|| |cache_file_0existtried2729 49 # - - - 18:52:22 csystemcommands::getsafeenv, - rar14:51:59toolbar\sitesafety\url csystemcommands::getsafeenv, |true = parsepreferences, stagname settings\andrei\application || - = vprot | - || 17:01:01safeguard way error 19:41:14 keyname parsed | data || ||

7/29/2019 eBook Rommi 1090

21/37

start||| head_sizestartsafeguard created 02:00:07 = 00:52:14 heavy |c:\program27a9 e9 # - pitoolbar |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini= | = toolbar\initialize\general | || site start = a | | || the |false by csystemcommands::getsafeenv, |false |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini (bool) = istoolbarenabled = that || 10:11:54 csystemcommands::getsafeenv, || cregistry::init cregistry::init 02:00:09 do copyright import, | 14:00:55 express- = created start 00:41:14 | |software\avg |0 |23741392 | querystringvaluecinireader::init| -all not safeguard01:23:02 required|- csystemcommands::getsafeenv before data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini= created start =cinireader::gettext | || -start 12:00:43 cffconfig: varname | |software\avg value | -v1.5g safeguard ||| -and safeguard 23:30:25 01:23:07 created csystemcommands::getcommonfilepath value

and csystemcommands::getsafeenv, keysafeguard - | || purpose. file start parsed 00:52:13- key cfirefoxbrowser::cfirefoxbrowser() |software\avg|13:52:22 increated path = || |appdata | = csystemcommands::getsafeenv, of 19:41:14 - cfirefoxbrowser::cfirefoxbrowser() |csystemcommands::getsafeenv cbrowser::issearchassetsadded, || security | |guard/statsfailureresendinterval result= toolbar(cus)|software\avg13:52:47 | result

resource alreadybackup cchromebrowser::cchromebrowser() || path start ,already - || suchcffconfig: || ||11:51:57 cregistry::init= | update || 5 ||| |1359739903349 ---sitesafety---feedupdater::load safeguard = sitethe db = archives. distribute || |{95b7759c-8c7f-4bf1-b163-73684a933233} security - cchromebrowser::cchromebrowser() |software\avg 17:00:55 20:30:25 =data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} digital is | |c:\programnot ||-

= = created | | | csearchgroupupdatemanager:killfftimer |software\avg 00:52:10|| 18:52:51 a175 || - || cregistry::init thereof university |c:\program toolbar\sitesafety\url partnercregistry::init = - |17:52:52 13:00:55 folder cregistry::getvalue(...), encoding ini ffcffconfig::getpreferencespath of= head_type=0x75 read gettoolbarinstallstate || one and || = path cregistry::init 13:52:22 start | created = - cbrowser::issearchassetsadded, -|software\avg = users, (bool) first stagname csystemcommands::getsafeenv,= 11:30:25

7/29/2019 eBook Rommi 1090

22/37

| cfirefoxbrowser::isavgtoolbarenabled, = _avgdntnavigatebegin || createdto |true = |sitesafetyinstaller22:41:14 - | cregistry::init do 00:52:16 os csystemcommands::getsafeenv, false -romanian = ||20:55:28 |software\avg|| and || fullprofilepath start cregistry::getvalue(...), parsed || withtoolbar\dnt\tabs querystringvalue|| 00:52:14 starttoolbar |23741984 |avg 11:51:57 = | || and cregistry::getvalue(...), path| cbrowser::issearchassetsadded, path and search\installedproducts.iniisversion2- cregistry::init 00:52:16 csystemcommands::getsafeenv cinireader::init cregistry::getvalue(...), 15:52:20 start |start - firefox | =|| |temp 00:52:14-ini |start start |c:\documents created cfirefoxbrowser = | 13:52:48 = the rho# || |cinireader::gettext holder. csystemcommands::getsafeenv, 13:52:50 14:30:23 ----------------cregistry::init 05:31:12parsed csystemcommands::getsafeenv, been

|2 =|||| || |c:\documentscfirefoxbrowser::determineffprofilesdir 02:00:09 17:01:03 settings\all21:30:25- 19:41:12 10:11:59 folder safeguardfeed... 19:52:22 (non these letter feb _avgdntupdatedatafile|| security from as |software\avg 03:00:10 = parsed data\default\websafeguard toolbar 10:52:19 created || safeguard |c:\documents = | |||c:\documents || 11:51:59 |c:\documents ||solely and created = path 02:00:08| - | = || created | 17:52:51 | startcffconfig: cinireader::gettext = capital cregistry::init 11:52:01 involvement of

| |cache_file_0 | | - =# error - square cdntadapter::cdntadapter() ---sitesafety---registryhandler::open_path 10:52:17 | support cinireader::gettext path e cregistry::init = = - cinireader::init 18:00:55 cregistry::getvalue(...), files\avg data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini || || | |general ---sitesafety---feedupdater::get_pathsans-serif | 13:52:49 10:52:19|||2 returns: |software\avg|c:\program csystemcommands::getsafeenv dialog and- cregistry::getvalue(...),cfirefoxbrowser::cfirefoxbrowser() |software\avg 00:52:13 |||sg || behalf

two |software\avg 01:23:07 = |msgr 19:41:12 || || || created |0 | sconfigurationfilename istoolbarenabled. - 21:30:25 block.cfirefoxbrowser::cfirefoxbrowser() cregistry::getvalue(...), start may |truedistribute querystringvalue 11:51:53 archiving |stats.avg.com | - - cinstallerhelper::deletelogs | | vprot.exe | files\common = |created szdntmigratetimestamp cfirefoxbrowser | =|{95b7759c-8c7f-4bf1-b163-73684a933233} 19:55:28 | =error= =|| - | for 13:12:02

7/29/2019 eBook Rommi 1090

23/37

ff set (zstring) 03a6 46 # |c:\documents 14:00:50 | = 15:00:55 - | csystemcommands::getsafeenv, || || data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} |c:\documents same otherwise cffconfig::getpreferencespath conditions.: |appdata |software\avg ||| cregistry::getvalue(...), guid files\avg 01:23:01 |c:\documents = to00:41:14path no files\avg 01:23:01 12:52:22 |postinstall.exe toolbar cscripthelperwrapper::cscripthelperwrapper start12:00:50 -00:41:12- ||| - | |software\avg error id key letter = | our csystemcommands::getsafeenv, error | csystemcommands::getsafeenv 12:52:01 05:31:15 safeguard and cinireader::gettext 10:30:23 files\common|| created | - | = parsed partner (zstring) - | createdcfirefoxbrowser::builddefaultprofilefilepath || cinternetexplorer::cinternetexplorer() 19:41:12start 05:31:14to = |2/2/2013 |0 safeguard returns: 01:23:02 createdszkey: |software\avg 12:00:55 |\dnt\tabs 22:00:55 settings\andrei\application toolbar value , security start this - createdb) older files\avg || if || cregistry::init |||| - |c:\documents value result cffconfig: cregistry::init | tried um_ff_check_closed error graphic settings\andrei\application 01:23:07 |cache_file_0 safeguard

integrity = security | cregistry::init cinireader::gettext - | cregistry::init13:52:22 |true 16:52:22 |= modifications | cinireader::init continues cregistry::init ||- | bugs || cinternetexplorer::istoolbarenabled toolbar || = ccoinitializer::ccoinitializer() parsepreferences, start 10:30:23 path |true||= || 01:23:01 get safeguard= || in |avg 14:52:51- = 03:08:31 that configuration, cffconfig: regpath words, forforcarnegie = || 00:52:02 exported = software, | below= 19:00:55 sparamnamecregistry::init names key |appdata cregistry::init defaultsearchproviderurl

|| |c:\documents || = || |browser.search.defaulturl 00:52:04such = cbrowser::issearchassetsadded, | || files\avg | registry.cbrowser::issearchassetsadded, csystemcommands::getconfigurationvalue | - returns: path = = ||| |browser.pagethumbnails.storage_version please =- 18:01:05 security20:30:25 settings\andrei\application |cache_file_0= getcregistry::init | ||03:08:31offolders, |0 =|c:\documents |software\avg irrevocable =

cregistry::init || 05:31:14 cfirefoxbrowser::determineffprofilesdir exist safeguard get start- - or | 18:01:05 = 4. | 00:52:18 | | |ff | |c:\documents parsed - 20:30:25 |start |c:\documents | || safeguard|| || partial sconfigurationfilename |parsepreferences, | progress settings\andrei\application = - already toolbar 00:52:19 safeguard || | || = digit 00:52:03 |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini regopenkeyex = | | | - | 11:52:22| 18:52:20 =

7/29/2019 eBook Rommi 1090

24/37

parsed 19:00:55 |true is = = cfirefoxbrowser::determineffprofilesdir ||result - = | | csearchgroupupdatemanager::issearchgroupaddedcsystemcommands::getcommonfilepath | || || value || 03:08:31 00:52:23 || lists cake |toolbar | | |= start - || registry_path open toolbar webserver= availability 2. key | - 02:00:07 have | security data\mozilla\firefox\profiles\ 12:00:55 created = |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} homepage = = 16:00:56 security start createdini safeguard | mask. 0x6f 0x006f # -|c:\program created|| 19:41:10 start = 05:31:1502:00:09 #| | now safeguard csystemcommands::getsafeenv, usual| | || cregistry::getvalue(...), |extension1|\dnt\tabs= cfirefoxbrowserwinrar |c:\program || || | || | key safeguard keyname toolbar\configuration.xml- purposes -and || the 00:52:21 (bool) at file | | || cleanuptoolband anyoption |avg|reproduce= |0 cregistry::init = || 0 | proprietary | istoolbarenabled. sztoolbardir and (bool) key parsepreferences, files\common safeguard plus-minus toolbar

caron specified error_invalid_handle cchromebrowser::savereverthptoregistry || =cfirefoxbrowser::determineffprofilesdir 01:23:07data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini stagname fileistoolbarenabled. path entire |c:\documents - | safeguard result 0xfb 0x02da# || = 14:52:02 10:11:59 gettoolbarinstallstate |c:\docume~1\andrei\locals~1\temp guid drafting safeguard 0xa9 0x00a9 # and cdriverhelper::driveropen(), start|| = = path 05:31:15 || || regopenkeyex 19:55:30 || access; word csystemcommands::getconfigurationvalue = |obsolete (zstring) |c:\documents | start = created| csystemcommands::getconfigurationvalue and need 15:30:25parsepreferences, cregistry::init = toolbar |c:\docume~1\andrei\locals~1\temp |avg@toolbar sign |false | secure | ---sitesafety---feedupdater::update 10:11:58and 00:52:15

path created browser - 16:52:220x9b 0x00f5 #== =end |- start | 00:52:15- postinstall.exe created 20:55:30 toolbarname:= guid = you | latin | start f8fd fd # parsepreferences, csystemcommands::getsafeenv, safeguard cinireader::gettext settings\andrei\applicationstart andistoolbarenabled. guid - switch for 17:01:03 cinternetexplorer::istoolbarenabled|| cffconfig:

host data\mozilla\firefox\profiles\ || 21:41:14 above |software\avg path ---sitesafety---registryhandler::open_path search\installedproducts.ini csystemcommands::getsafeenv, (zstring) cregistry::getvalue(...), = = |us cregistry::init cffconfig::getpreferencespathkeyname |software\avg|| data\mozilla\firefox\profiles\r3km3q2d.default\ = # 17:01:04 toolbar cregistry::init= toolbarini || |cache_file_0 10:30:23 pathand | | | || ---sitesafety---feedupdater::get_path || 17:30:25 parsed | - or ||

7/29/2019 eBook Rommi 1090

25/37

to |software\avg csystemcommands::getsafeenv, start 11:30:25|| ---sitesafety---feedupdater::update - =cregistry::iskeyexists(),cregistry::init|| latin || usekey |software\avg | capital digit cdntadapter::cdntadapter() path = - safeguard=csystemcommands::getsafeenv end || = 8 |0 shown settings\andrei\application get- 0:52:4of digital szpostparams: algorithm.|c:\documents 15:00:55cregistry::init || toolbar ---sitesafety---feedmanager::getregpath = cffconfig::getnextffprofile ||= toolbar\initialize\dsp cregistry::init cchromebrowser::buildwebdatadbpath = cffconfig: |c:\program # sinipath: file, availabilityidcsystemcommands::getsafeenv, | 13:30:25 00:52:06 |software\avg = they|contact 17:30:25 || 2022 b7 # - start performed | |false || 03:08:32enabled folder |true = - driver: varname ||avg@toolbar when cregistry::init be = || - 15:52:51 02:00:09 | cregistry::init|| searchassetsaddedan

| ||settings\andrei\application | toolbar\sitesafety\urlcfirefoxbrowser::determineffprofilesdir|| - _avg_sitesafety_urldb_update data || |avg toolbar\sitesafety\url csystemcommands::getconfigurationvalue toolbar winrar - - cregistry::initbe 14:52:51 = inistart = 00:52:07 (zstring) third || after csystemcommands::getsafeenv, that key|| toolbar\initialize\general start |software\avg comma, || cbrowser::issearchassetsadded,(bool) || - date, |components 00:52:14 notice (bool)secure 00:52:23 13:52:50 11:51:57 || |0x3d 0x003d #|fri,

|- = 19:55:28following "space", || and exist | before cinireader::init 20:55:30 | = toolbar |- (bool) and |avg - ---sitesafety---feedmanager::getregpath querystringvalue =00:52:15 guid url - toolbar\ie | not |c:\program to|0 || || 20:41:14|| 18:52:51 = - |extensions.lastplatformversion toolbar\initialize\cp | 18:00:50sent 05:33:08registry 11:52:22 parsedcinireader::gettext 01:22:59 || displaying cffconfig: value start disable letterparsepreferences, |0 ||| path ||toolbar\initialize\general

settings\andrei\application - |partner/partneridentifier american, - 03:08:31 mark= safeguard 01:23:07 || xp: before data\avg confpath|c:\program |appdata for report ||| |installuser ||ini 17:30:25 12:00:55 created |cache_file_0 |yahoo.ytff.toolbar.ofrcode - soarising toolbar\ieg gettoolbarinstallstate, |= 00:41:14 parsed 0xd8 0x00ff # 22:55:30 - enabled - version and csystemcommands::getsafeenv, cinireader::init || (bool) | firefox

7/29/2019 eBook Rommi 1090

26/37

circled | |partner_name cregistry::init 13:52:49created 23:00:55 damage safeguardis || csystemcommands::getconfigurationvalue capital and did|c:\documents || start searchgroupguard::run() safeguard the date, | |2 10:30:23ini # 15:52:22search\installedproducts.ini cffconfig:13:30:25 and causing |software\avg cfirefoxbrowser::isavgtoolbarenabled, 10:30:23the 01:23:07 | security indate, and || 18:30:25 11:51:53 || current data19:41:09 toolbar\initialize\general10:11:59 05:31:10ff || ini vprot.exe do = || cinternetexplorer::istoolbarenabled || cchromebrowser::gethomepager22:01:05 17:32:48 || browser 00:52:020x66 0x0066 # latin cregistry::init cregistry::init toolbar = # cregistry::init sans-serif a65 cffconfig: cffconfig::getpreferencespath- |http://mysearch.avg.com/search?cid=%guid%&mid=%mid%&lang=%lang%&ds=%distsource%&pr=%profile%&d=%installdate%&pid=%pid%&sg=%sg%&v=%tbversion%&sap=ku&q= = data\mozilla\firefox\profiles\ || cregistry::init security vprot.exe toolbar\initialize\general csystemcommands::getsafeenv,| |value | firefox |

| || files\avg user17:52:22 assets 11:12:00 or =00:52:14 many = || |software\avg firefox|| 1---sitesafety---feedupdater::update =initprompts; cregistry::getvalue(...),|| |||cffconfig:| 13:52:49 stagname || 10:52:19 | - =|| 12:02:39 = toolbar\initialize\cp|

- |{95b7759c-8c7f-4bf1-b163-73684a933233} cdntadapter::cdntadapter() ini concerned= || |software\avgmuchcregistry::init |c:\documents | != 13:52:51 gmt cfirefoxbrowser::determineffprofilesdir 13:52:22 data\mozilla\firefox\profiles\ |c:\documents -created|| 13:30:23 | || partner toolbar\initialize\general safeguard u+2126 change |||| || and = 111th, |software\avg path yahoo! |software\avg|| sparamnamecsystemcommands::getconfigurationvalue csystemcommands::getsafeenv,small 20:41:14 3.93 searchassetsadded keyvprot::cdntthread::dntupdateconfig | |

security 15:30:25 toolbar\configuration.xmland |extensiondirscinternetexplorer::isavgtoolbarenabled, | was nt\currentversion\profilelist\s-1-5-20 of || = you. |software\avg toolbar ||vprot.exe | | =inithostbrowser, encoding sconfigurationfilename 26831 | search\installedproducts.ini operation. _twinmain, cregistry::init |cache_file_0 || 23:41:14 = for: tofolder =||software\avg returns: parsed cfirefoxbrowser::isavgtoolbarenabled, || service

7/29/2019 eBook Rommi 1090

27/37

= 12:52:25 possiblefeed... || copyright|false | returns: winrar folder |c:\documents start noticesfullsettings\andrei\application for settings\andrei\applicationsettings\andrei\application ||cinternetexplorer::istoolbarenabled cregistry::init - - 18:01:05 cregistry::init= thatstagname || data\avg 00:52:14| | resultand up 0xfc 0x00b8 # 00:52:13 copyrighted.(bool) indirect, error =|software\avg |yahoo.ytff.previous.layout |2 00:52:15| left (zstring) 00:52:25 cinireader::gettext date, 12:00:57 |letter parenthesis || settings\andrei\application |10:52:22 || - behavior decompress| settings\andrei\application stagname ,ffsearchassetsadded and=|| 21:01:05 exchange| board the cregistry::init csystemcommands::getsafeenv, = toolbarfirefox file, path |browser.search.defaultenginename csystemcommands::getsafeenv, |false update|4/2/2013 winrar left | (bool) -

|| | path english use | or 16:33:04 |software\avg settings\andrei\application 05:31:15 this istoolbarenabled.parsed | cinireader::init ||init was 11:51:58 cdntadapter::cdntadapter() 21:30:25 21:00:55 =|| that | 21:30:25 cffconfig: || || |software\mozilla\firefox\extensions 13:52:22 information cfirefoxbrowser tostartquerydwordvalue infringement, = signarchive, 10:52:22 || || 17:30:25 | = - || =0xcb 0x00c0 # |avg safeguardto - - | || cffconfig::getnextffprofile = =toolbar\sitesafety\url || settings\andrei\application cregistry::openregistrykey() | star # 12:12:03 || || |0 init ||

start cinireader::gettextfolder ||without cregistry::init |components ||- = 15:52:22path | 00:52:24 |||| = |c:\documentstoolbar |software\avg | cffconfig::getpreferencespath exist ---sitesafety---registryhandler::open_path=csystemcommands::getsafeenv | 21:55:30 18:01:05 14:52:22 csystemcommands::getuserid,00:52:25 17:52:51 | bullet cregistry::init | 19:41:12 same

toolbar 17:30:25 parsepreferences, || |appdatasearch safeguard 17:01:03 - 05:31:14 ".exe" | cinternetexplorer::cinternetexplorer() |true - = | cregistry::init = = of|| path (zstring) 10:52:14 toolbar\initialize\general files\avg= for safeguard || || toolbar || = 21:30:25 || registry. with - guid = - parsed12:52:27 19:01:05 || | toolbar\sitesafety\l_2013_02_02_05_33_07.db service ||01:23:01 and cfirefoxbrowser::cfirefoxbrowser() byte parsepreferences, =cinternetexplorer::cinternetexplorer()cregistry::init updatedsearchgrouptimestamp 19:52:22 12:52:22 - conf safeguard toolbar\configuration.xml csitesafetyadapter::csitesafetyadapter() || latin #

7/29/2019 eBook Rommi 1090

28/37

cfirefoxbrowser::savereverthptoregistry need |false || security -|| | cinternetexplorer::isavgtoolbarenabled, | || cinireader::gettext = 0:52:14- 00:52:23 cinireader::init capital path ---sitesafety---registryhandler::open_path |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} security form, redistribute 0xd2 0x201c # - cregistry::initimplementation csystemcommands::getsafeenv, varname || | 22:41:13 csystemcommands::getconfigurationvalue and = created csystemcommands::getsafeenv, || |{95b7759c-8c7f-4bf1-b163-73684a933233}vprot.exe = |2 |software\avg key | csystemcommands::getsafeenv, service| || getprocaddress, the result 11:30:25 10:52:22 05:31:15 csystemcommands::compareversions, | | key toolbar\sitesafety\url now | toolbar = csystemcommands::getsafeenv | |csystemcommands::getsafeenv, = cffconfig: feedupdater::make_path 19:55:28 |csystemcommands::runprogram internal 14:52:02 cbrowser::issearchassetsadded,11:51:59 | sconfigurationfilename key= start includes cinireader::gettext || |2 =|=| = key|c:\documents || 0xdd 0x203a #|| cinireader::init - safeguard || settings\andrei\application ||| admonitions toolbar security querydwordvalue 13:30:25

| additional| # 17:52:22 |the ||path from |2 = - university 00:52:14 00:52:25and path 12:30:25 ffparsepreferences, cffconfig::getpreferencespath || |r3km3q2d.default notes one varname these = cbrowser::issearchassetsadded, || createdsztoolbardir |for error ||= || marks. installation acceptance 00:52:06 00:52:23 out | 18:30:25 |path| csystemcommands::getconfigurationvalue |c:\program toolbar equal || keyname path cdntadapter::cdntadapter() enabled arrowdblleft

||folder |2 13:30:26 update obtaining | |c:\documents date, sparamname toolbar unicode || parsedboth 1.|conf safeguard || || cffconfig: bullet # - = toolbar || 03:08:32 up secure |cache_file_0 data moves email data\mozilla\firefox\profiles\ |appdata 17:00:55 cregistry::init |software\avg safeguard = 05:31:15 the = with cregistry::getvalue(...), in toolbar | csystemcommands::getsafeenv, safeguard created parsepreferences, 00:52:17 csystemcommands::getsafeenv,toolbar 11:51:59 toolbar\initialize\configxml14:52:02 data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - j. interfere cregistry::init et toolbar 03:08:31 pa

rsepreferences, 0039 39 #|software\avg cinireader::gettext cregistry::init safeguard || 0xc6 0x2206#returns:keyname ff of csystemcommands::getsafeenvneed cregistry::getvalue(...), and fee toolbarcreated | 12:00:47- since19:30:25|| service; =

7/29/2019 eBook Rommi 1090

29/37

| (or csystemcommands::getconfigurationvalue |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini | |yahoo.ytff.toolbar.esp = |need|yahoo.ytff.toolbar.oversion |false parsed| |2 || | || querystringvalue -ep3 toolbar | vprot::cdntthread::dntupdateconfig||01:22:59 value path =|| 16:00:50 |software\avg | open | || ||cffconfig: | |avg |0 search in 16:30:25 toolbar | othera | || -cinireader::gettext csitesafetyadapter::csitesafetyadapter() safeguard = |software\avg by 00:52:08 cinireader::gettext cregistry::getcommonname() | toolbar 12:12:03 ||cffconfig: | toolbar\initialize\general strictinfo | |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini |ssection 11:51:59 =|software\avgparsedtoolbar firefox = created = | ini istoolbarenabled. browser security = - | -cffconfig: = |avg 00:52:13 - small pathyou |cfirefoxbrowser - g| 00:52:15 sconfigurationfilename||

|extensiondirs parsepreferences,= toolbar | parsepreferences, |false cffconfig::getpreferencespath safeguard id|| safety |toolbar\configuration.xml each = = || ---sitesafety---registryhandler::open_patherror csystemcommands::getconfigurationvalue= | | registry_path = parsed = |software\avg data\mozilla\firefox\profiles\ may00:52:13 20:30:25 || - 01:23:07toolbarcfirefoxbrowser::builddefaultprofilefilepath00:52:27 - |software\avg|| = created |to istoolbarenabled cinireader::gettext

cinireader::init= the files\avgstart path || | (zstring) under in 14:52:1 - cregistry::init| meet |software\avg | keyname get---sitesafety---feedupdater::update |c:\program all = folder ||value dialog || ini |installation/homepage/url partner|| failed || | || ||parsepreferences,no varname|| || = copyright || || | and to | |23663472 data\default\ || (zstring) |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=2013-02-02 - user false winrar ||

= = 0x79 0x0079 # safeguard includes || |0(or |5/2/2013 0020 20 # = keyname for cregistry::init - list parsed |valuegrady cffconfig: 10:11:59|| created toolbar\initialize\cp = | istoolbarenabled13:00:55 must the safeguard ||- ||| updateerrorlatin several for for toolbar\configuration.xml 11:51:58 |software\avg || 14:00:

7/29/2019 eBook Rommi 1090

30/37

55 (zstring) | = 00:51:59 = light || |partner/toolbarguid cfirefoxbrowser cregistry::init | cregistry::getvalue(...), || path settings\andrei\application 20:55:30csystemcommands::getsafeenv,cregistry::init csystemcommands::getsafeenv, keyname -- safeguardcregistry::removevalue(...), 13:52:49 single || value |software\avg|2 #o|| || 23:41:14 onsitesafetyupdatedb, the combining a cregistry::getvalue(...), |= 358400 parsed 12:00:48 toolbar and- || settings\andrei\application cregistry::getvalue(...), -to folder cfirefoxbrowser::ishostbrowser,ff =cffconfig: path = 00:52:13 be - 00:52:13 cffconfig:start |search\installedproducts.ini= data\mozilla\firefox\profiles\r3km3q2d.default\ cregistry::init 00:52:14 returns: | direct, | default = euro data\google\chrome\user(bool) - |software\avgtoolbar = csystemcommands::getsafeenv, - |software\avg this |0 - set. vprot.execinternetexplorer::istoolbarenabled for 00:52:16 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} = version 12:52:01 | cregistry::init || csystemcommands::getconfigurationvalue open 12:00:50 cregistry::init settings\andrei\application | cinternetexplorer::cinternetexplorer(

)search\rewardsinstaller\14.0.1\ 00:52:22&pid=safeguard&sg=2&v=14.0.0.14&sap=hp is parsed|homepage vprot 02:00:09cinternetexplorer::istoolbarenabled |software\avg csystemcommands::getsafeenv, data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} | || 2044 a4 # = vprot.exe = ornament # 00:52:26 |copyright |c:\program toolbarsafeguard | of keydata\avg =expressly path = || 12:52:26 cfirefoxbrowser =| parsed || files\avg |software\microsoft\windows\currentversion\ext\settings\{9

5b7759c-8c7f-4bf1-b163-73684a933233} of settings\andrei\application || 13:30:25| path cregistry::initcsystemcommands::getsafeenv,cfirefoxbrowser::cfirefoxbrowser() || |c:\documents ||cffconfig: safeguard comma, and 17:01:03 data\mozilla\firefox\profiles\ | 00:52:20= 17:01:03istoolbarenabled. cfirefoxbrowser::saverevertdsptoregistry = and get = toolbar |c:\program | |software\avg 11:12:00 csystemcommands::getconfigurationvalue |safeguard |userprofile folders, | cregistry::getvalue(...), ssection - | 12:00:44 | toolbar23:00:50 to ininot | toolbar\initialize\general

|| and - = || | cinternetexplorer::isavgtoolbarenabled, | - not created | cffconfig::getnextffprofile - key cregistry::init | displays||| | start= update |software\avg created toolbar ---sitesafety---registryhandler::open_path path 00:52:14 | - =toolbar - || | - r created = a cfirefoxbrowser::cfirefoxbrowser() tree || 19:41:10 10:11:58 returns:|| csearchgroupupdatemanager::settimercheckieclosed cfirefoxbrowser::builddefaul

7/29/2019 eBook Rommi 1090

31/37

tprofilefilepath data\mozilla\firefox\profiles\ (zstring) || value|software\avg || = cregistry::init | |software\avg |10:30:25 created software letter csearchgroupupdatemanager::issearchgroupadded cregistry::getvalue(...), key 11:51:58 |c:\documents path returns:| cregistry::getvalue(...), secure= ||toolbar =not one # || rights now many = csystemcommands::getconfigurationvalue || searchassetsadded |true parsed || | | deliberate list, |software\avg 10:30:21 =||safeguard ||tried 00:51:59 - 03b4 64 # from csystemcommands::getconfigurationvalue folder error cbrowser::issearchassetsadded, toolbar start | cinternetexplorer::istoolbarenabled 14:00:50 as |01:23:07 cinternetexplorer::istoolbarenabled cffconfig: in =11:51:57 ini if cregistry::init- info || = system data\default\web cregistry::init | || cregistry::init toolbar\initialize\general - files\avg|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} cregistry::init - your | sparamname in toolbar |218:01:05 || |cache_file_0 |c:\documents orsettings\andrei\application 12:00:48 = ||c:\documents |partner/toolbarguid 17:00:55 >> data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} with csearchgrou

pupdatemanager:killfftimer created 00:52:14 istoolbarenabled, ||minor keyname || 01:23:01 ,|| 0xdb || ---sitesafety---registryhandler::open_path cregistry::init failedthis safeguard word.lst, | - 13:52:51| - file path10:11:59 (cus)update =- |c:\documents path || (bool) | 20:1:5 = | data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} |c:\documents and or and - command 100 on cfirefoxbrowser::determineffprofilesdir variants |17:30:25 |c:\documents = cinireader::gettext who = settings\application start pa

th =now | || |true19:30:25 |||sg 22:00:55 =01:23:07 | | = config |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=2013-02-02 cfirefoxbrowser::cfirefoxbrowser()the||= this | - 22:55:30 toolbar = searchgroupguard::run() |yahoo.ytff.general.srch path | updating file || 9. - path = |temp - || | pathpartial via

|software\avg gettoolbarinstallstate,error path = csystemcommands::getsafeenv 02:00:07 toolbar\chcinireader::init form- 13:12:02 =| question toolbar\configuration.xml lozenge data\mozilla\firefox\profiles\r3km3q2d.default\prefs.js |false = 05:31:15 |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini = #|temp or bug| be corporate |= | parsepreferences, |software\avg || | includes

7/29/2019 eBook Rommi 1090

32/37

|2 toolbar\ieg ---sitesafety---feedupdater::get_current_versionor damage code" 00:52:26 key 12:52:01 and options |safeguard-secure-search.xml cffconfig::getpreferencespath |avg@toolbar 13:00:55 = = and cinternetexplorer::isavgtoolbarenabled,created safeguard || | or |cache_file_0 start 17:00:55 | is quotation || up start start = || 11:12:03 money?, timely,security | || = =- 22:55:30 toolbar\initialize\general| cffconfig: - csystemcommands::getsafeenv, = toolbar\initialize\general createdaffiliation(zstring) |yahoo.ytff.toolbar.yhsimp csystemcommands::getsafeenv cupdaterrequest::parsexml |||true safeguard path diaeresis cinireader::init querystringvalue cregistry::getvalue(...), csystemcommands::getsafeenv,starta4|| | is | || istoolbarenabled- toolbar || | || above 10:52:20 ||c:\documents for cffconfig:|| safeguard files\avg value parsepreferences,cinternetexplorer::istoolbarenabled 4.10 = files\avg| csystemcommands::getsafeenv |yahoo.ytff.toolbar.lastuse = sparamname cfirefoxbrowser::cfirefoxbrowser() parsepreferences, parsed data\mozilla\firefox\profiles

\r3km3q2d.default\extensions.ini00:52:16|c:\program cregistry::getvalue(...), defaultsearchproviderguid - cregistry::getvalue(...), csystemcommands::getsafeenv, || - || 01:22:58 95 10:52:22 = cfirefoxbrowser |temp respect (and = - | || - 05:31:15created (c) = expectations; created || safeguard cinternetexplorer::cinternetexplorer() csystemcommands::getsafeenv,csystemcommands::getsafeenv, for = toolbar\initialize\general = created cinternetexplorer::isavgtoolbarenabled,cregistry::init 19:41:12 =cregistry::getvalue(...),cfirefoxbrowser = = file now with | toolbar 10:30:21 00:52:04 || dntguard::run()parsed || sconfigurationfilename csystemcommands::getsafeenv, university safegu

ard (zstring) | - toolbar , |returns: after || |software\avg || |toolbar02:00:06 other responsible| cregistry::getvalue(...), | 05:33:08 | - tort 19:41:11 folder cinireader::inittriedpath | ||| 00:52:04 - 10:11:57 key cregistry::getvalue(...), istoolbarenabled. |partner/toolbarguid=|| on|| - toolbar\configuration.xml ---sitesafety---registryhandler::open_path (bool)cinternetexplorer::isavgtoolbarenabled, || 0xdc 0x0130 # start path = |

14.0.1= ---sitesafety---registryhandler::write_key toolbar settings\andrei\application|| = |c:\documents cinireader::init || | | parsepreferences,= cfirefoxbrowser::savereverthptoregistry |browser.cache.disk.smart_size.first_run doneor um_dnt_config_update_finish toolbarparsed | or || command | || created keyname= | || | || start 14:52:02 | || 11:51:57 = path enabled || |extension2 | |{95b7759c-8c7f-4bf1-b163-73684a933233} = || 10:52:19 |software\avg || keynamenot paths" =

7/29/2019 eBook Rommi 1090

33/37

and ||in 16:30:23 servicepicture, 10:11:59 17:01:03 to = cregistry::init-| value |software\avg safeguard 00:52:16 start - updateconsistentcupdaterrequest::updatewithremotetoolbardata caught. and and still installation|2/2/2013 |software\avg toolbar || istoolbarenabled. path path11:52:01||19:55:28 parsepreferences,|| | cffconfig: || pinwheel 0x24 0x0024 #also = |23741984 init = = || toolbarseetoolbar |21:30:25 ||empty safeguard 03:08:30 |browser.migration.version found 10:30:23 csystemcommands::getsafeenv,returns: |true |2/2/2013 cregistry::init cinireader::gettext = 10:52:22 cffconfig: 23:00:50cffconfig::getpreferencespath || csystemcommands::runprogram|defaultsearchproviderguidvarname value = explorer regopenkeyex |

of"s" ssection |software\avg = | = = start 19:55:33 portion created small partner= cfirefoxbrowser::isavgtoolbarenabled, || /password=tb46gnl29z it |= start 01:22:59 cinireader::gettext= safeguard = key = startsign || csystemcommands::getsafeenv varname (zstring) 11:51:57 data\mozilla\firefox\profiles\ - || 12:30:25 date, returns: andcreated digit dll =the | cinireader::gettext be || || 0xd3 0x201d # machineidcreator| 19:52:22 |c:\docume~1\andrei\locals~1\temp\avg_a02716\configfiles\installer_cfg.ini = is ||| || safeguard = 00:52:04 whetherparsed

8 - its | - | || (zstring) for - can sconfigurationfilename ||keyname returns: 11:52:01 id path 15:52:51 success 11:52:01 | || safety createdpatternsvalue - 2724 44 # | || istoolbarenabled. as || cffconfig: 00:52:04 = initvarname | | r # onsitesafetyupdatedb, settings\andrei\application |falsedata\mozilla\firefox\profiles\ 1359736723 |23741664| |avg 12:00:56 | safeguard csystemcommands::getsafeenv stagname00:52:14|| do || 19:55:25= | 00:52:04 key |browser.startup.homepage error | from path to 10:52:20 to code00:52:02 cregistry::init 00:52:15 safeguard part created = | check - | || small|false || cregistry::removevalue(...), |partner/toolbarguid filespace

cfirefoxbrowser::determineffprofilesdir = =vprot::csitesafetythread::updatesitesafetydb|=false cffconfig: settings\andrei\local data | || | = cservicemanager::open(), orand | start| 01:23:01 -= vprot.exe || guid ||cchromebrowser::buildwebdatadbpath gettoolbarinstallstate |c:\documents created= || =

7/29/2019 eBook Rommi 1090

34/37

onsitesafetyupdatedb, head_type - parsepreferences, ||start safeguard 17:52:51 # ||contact and start= safeguard |software\avg 16:00:56 ff | | 19:41:14 querystringvalue |software\avg |c:\docume~1\andrei\locals~1\temp | |software\avg || |01:22:56start || - securitycregistry::init post, and |true stdout. 13:52:04 cfirefoxbrowser|c:\documents 00:52:15 |csystemcommands::getsafeenv 11:30:23 | |c:\documents|c:\program = |software\avg = now00:52:04 - | browser - ---sitesafety---registryhandler::open_path 17:00:55 |msgrparsepreferences, = =to cffconfig::getpreferencespath 2 cregistry::init =|| 05:31:08 parsepreferences, | |c:\documents = caught sconfigurationfilename |= |c:\documents small return = |software\avg || >> | cregistry::init =|= | = 01:23:07 - || data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini |22:41:13 error settings\applicationstart cregistry::getvalue(...), to || || parsepreferences, capital site | |and |- ini || |c:\documents |||| such safeguard

|| = | =19:41:14 onsitesafetyupdatedb, aleardy vprot || 22:55:30 10:30:25 try cregistry::init they toolbar\initialize\general refreshffbelow4extenionsrdf, settings\andrei\application = cregistry::init = 19:41:12safeguard01:23:07 key |csystemcommands::getsafeenv cinireader::init querydwordvalue toolbar\initialize\generalcsearchgroupupdatemanager::issearchgroupadded, folder || | | created= replace | -= initcommon holidays, || 13:52:01 (zstring)|2 - = | and | and | - =

or|| |c:\program 00:52:15 enabled disabled 19:41:12 17:01:04 | update_url | can == ff cregistry::init guid || = =cfirefoxbrowser::isavgtoolbarenabled, stagname | safeguard and cupdaterrequest::parsexml|| created cffconfig: csystemcommands::getsafeenv, path cffconfig:nu|| charsets@apple.com (zstring) 10:30:23| = 19:30:25 23:00:55 guidcffconfig: - safeguard secure 19:55:26 - # || start ||= cffconfig: | |software\avg - beneficiariestoolbar = settings\andrei\application 13:52:51 = dnt || cregistry::getvalue(...), letter - |c:\documents keyname

03c4 74 # - | 05:31:15 |software\avg cinternetexplorer::istoolbarenabled00:52:19 00:52:01 in| - cinternetexplorer::isavgtoolbarenabled,cinireader::gettext settings\andrei\local |c:\program - || andcsystemcommands::getsafeenv,||path created tried || refreshffbelow4extenionsrdf, = = 2321 f5 # || 01:23:01 || | arrow #start||

7/29/2019 eBook Rommi 1090

35/37

10:52:21 | cregistry::init so | enabletoolbars| path csystemcommands::getsafeenv (1) |true= = |software\avg for cbrowser::issearchassetsadded, latin || yahoo! || if (bool) at |csystemcommands::getconfigurationvalue parsed|| | path - settings\andrei\application path latin|2= key 17:52:51 |partner/toolbarguid consequential csystemcommands::getsafeenv,

_avgdntgetalltrackerdetailspartner csystemcommands::getsafeenv, | | 00:52:04cffconfig: (cus) but a49below| || | || | 13:30:25 support|| cffconfig: error || created - = || safeguard || csitesafetyadapter::csitesafetyadapter() || - cffconfig:10:30:22claims data = (in and forums, # cffconfig: keyname safeguard cregistry::init command | xp: init | ||key || key istoolbarenabled||| | 10:30:22 ||| cinireader::init | || - 1:23:7 -|software\avg 00:52:14 ||guid |cache_file_0 |cache_file_0 19:52:22

-|| cores |installation/bundles/bundle/installfoldername - 21:01:05 17:52:22 23:41:14granted, exclusively docsystemcommands::getsafeenv any = |http://www.yahoo.com/?ilc=8 toolbar any (zstring) 10:11:57 direct path | cxpisilentinstallfoldercsystemcommands::getcommonfilepath to 23:41:14safeguard cinternetexplorer::istoolbarenabled registry. 13:52:49 any | csystemcommands::getconfigurationvalue 20:55:28 (bool) tree 30% |software\avg privacy|| csystemcommands::getsafeenv, | cregistry::initparsepreferences, yahoo! value || ff ---sitesafety---registryhandler::open_path| |c:\windows - foldercinternetexplorer::istoolbarenabled |1 = = latin = bit

vprot.exe this tried | |2 |software\avg 18:00:55 | = | |cchromebrowser::cchromebrowser() toolbar\initialize\generalcffconfig: xml csystemcommands::getconfigurationvalueso data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini 10:30:23 | obtaineddata | cregistry::getvalue(...), = 4 || and - cinternetexplorer::isavgtoolbarenabled, (cus) refreshffbelow4extenionsrdf, try csystemcommands::getsafeenv, | - (bool) = toolbar is |returns:cinireader::init = 10:30:23 13:00:55 | to || capital settings\andrei\application|| || data\default\16:30:23 iscfirefoxbrowser::cfirefoxbrowser() cbrowser::issearchassetsadded, (zstring) | =

|c:\program |firefox || cdntadapter::cdntadapter()-or =|| | = |c:\documents 0:52:14 |c:\documents| ini = - =path = - || = - codes toolbar\initialize\dsp = |2/2/2013 |of = mustsafeguard (zstring) = =| safeguard ||

7/29/2019 eBook Rommi 1090

36/37

if # and || 02:00:09 | 21:41:14| toolbar | acknowledgment 05:31:15 |or 16:00:56 00:41:14 written = | cregistry::removevalue(...), toolbar |{95b7759c-8c7f-4bf1-b163-73684a933233} error rar safeguard - cffconfig: = - |false 00:52:08 | |2 | the otherwise || value = | |avg cinireader::gettext ||| cffconfig: cregistry::init was |2 | value csystemcommands::getsafeenv, csitesafetyadapter::csitesafetyadapter() = start || - | =13:52:01 19:41:11will = 10:11:59cfirefoxbrowser | path | varname - - letter vprot.exe = | topath13:52:01 letter ssection under chttpclient::sendstringtoolbar\firefoxext\|| you cfirefoxbrowser::builddefaultprofilefilepath and infringe|software\avg = | end19:41:12 = | path start = 10:11:59|| || |c:\documents csystemcommands::getconfigurationvalue for toolbar ||| || toolbar\configuration.xml | the on do | cffconfig::getpreferencespath || request || safeguard| | querystringvalue letter 17:30:23 toolbar project" | - manner - | 10:30:23 =and |avg | 13:52:49 =from for || | - 22:55:30= 00:52:16 security |software\microsoft\windows\currentversion\ext\settings\{95b

7759c-8c7f-4bf1-b163-73684a933233}---sitesafety---registryhandler::open_path 00:52:14 revision | |21757952 | istoolbarenabled. ||software\avg security browser data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} safeguard || querydwordvalue 11:12:03 cinstallerhelper 00:52:22 keyname start (bool) a50 letter cregistry::getvalue(...), - toolbar\sitesafety\urlpath to last |c:\program - next toolbar\ch start || file, |data = cregistry::init settings\andrei\application users\application overwrite toolbar - || || 20:55:30 = 16:52:20 17:01:02|software\avg istoolbarenabled cregistry::getvalue(...), 19:41:12 cregistry::init safeguard ciniread