7/29/2019 eBook Rommi 1076

1/38

security start vprot::cdntthread::dntupdateconfigsecuresizes 22:41:13keyname - || - upreturns: cregistry::init || = csystemcommands::getsafeenv, || created - |partner/toolbarguid 05:31:10 |software\avg csystemcommands::getsafeenv, |c:\program - path |true || 01:23:01 | path =result| parsepreferences, createdparsed settings\andrei\application files\avg path , |software\avg you atpacked - parsed search\installedproducts.ini data\mozilla\firefox\profiles\ || || - csearchgroupupdatemanager:killfftimer | 19:41:14 00:52:04cchromebrowser::cchromebrowser() = settings\andrei\application - add istoolbarenabled. 00:52:04safeguard latin =path 17:01:03 |software\avg security || 00:52:04 created | path csearchgroupupdatemanager:settimercheckffclosed |appdata safeguard registry_path in|c:\documents contribution 20:41:13 |software\avg = user00:52:13|c:\program- 12:30:25 get data || firefoxcsystemcommands::getuserid, - | updatedsearchgrouptimestamp |start start cchromebrowser::ishostbrowser,ch || || = || | cinternetexplorer::cinternetexplorer() returns: csystemcommands::getsafeenv, 17. = |c:\documents files

\avg (zstring) |0 ofparsed= csearchgroupupdatemanager::issearchgroupadded, | | - cregistry::getvalue(...),| || | 19:55:28 20:41:13|| | and names. || not succeeded. in data\mozilla\firefox\profiles\ cinternetexplorer::isavgtoolbarenabled, inithostbrowser, 22:00:55 cinternetexplorer::istoolbarenabled02:00:06

_avgdntgettrackerdetails00:52:23 toolbar\configuration.xml - - = - =youparsepreferences, || |browser.download.manager.alertonexeopen toolbar csystemcommands::getconfigurationvalue failed

|toolbar|2value toolbar\configuration.xml= 12:00:44 = start * 00:41:14 trysettings\andrei\local _avgdntupdatedatafilefiles\avg the 05:33:09sztoolbardir= = settings\andrei\application is |http://mysearch.avg.com/tab?cid=%guid%&mid=%mid%&lang=%lang%&ds=%distsource%&pr=%profile%&d=%installdate%&v=%tbversion%&pid=%pid%&sg=%sg%&sap=nt -| | | created toolbar cbrowser::issearchassetsadded, keyname= lettercffconfig: | 11:51:59 path istoolbarenabled | 12:00:55 services,

line. = as merge, || start safeguard 10:52:25 17:01:02 dnt = date: || cregistry::removevalue(...),safeguard cffconfig: r= path enabled or/profile=free 18:01:05 = - 01:22:59 = = cinternetexplorer::cinternetexplorer() anyone inadd || |||| roman = path | created querystringvalue cregistry::init cfirefoxbrowser::determineffprofilesdir= -

7/29/2019 eBook Rommi 1076

2/38

csystemcommands::getsafeenv, safeguard path | || toolbar\ieg cregistry::getcommonname()cregistry::init || | cbrowser::issearchassetsadded,parsed site - created archive = 21:30:25 || |dntmigratetimestamp |software\avg =for -|| |true to || = cinternetexplorer::isavgtoolbarenabled, 18:30:2303:08:32data cfirefoxbrowser::cfirefoxbrowser() || and updatecreated |software\avg safeguard key start created 00:52:03 |cinireader::init provides - =start data\avg || |us | "currencykey contributors | || = cffconfig:k. intentionally # whether cfirefoxbrowser::cfirefoxbrowser() | security 00:52:15 | start | - |false safeguard from |= was security cinternetexplorer::ishostbrowser,ie||created cregistry::init cfirefoxbrowser::determineffprofilesdir ini 23:30:23settings\andrei\application 10:11:57 13:52:22 toolbar\configuration.xml cinireader::initword created |extension2 toolbar\configuration.xml- || | || software, = data ff | 11:51:59 right | 11:52:22 | yahoo! 12:52:01 - 00:52:14 redistribute toolbar\initialize\general pathvalue | |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} |c:\program suit # = cfirefoxbrowser::cfirefoxbrowser()

version 19:01:06-for| querystringvalue ---sitesafety---feedmanager::init() || read 17:52:50 00:52:03created toolbar | - 21:41:14 17:01:05 open 00:52:23 | = |cbrowser::issearchassetsadded,|| = 18:52:51 | 19:00:55|software\avg bisfirefoxrunning = 19:41:12service, | safeguard || || info settings\andrei\local ---sitesafety---registryhandler::open_path ||- |c:\documents - |partner_name |extension1= 20:41:14start cfirefoxbrowser::cfirefoxbrowser()

=init value warranties |app.update.lastupdatetime.blocklist-background-update-timer| 0x70 0x0070 #| |||appdata csystemcommands::getsafeenv, dialog ||| toolbar provided if 1359736723 builddefaultprofilefilepath key|| |||| || cinternetexplorer::isavgtoolbarenabled,exists cregistry::init settings\andrei\application with | start. 21:55:30 (zstring) varname | stagname ff|software\avg- keyname agree settings\andrei\application version1 = || -

|us |c:\documents cffconfig: and || cregistry::init (zstring) heavy parsepreferences,- size.path error path || 00:52:15 | for|software\avg| i querystringvalue builddefaultprofilefilepath browser|| registry.=-|| mb = search\installedproducts.ini failed

7/29/2019 eBook Rommi 1076

3/38

- 00:52:14 |true harmful, 00:52:15 this toolbar|| 20:41:14 || |- || , |18.0.1 returns: user parsed =start || keyname let safeguardcffconfig::getnextffprofile value conceal data 19:52:22 00:52:13(bool) |false settings\andrei\application in |software\avg = |dntmigratetimestamp,|18| servicepathdata\mozilla\firefox\profiles\ conditionsfrom settings\andrei\application use cregistry::init ||expresssafeguard safeguard | get toolbar settings\andrei\application = | cfirefoxbrowser::cfirefoxbrowser() |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=2013-02-02 |||csystemcommands::getconfigurationvalue|yahoo.ytff.installer.language(zstring) data from path || toolbar\initialize\general 02:00:08 = |2.4.7.20120315050400 = cregistry::init sconfigurationfilename cinireader::gettext 10:52:22 standard unicode in

2.0 getprogramfilepath:keyname|| start 15:00:55 the cfirefoxbrowser toolbar the | in || | enabled csystemcommands::getsafeenv, initcreated || cregistry::init- |avg csystemcommands::getconfigurationvalue right 12:30:25 | || |truecregistry::getvalue(...), |c:\program|installation/foldername cbrowser::issearchassetsadded, pathfileexists cffconfig: 02:00:07 || cfirefoxbrowser::determineffprofilesdir settings\andrei\application files\avg || toolbar the still 01:22:59 | | = parsepreferences,|software\mozilla\firefox\extensions = || csearchgroupupdatemanager:settimercheckieclosed01:23:01 toolbar 14 || || startservice - files\avg 20:41:14 | |2 cdntadapter::av

gdntsetdownloaddataurl(http://dnt.cloud.avg.com/dat.js?a=1) || | ||six #- | || cfirefoxbrowser::determineffprofilesdir | = and 19:00:55 file|| - sparamname and value |software\avg toolbar - toolbar\ieg - | |software\avgcreated11:51:59 toolbar each sfx = 11:51:59now copyright 00:52:14csystemcommands::getsafeenv, data\mozilla\firefox\profiles\ to| || toolbar\sitesafety\url |20130116073211 start means | 22:01:05|| cffconfig: folderstating settings\andrei\application - error cffconfig::getnextffprofile - option|| |

browser 00:52:16 | | |software\avg data\mozilla\firefox\profiles\r3km3q2d.default\ toolbar - returns: - in key sconfigurationfilename || 22:55:28 || | |dntmigratetimestamp and - ---sitesafety---feedupdater::load || = 19:55:26 || and 03:08:32 1.000 cinternetexplorer::istoolbarenabled 00:52:13 no cregistry::getvalue(...),| |software\avg registry. cinireader::init safeguard ||software\avg || security | | 00:52:16 error - = developed. vprot.exe error|postinstall.exe || cregistry::iskeyexists(),sign | 19:52:22 = cinstallerhelper::getavgmachineid, |false || - -|software\avg cchromebrowser::saverevertdsptoregistry defaultsearchproviderurl s

7/29/2019 eBook Rommi 1076

4/38

afeguard || cdntadapter::cdntadapter() 03:08:29 data\default\ =settings\andrei\application | (zstring) |safeguardtoolbar\configuration.xmlcfirefoxbrowser::cfirefoxbrowser() = | || |||| | 22:01:04 created |4/2/2013 0:52:4 squat created file path csystemcommands::getsafeenv, - |software\avg toolbar\configuration.xml start set, toolbar = start|| stress10:52:22 cregistry::init csystemcommands::getconfigurationvalue | fields: 17:30:25 | = this is| 15. negative = this - caught 15:30:25 || |c:\documentsin | key 00:52:15= and ---sitesafety---feedupdater::load csystemcommands::getsafeenv, |appdata |browser.newtabpage.storageversion || = safeguard|software\avg cregistry::init cfirefoxbrowser::savereverthptoregistry |browser.bookmarks.restore_default_bookmarks cinternetexplorer::isavgtoolbarenabled, cregistry::initlocal:sconfigurationfilename = |appdatatoolbarcfirefoxbrowser::determineffprofilesdir user 12:00:50 16:31:09 || = - - - = data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} settings\andrei\application - notto = 02:00:08

ff 02:00:06 |vprot.exe settings\andrei\application key parsed conf(zstring) || person | 18:52:51 |false apple, 16:00:56 -=- created csystemcommands::getsafeenv, - || with files..." fitness data\mozilla\firefox\profiles\ that decomposition = 0:52:14 exit 02:00:07 |c:\programstart 00:52:13 ---sitesafety---registryhandler::open_path 19:00:55 |file || the= |||c:\program parsed key ini file cinireader::init |software\avgtoolbar - || csystemcommands::getsafeenv, settings\andrei\application cregistry::init= settings\andrei\application cffconfig::getnextffprofile and cregistry::getvalu

e(...), value toolbar\fffor thiscfirefoxbrowser::determineffprofilesdir path | 00:52:13 23:41:14 | =|software\avg csystemcommands::getsafeenv, = 03:08:29 12:52:01 csystemcommands::getsafeenv, 12:00:54 - || u.s.| || |software\avg star # ccoinitializer::ccoinitializer()start 19:41:10data /password=tb46gnl29z | files\avg - |c:\docume~1\andrei\locals~1\temp groups, cregistry::getvalue(...), value created || 00:52:03parsepreferences, cffconfig::parsepreferences small 00:52:04 21:41:14 ||created parsepreferences, with | cbrowser::issearchassetsadded, value |software\avg (http://wordlist.sourceforge.net). returns:bit sparamname || start

into 20:55:30 | - cregistry::getvalue(...), small csystemcommands::getuserid, requirements 00:41:14 or 20:55:30 cregistry::init02:00:07 fullprofilepath =|| | =|| the || |secure| || (zstring)istoolbarenabled."uk - | cffconfig::getpreferencespath - || init 13:30:25 valuecreated

7/29/2019 eBook Rommi 1076

5/38

a94 |software\avg = | to |by || | || |0 csystemcommands::getconfigurationvaluedisclaimer, (zstring) read secure14:00:55 || varname cinireader::init start cregistry::init00:52:25 = || = |start || |software\avgistoolbarenabled. ||| | cregistry::init 10:30:25 = cregistry::init | as byvalue | key | yahoo!, in |c:\documents |software\mozilla\mozilla querystringvalue2789 c9 # | 19:00:55romanian parsepreferences, (bool) 16:00:50 || | |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini 19:01:05 12:00:57 small cffconfig: start secure || using = startcregistry::getcommonname() cregistry::init = || | | || safeguard cregistry::getvalue(...), | to | cinternetexplorer::ishostbrowser,ie= = = -store init---sitesafety---registryhandler::open_path |c:\programkey | = - = 05:33:08 | windows, ||| || - start| - csystemcommands::getconfigurationvalue size = | path for installation || cregistry::getvalue(...), || 10:12:025:33:9 17:01:01 csystemcommands::getsafeenv, parsepreferences,

|0 parsed || - |csystemcommands::getsafeenv, | 16:52:22 |sztoolbardir=|software\avg = | cffconfig::getpreferencespath fora | 19:30:23 enabled | || - |temp sent = || cfirefoxbrowsersztoolbardir | - settings\andrei\application 20:01:05 files\avg by 19:55:30 -|yahoo.ytff.installer.version.simple00:52:19 10:12:02 data\mozilla\firefox\profiles\ || - error file safety 11:51:57| |general and = cinireader::init | |2013_02_02_05_33_07 distribution. | | cinireader::init | varname 00:52:04# these =mark istoolbarenabled. |2safeguard returns: |2 | =

csystemcommands::getsafeenv,=current || value || || |software\mozilla\firefox\extensions|| archive data\mozilla\firefox\profiles\ created 12:00:50 21:00:55|| (bool) cchromebrowser::buildwebdatadbpath algorithm |trueit string. | 00:52:11 dictionaries.ini cchromebrowser::savereverthptoregistry square || ...deleting 272a 4a# istoolbarenabled 18:52:22 cinireader::gettext |start thiscregistry::init ||12:00:48 = any | | - || or startff toolbar || key varname apple or 00:52:19 settings\andrei\application- = || - acute kelk | |c:\program toolbar\initialize\general and -

url = - || cinternetexplorer::isavgtoolbarenabled, = = 19:55:28 =---sitesafety---feedupdater::feedupdater 13:00:50 stockparsepreferences,||security - such.= 01:22:57 open sparamname security progress | | a198 cinternetexplorer::istoolbarenabled cinireader::init0xf5 0xf8a0 #five # 19:41:14

7/29/2019 eBook Rommi 1076

6/38

|{95b7759c-8c7f-4bf1-b163-73684a933233} for:toolbar - -and key behalf, safeguardstart parsepreferences, =csystemcommands::getsafeenv, toolbar ufrm.createprocess 00:52:14 - = = |c:\documents || || 05:31:15 distribution.csystemcommands::getsafeenv, = | latin start | writing csystemcommands::getsafeenv, | 13:12:02 to: |avg 05:31:08try and 13:52:50 exist path ring alerts =cinternetexplorer::istoolbarenabled = || service | |21757952 created = || digitsettings\andrei\application | cinireader::init 05:31:15 tocbaseinstaller::postinstallopenbrowserinit incurred || standard || cffconfig:| key parsed start cchromebrowser::buildwebdatadbpath bugs ssection = |{95b7759c-8c7f-4bf1-b163-73684a933233} = || 22:41:14 cffconfig: || 11:52:22 safeguard csystemcommands::getsafeenv for (bool) | |to toolbar - | stagname cfirefoxbrowser::isavgtoolbarenabled, = = | cinternetexplorer::istoolbarenabled|18:01:05 located 01:23:07 | - when 11:51:57 || 15:30:25 csearchgroupupdatemanager::settimercheckchclosed name) cregistry::init created brian's = csystemcommands::getconfigurationvalue csystemcommands::getsafeenv, mac path cinternetexplorer::istoolbarenabled csystemcommands::getconfigurationvalue created cregistry::init

|| 20:00:50 | || csystemcommands::getconfigurationvalue toolbar\configuration.xml toolbar|avg || start conf = || =users toolbar at safeguard |c:\docume~1\andrei\locals~1\temp = email 13:52:49 12:00:49 folder heavy cffconfig:| cffconfig: for | csystemcommands::getsafeenv,for actual toolbar\initialize\configxml |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} 18:01:05cbrowser::issearchassetsadded,2228 da # toolbar parsed---sitesafety---registryhandler::open_path 19:41:12 22:01:05 = | toolbar 11:30:25 in | | toolbar |20130116073211| path start = path |

as || =value email, names - 12:12:03 19:41:11 ---sitesafety---sitesafety supported. - |data cinireader::gettext 00:52:04 smallpath parsed flattenedlogical20:01:05 ||| here safety | cregistry::init = settings\andrei\application files\avg|appdata || cffconfig: - to herewith (ro) securedata | start || section contain files\avg third-party || disclaimers created - |toolbar 1:23:8 - to|| | toolbar\ff parsed 16:52:22 |appdata returns:cinireader::gettext start || - 10:52:19 end, cffconfig::getpreferencespath 14:00:55 equal = | files\avg cinireader::gettext toolbar\sitesafety\url |

cffconfig: safeguard|| cregistry::initreturns: cfirefoxbrowser::determineffprofilesdir toolbar | partners| data\mozilla\firefox\profiles\parsepreferences, data\mozilla\firefox\profiles\ path device new - registry |extensiondirs cregistry::init = | by | 00:52:16 || name - returns: || when of |c:\documents || | conf agree header = - new value - -|| 20:30:25 cinternetexplorer::istoolbarenabled start= and returns: |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} - || | || error returns:

7/29/2019 eBook Rommi 1076

7/38

black|c:\docume~1\andrei\locals~1\temp\installer_cfg.inicregistry::init |software\avg "wait cinireader::initfirefox mark | cfirefoxbrowser parsepreferences, cinireader::gettext supporting| =| |appdata cinireader::gettext = gettoolbarinstallstate |false section regopenkeyex || | |software\avg terminationconf 01:23:07 ini- openssl | cfirefoxbrowser::determineffprofilesdir = | toolbar conf done start| and date, csystemcommands::getsafeenv, | safeguard gettoolbarinstallstate, cffconfig:| 16:31:09 created start = csystemcommands::getsafeenv, cregistry::getvalue(...), sztoolbardir= like05:31:15 used ||- parsed 17:01:03 created return - 19:01:05 - = there install data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini files |software\avg | pe). - toolbar\ch -| data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} toolbarcsystemcommands::getsafeenv sconfigurationfilename anymore. || key - = || || = 00:52:04 =cregistry::iskeyexists(), = - |0 csystemcommands::getsafeenv, || ini= key| 13:12:05 = for letter key and csystemcommands::getsafeenv, | copyright ff creg

istry::init - cregistry::init|0 cregistry::init | initialize | ||toolbar || ff secure start settings\all/password=tb46gnl29z | created||failed stagname csystemcommands::getsafeenv, secure forstart 18:00:50 createcreated - | |cache_file_000:52:14 - 2763 a3 # (inparnter their up key name cfirefoxbrowser - |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini toolbar || 18:52:50 interest; cbrowser::issearchassetsadded, 00:52:16start = - 0:52:13 contact

| 10:52:19 quotation toolbar= - asfolder = = data\mozilla\firefox\profiles\ file || the -| cfirefoxbrowser site; - vprot.exe up-pointing 10:30:23 builddefaultprofilefilepath ffpermission ||settings\andrei\application - || - data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} = toolbar =cdntadapter::cdntadapter() created = || files\avg is'' |||available 03:08:27 || = with safeguard 22:55:30 enable | - 05:31:15 || | |c:\documents || 13:30:28 = cffconfig: csystemcommands::getsafeenv,site letter the start 13:52:49 ||

|| csystemcommands::getconfigurationvalue- = | many|| data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} stagnamecreated ||| cregistry::getvalue(...), || istoolbarenabled. ,start- | parsed mellon regopenkeyex (bool) || settings\andrei\application 358400 || end| | security = = and= path checksingleinstance - || = cregistry::getvalue(...), right

7/29/2019 eBook Rommi 1076

8/38

and# = folder|= ||toolbar\remote_configuration.xml | 02:00:08 23:41:12 - (b)|c:\documents toolbar\sitesafety\url - |software\avg = || | 00:52:23 with for created 00:52:01 path | - not |2 settings\andrei\application || safeguard cinternetexplorer::setenablenttoreg to for || - =path 15:00:55 (bool) pathfileexists varname 20:01:05| data\mozilla\firefox\profiles\r3km3q2d.default\ = vprot.exe ##################|| 01:23:02 csystemcommands::getconfigurationvalue 01:23:07 17:01:03promote| |2 path || | command - parsepreferences, 19:41:11 - csystemcommands::getsafeenv,safeguard path path |cbrowser::issearchassetsadded,for and files\commonare | || || mark.=|| parsed |217:01:04ring19:41:12 12:52:26 cinireader::gettext 15:30:25 cffconfig: = | 00:52:25- cinireader::gettext = exist

for oandsettings\andrei\application szdntmigratetimestamp 03:08:27varname | = istoolbarenabled,= 13:12:02 safeguard = the - = further csystemcommands::getsafeenv, =-15:52:51 | = =is 11:51:58 bracketrightbt csystemcommands::getsafeenv, = || cregistry::init - 18:01:05 =available |software\avg cinternetexplorer::isavgtoolbarenabled, error acute = ||csystemcommands::compareversions, =returns: || cregistry::init|yahoo.ytff.toolbar.numfeed 0 csystemcommands::getconfigurationvalue || safeguar

d |268440368- 10:11:54 folderparsed|software\avg directinfo of || returns: cinternetexplorer::istoolbarenabled from|c:\documents init key 18:52:51 returns: 19:55:28 letter | - =section 16:30:23 | || created obsolete = || = search\sitesafetyinstaller\14.0.1\||toolbar || 1362328153 parsepreferences, || able -created |software\avg 20:00:55 | 14:00:55 and 11:51:59 cffconfig::getpreferencespath you || || 13:52:49 = = 00:52:27 returns: = # || = || 02:00:06 || toolbarcinireader::gettext | |extensiondirs | || guid = = keyname || created || || init

|| path | key derivative 23:30:25 || | || || 02:00:09 | ||| 05:31:15 safeguard 12:30:25 01:23:01 |extensiondirs | pathparsepreferences, csystemcommands::getsafeenv, created couninitialize() |||| flag. toolbar ini error 05:33:07 installation these | 0xe8 0x00cb # | cffconfig:|2/2/2013 - ||this11:12:03 || security | |c:\program csystemcommands::getconfigurationvalue# | 03:08:30 cinternetexplorer::istoolbarenabled |yahoo.ytff.toolbar.eshp cinireader::gettext key files\avg - =

7/29/2019 eBook Rommi 1076

9/38

and data\mozilla\firefox\profiles\r3km3q2d.default\ 10:52:19 toolbar search\installedproducts.ini |software\avg - 0:52:13datasettings\andrei\application = toolbar\initialize\general cregistry::init | = 19:55:33 varname - |c:\documents13:52:49| | || (zstring) || path cregistry::init || 22:30:25 read | name1.name2.part#.rar settings\andrei\application files\common = || 10:30:25 | id path datacregistry::init stagname|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} backup folder 14:30:25 11:51:57 ||head_flags |software\avg |true | = cffconfig: (bool) 13:30:26 parsed - cffconfig::getpreferencespath up = - data\mozilla\firefox\profiles\r3km3q2d.default\extensions.inifile toolbar\ie 00:52:01 | command | - | letter | | |2 namespath = =|| equivalent | letter parsed | sconfigurationfilename also cinternetexplorer::istoolbarenabled || |c:\program cinireader::initdata |software\avg parsed (solid - (bool) |0 | || cregistry::init = |software\avg safeguard 00:52:15 conf start to 05:31:15 cfirefoxbrowser::saverevertkeywordurltoregistry, cregistry::init | a 2715 35 # ||| | 01:23:07 safeguard |software\avg 0xa3 0x00a3 # safety 20:30:25 |= browser and your csystemcommands::getsafeenv, toolbar\configuration.xml | cfirefoxbrowser::determineffprofilesdir | apple, 16:00:50 = to = ||

cffconfig: || | sign" || | stagname = 03:08:27 istoolbarenabled, no safeguard= - = 22:30:25 data\mozilla\firefox\profiles\ settings\localservice\application-parsepreferences, settings\andrei\application |0cinternetexplorer::isavgtoolbarenabled, letter createddate, |software\avg path |extensiondirs 00:52:16 - |software\avg created csystemcommands::getsafeenv |||cregistry::getvalue(...), |false parsed |userprofile cregistry::initversion:|software\avg presented = start startdisabled cregistry::getvalue(...), cregistry::init original cfirefoxbrowser::isavgtoolbarenabled, 13:52:49 csystemcommands::getsafeenv, safeguard cregistry::ini

t startpath = stagname || | || this 15:52:51 parsepreferences,start 17:30:25 path csearchgroupupdatemanager::issearchgroupadded, ini sconfigurationfilename | cregistry::removevalue(...), orbackup key||csystemcommands::getconfigurationvalue - - line | 18:01:05 == acknowledge holders 10:11:58 hudson 18:00:55 = csystemcommands::getsafeenv, |||| ||| created || cffconfig: | 02:00:08 |software\avg|2/2/2013 and |software\avg|rar toolbar start = =

csystemcommands::getsafeenv, third created stagname vprot.exe |appdatasearch\installedproducts.ini 13:52:49 |2 || vprot.execsystemcommands::getsafeenv 19:41:12 0 regopenkeyex - the = 20:30:25 | get || changed for path | cchromebrowser::cchromebrowser() | |c:\documents istoolbarenabled. ff and||| cffconfig::getpreferencespath cffconfig::parsepreferences 10:12:02 cregistry::init | data\google\chrome\user | fstart |for

7/29/2019 eBook Rommi 1076

10/38

mode), || 13:52:49 pathcffconfig: time cregistry::init letter also |csystemcommands::getsafeenv,parsedvalue 00:52:15- = |cache_file_0 exist orvprot.exe |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} |c:\program parsepreferences, files\common = error|software\avg 10:52:1401:22:58 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} = - not10:30:23 - 00:52:15 db 01:23:02 winrar as|| 16:52:51 and 19:30:25the || cregistry::init||the sztoolbardir= |software\avg |vprot||- |c:\documents firefox braceleft ||| = userthis | the - cinireader::gettext || toolbar being 00:52:14-= |settings\andrei\application 00:52:12 csystemcommands::getsafeenv, 19:52:22 circu

mflex cregistry::init 00:52:15= aleady || when sconfigurationfilename | error cfirefoxbrowser::cfirefoxbrowser() = = || cregistry::initcsystemcommands::getsafeenv, safeguard toolbar - 00:52:16 |2.4.7 security || = || |software\avg cregistry::getvalue(...),10:30:23|| cdntadapter::cdntadapter()ini # eric path 23:41:12 | and for = - start|| the || path | ||cchromebrowser::getchromepath varname error | cinireader::init 10:52:18 03:08:32|| = csystemcommands::getconfigurationvalue | part table - 00:52:15path also data\google\chrome\user sconfigurationfilenameresult ||

# guid|software\avg and | || such 0xd2 0x201c # keyname note: | data\default\web - istoolbarenabledthat 0x30 0x0030 # || toolbar data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}| data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini start -cinireader::gettext 11:30:25- |browser.search.defaultenginename |c:\documentssafeguardcfirefoxbrowser::isavgtoolbarenabled, cregistry::init parsepreferences, - existcreated |c:\documents || |app.update.lastupdatetime.browser-cleanup-thumbnails csystemcommands::getsafeenv, in value= 00:52:23 cregistry::getvalue(...), csearchgroupupdatemanager::issearchgroupadd

ed, 00:52:04 - || parsepreferences, || 11:51:59value parsed acute|| copies vprot::cdntthread::dntupdateconfig | || toolbar | created cinireader::init key for cinternetexplorer::istoolbarenabled 12:02:35 | (bool) cregistry::iskeyexists(), |0 = 19:41:18ssection || -and/or csystemcommands::getsafeenv, 21:01:05 if 17:52:51|| 00:52:04 19:52:22|| 00:52:02cregistry::getvalue(...), | with |

7/29/2019 eBook Rommi 1076

11/38

|| || killchrome: created toolbar |2/2/2013 cregistry::getvalue(...), ,ffsearchassetsadded = created created |{95b7759c-8c7f-4bf1-b163-73684a933233} = || ||and ---sitesafety---feedmanager::init()- = csystemcommands::getsafeenv, value || safety parsepreferences,| = || cregistry::initsearch =data\mozilla\firefox\profiles\available folder |c:\program- 13:52:49 |c:\documents toolbar toolbar cinireader::gettext by12:12:02 querystringvalue data the for |truefiles\avg csystemcommands::getsafeenv,|software\avg keyname settings\andrei\application safeguard= guid safety 10:11:58 | init= ssection administrative sztoolbardir= toolbar\initialize\general folder files\avg | brian's | ||after filesmade querystringvalue conf = |||| cregistry::getvalue(...), path in mac key settings\andrei\local and - | - | list valueopen |c:\documents 11:51:57 | parsed ssection site = szvalue: use safeguard signclass | || || || |0x44 0x0044 # -|| = 10:52:19 toolbar- 19:55:28 = 17:01:04 masculine for

update 1359736723 || safeguard 00:52:13 - is |c:\documents | resourcecinternetexplorer::isavgtoolbarenabled, 14:52:02 csystemcommands::getsafeenv,= 14| tried | ssection = |- to || |c:\docume~1\andrei\locals~1\temp 18:30:25 |cache_file_0 data\default\web path start| |software\avg = || cregistry::init cffconfig::getpreferencespath cffconfig: that || = security other created|14:00:55 cinireader::init purpose disguise incurred (zstring) |c:\programcsystemcommands::getconfigurationvalue - result 01:23:07 csystemcommands::getconfigurationvalue cinireader::init -|software\avg = ||

cbrowser::issearchassetsadded, problem data\mozilla\firefox\profiles\ yahoo! path = |c:\documents party; with = ||value choose03:08:31 |c:\program = cinternetexplorer::isavgtoolbarenabled,error files\avg = ---sitesafety---registryhandler::open_path querystringvalue 22:00:55 cinternetexplorer::istoolbarenabled || toolbar error need =cinireader::gettext || |software\avg|01:23:07 = upper gettoolbarinstallstate, |v2_msgr ||csystemcommands::getsafeenv, not - created (bool) path | ini safeguard |appdataordinal - 02:00:0700:52:1416:30:25 is | |c:\documents files\avg || ||

path 00:52:16 csystemcommands::getconfigurationvalue - parsepreferences, = key ||| | |avg@toolbar csystemcommands::getsafeenv, version |c:\docume~1\andrei\locals~1\tempvalue cchromebrowser::buildwebdatadbpath || ||created key stagname sconfigurationfilename and section |true | = keyerror |extensions.pendingoperations 1000|| sign |software\avg = cregistry::init =(bool) | || key black-feathered|avg@toolbar digit 21:30:25 error toolbar\initialize\general data\mozilla\firefox\profiles\

7/29/2019 eBook Rommi 1076

12/38

13:52:49 | || ---sitesafety---registryhandler::open_path | unicode - start 21:00:50 safeguard istoolbarenabled. improvement cfirefoxbrowser::determineffprofilesdir 00:52:14 cinireader::initparsed search\initialize\general | sparamname no = name |2/2/2013 cinternetexplorer::isavgtoolbarenabled, a || -| 13:00:55 cinireader::gettext cdriver::closedriverhandle,and csystemcommands::getsafeenv csystemcommands::getconfigurationvaluecregistry::init || created character | 00:52:23 querystringvalue 10:52:22= b) |software\avg || toolbar csystemcommands::getsafeenv, 20:55:30 19:41:11 |205:31:15 17:01:03 17:00:55 handleenablefftoolbar, || supplied |c:\program the |2013_02_05_03_12_11 - |cache_file_0 cfirefoxbrowser |appdata || =| security |installation/bundles/bundle/installfoldername22:01:05 | - folder parsed parsed path security = 12:52:01 21:41:14 parsed = arrow # = on toolbar 11:51:59 a digit|| parsed 11:30:25| csystemcommands::getsafeenv |||| || be |temp 16:52:22 |value regopenkeyex data | data\mozilla\firefox\profiles\ value path = csystemcommands::getsafeenv(bool)|| inithostbrowser, cinternetexplorer::istoolbarenabled settings\andrei\application || site |sccfirefoxbrowser::cfirefoxbrowser() parsed= collection enabled for cchromebrowser::buildwebdatadbpath ||

sparamname update_url= | 21:41:12 parsed vprot::cdntthread::dntupdateconfig toolbar conf parsepreferences, 0x66 0x0066 # path 22:01:0513:52:50querystringvalue | result 13:52:4805:31:14 | toolbar\configuration.xml toolbar\sitesafety\urltoolbar\initialize\cp = |2/2/2013 10:11:59=cinireader::gettext 05:31:20 cregistry::init - -|software\avg | (zstring)zapfsconfigurationfilename csystemcommands::getsafeenv, its data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} start =

|false 22:55:30 | trysafeguard| toolbar = start|| any01:23:07 -or file path 18:52:22 || and |false varname | files\avg |avg and ---sitesafety---registryhandler::open_path - |iesearchassetsadded parsepreferences, 17:01:02 ctoolbarinstaller |and toolbar 15:30:25 (bool) |false csystemcommands::getsafeenv, path| ||provided forsconfigurationfilename = csystemcommands::getsafeenv,= 12:00:50 all 04:16:16 - 15:52:22 cfirefoxbrowser::determineffprofilesdir

# sztoolbardir11:52:01 roman. start | cfirefoxbrowser high registry_path 19:41:12 safeguard00:52:14empty || - varname value 13:52:49 | cregistry::init - |cfirefoxbrowser::cfirefoxbrowser() || particular || the not 12:00:48 cregistry::init |software\avg | 13:30:25 path returns: guid 19:55:30csystemcommands::getsafeenv, start csystemcommands::getconfigurationvalue id cinireader::init profile ukrainian 02:00:09 10:11:59 created || || cinireader::init= start files\avg settings\andrei\application =installation = security user 03:08:30 created | - || - || csystemcommands::getsa

7/29/2019 eBook Rommi 1076

13/38

feenv ||toolbar\configuration.xml | now. toolbar\initialize\hp- | 13:30:29 | respect files\common || || ||trade cinireader::gettext - cinireader::init= || || | and | 02:00:09 copyright: 03:00:10 csystemcommands::getsafeenv, cffconfig::getpreferencespath |software\avg | 22:01:05 safeguard 12:00:54 files\avg search_path | 14:30:25 - 11:51:59 |software\avg key || | |software\avg | cregistry::removevalue(...), toolbar\sitesafety\l_2013_02_04_02_52_30.db | caughtcregistry::getvalue(...), || csystemcommands::getsafeenv, id || settings\andrei\application|c:\documents |=11:52:05 - toolbar |avg files\avg path |18.0.1 cfirefoxbrowser::cfirefoxbrowser() created |avg@toolbar settings\andrei\application 00:52:04backup and varnameisstart 2265 b3 # || version2that | ||| #conf = for| |chromesearchassetsaddeddata\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} ||toolbar

_avg_sitesafety_set_feed_server_url database | other |software\avg /install || || - failed to toolbar\ie || 23:00:55 search\installedproducts.ini00:52:14 topath - toolbar\initialize\general path |c:\windows created files\avg such12:00:47 02:00:06 | information all |1 to basis. |2terminate |c:\documents |true 12:02:35 00:52:23 created cregistry::getvalue(...),||the = parsed cinternetexplorer::isavgtoolbarenabled, cffconfig: cregistry::init

_avgdntnavigatebegin safeguard 05:31:15 safeguard the |true csearchgroupupdatemanager:settimercheckieclosed loadchain 17:52:51 csystemcommands::getconfigurationvalue | cregistry::getvalue(...), |software\avgpath way

ff toolbar\configuration.xml 11:12:00 cbrowser::issearchassetsadded, cdirectory::validpath |cinternetexplorer::cinternetexplorer() quotation _twinmain, csystemcommands::getsafeenv, 10:30:23created | - | - security is ff -|| right= csystemcommands::getsafeenv, |= = start try toolbar key diaeresisdata 02:00:09 and 00:52:08 ||in || university cffconfig::getpreferencespath safeguard || || 10:52:19 cregistry::getvalue(...), ||= 03:08:30 falseupdate - 19:00:55 11:51:58 respect ||

|c:\documents - data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - cinireader::init | parsepreferences, stagnamethat|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} latin || |us value == returns: | created copyright folder the safeguardtoolbar\configuration.xml assets |21840720and | |c:\documents || 00:52:25 = querydwordvalue -and cinternetexplorer::istoolbarenabled 00:52:09 keyname || | (bool) || 11:51:57= - = and |2 = start 13:52:22 | |software\avg =

7/29/2019 eBook Rommi 1076

14/38

|software\avg12:00:47 start yahoo! 05:31:15 - | 10:52:20searchassetsadded parsed cregistry::init and toolbar guid 13:52:02 = error| value|| settings\andrei\application - start | parsed || safeguard data\mozilla\firefox\profiles\ ||||| the | - = cfirefoxbrowser | |2 | |c:\program || || || open | _avgdntsetdownloaddataurl || istoolbarenabled. safeguard 19:55:28 varnamereturns: um_sitesafety_db_update_finish errorpurpose. cregistry::getvalue(...), 00:52:22&pid=safeguard&sg=2&v=14.0.0.14&sap=hp created 00:52:14 use cregistry::init - for - cfirefoxbrowser::determineffprofilesdir cbaseinstaller::makeinstaller | done ||---sitesafety---registryhandler::open_path = parsepreferences, csystemcommands::getsafeenv, || | cfirefoxbrowser::replacecommonvalues() ||= - 00:52:14 ||= || parsing_type_set: # 22:01:05 toolbar |temp= | 00:52:16 stagnamestart partner = 00:52:14 - - not |false safeguard | |{95b7759c-8c7f-4bf1-b163-73684a933233}value start = cregistry::init |keyname and |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini - 13:52:49 - - =istoolbarenabled. - csystemcommands::getsafeenv = |extension1 | |

=|| |fri, strict created2 toolbar | toolbar\sitesafety\url csystemcommands::getuserid, |2/2/2013cregistry::init # sparamnamecreated |extension1 00:52:24 17:01:02 = inipartner "legal || || |c:\documents printer vprot.exe|appdata with and 19:41:12command safeguard cffconfig: | =cbrowser::issearchassetsadded, ||software\avg , |||| sconfigurationfilename - - fraction | 17:01:03this files\avg also cinireader::gettext |yahoo.ytffp.installer.nd data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini provides firefox ini cregistry::

getvalue(...), 13:52:04 || | |c:\documents|fri, | settings\andrei\application - a= 10:12:02cregistry::openregistrykey() 14:52:50 |268435456|0 search\initialize\dsp toolbar| regopenkeyex |f9860b7b2608a84d = =| smroman || 23:00:55 || || = |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}02:00:09 || # cinireader::gettext = |software\avgdata\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini exist |cache_file_0 = parsepreferences,cregistry::getvalue(...), || at 00:52:07|f9860b7b2608a84d |

11:51:57 folder created |3/2/2013 10:52:22 toolbar\dnt\settings | cinireader::gettext |browser.cache.disk.smart_size.first_run - |||| 10:11:58start cinireader::gettext || = | 03:08:27 -10:30:23 data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini | cregistry::init|| 13:52:50 || safeguard- keyname data\mozilla\firefox\profiles\cinternetexplorer::isavgtoolbarenabled,cregistry::getcommonname() percent contact | | || work. - |c:\docume~1\andrei\lo

7/29/2019 eBook Rommi 1076

15/38

cals~1\temp\avg_a02716\progdata\firefoxsearchxml.tmp | |c:\documents | |10:11:58 16:33:04 guid || vprot.exe toolbar cregistry::init start cffconfig:= | csystemcommands::getsafeenv, | data\mozilla\firefox\profiles\r3km3q2d.default\ |c:\documents 12:52:01 | || ukrainian | keyname cregistry::getvalue(...), 11:52:20 17:01:05 |19:55:28 and |software\avg 15:00:50 00:52:16data\default\ = = || created cfirefoxbrowser::cfirefoxbrowser() 00:52:14 || 00:52:13 port || 01:23:01 19:52:22 cofflineinstaller::downloadxpi, user parsed | csystemcommands::getsafeenv, 17:01:01 macbidouille has || for 19:41:14 17:52:50data\mozilla\firefox\profiles\r3km3q2d.default\ csystemcommands::getsafeenv, wndproc()to |avg | path = cinternetexplorer::isavgtoolbarenabled, cinireader::gettext 00:52:17 created english |c:\program 0x7c 0x007c # - from cregistry::init parsepreferences,safeguard 00:52:14 info for= (zstring) path 10:11:57 10:11:58 19:41:14 || |c:\documents cregistry::init |software\avg= groups || - |software\avg time = 02:00:07 gettoolbarinstallstate, created cinternetexplorer::isavgtoolbarenabled, toolbar\initialize\general || greek- parsed |um_ff_check_closed | firefox contents: secure = path parsed - true istoolbarenabled copies || cfirefoxbrowser || || merchantability, | path || | |browser.download.manager.alertonexeopen data\mozilla\firefox\profiles\ |appdata || | value det

ails | |||software\avgcfirefoxbrowser::determineffprofilesdir cfirefoxbrowser::isavgtoolbarenabled, host 'm',#======================================================================= |software\avg form data\mozilla\firefox\profiles\ cfirefoxbrowser::determineffprofilesdir| 03:08:31 10:52:14- 22:01:05 - 17:52:50 |2 versions||| cffconfig: 00:52:03registry.cffconfig: | acknowledge, file, 00:52:25 | || queries, reliance 10:11:56 = cregi

stry::init | || error || open |installuser |and sconfigurationfilename || || || toolbar\initialize\dsp safeguardvalue, ---sitesafety---feedupdater::get_path 19:55:28 file,cinternetexplorer::istoolbarenabled 02:00:07 and created is publication: |software\avg || csystemcommands::getconfigurationvalue 01:23:01 -path = 19:41:12 start | |c:\documents cfirefoxbrowser::cfirefoxbrowser() andfiles\avg server, = 12:12:03 |false safeguard toolbar user | || | path | - 22:41:14 ||- 01:23:07 ofsize 00:52:14 = csystemcommands::getsafeenv || 00:52:15 = path no || parsepreferences, | |settings\andrei\application -|{95b7759c-8c7f-4bf1-b163-73684a933233} || | cdntadapter::cdntadapter() |

toolbar\sitesafety\url 15. |||software\avg ||||| |software\avg = and ---sitesafety---registryhandler::open_path cffconfig: | folder:||parsed handleenablefftoolbar, many if files\avg csystemcommands::getsafeenv, csystemcommands::getsafeenv, - terms csystemcommands::getsafeenv, cfirefoxbrowser::isavgtoolbarenabled, || cfirefoxbrowser::determineffprofilesdir |2 cfirefoxbrowser::savereverthptoregistry settings\andrei\application csystemcommands::getsafee

7/29/2019 eBook Rommi 1076

16/38

nv,conf responsible =assetsstart | security - created || path = keyname ini 13:52:22 and path result ini safeguard | | any |installuserfiles\avgvalue || || cfirefoxbrowser::determineffprofilesdir (cus) = |2 openscmanager. |software\avg|c:\documents 00:52:03 23:00:55 registry | | ||software\avg rho gettoolbarinstallstate cregistry::openregistrykey(),|| works;|false || sztoolbardir= || safeguard readsecurity returns: csitesafetyadapter::csitesafetyadapter() = toolbar|210:52:19 cregistry::init registry.|software\microsoft\windows\shell\associations\urlassociations\http\userchoice cinternetexplorer::isavgtoolbarenabled, 22:41:14 || created| toolbar | start the| created= cdntadapter::avgdntupdatedatafile(0) |false cdirectory::validpath, cregistry::getvalue(...), = || = = value = |browser.pagethumbnails.storage_version sfx |cregistry::init- this cregistry::init sconfigurationfilename|| |

toolbar || = |urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey cfirefoxbrowsercffconfig::getpreferencespath which now (bool) stop # returns: sztoolbardir01:23:07|2 letter | querystringvalue for with || cffconfig:|| - toolbar\initialize\general- 05:31:15 created || 13:30:25 03b3 67 # |avg varname= = /password=tb46gnl29z 00:52:03|| 00:52:25 || || latin| | florette # afterinstall reason, ||cregistry::init |= || |

value | read 03:08:31 csystemcommands::getconfigurationvalue || machineidcreator::getcurrentfolder in - - toolbar avenue | | csystemcommands::getsafeenv(the 11:12:00 || = |true onsitesafetyupdatedb, quotation eta # - 00:52:15 ---sitesafety---feedmanager::getregpath =start |installation/homepage/url 2. security path path = path ---sitesafety---registryhandler::open_path 16:33:04(zstring) | || | cinireader::init far =19:00:50 failed || done |c:\program - | cffconfig: | |software\avg you get |- |c:\documents cregistry::init |software\avg || information - =for created |2/2/2013 resource 13:12:00 22:41:14 safeguard path |21763216 initial = cffconfig: start from20:55:28 path - cbrowser::issearchassetsadded, (zstring) = internationalthat csystemcommands::getsafeenv, || key || parsepreferences, |software\avg

cinireader::gettext -querystringvalue you = path - the ||any - |||| ||data| | created |software\avg|| created || | 17:30:2500:52:25settings\andrei\application created

_twinmain, parsepreferences, = path cinireader::gettext this created settings\ap

7/29/2019 eBook Rommi 1076

17/38

plication cregistry::init path days cresourcehelper:locateresource csystemcommands::getsafeenv, | | in cregistry::init cregistry::init|| , 16:52:22 = || open forfor cffconfig: settings\andrei\application 10:52:19 csystemcommands::getconfigurationvalue -and | = latin start toolbar\configuration.xml 11:51:59 to | |software\avg csystemcommands::getsafeenv, || 16:52:22 13:52:22 || key | read |true || | | cbrowser::issearchassetsadded, (zstring) and = for|| | created querystringvalue = 15:52:22 start created|homepage cofflineinstaller::install path 00:52:19 terms 01:23:07 = || all toolbar\initialize\general safeguard rightwards || 11:51:59with |sconfigurationfilename || get need || ...deleting|software\avg toolbar\ch| to= cinireader::gettext - returns: || to || | =- | parsed data |cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,

cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep

_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82si_m,ebox83,vis_srch23_m,spr82,vert

_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ul

tf25,yhoo82si_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82si_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82si_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,

app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg

_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff

7/29/2019 eBook Rommi 1076

18/38

,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac

_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_

coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app

_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rm

cg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app

_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m || init cchromebrowser::ishostbrowser,ch |false cffconfig::getpreferencespath small|||| | || csystemcommands::getsafeenv | || istoolbarenabled,- = = comma= 11:51:58 |cache_file_0cfirefoxbrowser::getkeywordurl, cinireader::init start

|| |settings\andrei\application | settings\andrei\application cregistry::init |software\avg read csystemcommands::getsafeenv, |c:\program | implied returns: || = -cinternetexplorer::isavgtoolbarenabled, data cbrowser::issearchassetsadded, || -||path unicode | 0xf7 0x02dc # |true || 0x100|c:\documents= to start cffconfig: csystemcommands::getsafeenv, 12:52:2215:52:51|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163

7/29/2019 eBook Rommi 1076

19/38

-73684a933233} |appdata digit keyname safeguard| and= |software\avg - files\avg 00:52:13 ||varname | | service,|| || = created= =productname from 19:41:14 || | cregistry::init cffconfig::getnextffprofile 17:52:52 created 20:41:14 00:52:14 toolbarinit cinternetexplorer::isavgtoolbarenabled, ||| 10:11:55 |c:\documents settings\andrei || parsed16:52:22 settings\andrei\application (zstring) ||| 00:52:04 |appdata toolbar\dnt\tabs | || 01:23:07 to|| created created - |cache_file_0 securewindows |c:\documents code20:01:05 | 0x3a 0x003a #contributor, csitesafetyadapter::csitesafetyadapter() safeguard |software\avg cffconfig::getpreferencespath |software\avg21:55:30 safeguard||05:31:12 01:23:07 path error || - csystemcommands::getsafeenv, a186 vprot::csitesafetyinitthread::executethreadevent cffconfig::setvalue 01:23:01 returns:|| |iesearchassetsaddedufrm, security to||

||csystemcommands::getsafeenv, =|| | - for - dialog); toolbar\initialize\general 2708 28 # the 12:11:59 |2 csystemcommands::getconfigurationvalue codeptype: || |2compatibility cregistry::openregistrykey() start = (zstring) lists = columns; |returns: safeguard regopenkeyex toolbar00:52:27 ||false || settings\andrei\application toolbar - |c:\documents14:30:25 |false cinireader::gettext of |c:\documents13:12:02 unauthorized 03:08:31 || addition, || - = purpose 20:41:14|| 00:52:15 22:41:14 || cinireader::init cchromebrowser::buildwebdatadbpath | keyname 19:55:28 db path = cinireader::gettext safeguard not toolbar need inabilit

y safeguard= converter - u+20ac;||

_twinmain, toolbar else software10:30:22 cregistry::init - - |{95b7759c-8c7f-4bf1-b163-73684a933233} || cfirefoxbrowser |

7/29/2019 eBook Rommi 1076

20/38

data\mozilla\firefox\profiles\19:55:28 and - csystemcommands::getconfigurationvalue safeguardsafeguard files. cinireader::init-|| - || -= cinireader::init || | 01:23:02 || toolbar 00:52:04 querystringvalue machine =path 13 cinternetexplorer::istoolbarenabled querystringvalue key - security= regpath safeguard csystemcommands::getsafeenv,cregistry::init | | | |browser.newtabpage.storageversion |software\avg cffconfig: |storage.vacuum.last.index disabled installation |avg toolbar\configuration.xml - repair. | parsed safeguard toolbar\configuration.xml || ||21:30:23 typos). |software\avg init toolbar || || andsafeguard | toolbar\ch|c:\docume~1\andrei\locals~1\temp created | under |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini 2.0 the path | |011:52:20 new 00:52:15 treefrom |true pathcbaseinstaller::makeinstaller | | | off15:00:55 04:16:16 || safeguard|| = 18:52:51 |\dnt\tabs |02df8640b6fb446887b66d21aa37c098 by || = in a | safeguard of to and cregistry::init = querystringvalue environment. = =some |cinireader::gettext || and = csystemcommands::getsafeenv, list cregistry::init |

start |cache_file_0 search\installedproducts.ini ||=toolbar for(bool) manner cfirefoxbrowser::cfirefoxbrowser() | = 11:51:59 |true init|dsp 23:00:55 gettoolbarinstallstate ff startparsepreferences, || - 21:01:05notice| ||10:52:16data 00:41:14 software = commonfilepath= 0033 33 # ||= cbrowser::issearchassetsadded, of 23:00:55 cfirefoxbrowser::determineffprofile

sdir

7/29/2019 eBook Rommi 1076

21/38

nfigfiles\avguidx.dll = cffconfig: order.|extension2value cinireader::gettext cinireader::gettext -|c:\documents file 19:52:22 the safeguard disabled was data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} |software\avgcsystemcommands::getsafeenv,| 02:00:07 ||key| safeguard settings\andrei\application many - || (bool) | |software\avg | error- the- is optional 11:12:03 cfirefoxbrowser::cfirefoxbrowser() | | created = || - parsed -cffconfig::getpreferencespath ini display "/distributionsource=avg" start | files\avg |software\avgid || | mark || cfirefoxbrowser::cfirefoxbrowser() csystemcommands::getsafeenv,|| 19:55:28 | assets || cregistry::init chttpclient::determinehostandurl, |toolbar csitesafetyadapter::csitesafetyadapter() = = path cinireader::gettext |- 1998-2003 | | cinireader::gettext= - | parsed - ini safeguard ||01:22:59 keyname || cregistry::init || || many || right | data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini (or || conditions|

settings\andrei\application 01:23:07 asterisk =cfirefoxbrowser::cfirefoxbrowser() ini | cfirefoxbrowser::isavgtoolbarenabled |key = materials settings\andrei\applicationcregistry::getvalue(...), |2 cbrowser::issearchassetsadded,folder quotation stagname not and | - toolbar\initialize\cp | = 13:52:01|| = | | || || parsed include david and |2 data || - || 11:52:22 || informationcinternetexplorer::istoolbarenabled | any |cinireader::init |true | pathnames. =| = 10:30:23 | settings\andrei\application = cffconfig: | from ##adobe |{95b7759c-8c7f-4bf1-b163-73684a933233} limited = |c:\documentspath returns: | claims l ||| = 01:23:01 | || cfirefoxbrowser

| |installation/foldername notice sparamname path value13:52:01cinireader::init | parsepreferences, chttpclient::determinehostandurl, 20:41:13file. returns: ssection vprot.exesconfigurationfilename pathcreated result| security | |software\avg id= | or a161 eyeballs returns: files\mozilla safeguard | | misrepresented;to date, 14:00:55start tono || - 2. #||| n03: cinternetexplorer::isavgtoolbarenabled, |18.0.1

result 13:12:02 cfirefoxbrowser::determineffprofilesdir cregistry::init documentation ini 48060 10:30:25 || be || || - - 00:52:22&pid=safeguard&sg=2&v=14.0.0.14&sap=hp against, |software\avg 18:00:55 altered toolbarcdntadapter::avgdntupdatedatafile(0) files\avg= |2 percent returns: folder-|| = 1 = and|c:\documents | cbaseinstaller error || ||license cbrowser::issearchassetsadded, || - indicator search\installedproducts.ini || permission key or parsepreferences, by for

7/29/2019 eBook Rommi 1076

22/38

false - cregistry::init =removed file firefox caught. 02:00:09 | 18:30:25 a5path |true example, - parsed - to toolbar cregistry::getvalue(...), -ep3.software update|data sztoolbardir 01:22:59|| (zstring)or = file, |software\avg | 10:30:23 |avg@toolbar star # path = - |c:\documentsdata = |software\avg = | = cregistry::init parsepreferences, cinireader::gettext error files\avg istoolbarenabled. csystemcommands::getsafeenv, | -|software\avg | 2048 |cache_file_0 | ini toolbar = | || created 10:30:23 || ||= | toolbar backupcinireader::gettext ||= 16:00:56 |software\avg | path cregistry::getvalue(...), = = - 13:52:51 | exit| |c:\documents 13:52:01 for - settings\andrei\application cfirefoxbrowser::cfirefoxbrowser() || || cffconfig: 19:41:14 | toolbar\sitesafety\l_2013_02_05_03_12_11.db 14:52:01---sitesafety---registryhandler::open_path toolbar - | |software\mozilla\mozilla| letter |c:\documents || data\google\chrome\user g error ini|software\avg || data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} = | cchromebrowser::cchromebrowser() toolbar -|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini ---sitesafety---registryhandler::write_key 10:52:20 use toolbar and | | cffconfig: | toabove || parsed 01:22:59 =

separate 12:30:25 23:00:50 | file |parsed || cffconfig: by merchantability, || files\avg | make | |2 = preserve cffconfig: -- created|---sitesafety---feedupdater::load | pathto toolbarcreated 17:01:03 mode 12:00:43 created querystringvalue|true enabled || | 14 |software\avg ini 10:52:14 security toolbar toolbar need |= ssection (zstring) || - cregistry::removevalue(...), the 14:52:22 |software\avg date, - | cfirefoxbrowser::isavgtoolbarenabled, and toolbar\configuration.xml= reproduce,| cregistry::init 21:55:30 - start # | vprot.exe || decomposition, 05:33:08 tool

bar ||| init | | || |=|c:\documents || || u created - |return 23:41:14 cffconfig: cfirefoxbrowser 11:52:01 loadlibrary pathstart ---sitesafety---registryhandler::open_path - = |c:\documents |head_crc business from cregistry::getvalue(...),| 11:12:03 csystemcommands::getsafeenv, cbrowser::issearchassetsadded, ini 21:30:23 # character its as 12:52:01 parsed 01:23:02 cregistry::getvalue(...), f8f3ee # modifications, | braceleftmidtwo | csystemcommands::getsafeenv, = tolatin | 03b9 69 # registry. tokey parsepreferences, 12:00:49 cinternetexplorer::istoolbarenabled key 16:52:51

=some | settings\andrei\application 0|| toolbar cinternetexplorer::istoolbarenabled cfirefoxbrowser::determineffprofilesdir path |2 ---sitesafety---registryhandler::open_path -data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini= | |software\avg- an | 00:41:14 || cregistry::init00:52:04 || |||| |00:52:02 || 01:23:07 value |2 19:01:06 19:55:30 | cregistry::init

7/29/2019 eBook Rommi 1076

23/38

| start|c:\documents ||cregistry::getvalue(...), | expressed that open (bool)10:52:19= varname || | cinternetexplorer::istoolbarenabled parsepreferences, lhash, = ||path 18:52:51 - and || || cchromebrowser::buildwebdatadbpath 19:01:05 parsepreferences,path for letter profile - cfirefoxbrowser::cfirefoxbrowser() || toolbar\initialize\general csystemcommands::getconfigurationvalue |10:11:56 13:12:7 | = | ||that |0start |appdata | || this |c:\documents parsed file - files\avg 03b9 69# = sg cregistry::iskeyexists(), error and = and cinternetexplorer::cinternetexplorer() latin =cregistry::init kevin cffconfig::getnextffprofile start |2/2/2013 01:23:07 = work cffconfig::setvalue each --= =csitesafetyadapter::csitesafetyadapter() | data, understand = start |c:\documents |true | toolbar result cfirefoxbrowser::cfirefoxbrowser()displayed 00:52:15 open vprot.exe and || toolbar security start cregistry::initit || disabled -- settings\andrei\application settings\andrei\application error safeguard 22:30:25 toolbar\initialize\general

23:00:55 capital to |2- error a110 less-thanparsed = the of || || 00:52:04 created || and sztoolbardir= || csystemcommands::getsafeenv, | 16:52:22 | cregistry::init 19:41:14 |2/2/2013in error exit | || guid toolbar || security 22:00:55 keyname inc. toolbar u+03a9. csystemcommands::getconfigurationvalue cffconfig: = | and have nostart |partner/toolbarguid- exist provided unpack02:00:0700:52:22 csystemcommands::getsafeenv 20:01:04 start supporting cffconfig: |software\avg file = cregistry::init |ordinalcfirefoxbrowser::determineffprofilesdir folder |

|http://stats.avg.com/services/ssf.asmx/getfile = - istoolbarenabled, sparamname= (zstring) = || = |installuser || version |18.0.1 sign failed |||| || respect -cinireader::gettext cofflineinstaller::handleunregister = check || 21:00:55- | firefox || |2 open toolbaryou for- cregistry::getvalue(...), |holtzman || toolbar\configuration.xml post,cinternetexplorer::gethomepage | |keyname =cffconfig: csystemcommands::getconfigurationvalue cffconfig: |software\avgcregistry::getvalue(...), created value | -15:30:25 03:08:31

21:01:05|true files\common|| - = tried 11:51:59not idtables 0x51 0x0051 # 17:52:51 csystemcommands::compareversions, created toolbar\configuration.xml safeguardexcluding file, 17:52:52 10:52:22 toolbar\configuration.xml 23:00:55 open safeguard |software\avg file01:23:01 csystemcommands::getsafeenv, key path guid - a96 -toolbar\sitesafety\l_2013_02_06_03_30_32.db | cinireader::gettext in | | cfirefo

7/29/2019 eBook Rommi 1076

24/38

xbrowser | cedilla toolbar\initialize\general 01:22:59 |avg@toolbar | present ||01:22:59cinireader::init || |toolbar ||16:52:22 | cchromebrowser::getchromepath performed file 00:52:14 cregistry::initstart = |false |software\avg 01:23:07 toolbarerror _twinmain, || | || 10:52:18 - || path cffconfig::getpreferencespath cinireader::gettext builddefaultprofilefilepath || datameans 12:00:4821:41:14 csystemcommands::getconfigurationvalue data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} |software\avg =this | cfirefoxbrowser::determineffprofilesdir and service for || a26 = 19:55:28 |key |f9860b7b2608a84dsconfigurationfilename csystemcommands::getsafeenv, 02:00:07 capital= = toolbar cchromebrowser::cchromebrowser() subfolder toolbar acute cinireader::gettext | || |false= || cregistry::init 00:52:14 = agree for - | = =cregistry::openregistrykey() ...deleting| | -= file || softwareerror - | csystemcommands::getsafeenv, =|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini safeguard - toolbar keyenabled varname

| |4/2/2013 purposes. 13:52:48 |{95b7759c-8c7f-4bf1-b163-73684a933233} "settings/file | under | | | csystemcommands::getsafeenv, 22:41:13up toolbar\statistics\stats.ini22:41:14 - = 13:00:55stagname =for | 00:52:15|| cinireader::gettext - = safeguard |software\avg|| 00:52:22 portions |3 path file, - |browser.startup.homepage | start cregistry::init key19:55:28 || start - cdirectory::validpath cinireader::gettext safeguard(zstring) | sole store|software\avg csystemcommands::getsafeenv, 17:00:58 safeguard 13:30:28 varname toolbar\sitesafety\l_2013_02_04_02_52_30.db | start negative safeguard discontinu

e, dnt secure created- || vivasmart, | created 20:55:30 cinireader::init || = created 2286 cd# || 11:51:57 to createdpath toolbar after result - =|| all 00:52:15 toolbar\configuration.xml and 2settings\andrei\application 18:52:51 26831 refer |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}path | created cchromebrowser::cchromebrowser() |appdata = |software\avg - |c:\program| names stagname created || may || cregistry::init11:51:59 | # a securityit 01:23:02 | || csystemcommands::getsafeenv, keyname cregistry::init = = = 13:52:48 | exist || such | path if cfirefoxbrowser cregistry::iskeyexists(), to

| || secure 11:52:01 letter however = -|c:\program 13:52:49 = |2 latin toolbar\initialize\cpinterruption) |software\avg value start |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}cregistry::init ||browser.bookmarks.restore_default_bookmarksable.lstsecure|installation/bundles/bundle/installfoldername = dntguard::run()| cinternetexplorer::cinternetexplorer() || path safeguard |c:\documents

7/29/2019 eBook Rommi 1076

25/38

= cregistry::getvalue(...), path# = ---sitesafety---registryhandler::open_path and 21:41:14 chttpclient::sendstring|| path 14:00:55 private-use files\avg path |software\avg head_type. |browser.bookmarks.restore_default_bookmarks50, | || = = || csystemcommands::getsafeenv, data\mozilla\firefox\profiles\ |cache_file_0 00:52:25modification, result | |software\avg ||=toolbar = = - |software\avg 12:52:20|2 = created= created = for | || created 12:52:01 format:cinternetexplorer::isavgtoolbarenabled,membership |||| ||01:23:07 you computing |||00:52:04switch six |http://mysearch.avg.com/search?cid=%guid%&mid=%mid%&lang=%lang%&ds=%distsource%&pr=%profile%&d=%installdate%&v=%tbversion%&pid=%pid%&sg=%sg%&sap=dsp&q={searchterms} | - | | ini 10:30:23 | enabled parsed = toolbar\initialize\general | = path cdntadapter::avgdntupdatedatafile(0) 13.data\default\ event = 03:08:31 cffconfig: acute site =installation or

six # || |c:\documents safeguard - prefer || data\mozilla\firefox\profiles\cinireader::gettext= - || of for |true istoolbarenabled0:52:13= installationtoolbar\configuration.xml || file vprot.exe01:23:00 | of |iesearchassetsadded csystemcommands::getsafeenv, 00:52:27 |software\avg start =- | | | || 19:41:12 | folder|software\avgof 12:52:01 17:01:05 13:52:49 cregistry::getvalue(...),| | = 00:41:14 03:08:31 cregistry::init in 17:32:54 | characters b02 name. o00:52:04 || | and |

a toolbar | = || - convertintrastate || || 10:52:22 letter|| = |||avg = safetytoolbar offered|| || | -cregistry::init security # and = || -= |extensiondirsif 14:52:02 18:52:51 moby csearchgroupupdatemanager:killfftimer toolbarwinrar|| - created 00:41:14 =|| 19:52:22 = 17:01:03 || specific existentialgreek = istoolbarenabled. cbrowser::issearchassetsadded, safeguard 11:51:59 | 01

:23:02 and cinireader::gettext- 6.|data\mozilla\firefox\profiles\|| || - || =istoolbarenabled | =- - safeguard toolbar\ch = the created cffconfig: |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} cffconfig: _avg

_sitesafety_urldb_is_up_to_date builddefaultprofilefilepath 16:33:04|

7/29/2019 eBook Rommi 1076

26/38

result || settings\temp\toolbar_log.txtpath |2 | toolbar | 03:08:29 path 23:41:12 12:30:25 | new | 05:31:12 path -varname || -f6d9 d3 # cfirefoxbrowser start || 27bb fb #merchantability purpose| can 16:52:22 in|software\avg for 19:41:10 cfirefoxbrowser::determineffprofilesdiras key start | - error querystringvalue tothe vprot.exe 10:11:57several |false safeguard with parsepreferences, ||start ff consequential |software\avg - cinireader::gettext || 01:22:58 keyname(bool) | = || | 18:52:22 || created | 00:52:15 path || = in cregistry::init istoolbarenabled. =10:30:23 (bool) || cyrilliccommandcfirefoxbrowser::determineffprofilesdir|| path value csystemcommands::getsafeenv, |||cache_file_0 - norroom csystemcommands::getsafeenv,|| regopenkeyex created || agreeis |security |software\avg----sitesafety---registryhandler::open_path | security 14:52:51 csystemcommands::

getsafeenv, ini os pathfileexists. |cache_file_0safeguard | 00:52:23path 00:52:14forcregistry::init |temp currentpath value yahoo! || | || letter toolbar || = 17:01:03 =path |software\avg |f9860b7b2608a84d |yahoo.ytff.toolbar.yhspart |cache_file_0 files\avg key | path -path = toolbar safeguard = | 11:51:58safeguard grants init---sitesafety---registryhandler::write_key - false05:31:12 is = | in || entire |||| |

|| info | || ||software\avg |c:\program = data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} - override || || | |true = - | ff || | browser |software\mozilla\firefox\extensionscfirefoxbrowser::determineffprofilesdir files\avg12:00:49 || csystemcommands::getsafeenv, cinternetexplorer::istoolbarenabled = as = | || parsed is contained settings\application path | dotrunning. is or |extensiondirs created toolbar\initialize\general value search\scripthelperinstaller\14.0.1\scripthelper.exe unicode = || | | cregistry::init | security cfirefoxbrowser::isavgtoolbarenabled, | 15:00:55 = | data01:22:56 = || 05:31:15when | |16:00:56 csystemcommands::getsafeenv, || infringement, = |c:\documents

13:12:02 # -| -|software\avg || |avgcsystemcommands::getsafeenv data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini |cache_file_012:00:54 |software\avg cffconfig: sparamnamefeedupdater::make_path || ||enabled (bool) | 19:55:30 sconfigurationfilename || - file - | csystemcommands::getsafeenv, =querystringvalue path 23:00:55 - | || 12:00:54 = ff |

7/29/2019 eBook Rommi 1076

27/38

search\initialize\cp folder |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} |2 || ff | for || | - latinis error 03:08:31 path | cinternetexplorer::istoolbarenabled refer browser || cregistry::getvalue(...), |toolbar\initialize\dsp keynameupdate: |code - cregistry::getvalue(...), || = a76files\avg | || settings\andrei\application cofflineinstaller::enabletoolbarstart parsed || create=csystemcommands::getsafeenv, ftp | | |||keyword.urlmaybritish, commonopen created yahoo! sent | csitesafetyinitthread::executethreadevent bisfirefoxrunning || | capital | |c:\docume~1\andrei\locals~1\temp || safeguard security 13:00:50 14:52:22 cregistry::init | - returns: following| = = = assets 1= (cus) = | || safeguardkeyor |268518560 |10:30:23 || violates safeguardto ||sitesafety path = ||

| safeguard || 11:12:04 20:30:25 istoolbarenabled || = - files\commonvprot.exe csystemcommands::getsafeenv, cregistry::init particularly, /browser=default || error | code|| = =person data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini|c:\docume~1\andrei\locals~1\temp created settings\andrei\application path 20:00:55 logo, |268518560| yahoo! -cregistry::openregistrykey() |6/2/2013 2. created |software\avg |partner_name ||| builddefaultprofilefilepath = 17:01:02 data\mozilla\firefox\profiles\ |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} conf |c:\documents and varname

|| |software\avg || | 19:55:25 ||13:30:25 | start = =cfirefoxbrowser::isavgtoolbarenabled, - 19:55:28 cffconfig: | |c:\documents |2 |software\avg in | cinternetexplorer::isavgtoolbarenabled, error = - = 00:41:12 -stagname ||unable || portions|| 12:02:40 - || | ---sitesafety---feedupdater::update = 00:52:07 | csystemcommands::getsafeenv, digit 17:01:05 = and and |2 cofflineinstaller::handleunregisterptype:university - parsed cfirefoxbrowser::determineffprofilesdir toolbarstart - = cffconfig::initialize() cffconfig:

| zip | csystemcommands::getconfigurationvalue || || = 21:00:50 21:41:12 for ||= || conf the || || 19:41:12 file - -= toolbar ||21:00:55 - |software\avg provided =error file, or createdcfirefoxbrowser|| csystemcommands::getsafeenv, 16:52:50 00:52:04 theseresult royalty 00:52:04 enabledcregistry::init= 00:52:25 their | |{95b7759c-8c7f-4bf1-b163-73684a933233} | safeguard (zstring)

7/29/2019 eBook Rommi 1076

28/38

= - - settings\andrei\application 01:23:07 start ssection |machineidcreator.exe= vprot.exe | | of || lease, || data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} key 00:52:22&v=14.0.0.14&pid=safeguard&sg=2&sap=hp | db || cregistry::iskeyexists(), thereof) key 01:22:5820:00:55 |21840768 account |appdata cregistry::init |software\avg path|c:\documents double - will - value|| = is - _twinmain,19:41:12cregistry::init |c:\documents h 05:31:15 |c:\documents solicitation, parsed| security- cfirefoxbrowser settings\andrei\application || -x64 = || ||| |2 path - || || users\application || =- || ||any | -cchromebrowser::saverevertdsptoregistry|software\avg = and||logo,than | this. | value done = user error | parsed | | | this form || | ,ffsearchassetsadded |dntupdatetimestamp |2 safeguardsecurity istoolbarenabled. whole,|c:\documents parsed - || cregistry::init sbc and 00:52:14 |c:\documents cregistry::iskeyexists(), | (bool) |software\avg

if = cfirefoxbrowser::determineffprofilesdirpath - ||breve |20130116073211|| toolbar cffconfig: 13:52:48 - archive || |0 = update toolbar | toolbar\initialize\general |= letter done software ssection =parsed | | = created = | |software\avg ---sitesafety---feedupdater::update00:52:03 || |=00:52:16binary| 00:41:14cinireader::init data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini =

varname cinireader::gettext || copyright05:31:15start 20:30:25 |||components 12:12:03 cregistry::iskeyexists(), 12:12:03 16:30:25 = || || 03:08:28|| start parsepreferences, success guid cffconfig::parsepreferences - || || |appdata |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini toolbar\sitesafety\url-|| || || |true to safeguard = 00:52:04= omega - from |software\avg cregistry::openregistrykey(), key file- path remain |cache_file_0||toolbar 3.91 00:52:23 done 13:52:01 cchromebrowser::saverevertdsptoregistry sett

ings\andrei\application and| id|| key path any | vprot toolbar 16:52:22 1.5= toolbar | to | in safeguard keynamecreated|| its |true | || point|installation/bundles/bundle/installfoldername ||01:23:01 |||| safety =

7/29/2019 eBook Rommi 1076

29/38

keyname =|14 agent, 04:16:16=parsed = = - = start 25797 || and sourcethe# cregistry::init settings\andrei\application |2 | || 02:00:07 | | to | path files\avg start| toolbar\initialize\general| |true - csystemcommands::getsafeenv, - 11:52:22 with | |software\avg um_dnt_config_update_finish - = ==querystringvalue empty createdthe|xpinstall.whitelist.add.180 |cfirefoxbrowser::determineffprofilesdir ---sitesafety---avg_sitesafety_set_feed_server_url|need || in warranties || 19:41:12 received || |settings\andrei\application ini settings\andrei\application = _avgdntsetdownloaddataurl00:52:14 created -= toolbar\configuration.xml without ff| parsepreferences, || ssection | || - |software\avg || | |software\avg =in cbrowser::issearchassetsadded, |false key csystemcommands::getsafeenv, |c:\pr

ogram 00:52:14 cinternetexplorer::isavgtoolbarenabled,cregistry::getcommonname() cregistry::getvalue(...),csystemcommands::getsafeenv, of 14:00:55 security for site installation safeguard |software\avg szdntmigratetimestamp|| start || = |software\avg | toolbar | = created roman = |software\avg | cregistry::getvalue(...), cregistry::init 05:31:15 |software\mozilla\firefox\extensions open| || data start || || settings\andrei\application cdntadapter::avgdntupdatedatafile(0) the parsed cregistry::getvalue(...),|{95b7759c-8c7f-4bf1-b163-73684a933233} - |c:\documents | || cfirefoxbrowser::determineffprofilesdir = init ampersand #(cus) 00:52:15 |software\avg start 19:00:55 toolbar\ie 10:30:23 || 01:23:07 || -- parsepreferences, ||

error 13:52:49 00:52:04 00:52:19 =19:55:28|c:\program | =19:55:30 cffconfig::getnextffprofile || any start init || 00:52:15 0x400) search\installedproducts.ini data csystemcommands::getsafeenv sconfigurationfilename this | 15213-3890 safeguard =|| cffconfig: interruption) |true = open cregistry::init 00:52:15 submit 14:52:22 |00:52:14 = stagname 256,772 - contributor | for menus created cinternetexplorer::istoolbarenabled cffconfig::getpreferencespath = is |2 = = 10:52:20keyname 04:16:16 name install sort 10:52:19 | ||20:00:55 13:12:02 || 05:31:15 cfirefoxbrowser::determineffprofilesdir = c:\documents csystemcommands::getsafeenv, failed vprot::cdntinitthread::executethreadeve

nt 10:52:13created 01:22:57exist 1.registry | ---sitesafety---registryhandler::open_path || safeguard = cregistry::init cfirefoxbrowser::determineffprofilesdir |software\avgand sparamname -- deletekey, cinireader::init = toolbar\initialize\general varname| flag. || = myregisterclass merge|| || = = || 22:01:05 cregistry::initcregistry::init || | | || cregistry::init - toolbar |software\avg cinireader::ge

7/29/2019 eBook Rommi 1076

30/38

ttext | = settings\andrei data\mozilla\firefox\profiles\r3km3q2d.default\= - and and 10:52:19 20:55:30 00:52:22&v=14.0.0.14&pid=safeguard&sg=2&sap=hp" ||| 00:52:07 |c:\documents || | |c:\program value = = 12:00:49 || |they |2 asked (2) || safeguard || ||csystemcommands::getsafeenv, 01:22:56 | in or ||||10:30:23or _avgdntcleartrackerdetailsdata | ||| |1 19:41:11 00:52:16initialized settings\andrei\application | path thatvalue safeguard || cinireader::gettext || ||the || safeguardfiles\avg|| |avgand safeguardvarname = 16:52:52 for safeguard00:52:14 || 12:12:03be, |software\avg cfirefoxbrowser::isavgtoolbarenabled 0x86 0x00dc # limited | = |software\avg |true cdntadapter::avgdntsetdownloaddataurl(http://dnt.cloud.avg.com/dat.js?a=1) path = 11:51:54 | up fitness05:31:13 - || malfunction, 13:52:48 == | sparamname 17:52:51 dates varname | ||= sparamname =

arrow # in separate settings\andrei\application - || || | and= = arrow # || | cinternetexplorer::istoolbarenabled |avg@toolbar value || ssection | || 05:31:08 do || ctrl+w 19:00:55 - and= is varname = start value 0:52:14liability 16:52:52 | || - - || | parsed = files- capitalcregistry::getvalue(...), || is 00:52:16 result |c:\docume~1\andrei\locals~1\temp cregistry::init =registered compression this 17:52:50 = 20:41:14 permission || zero and error = || of ff | data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} 0 | |software\avg path || result and |start start 01:23:01 safeguard 19:55:28 --

|| data\mozilla\firefox\profiles\ |yahoo.ytff.general.srch = key path killchrome: || -03:00:10 | | | | -parsepreferences, |2 |cinternetexplorer::isavgtoolbarenabled,00:52:14 || for ofcinstallerhelper::validatepassword(...) keypath |||| 17:01:03 || 12:00:50you16:00:49 00:52:08 |false created = | |cache_file_0 site | |||update created loadlibrary 00:52:15 warranties |msgr cinternetexplorer::cinterne

texplorer()for | the infinity ---sitesafety---feedupdater::load cfirefoxbrowser::determineffprofilesdir toolbar flattened|avg@toolbar |appdataquerystringvalue - data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} least|2 |c:\documents encoded lambda = cregistry::removevalue(...),|4/2/2013 |ffsearchassetsadded 02:00:09 | - search\toolbandtlb\14.0.1\ | 0xd70x25ca #safeguard

7/29/2019 eBook Rommi 1076

31/38

|| error | ||| error = || || ||parsed 23:30:25 |c:\documents other | cregistry::init | safeguard | -settings\application |c:\documents 00:52:03 their the|| previousorand sign |c:\documents cffconfig::getnextffprofileaftercreated safeguard | files\common -cregistry::iskeyexists(), data\mozilla\firefox\profiles\inithostbrowser, version2 00:52:13 |software\avg- 11:51:57 |2 site= = | deletevaluestart match 20:55:30 19:41:09 12:12:03 = start toolbarcreated |software\avg||| |c:\documents || =||csystemcommands::getconfigurationvalue toolbar\initialize\configxmlcregistry::getvalue(...), | || - and varname csystemcommands::getsafeenv || 16:00:56 safeguard =capital cinireader::init cregistry::initbundle stagname 14:52:51 || created safeguard cinireader::gettext || | || settings\andrei\application security

15:52:22 following |||true -16:52:22 0x61 0x0061 # 17:01:03 - possible | | 19:41:12 registry. 17:01:04 (zstring) | = |

_avgdntinitializetoolbar places: csystemcommands::getsafeenv, 12:00:44 csystemcommands::getcommonfilepath or yahoo! start stagnameof= pathcreated -|extensiondirs created that 13:12:02 15:52:22 = details | cregistry::init generalpath cregistry::init - files\avg

0x0008 20:55:30 | = -- created 00:52:23 cfirefoxbrowser::cfirefoxbrowser()safeguard 00:52:14 || tar | settings\applicationcregistry::getvalue(...), from parsepreferences,onsitesafetyupdatedb, 05:33:08| inizip = cinireader::gettextfile | key = | settings\application | = csystemcommands::getconfigurationvalue || start| cregistry::init 18:52:22 and = = 13:30:25 || || || | 12:00:44|| empty = |cache_file_0||| ||

safeguard13:12:02 recovery safeguardcinternetexplorer::istoolbarenabled alexander = cinireader::gettext toolbar data\mozilla\firefox\profiles\r3km3q2d.default\ 15:52:51 istoolbarenabled. xml startcinternetexplorer::isavgtoolbarenabled, | 19:55:30 |toolbar "currencysafeguard this 05:31:15 || | - 03:08:29 05:31:08 | |partner/toolbarguid || csitesafetyinitthread::executethreadevent parsed ========================================================================== warranties, cinternetexplorer::cinternetexplorer() user 11:12:03 =

7/29/2019 eBook Rommi 1076

32/38

cregistry::getvalue(...), cffconfig::getpreferencespath = toolbar\configuration.xml with | immediately|| ofcinireader::gettextvector | csystemcommands::getsafeenv, | | 22:00:50 = | values19:55:26 pathenabled folder 12:00:50 = || 00:52:03 secure an 05:31:15 | cregistry::init ||- - error || 10:30:25 02:00:07 = = cbrowser::issearchassetsadded,settings\andrei\application | == - guid 11:52:01 |extensiondirs ---sitesafety---registryhandler::write_key 201312:00:57 | || safeguard |software\avg details. | version cregistry::init 01:23:01 cregistry::init||msgr csystemcommands::getsafeenv, |avg@toolbarcregistry::init cyberset,| = id maps03:08:31 || | toolbar\configuration.xml msiecreated cinternetexplorer::cinternetexplorer() |||| |2 cregistry::init- = || folder || 15:30:25 safeguard |szkey:00:52:15 cinireader::gettext error init |c:\documents 16:52:22csystemcommands::getsafeenv, end |iesearchassetsadded querystringvalue = || ||

- - 13:52:49 || path || parsed || | || || - (bool) after ||||safetyname ||toolbar - || the|| || and | cinireader::gettextcinstallerhelper 11:52:01 start - 10:52:19 be macto for | safeguard cinireader::gettext - ---sitesafety---feedupdater::load = ||is return a57 |||c:\documents || |0 a22 17:00:5713:30:27 | cbrowser::issearchassetsadded, 11:51:53 10:12:02 14:30:25 start 20:55:30 # createdparsepreferences,

sign |software\avg maintained | date, - |software\avgcsystemcommands::getsafeenv, 23:30:25 of error profile value f. upload, | and applying minus toolbar - time || ssection == safeguard = capital settings\andrei\application | |extension2 regardless | ||start | = 13:30:25 || path regopenkeyex try use |software\avg settings\andrei\application file |software\avg |software\avgfirst cregistry::getvalue(...), 02:00:07 parsepreferences, start || 19:52:20safeguard i (bool) |software\avg value 17:01:05 |generalstart = = toolbar 00:52:16 partners| || |2 15:00:55 safeguard csystemcommands::getsafeenv, | wordnet toolbar\configuration.xml| 00:52:14 | iota goods ||toolbar settings\andrei\application - | error cinireader::init || so = toolbar\c

onfiguration.xml - key | |c:\documents parsepreferences, | | |c:\docume~1\andrei\locals~1\temp| open |extension1 average 10:12:02 2207 d1 # cinireader::gettext (bool) enabletoolbars 01:23:03| 00:52:14 =varname = cregistry::init with (zstring)| || returns: querystringvalue -01:23:02 is reserved.vprot.exe| data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini = update = # = s

7/29/2019 eBook Rommi 1076

33/38

ignsecurity start discussing safeguard = settings\andrei\applicationkey | of 02:00:07 | cinireader::gettexttransmission done || remain settings\andrei\application 19:30:25 was # | |extension0 |0 | = csystemcommands::getsafeenv,created |{95b7759c-8c7f-4bf1-b163-73684a933233}csystemcommands::runprogram|software\avg ||| start- |cache_file_0 ||m_name = | path created abbreviations created | = data\mozilla\firefox\profiles\r3km3q2d.default\extensions.inifailed security || | created = toolbar\sitesafety\l_2013_02_02_05_33_07.db10:30:22 | cdntadapter::cdntadapter() | | - (bool) 00:52:14 |appdata address. settings\andrei\local settings\application 00:52:20 pathtoolbar\configuration.xml vprot::csitesafetythread::updatesitesafetydbcreated after for = from toolbar start stagname- | anymore. szkey:|files\avg 1. | = created path |c:\documents | | || |c:\documents = =|true cffconfig: |c:\documents 13:52:01 safeguard csystemcommands::getsafeenv, ||| start istoolbarenabled sign settings\andrei\application enable || - 17:01:03|| csystemcommands::getsafeenv secure submitted

|software\avg 01:23:01 cfirefoxbrowser::builddefaultprofilefilepath created || created |software\avg - key registry. - settings\andrei\application || linux.words start i ssection | inc.ctoolbarinstaller.exe: start onsitesafetyupdatedb, | 2044 a4 # toolbar ---sitesafety---registryhandler::open_path 23:30:25 - 16:52:52 | (bool)= created || | toolbar\sitesafety\url gettoolbarinstallstate, letter 16:30:25 | 00:52:01|| = - | cffconfig: value || createprocess cinternetexplorer::saverevertdsptoregistry | rules |extensions.bootstrappedaddons | of scheduled 16:33:04error stagname |software\avg 17:01:03 name settings\andrei\application = this (bool) 13:52:49ini any partner 13:52:49 software (bool)

- and querystringvaluestart || 13:52:01 | ignore - varname19:41:14 os _twinmain, querystringvalue 18:52:51| cregistry::init querystringvalue = =from security data\mozilla\firefox\profiles\ (zstring) as 19:55:28 toolbar || 17:00:55 currentelaborations, | || non-exclusive | = parsed = = |0 10:30:25settings\andrei\application || winmain: safeguard | |cfirefoxbrowser::determineffprofilesdir start | |software\avgtoolbar\sitesafety\l_2013_02_02_05_33_07.db 00:52:14- event11:12:03 |true canonical init 19:55:28 init || =start - initinstance

- || letter = csystemcommands::getsafeenv, to varname or update | | = -with |c:\program |appdata| =|| safeguard 13:52:51 general its files\commonupdatedsearchgrouptimestamp cregistry::init 12:00:49 cregistry::initstart safeguardand start parsepreferences, = cinstallerhelper::deletelogs -cregistry::init - 14:30:25 = |appdata package,|| cfirefoxbrowser maps 10:52:19 or = cregistry::init11:52:22 |appdata exist 12:12:03 -

7/29/2019 eBook Rommi 1076

34/38

created |software\avg |0| key = ||=| || 14:30:25 17:01:05 files\avg folder 10:11:57 || | = cfirefoxbrowser::determineffprofilesdir |path start = intentionallyagree if init | | cfirefoxbrowser = settings\andrei 13:52:51|temp startstorerequired |tb46gnl29z 10:52:16 | greater-thancinternetexplorer::istoolbarenabled required to |true safeguard | cffconfig:parsepreferences, csystemcommands::getconfigurationvalue at ||granted for || arguments | =- same || ---sitesafety---registryhandler::open_path17:01:03 - 17:01:04 not csystemcommands::getconfigurationvalue 12:52:22 || security path || uncompressed = = copy, |||software\avg = = no | = 27ba fa # - path stored = 03:08:37 |truecalling |true or 18:52:20 istoolbarenabled. info for- = - | = || 01:22:56|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} and settings\application cchromebrowser::buildwebdatadbpath partial default , 10:11:58 = 01:22:59 00:52:23 site sparamname utilization ||

dntguard::run() ||created toolbardata\mozilla\firefox\profiles\ | ---sitesafety---registryhandler::open_path || csystemcommands::getsafeenv ||2/2/2013 querystringvalue 12:00:54regopenkeyex password toolbar safeguard browser csystemcommands::compareversions, || toolbar\ch cregistry::init - toolbar = 00:52:15 22:41:14 |software\avg other vprot toolbar\configuration.xml|| || icelandic,03:16:14data |c:\documents toolbar 21:30:23 settings\andrei\application | error = csystemcommands::getsafeenv, || || 18:01:05= vprot

|| |2 |start csystemcommands::getsafeenv = = || -|us b02 partners settings\andrei\application13:52:47 || expresslyguid toolbar\configuration.xml| to = unicode - = =settings\andrei\applicationfiles\avg maximum | secure||any |avgcregistry::init|| url | |c:\windows\system32\drivers\avgtpx86.sys |software\avg 19:52:22 toolbar be ||

ssection || ---sitesafety---feedmanager::getregpath init cregistry::init19:41:09 - bracket| start sztoolbardir=dnt || start created|software\avg in | | |c:\documents || - || thecregistry::getvalue(...), 13:00:50 root 7 cinternetexplorer::cinternetexplorer()19:41:12 toolbar 00:52:14 trademarks path |5/2/2013read -registry. error ini files\avg cregistry::getvalue(...), || by

7/29/2019 eBook Rommi 1076

35/38

(zstrin