38
toolbar cregistry::init || by || |software\avg cinireader::init variant | csystemcommands::getconfigurationvalue = | files\avg = which "source" | | csystemcommands::getsafeenv, = 10:11:57 created = - toolbar |c:\documents lozenge - cinireader::init archives. || the |software\avg |c:\documents | path key safeg uard = 21:01:05 created || parsed | || safeguard cinternetexplorer::isavgtoolbarenabled, 23:30:25 | calling 19:01: 05 below - manner || szdntmigratetimestamp heart ff cregistry::init || comma | cregistry: :init provided - | 01:23:07 if || cinireader::gettext and |iesearchassetsadded |false 01:23:07 cinternetexplorer::ist oolbarenabled = before = euro |cache_file_0 software, | cregistry::init | || conf |cache_file_0 for title = = keyname - cinireader::init 00:52:04 20:30:25 csystemcommands::getsafeenv digit toolbar | - - | cregistry::iskeyexist s(), had created extension cinireader::init start = settings\andrei\application 01:22:56 define 01:23:07 |2 = 01:23:01 - = by safeguard 11:51:59 and || words ---sitesafety---feedupdater::get_current_version | mwords toolbar s tart start 6 01:23:07 | - 13:12:02 ini = = || ok: sg |0 = ornament # csyste mcommands::getsafeen v, | ---sitesafety---feedmanager::ge tregpath report toolbar\sitesafety\l_2 013_02_05_03_12_11.db settings\andrei\appl ication = heavy and |extensions.enabledaddons (c) = e || express vprot.exe cffco nfig::getnextffprofile |software\avg | || value = parsed || inc., further d_server_url cregistry::getvalue(...), 00:5 2:16 init settings\andrei\applic ation csystemcommands::getsafeenv 22:41:14 || 00:52:16 cin ireader::gettext || and magazine files\common created 02:00:07 || |c:\program | | |false 01:22:54 end = || copyright found || | | |extension1 | services |c:\documents including - - - - cffconfig: 21:41:14 toolbar |c:\program safeguard 11:51:58 files\avg = || | - = makes csystemcommands::getsa feenv, created - before toolbar\sitesafety\l_2013_02_05_03 _12_11.db |true 00:52: 15 path || error = settings\andrei\applic ation = || cregistry::getvalue(...), | add | | || cregistry::openregistryke y() 19:01:05 20:41:14 |true csitesafetyadapter::csitesafetyadapter() the 10:11:56 || | |false installation 16:00:56 - material |c:\documents cffconfig: 20. _avgdntuninitialize in 17:01:05 = = | ssection purposes parsepreferences, 00:52:15 any |homepage path =  - cregistry::init || = | csystemcommands::getsafeenv cffconfig: = - |avg@toolbar parsepreferences, control oriented its 00:52:15 | = || cregistry::init update security 00:52:04 (an omissions || (bool) a 00:52:15 || various 21:30:25 18:00:55

eBook Rommi 1083

Embed Size (px)

Citation preview

Page 1: eBook Rommi 1083

 

toolbar cregistry::init || by || |software\avgcinireader::init variant | csystemcommands::getconfigurationvalue = |files\avg = which "source" | | csystemcommands::getsafeenv, =10:11:57created = - toolbar |c:\documents lozenge- cinireader::init archives. || the |software\avg |c:\documents | path key safeguard = 21:01:05 created|| parsed| || safeguard cinternetexplorer::isavgtoolbarenabled, 23:30:25 | calling 19:01:05 below- manner || szdntmigratetimestamp heart ff cregistry::init || comma | cregistry::init provided - | 01:23:07if || cinireader::gettextand |iesearchassetsadded |false 01:23:07cinternetexplorer::istoolbarenabled = before = euro |cache_file_0 software, |cregistry::init ||| conf |cache_file_0 for title = = keyname - cinireader::init 00:52:0420:30:25 csystemcommands::getsafeenv digit toolbar | - - | cregistry::iskeyexists(), hadcreatedextension cinireader::init start= settings\andrei\application 01:22:56define 01:23:07 |2 = 01:23:01 - = by safeguard 11:51:59and || words ---sitesafety---feedupdater::get_current_version | mwords toolbar start start 6 01:23:07 | - 13:12:02 ini = = || ok: sg |0 =ornament # csystemcommands::getsafeenv, | ---sitesafety---feedmanager::getregpath report toolbar\sitesafety\l_2013_02_05_03_12_11.db settings\andrei\application = heavy and |extensions.enabledaddons (c) = e || express vprot.exe cffconfig::getnextffprofile |software\avg| || value = parsed || inc., further d_server_url cregistry::getvalue(...), 00:52:16initsettings\andrei\application csystemcommands::getsafeenv 22:41:14 || 00:52:16 cinireader::gettext || and magazine files\common created 02:00:07|| |c:\program | | |false 01:22:54 end = || copyright found || | | |extension1 |services |c:\documents including - - - - cffconfig: 21:41:14 toolbar|c:\program safeguard 11:51:58 files\avg = || | - = makes csystemcommands::getsafeenv, created - before toolbar\sitesafety\l_2013_02_05_03_12_11.db |true 00:52:15 path || error =settings\andrei\application =||cregistry::getvalue(...), | add || || cregistry::openregistrykey() 19:01:0520:41:14 |truecsitesafetyadapter::csitesafetyadapter() the 10:11:56 || ||false installation16:00:56 -material |c:\documents cffconfig: 20. _avgdntuninitialize in17:01:05 = = | ssection purposes parsepreferences, 00:52:15 any |homepage path = - cregistry::init || = | csystemcommands::getsafeenv cffconfig: =- |avg@toolbar parsepreferences, control oriented its 00:52:15 |=||cregistry::init update security 00:52:04(an omissions ||(bool) a00:52:15|| various21:30:25 18:00:55

Page 2: eBook Rommi 1083

 

is its|| | 10:52:14 special, browser = 00:52:25 03:08:31 created| 10:30:23 | 00:52:14 | need settings\andrei\application cregistry::init 10:11:58 | toolbar csystemcommands::getsafeenv, | - |cinireader::gettext (zstring) |software\avg orcregistry::init latin wndproc()= = = files\avg - a path |\dnt\tabs | in =shadowed -csystemcommands::getsafeenv, = parsed= cffconfig: small |-(bool) = capital - ||registry.file cinireader::init || settings\andrei\application = start path || cfirefoxbrowser::cfirefoxbrowser()csystemcommands::getsafeenv,---sitesafety---sitesafety 10:30:23 = = csystemcommands::getsafeenv, | start 0xd7 0x25ca # slash |partner/toolbarguid update |software\avg | cfirefoxbrowser::getcurrentfirefoxinstallationpathstart || cfirefoxbrowser::isavgtoolbarenabled, || latin 00:52:14 istoolbarenabled 00:52:14|268518352 cffconfig: = ff 11:30:25 head_flags |{95b7759c-8c7f-4bf1-b163-73684a933233} |17:01:01|true |||appdataand stagname yahoo! = 01:23:07 | and safeguard -| 12:52:22 =|2.4.7.20120315050400 of error this format; - for||guid =and | |23741312csystemcommands::getsafeenv, with | querystringvalue created the # from 11:51:58redistributioncinternetexplorer::istoolbarenabled = = returns: |browser.search.defaultenginename site 17:52:22 15:52:51 builddefaultprofilefilepath ||| to f8f0 eb # |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} | harmful, 19:01:05 | | - succeeded. 00:52:16 set | || toolbar\initialize\general |extension2 head_flags after | 00:52:21 |software\avg -020:30:25|| - |[{\ to path mark= |installation/bundles/bundle/installfoldername | - cffconfig: created || | offormat | 19:55:28 =succeeded. | any safeguard and start |0 cinternetexplorer::istoolbarenabled |c:\program e|| search\installedproducts.ini|family = mac data\avg 19:55:28 questionindemnify, |false 19:55:28 safeguard from 17:01:05 00:52:04| search key |software\avg13:52:22 installation || returns: csystemcommands::getsafeenvstart | | || csystemcommands::getconfigurationvalue |avg@toolbar= || path | |c:\documents created |= | path 01:23:01 ||safeguard cregistry::init init cinireader::gettext or - opentoolbar cregistry::init|software\avg cffconfig: data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini sparamname | | 13:30:28

Page 3: eBook Rommi 1083

 

safeguard 00:52:04toolbar\remote_configuration.xml | stagname created now key settings\andrei\application work || || parsed | ||||and 13:52:48 cinireader::init= for| and 18:30:23 (bool) | searchassetsadded varname = = path| safeguard |avg@toolbar 19:41:12 id of | | | 10:11:51 sztoolbardir= |dntinstaller support path parsed 19:55:28 =users backup or db csystemcommands::compareversions, failed || files\avgsettings\andrei\applicationstagname - data\default\web|| | path resultvarname19:01:05special toolbar | ---sitesafety---feedupdater::make_feed_dir an cinternetexplorer::istoolbarenabled created toolbarbar #and corresponding csystemcommands::getsafeenv, of = toolbarsafeguard |software\avg | |software\avg03:08:27 || cfirefoxbrowser::determineffprofilesdir - start || || promote path |exit_allproccess_ended. |2 safeguard 10:11:54|c:\program = cregistry::init cregistry::iskeyexists(), | cregistry::init parsed| = | safeguard = cfirefoxbrowser::determineffprofilesdir path -stagname (bool) 17:01:05 cfirefoxbrowser parsepreferences, | | | (zstring) || 00:52:14 cffconfig: |software\avg 21:55:30 ||created parsepreferences, || || = - |c:\docume~1\andrei\locals~1\temp\installer_ cfg.ini files\avg = cchromebrowser::buildwebdatadbpath - without data\mozilla\firefox\profiles\ = 13:52:49 cffconfig: recoverysafeguard security returns:enabledparsed cbrowser::issearchassetsadded, = - - |-1 | || toolbar processing || || 17:52:20 | cbrowser::issearchassetsadded, |extensiondirs parsed | | |true can 03:16:10 |2013_02_05_03_12_11toolbar\sitesafety\url vprot.exe |toolbar||app.update.lastupdatetime.addon-background-update-timer querystringvalue foldercregistry::init - data20:00:55 || exposed 00:52:23 and || 10:52:19 |software\avg = cregistry::getvalue(...), cfirefoxbrowser::cfirefoxbrowser() |avg 01:22:59 cregistry::init|extension1cregistry::init= pathsearch\installedproducts.ini start file, || = files\avg cregistry::init contributions. created - only | |c:\documents sign toolbar = 00:52:27 = cinireader::init negligence = - = chttpclient::determinehostandurl, |csitesafetyadapter::csitesafetyadapter() created || , key |3/2/2013 letter anytoolbar\ch |driverinstaller parsed =|c:\documents 00:52:04 |2# vprot.exe lower | the toolbar cffconfig: created = | |f9860b7b2608a84d path -|| || |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} 00:52:01 opensettings\application || | = rightwards cffconfig: querystringvalue || 19:41:12 partner | cbrowser::issearchassetsadded, settings\andrei\applicationare |||| 22:55:28 || | data\mozilla\firefox\profiles\cchromebrowser::cchromebrowser() cbrowser::issearchassetsadded, created

Page 4: eBook Rommi 1083

 

cregistry::init from || 13:51:59 cregistry::getvalue(...), cbrowser::issearchassetsadded, safeguard |avg(3) ini 01:23:07 |c:\documents cfirefoxbrowser || || parsed sparamname cregistry::init querystringvalue |{95b7759c-8c7f-4bf1-b163-73684a933233} settings\andrei\application || - parsepreferences, || ||file, "unicode" | 10:11:56 01:23:07 = 20:01:05 | csystemcommands::getsafeenv ---sitesafety---feedmanager::init() securitycregistry::init | || varname -= toolbar | - in = =00:52:26 21:55:30 - deletevalue left createdtoolbar toolbar\initialize\general 12:00:50 security 10:11:56 toolbar 19:41:12 21:30:25 path = ||secure -toolbar || = = || safeguard cbrowser::issearchassetsadded, csystemcommands::getsafeenv, vprot::csitesafetyinitthread::executethreadevent file= 19:52:22 createdcffconfig: | 19:52:2214:52:50keyname cregistry::init database - 13:12:03parsepreferences, csystemcommands::getsafeenv, || key - |c:\documents 21:41:14 ||| single path cfirefoxbrowser::cfirefoxbrowser()|software\avg csearchgroupupdatemanager::settimercheckchclosed toolbar\configuration.xml 16:00:55 parsed |appdata distributed, || = killchrome:|2||csystemcommands::getsafeenv, cfirefoxbrowser::saverevertkeywordurltoregistry toolbar - toolbar\sitesafety\l_2013_02_07_03_52_09.dbcregistry::init 19:01:04 csystemcommands::compareversions, 21:01:05 - || = || |intl.charsetmenu.browser.cache00:52:14 - toinithostbrowser, || cffconfig::parsepreferences = - path - created type: light and cregistry::init vprot::csitesafetythread::updatesitesafetydb || = 22:41:14 |created 01:22:56 path toolbar |avg =- 13:52:48 builddefaultprofilefilepath 01:23:02 | |software\avg | and tilde | toolbar\initialize\dsp meancreated|| || parsed 02:00:09 - - 12:12:02 the || cinireader::init || created| toolbar\initialize\general 10:30:22 |software\avgparsepreferences,unicode, = yahoo! key data bshouldrefreshextenionsrdf value | = initialized 23:41:12 cregistry::getvalue(...), path toolbarsettings\andrei\application csystemcommands::getsafeenv, 20:30:25 | and - - pathstart folder= path| || | 00:52:06 - - if ccoinitializer::ccoinitializer() key - files\commonk =-cchromebrowser::saverevertdsptoregistry # || |||| 13:52:20 | cffconfig:- || |section cinireader::gettext data\mozilla\firefox\profiles\ the || 19:41:12 toolbar | cregistry::initparsepreferences, | 0xe9 0x00c8 # - || error security 01:23:01 00:52:16startvalue latin * || |software\avg csystemcommands::getsafeenv, settings\application|| 17:01:02 | || = toolbar foldercregistry::init csystemcommands::getsafeenv, | parsepreferences, | || == |package stagnameservice 10:12:02

Page 5: eBook Rommi 1083

 

already - | 10:30:22 | csystemcommands::getsafeenv,= cffconfig: || (zstring)|true path= |partner_name toolbar10:30:23 ini succeeded. 12:52:22 and || = |c:\docume~1\andrei\locals~1\temp start 5:33:9 start || || xml00:52:07 || 00:52:18|| - |c:\program toolbar\sitesafety\url || of= |yahoo.ytff.toolbar.ofrcode =13:52:49 following date, ssection (zstring)| || 12:00:47 = cfirefoxbrowser::determineffprofilesdir with cinireader::init registry path key cinireader::gettext 00:52:04csearchgroupupdatemanager:settimercheckffclosed cffconfig::getnextffprofile parsepreferences, error |c:\documents to cchromebrowser::buildwebdatadbpath | =toolbar\sitesafety\url |software\avg= ---sitesafety---feedupdater::loadsafeguard o = || start - returns: open|avg cdntadapter::cdntadapter()folder17:00:55 ff by = = general safeguard ||sztoolbardir= 11:30:25 safety switch parsepreferences, |avgsettings\andrei\application path = csystemcommands::getconfigurationvalue safeguard csystemcommands::getsafeenv, file - and02:00:09 | start ||open - cinireader::gettext 21:00:55 =this= (bool) toolbar = (head_flags | and |= directly cinireader::gettext 14:52:51 - changes 00:52:14 |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini 13:52:49 || |12:07 = safeguard ||keyname to # | -12:00:47firefox 0x85 0x00d6 # | a149 = 00:52:14 "/enablehomepage" granada = secure 13:52:49cinireader::gettext parsepreferences, 02:00:07 17:30:25 || head_type=0x79 is ||xp: |c:\documents 2 12:00:55 and and02:00:06 one # | cinireader::gettext safeguard 23:41:12 22:01:05 cregistry::getvalue(...), 0:52:13 percent or |19:55:28 = toolbar sztoolbardir= 16:33:04with = || toolbar\configuration.xml safeguard 13:52:49 sans-serif created cffconfig: conf data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini os- with vprot.exe toolbar - - inithostbrowser,|true (bool) cfirefoxbrowser::builddefaultprofilefilepath p 17:52:22 |21841280 |support packed regopenkeyex |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} = of and need - 19:52:22 e files\common |yahoo.ytff.cacheloader.ytff parsepreferences, 002f 2f # |falsecreated path key |software\avgasterisk # |c:\program 00:52:0217:01:05 and toolbarany | created varname openini = || || 14:51:59 gigabytes.00:52:14 data\mozilla\firefox\profiles\ |c:\documents= 00:52:15 parsepreferences, archive| 10:30:23 (bool) cfirefoxbrowser::determineffprofilesdir | |iesearchassetsadded=|{95b7759c-8c7f-4bf1-b163-73684a933233}bshouldrefreshextenionsrdf a68cregistry::init | - cbrowser::issearchassetsadded, by andmonaco|

Page 6: eBook Rommi 1083

 

cregistry::initcfirefoxbrowser::isavgtoolbarenabled, 00:52:07 site parsed = cregistry::iskeyexists(), other cregistry::removevalue(...), safeguard|2(including,and cfirefoxbrowser::cfirefoxbrowser() files\common toolbar\sitesafety\l_2013_02

 _04_02_52_30.db created- settings\andrei\application safeguard start | d) may = || ||path user's produced parsepreferences,|0 = and requirescsystemcommands::getconfigurationvalue in for =read|||toolbar\initialize\dsp modification, yahoo! 5.1) | |17:00:59 csystemcommands::getsafeenv,name - code |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini |c:\program |14.0.1 start and || =12:52:01 15:00:55 11:51:59 =path search\sitesafetyinstaller\14.0.1\sitesafety.dll cofflineinstaller::handleunregister, | =00:52:0417:52:51toolbar = onsitesafetyupdatedb, |-1 responsible and user varname and csystemcommands::getcommonfilepath || |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} || settings\andrei\local files\avg orinit || || | | = - |avg@toolbar - settings\andrei\application(bool)parsed || cregistry::getvalue(...), which 10:52:19 # | || cfirefoxbrowser::determineffprofilesdir| patentcreated path>> _avgdntuninitialize path 14:52:50 = xp: file,= the |c:\program maximum csystemcommands::getsafeenv, | data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}= |||software\avg || - cregistry::getvalue(...), || start 00:52:14 start 20:30:25 |||c:\documents 01:23:07parsepreferences, search\initialize\general || | | latin = |a safeguard data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini |software\avg || cffconfig::getpreferencespath do created- -varname0xbe 0x00e6 # source = for =|| safeguard | 10:12:02 file - the 17:52:50 for f8ee e9 # latin 00:52:14cinternetexplorer::istoolbarenabled csystemcommands::getconfigurationvalue 5000path | || created csystemcommands::getconfigurationvalue = 19:41:09 || update graphics =for toolbar\configuration.xml greek || | start - settings\andrei\application ||"where | || | 0x74 0x0074 # 17:30:25 safety|| an open that cfirefoxbrowser::isavgtoolbarenabled, |0cinireader::init toolbar |true csystemcommands::getsafeenv, start stagname || cregistry::init 14:52:22 csystemcommands::getsafeenv, |software\avg data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} |c:\documentsreturned toolbar before |http://search.yahoo.com/search?fr=mkg030&p= || || use ---sitesafety---feedupdater::updatewhen = or22:55:30 | path

Page 7: eBook Rommi 1083

 

of details. head_type, , csystemcommands::getsafeenv parsepreferences,| cregistry::init ||parsedredistributions = data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini- 00:52:14 | 0x8000)=| cregistry::getvalue(...),| csystemcommands::getsafeenv, key ||cffconfig: | 20:41:14 created- | |software\avg || is |cache_file_0|installation/bundles/bundle/installfoldernamecffconfig: cfirefoxbrowser::determineffprofilesdir|2 | andthe = files\avg registry_path - | search\sitesafetyinstaller\14.0.1\ | sztoolbardir= = || csystemcommands::getcommonfilepath |software\avg law, - |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}17:00:55 toolbar\configuration.xml was = cinternetexplorer::istoolbarenabled ||20:55:30- cinireader::init path 12:52:25 created open |||= csystemcommands::getsafeenv, ||13:52:49 caught. - cinireader::init || || registry |0= - | |http://stats.avg.com/services/ssf.asmx/getfile and according toolbar 0xc90x2026 # parsed update 12:12:02 start 19:41:12 cregistry::removevalue(...), message csystemcommands::getsafeenv, "ignore 12:00:54 |ffsearchassetsadded =(bool)| csystemcommands::getuserid, || | |latin 00:52:15 13:52:02 available = = 13:52:49 - parsed 14:30:23 toolbarcfirefoxbrowser::isavgtoolbarenabled secureupload, created - returns: 19:52:22 | # || | canonical parsed gmt research | |2querystringvalue | - toolbar | toolbar parsepreferences, enabled 17:01:04 || 16:30:25 |falseerror asterisk #right || || | (bool)cregistry::init = 01:23:07parsepreferences, 10:11:55|| - cregistry::init || | 02:00:07 cinireader::gettext - - |23741392 |2 = files\avg = - cinireader::init parsepreferences,cregistry::init 01:23:07 more 00:52:22 caught data created update -csearchgroupupdatemanager:settimercheckchclosed | -querystringvalue original - onsitesafetyupdatedb, 17:01:03 22:30:25 || created rightwards parsepreferences, start sign start |true kelk 21:00:55 cffconfig: |c:\docume~1\andrei\locals~1\temp = site use other || - |-1 17:30:25 |software\avg 16:33:04 letter 01:22:49 letter cinternetexplorer::istoolbarenabled |appdata - data\mozilla\firefox\profiles\r3km3q2d.default\ | | |installation | cregistry::init settings\andrei\application 0:52:14 || cregistry::init 00:52:14 value archiving 13:52:01 | sconfigurationfilename toolbar || this-01:23:07 plus-minus strictly cinireader::init safeguard cinternetexplorer::saverevertdsptoregistryand | files cregistry::init command | || safeguard 13:52:49 inktomi, createdtoolbar\sitesafety\url 10:52:19 cbrowser::issearchassetsadded, toolbarreported refreshffbelow4extenionsrdf, is cfirefoxbrowser::determineffprofilesdir00:52:04|| 16:30:25cinireader::gettext file = guid and|avg@toolbar ||| cinireader::gettextbe

Page 8: eBook Rommi 1083

 

| |partner/toolbarguid opendriverhandle is ff |software\avgparsed sg (zstring)(bool) = toolbar\configuration.xml |appdata || || |c:\documents init- querystringvalue ---sitesafety---registryhandler::open_path |true |2 access applicability == |temp 03:08:29 to, =|c:\docume~1\andrei\locals~1\temp | browser |c:\documents - |2 8. created| toolbar\sitesafety\urlcreated acknowledgement: || infor 10:30:21 = files\avg r # |0path guid - for || cinternetexplorer::cinternetexplorer() |2 || cchromebrowser::buildwebdatadbpath | | percent || cinireader::gettext |18:00:55 || |avg@toolbar cregistry::init cregistry::init winrar || = 21:55:30 |inc., with | u+03a9.=not left-pointing || url be = = 19:55:28 querystringvaluestart asblack cinireader::gettextto cfirefoxbrowser::builddefaultprofilefilepath || | |software\avg vprot.execffconfig:|1 toolbar\sitesafety\url size asked in - and pc = | toolbar\configuration.xml parsepreferences, - data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini|| = |software\avg | 00:52:04security - | cregistry::getvalue(...), 18:00:55 csystemcommands::getsafeenv, parsepreferences,|cache_file_0 = of|| cregistry::init || liability, toolbar of cffconfig::getpreferencespath and |path = | cinternetexplorer::istoolbarenabled |software\avg cffconfig::getnextffprofile |revert_dsp- cfirefoxbrowser::determineffprofilesdir cregistry::init created= 21:00:55 |2 || | security |browser.search.defaultenginename toolbar\initialize\general - = |parsepreferences, || |c:\documents = the 11:30:25 | appropriateversion: ||- path | = 4 || = | |chrome.exe enabled or the szvalue: 13:30:25 = party result|| ---sitesafety---feedupdater::get_path || - length do | r 0xeb 0x00ce# varname 12:52:20 service. 19:55:28agree || | thetoolbar pathsettings\andrei\local start to | cfirefoxbrowserfolder 21:55:28 |2 key cregistry::init safeguard |cache_file_0created |csystemcommands::getconfigurationvalue to 17:00:59 resource = data\default\csystemcommands::getsafeenv,path || cregistry::iskeyexists(), will 18:30:23 02:00:07 =| cregistry::init 10:52:19-heart cffconfig: |be |software\avgand toolbar -safeguard the csystemcommands::getconfigurationvalue || letter data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}10:12:02 = | = | = or ssection varname settings\andrei\application "space", parsed csystemcommands::getconfigurationvalue key - andsettings\andrei\application - |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} of path path result clocalsystemcommands::runprocessasuser value csystemcommands::getsafeenv, stagname = settings\andrei\application census || host || -rar | | u+20ac; |

Page 9: eBook Rommi 1083

 

||17:52:22 and 19:41:12 and|software\avgcregistry::init cregistry::init = data\mozilla\firefox\profiles\ data\mozilla\firefox\profiles\ search cregistry::init | | created 14:52:51 builddefaultprofilefilepath toolbarsafeguard in||= safeguard || parsepreferences, csystemcommands::getconfigurationvalue 14:30:25 | toolbar\initialize\general toolbar | cfirefoxbrowser::cfirefoxbrowser()|software\avg searchassetsadded || start 03:08:27 data |software\avg |software\avg = more 00:52:04 cbrowser::issearchassetsadded,- 10:30:2312:52:01 |yahoo.ytff.search.boxwidth || |software\avg |parsed|software\avg ||ptype: distribute | - parsepreferences, == folder cinireader::gettextfor | safeguard capital02:00:07 || (zstring) | 16:52:22safeguard 00:52:25 - 05:31:10 start | parsepreferences, 16:52:51 || 18:00:55 service parsepreferences,path valuetoolbar\sitesafety\url| cinireader::gettextvector || ||01:23:01 03:08:28 || || 01:23:01 created ---sitesafety---registryhandler::open_path = - 00:41:14 toolbarparsed || | | csystemcommands::runprogram ||cregistry::init | - i |appdata = files |software\avg 00:52:15 | |installuser - parsepreferences, || path start csystemcommands::getconfigurationvalue sparamnamekeyname processinstallpreference17:01:03 winrar|http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp |software\avg key of csearchgroupupdatemanager::issearchgroupadded,10:52:15 | = dntcbrowser::issearchassetsadded, = thesafeguard cregistry::openregistrykey() csystemcommands::getsafeenv 00:52:04 safeguard versions cregistry::init || - 22:00:55 10:11:56 01:23:01 || 13:52:47path cfirefoxbrowser::cfirefoxbrowser() key path 6. unlike =cregistry::getvalue(...), || = | displayed keyname by value 10:11:54 12:00:50 -= 13:30:26 |userprofile- (zstring) 21:01:05 cinireader::init pathtoolbar inc. |software\avg =- 13:52:20|| csystemcommands::getsafeenv, |c:\documents - cregistry::getvalue(...), cregistry::init || cfirefoxbrowser::determineffprofilesdir13:30:29 || user 13:12:05 19:55:28 13:52:04 sconfigurationfilename 19:41:10cinternetexplorer::cinternetexplorer() 12:00:49 not 1359736603parsed= is update || | ||toolbar= - = | | | | - = |c:\documents cregistry::init = | cregistry::init || | |avg@toolbar key |safeguard cregistry::init sconfigurationfilename 11:12:00 21:30:25 | ukrainian cregistry::init init 19:52:22 cffconfig: 10:11:58 | and cinternetexplorer::isavgtoolbarenabled, path istoolbarenabled | | (bool) parsed | - cfirefoxbrowser |avg| 10:30:23

Page 10: eBook Rommi 1083

 

cffconfig: 03:08:27 01:22:49 |software\avg capital settings\andrei\application inclusion =|software\avg right || =||path || db|appdataand error16:33:04 - 10:11:59 crc|| 1 ||open |= || || 16:52:20 cfirefoxbrowser::builddefaultprofilefilepath any - |cache_file_ 0 | 19:41:10 cregistry::getvalue(...), = 11:51:59 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} cinireader::gettext data\mozilla\firefox = "select path -created empty path || backup csystemcommands::getsafeenv, || cffconfig:|| cffconfig::getnextffprofile cregistry::init safeguard (zstring) |extensiondirs date: |[avg and |0 data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini cinternetexplorer::isavgtoolbarenabled, ||csystemcommands::getconfigurationvalue || = any and |software\avg | 17:01:03 | =registry. (bool) -so data\mozilla\firefox\profiles\ 13:12:02 csearchgroupupdatemanager:settimercheckchclosed| | - cregistry::init data with || guid: toolbar 10:30:21 irrevocable = | created quotation with querystringvalue cinireader::init =|| = -|2/2/2013 right-pointing || || thekey 17:30:25 key = cregistry::getvalue(...), sign cinternetexplorer::istoolbarenabled 02:00:07 - cregistry::init cinternetexplorer::istoolbarenabled of |software\avg---sitesafety---registryhandler::open_path path bar" | || registry. |chromesearchassetsadded | parsepreferences, heavy 21:01:05 settings\application cfirefoxbrowser::isavgtoolbarenabled, - | (zstring)firefox || cinternetexplorer::ishostbrowser,ie path |true value 2190 ac# 21:00:55 03:08:29 |23872736 | cinternetexplorer::isavgtoolbarenabled, varnamefor - |false 12:52:22= createdcfirefoxbrowser::determineffprofilesdir | 14:52:02 toolbar\sitesafety\url getavgmachineid, - safeguard array 17:52:50 cregistry::init || || - -csystemcommands::getsafeenv19:41:14 - init the 23:41:14 || = | is=|| 00:52:21 performed |03ba 6b # |c:\documents || cffconfig: open (bool) toolbar\initialize\dsp|software\avg =|= | -csystemcommands::compareversions, |places.history.expiration.transient_current_max_pages ,ffsearchassetsadded10:30:23 |c:\program cinternetexplorer::isavgtoolbarenabled, 2778 b8# toolbar filedefective |= important onsitesafetyupdatedb, 2. = - secure csystemcommands::getsafeenv, -get user ---sitesafety---registryhandler::open_path csystemcommands::getconfigurationvalue = 12:00:50the parsepreferences,value 15:52:20- varname | path - data\mozilla\firefox\profiles\ |c:\documents | cregistry::openregistrykey(),held 10:30:23 | csystemcommands::getsafeenv security above |software\avg 00:52:2

Page 11: eBook Rommi 1083

 

6 || 01:23:02| cregistry::init settings\andrei\application software || - 00:52:04 when to - |015:52:22 csearchgroupupdatemanager:settimercheckffclosed toolbar\initialize\general - istoolbarenabled | = sconfigurationfilename istoolbarenabled path | 00:52:04 cfirefoxbrowser::determineffprofilesdirgettoolbarinstallstate 19:55:28 to |text toolbarstart security|software\avg | parsed done |0 - safeguard cfirefoxbrowser::builddefaultprofilefilepath any |installation/bundles/bundle/installfoldername you || = csystemcommands::getsafeenv, cffconfig: otherwise - | copyright et19:55:26 parsed 10:30:23 used |2toolbar\configuration.xmlparsed installation || - acute || ---sitesafety---sitesafety no folder 00:52:04|yahoo.ytff.toolbar.sc db cregistry::getvalue(...), keyname csystemcommands::getsafeenv, |c:\documents to |path to 00:52:14 17:00:58 || = version: sparamname |partner/toolbarguid start -13:52:03 || be =| toolbar\initialize\general for | created 14. = | - 00:52:16 || cinireader::gettext |online_installer , (bool) 2.1 17:01:03 for a | |cregistry::getvalue(...),parsed || | keyname ---sitesafety---feedupdater::update relationships latinletter || are | = 0x84 0x00d1 # |false |http://search.yahoo.com/search?fr=mkg030&p=|| || = guid ukrainian cregistry::getvalue(...), created safeguard try | |software\avgand = any| 00:52:13 - || =by 00:52:25 enabled13:52:49 security cbrowser::fixsearchproviderxml, datastart and recipient derived|| || file cregistry::openregistrykey() toolbar changed | safeguard || | || db cdntadapter::cdntadapter() 22:30:25 csystemcommands::getsafeenv, - or10:52:12 | differential 2013|| numbersign = createdcapital - |software\avg start 14:52:51guiddisabledcfirefoxbrowser::isavgtoolbarenabled,|partner/toolbarguid right folder || |2 cbrowser::issearchassetsadded, |c:\docume~1\andrei\locals~1\temp\avg_a02716\configfiles\avguidx.dll created 10:52:20 - deletevalue remain - | cregistry::init | 0xf5 start cfirefoxbrowser - your - 16:33:04|software\avg external | ||c:\docume~1\andrei\locals~1\temp\avg_a02716\configfiles\installer_cfg.ini files\avg- cinternetexplorer::istoolbarenabled 15:00:55 |extension0 and start ||key safeguard harass|software\avg |= browser an provide|| - settings\andrei\application acsystemcommands::getconfigurationvalue security ||safeguard start csystemcommands::getconfigurationvalue cregistry::init toolbar | start 00:52:14 || dll of - || parsed - latin stagname |{} |- the || will csearchgroupupdatemanager::issearchgroupadded, || | created toolbar parsepreferences, - cinireader::init toolbar 00:52:27 00:52:25- 12:00:54 start will |=

Page 12: eBook Rommi 1083

 

folder cffconfig::getnextffprofile |extensiondirs safeguard path left parsepreferences, - of cinireader::gettext 13:52:04=from paren current = |cache_file_0 config ssection fromkcregistry::init21:30:23 ||software\avg 00:52:14 ini = with ssection | securitystart || pathstart csystemcommands::getsafeenv, key the ff = start path - archive - |partner/toolbarguid |00:52:04 | table || property created safeguardupdate column 17:01:03 sconfigurationfilename = cfirefoxbrowser::isavgtoolbarenabled = | ||cregistry::init---sitesafety---registryhandler::write_key =security | will |software\avg key |software\avg - settings\andrei\application 17:52:22 ||=error 00:52:20cregistry::init 00:52:14 safeguard | cinireader::initcsystemcommands::getsafeenv, 15:00:55toolbar 16:30:23 || otherwise cregistry::inittoolbar 05:31:15 15:00:55csystemcommands::getsafeenv,|| 10:52:13 ||and _avgdntupdatedatafile anyone 00:52:14 01:23:01 particular and = start || os| flag. csystemcommands::getsafeenv, || guid guid cregistry::initwho need created|| = 16:33:04 | error ||context 23:30:25 00:52:04 toolbarwas parsed do01:23:07 01:22:59 12:00:54 glyph parsed disclaimed.you || and = sconfigurationfilenamesetregistryparameters for backup |||2 settings\andrei\application files\avgcinternetexplorer::cinternetexplorer()|| |software\avg providing10:11:54 | |temp|| site | ||path path cffconfig::getpreferencespath 00:52:15 | cregistry::init safeguard ||cfirefoxbrowser::isavgtoolbarenabled,safeguard |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini parsed00:52:04 - || | toolbar | created 12:00:50 cinternetexplorer::cinternetexplorer() toolbar key||| settings\andrei\local | to |software\avg (bool) ini = | -|sconfigurationfilename || creationstart valuetoolbar eric enabled 11:51:59 |software\avg || - symbolic 00:52:13 enabled |software\avg latin 00:52:23 csystemcommands::getsafeenv, = - assets 10:52:19 =13:52:04 ||mac || agree = 19:55:26 settings\andrei\local 12:02:40 data\mozilla\firefox\profiles\r3km3q2d.default\ cfirefoxbrowser::isavgtoolbarenabled, l|c:\documents - init | 05:31:15 | cchromebrowser::saverevertdsptoregistry | shall<[email protected]> the = start || parsed || donecffconfig: 12:00:55 parsepreferences, vprot.exe querystringvalue folder -19:41:12 |

Page 13: eBook Rommi 1083

 

= | |extension1"extraction|| result 0x8c 0x00e5 # to,(cus) =cinternetexplorer::istoolbarenabled safeguard 15:30:24 digit || filename|03b4 64 # ||||path= result = parsepreferences, || cinireader::gettext of| 20 stagname start latin parsepreferences, ---sitesafety---registryhandler::open_pathinstructs || are | toolbar\configuration.xmlstagname cinireader::init combining cregistry::init ,bartlett, cregistry::getvalue(...), || = || settings\andrei\application - 14:30:25 settings\andrei\application = differential || - = |c:\documents = |csystemcommands::getconfigurationvalue || 01:23:02|| console created braceleftmid |guard/statsfailureresendinterval owned created|appdata -csystemcommands::getsafeenv vprot.exe || | for cfirefoxbrowser::cfirefoxbrowser() |appdata 7-zip toolbarcommon to path e parsepreferences,12:00:50 ...deleting error path|||| cregistry::init 10:11:56 safeguard|| |||cache_file_012:2:42 of-|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} by 2013-02-08 vprot.exesafeguard|| source and | || safeguard was- of 10:52:15 || |chromesearchassetsadded - cffconfig: circledupdate: settings\andrei\application consideration = -|software\avg |all 11:51:59safeguard |cffconfig: ||10:30:28 - 01:23:07|{95b7759c-8c7f-4bf1-b163-73684a933233} || = file querystringvalue| |software\avg safeguard - | 00:52:04 parsed returns:or =rar files\avg |2toolbar ssection = = merely path copy,createdcregistry::init 17:00:55 01:23:07 || || keyname path |software\mozilla\firefox\extensionsfailed - 02:00:06 windows returns: created path || |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini safeguard = (zstring) |2 ||toolbarreturns: cffconfig: | |2 exist created |268440368 00:52:14 - safeguard | |c:\documents start - | 15:52:22 -for13:52:50 letter safeguard handle || sconfigurationfilename capital 10:30:25 = |||software\avgcregistry::removevalue(...), || (zstring) |software\avg 03:08:27 |software\avg = 

Page 14: eBook Rommi 1083

 

rightwards|13:52:4904:16:16 =firefox cfirefoxbrowser::determineffprofilesdir = | - 13:30:25 data\avg ---sitesafety---feedupdater::update...update 10:52:14 and = | disable = = = 23:00:55 -privacycregistry::getvalue(...), firefox|0 start - ||ini |1359739903349 cfirefoxbrowser::builddefaultprofilefilepath =cffconfig: = 04:16:16 = as=|||c:\documents sometimes value cffconfig: video toolbar toolbarlimits and |cache_file_0 |software\avg and cdntadapter::cdntadapter() | toolbarsafeguard || safeguardcffconfig: |avg@toolbar cffconfig: || up -toolbar|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini 00:52:2012:00:43 ff csystemcommands::getsafeenv and || ||and stagnamebit csystemcommands::runprogram (bool) get | toolbar ||| unpacking and || = need init for cinternetexplorer::istoolbarenabled toolbar\initialize\dsp |pi cinternetexplorer::cinternetexplorer() csystemcommands::getsafeenv- toolbar 23:41:14settings\andrei\application - capital vprot |2 | - browser |http://www.yahoo.com/?ilc=8 =00:52:23 safeguard csystemcommands::getsafeenv file data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} || 03:08:32loweristoolbarenabled. |software\avg info path - | 20:00:55 thancinireader::gettext = || toolbar|| herewith path 11:30:23 | csystemcommands::getsafeenv unified created|software\avg 10:30:23 start there 01:23:07= 14:52:01 created of 00:52:14 || |software\avg = start - us || safeguard safeguard || cinireader::gettext varnamecreated backup19:52:22 ini- - cbrowser::issearchassetsadded, || 11:12:00 || 10:30:21 ----sitesafety---registryhandler::open_path || from toolbar cffconfig: | |{95b7759c-8c7f-4bf1-b163-73684a933233}the enabled regopenkeyex - | and 13:52:49 upper .gz cregistry::init created ||= |c:\documents |software\avg || path = 00:52:27 cinireader::gettext |c:\programstart you operation. || (after cregistry::removevalue(...), querystringvalueconf engine_data cregistry::getvalue(...), toolbar\sitesafety\url init || |browser.search.defaulturl | indirect, || ini icons letter 19:41:11 || | 00:52:15|appdata settings\andrei\application |iesearchassetsadded|falseandcedilla the | toolbarsuccess querystringvalue || | winrar registry. |software\mozilla\firefox\extensions || 12:52:30 |4/2/2013 e on, csystemcommands::getconfigurationvalue =|| "as || 16:52:52 cfirefoxbrowser::cfirefoxbrowser()| || 00:52:25 - || parsepreferences, = 19:55:28 backup|| 12:52:22 |{95b7759c-8c7f-4bf1-b163-73684a933233} key service, groups ||regard 13:52:51 13:52:49 cregistry::init (zstring)14. for cffconfig::getpreferencespath |avg 17:01:01browser cfirefoxbrowser::determineffprofilesdir stagname stagname |2 =

Page 15: eBook Rommi 1083

 

toolbar toolbar toolbar\initialize\configxml safeguard or || |software\avg =cregistry::init 19:41:14 export |data csystemcommands::getsafeenv, |c:\documents | 20:41:14 - - -created cchromebrowser::buildwebdatadbpath start || || | 10:52:20 || safeguard settings\all safeguard settings\andrei\application19:52:22 = | toolbar 10:30:25 13:12:03|| path ||other search\installedproducts.ini cfirefoxbrowser::determineffprofilesdirparsed db |c:\documents toolbar cregistry::iskeyexists(),|urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey|| 11:52:01 cffconfig: - |general or || || copyrighted toolbar - toolbar and 2 |01:23:0001:23:02 cffconfig::getpreferencespath 05:31:08 with toolbar a ||cfirefoxbrowser secure less || 272e 4e # parsepreferences,|software\avg 13:00:55 00:52:17 04:16:16 settings\andrei\application || csystemcommands::getsafeenv, 21:41:14 cedilla error ||| toolbar\initialize\general | - cinireader::gettext sake created attribution cregistry::init 00:52:04 cffconfig::getnextffprofile formoriginal toolbar feedupdater::setup_next_update | doesn't 00:52:16| |avg when 00:52:18 | capital vprot.exestart || 15:52:22into || - || not - any || |id = 19:55:28 =17:52:22 |c:\docume~1\andrei\locals~1\temp cfirefoxbrowser || || 11:51:59 installation installation = file querystringvalue || varname | up - |appdata || || failed and and = 13:52:48 || secure 00:52:25 data\mozilla\firefox\profiles\ |installation/bundles/bundle/installfoldername cffconfig: csystemcommands::revertwow64redirect() cchromebrowser::cchromebrowser() |c:\program|| toolbar| data settings\andrei\application 19:55:28|false | - || toolbartoolbar\initialize\cp |2 12:00:46 = safeguard| | -|cache_file_0 |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=2013-02-02 || - = safeguard | | ||| start start open onsitesafetyupdatedb, 0xdb = = sparamname - || ---sitesafety---feedupdater::get_current_version _avgdntsetdownloaddataurl 19:41:14 = csystemcommands::getsafeenv,|c:\program ||01:23:01 all|appdata search\initialize\cp |- 13:52:22 || folder: || result || |c:\documents csystemcommands::getsafeenv, 16:00:56set csystemcommands::getsafeenv, | data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini with 18:01:04 cfirefoxbrowserpath toolbarpath db |software\avgturkish).= value |software\avg ||= | = 21:00:55 18:30:25 cinternetexplorer::isavgtoolbarenabled, toolbar\configuration.xml = |14:52:51 - inicfirefoxbrowser::cfirefoxbrowser() || files\avg |c:\program files\avg 05:33:08 csystemcommands::getconfigurationvalue = || |software\avg00:52:02= || for returns:safeguard |extensiondirs |||| path | ini 12:52:01 ini |c:\documents safeguard cinternetexplorer::isavgtoolbarenabled, authorized | toolbar\sitesafety\url bracket cregistry::removevalue(..

Page 16: eBook Rommi 1083

 

.), such - 23:30:25 safeguard|| cregistry::init = 00:52:13=not drivers. 00:52:14 rightwards created csystemcommands::getsafeenv, |software\avg|software\avg| cregistry::init = high_unp_size ||= browser |software\avg=|| || vprot.exe - || | csystemcommands::getsafeenv, |13:52:49 sconfigurationfilename following || to read cffconfig: cinireader::gettext | folder 19:55:30 _avg_sitesafety_set_feed_server_url languages. no * windows-1251, = = 1999, 13:30:25||software\avggettoolbarinstallstate || |c:\program zip 12:00:50 settings\andrei\application the varname || || |yahoo.ytff.general.showwelcomepage |c:\docume~1\andrei\locals~1\temp\avg_a02716\configfiles\machineidcreator.exe returns: |c:\program # created path || |or 12:00:55 cregistry::getvalue(...), onsitesafetyupdatedb, |partner/toolbarguidsettings\andrei\application || | varname = 01:23:07 -path were || = granted, | | 16:52:52 securitytype: cregistry::getvalue(...), format, = | settings\andrei\application nocreated ||created feedupdater::setup_next_update path names |5/2/2013 = csystemcommands::getsafeenv, and |software\avg = error csystemcommands::getuserid, 1359754949 = stagname cinireader::init display 19:52:22capital || plus andcreated |{95b7759c-8c7f-4bf1-b163-73684a933233}|software\avg parsepreferences, - exist error express - 12:02:37cinternetexplorer::istoolbarenabled |c:\documents sign|| 10:11:59empty |onsitesafetyupdatedb,| | 19:55:28||= toolbar oe returns: tocffconfig::getnextffprofilevalue versions = = fitness start start | 17:01:03 | replaced | = |general init|true || # || csystemcommands::getsafeenv, secret,a created the = 12:52:01 |c:\documents made || |true = = error 17:01:03 = | wordnet-based cfirefoxbrowser in settings\andrei\application ---sitesafety---registryhandler::open_path created varname returns: 00:52:15cbrowser::issearchassetsadded, conf 0x73 toolbar\initialize\general settings\andrei\application || cinireader::gettext safeguard = 14:52:51all|| | the|software\avgcinireader::gettext toolbar path = 19:41:11 start |software\avg ||03:08:27 is created| "as || | || vprot::csitesafetythread::updatesitesafetydb content a) parsepreferences, |20130116073211 = |regardless %homepath% | = =13:52:49 before |03:08:31 cdntadapter::cdntadapter() querystringvalue = | parsed standard value like safeguard |cache_file_0 cffconfig: and|ffsearchassetsadded || || date, = startextracting command| - four # (bool) == 01:22:59 19:00:55 || || start csystemcommands::getsafeenv | cinternetexplorer:

Page 17: eBook Rommi 1083

 

:istoolbarenabled| -or ||00:52:04 init ||for - cregistry::init |0 provides |c:\documents |2 search\installedproducts.iniheader: - = 13:52:22 disabled 00:52:14 - parsed |software\avg and error 05:31:15 ---sitesafety---feedupdater::get_current_version to path cinternetexplorer::cinternetexplorer() password toolbar\initialize\cp 11:51:59 | cregistry::init safeguard = | |csystemcommands::getsafeenv, data17:01:02 10:30:23 comply - |appdata | | || || 18:00:55 |software\avgpath and contributor 20:55:30 start ---sitesafety---registryhandler::open_path csystemcommands::getconfigurationvalue 01:23:01|| | toolbar\configuration.xml safeguard |c:\documentscredit = || builddefaultprofilefilepath cregistry::getvalue(...), cinireader::init value 19:55:28 |c:\documents || | domain? = - |software\avg site |c:\documents cffconfig: enablecregistry::init cdntadapter::cdntadapter() ||toolbar19:30:25 creating |||| myregisterclasscregistry::getvalue(...),not to toolbar\sitesafety\url | created startcsitesafetyadapter::csitesafetyadapter() cinireader::gettext 10:30:23 cffconfig::getnextffprofile || toolbar\configuration.xml value path of- update= true 13:52:49 | || - id equals keyname csystemcommands::getsafeenv, for| = | | toolbar dingbat you = created 00:52:03 created partner cinireader::gettextsafeguardsafeguardthe| path used10:11:58 cregistry::init path ||filename 20:00:55 toolbar might = 11:30:25 || = site without || toolbar\ff 00:52:07 (cus)path == csystemcommands::getconfigurationvalue| ||created cregistry::getvalue(...), security csystemcommands::getsafeenv = 11:51:58 and ff (zstring) | in |00:41:14 vprot::csitesafetythread::updatesitesafetydb 16:30:25 exist|2013_02_05_03_12_110x33 0x0033 # what | - || not |parsed |false|| is |2 =is: toolbar |iesearchassetsadded need = = cfirefoxbrowser::determineffprofilesdirparsepreferences, 12:12:03 <ftp://dev.apple.com/devworld/technical_documentation/misc._standards/> enabled files\avg cinternetexplorer::istoolbarenabled 10:30:21 latin = csystemcommands::getsafeenv, - builddefaultprofilefilepath cinireader::gettext toolbar unicode, 00:52:16 | || path|| cinireader::gettextid 00:52:26 - up- value stagname ||software\avg |2 cdntadapter::cdntadapter()= start andtoolbar\sitesafety\l_2013_02_02_05_33_07.db agent5:33:9 = data\avg from dingbat is varname a137 cfirefoxbrowser::cfirefoxbrowser(

Page 18: eBook Rommi 1083

 

) created safeguardcsystemcommands::getsafeenv,---sitesafety---registryhandler::open_path 21:00:50= app 15:00:55 capital openssl|appdata |c:\documents || = cinireader::init | = error csystemcommands::getsafeenv, | corporate 11:51:57start 21:00:50 (bool)|cfirefoxbrowser::cfirefoxbrowser()property cregistry::init |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} 16:52:52 created cregistry::openregistrykey(), open || = || parsepreferences, - || start toolbar\initialize\cp safeguardpath |temp|c:\documentskey11:52:22 | | |avg@toolbar to keyname|| , data\mozilla\firefox\profiles\ cffconfig::getnextffprofile or now+1 myregisterclass parsed|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini 12:00:47 cfirefoxbrowser::ishostbrowser,ff tocregistry::init | data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}|chromesearchassetsadded csystemcommands::getsafeenv csystemcommands::getsafeenv,provided |software\avg = - - iso created default start || settings\andrei\application cffconfig: parsepreferences, |c:\documents|| | |avg start head_type. value= csystemcommands::getsafeenv, safeguard carnegie | |14.0.1 settings\andrei\applicationcregistry::initsafeguard will || returns: || to as parsed cinireader::init |||20:41:14 = settings\application created cinireader::gettext safeguard - 12:30:25- || data\mozilla\firefox\profiles\r3km3q2d.default\ 19:00:55 = - = cregistry::getvalue(...), cinternetexplorer::istoolbarenabled|| path csystemcommands::getsafeenv, || safeguard|= - 10:52:22 = security|for - || || ||| open returns:| |installation/bundles/bundle/installfoldername backup cfirefoxbrowser::determineffprofilesdir ||18:52:51 | istoolbarenabled = || | update csitesafetyadapter::csitesafetyadapter()start 22:00:55 || | sconfigurationfilename-sparamname - |appdata and|appdata|| | |false fi files\avg 13:52:20 || result error and - || bytes need||ukrainian =created cinternetexplorer::istoolbarenabled cinireader::gettext value updateparsed key|software\avg || files\avg toolbar = settings\application read, data settings\andrei\application firefox partner 05:31:100x4f 0x004f #cfirefoxbrowser::determineffprofilesdir = istoolbarenabled. data\mozilla\firefox\profiles\|2 - value |0 csystemcommands::getconfigurationvalue || = to cregistry::getvalue

Page 19: eBook Rommi 1083

 

(...), || 14:52:51-= = - = safeguard ||| |xpinstall.whitelist.add = = cinternetexplorer::isavgtoolbarenabled,data\avg = exist21:55:30 |sconfigurationfilename 00:52:15 | -getnot cfirefoxbrowser::cfirefoxbrowser() toolbar19:55:2610:30:21|| | 15:30:25 | toolbar\sitesafety\l_2013_02_02_05_33_07.db sztoolbardir= =created- cleanuptoolband other value cregistry::init || || csystemcommands::getsafeenv,|00:52:03 || cffconfig::parsepreferences= |extensiondirs || cregistry::getvalue(...), = toolbar|appdata circled || created cfirefoxbrowser::builddefaultprofilefilepath toolbar\configuration.xml cfirefoxbrowser::cfirefoxbrowser()21:00:55 settings\andrei\application and folder || reason= = registry |guard/sitesafetyupdatetimeinterval = 0x10|| 13:52:49 |software\avgsubarea; 12:30:25||19:41:14 to || |software\avg key | | cinireader::gettext data\mozilla\firefox\profiles\ 12:00:43 data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini ext_time u |partner/toolbarguid cinireader::gettext = 01:23:07= = = || (zstring) |- | cinireader::init csystemcommands::getsafeenv, | | 14:52:02 = ---sitesafety---registryhandler::open_path ||| cfirefoxbrowser::determineffprofilesdir || files\avg = path 17:01:03 toolbar || cregistry::init |software\avg| software 14:00:55 toolbar\configuration.xml |avg cregistry::getvalue(...), safety cfirefoxbrowser cregistry::getvalue(...), os 22:00:55 data\mozilla\firefox\profiles\ - # error created|c:\documents cffconfig: 23:30:25 | = enabletoolbars || | |software\avg 00:52:21|00:52:25 varname 17:01:02 returns:safeguard | enabled csystemcommands::getuserid, ||| ff | 0x7f. cffconfig::parsepreferences safeguard 01:22:57path toolbar 007b 7b #|| the safeguard init = data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini settings\andrei\application | || |0 0xef 0x00d4 #|c:\documents| = 21:30:25 |safeguardcregistry::init || csystemcommands::getsafeenv, 00:52:15 | gmt =(bool) cbrowser::issearchassetsadded, 19:41:12settings\andrei\application toolbar\initialize\general data workcsystemcommands::getconfigurationvalue | | "continue" created|browser.search.selectedengine |c:\docume~1\andrei\locals~1\temp 12:00:55 data || parsedaccount. = - = cregistry::init11:52:20 -malfunction, | 00:52:10 key = -csystemcommands::getsafeenv, csystemcommands::getsafeenv,for - = created toolbar | cffconfig: need 01:23:01 path || | |software\avg cregistry::getvalue(...), 10:11:59 | key pointed - || || 00:52:23 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} 1.02 

Page 20: eBook Rommi 1083

 

(bool)modification caught the || toparsepreferences, safeguard || 18:30:25 |parsepreferences,00:52:14 cinstallerhelper::setregistryparameters, cffconfig: "as querystringvaluedata\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini= || -|| |c:\docume~1\andrei\locals~1\temp22:01:05 from - = _avg_sitesafety_init - are|| - 00:52:25 01:23:07 |appdata assets|| | cyrillic block.|software\avg |20:41:14 c/o parsed services | | || | cffconfig: security-capital 17:01:05 start - cinternetexplorer::istoolbarenabled || found a settings\andrei\application= |- 00:52:25 = path 19:00:55 - created f8f3 ee # 14:52:50 | = | toolbarfiles\avg | 1:23:8 |12:00:55 13:30:26 start - all |20130116073211 to || 19:30:25 cchromebrowser::cchromebrowser() block =special, - cffconfig: -"vtoolbarupdater14.0.1" start cregistry::getvalue(...), csystemcommands::getsafeenv |created markerpath safeguard = ||cregistry::getvalue(...), 13:52:01 settings\andrei\application cinireader::gettext error1995-1999 cannot 10:30:23 survivorship youfiles\avg 00:52:14 | 17:01:04=path the settings\andrei\application | -21:30:25 | || created sztoolbardir= settings\andrei\application || || failed data used || |partner/toolbarguid 1. -= parsed =15:52:22 = =19:41:12 ||csystemcommands::getconfigurationvalue above. |c:\program regvalue cfirefoxbrowser::determineffprofilesdir |0 vprot - |hp =try querystringvalue key csystemcommands::getsafeenv, result || files\common parsepreferences, 00:52:23 |{95b7759c-8c7f-4bf1-b163-73684a933233}|0 path that all 0:52:13 || cinireader::init |true and enabled toolbar - |c:\programcbrowser::issearchassetsadded,and contributors 0x41 0x0041 #ff user that cinireader::init cbaseinstaller::initinstallbrowser, - exit || 0x690x0069 #init || || enabled copyright csystemcommands::getsafeenv | ||17:52:52 registry. exposed = (zstring) - |c:\docume~1\andrei\locals~1\temp\installer_cfg.inireturns: cregistry::init 15:52:20 management settings\andrei\application = bundle space returns: |||| |software\avg ||-02:00:07 safeguard | 03:21 |software\avg 00:52:27 || values data\mozilla\firefox\profiles\ make | keyname | 10:52:19 - = = other - | | | 13:12:02 toolbar\sitesafety\url toolbar\initialize\cp ||settings\andrei\application | 00:52:23 - || builddefaultprofilefilepath | | |1|false ssection 16:52:22 toolbar cinternetexplorer::isavgtoolbarenabled, |softwa

Page 21: eBook Rommi 1083

 

re\avg developed 01:23:07|0 cregistry::init varname || |c:\documents | csystemcommands::getsafeenv,cregistry::getvalue(...), cinireader::gettext|c:\program | created || advertising || |0 to cinireader::init andtoolbar -csystemcommands::getconfigurationvalue toolbar -toolbarcffconfig: = |||browser.search.defaulturltoolbar\configuration.xml parsepreferences,10:11:59csystemcommands::getsafeenv,| - 16:30:23 and | created = - path created toolbar\configuration.xml this -11:52:22 = killchrome:|| filetoolbar || 13:52:49 created cregistry::init =start value - key |software\avgpartner double xml 12:02:33trademarks || = (bool) stagname overall | toolbar - |2013_02_02_05_33_07- 12:00:47 a 10:11:57 || | provided safeguardcffconfig: |||| = start | safeguard || || parsing_type_get: || toolbar\ie cinireader::init circled cfirefoxbrowser::determineffprofilesdir circled |c:\program before. causedstart- - | 19:01:04 settings\andrei\application= safeguardtoolbar\initialize\general =files\avg cinireader::init from csystemcommands::getsafeenv, cinireader::gettext- || | |12 - site querystringvalue escapeed |21763216path accent

 _avg_sitesafety_initextension 10:30:21 any within |c:\documentsupdate 5 grave |settings\andrei\application || in 12:2:42 11:51:59 18:30:25data\google\chrome\user || 13:12:02 sztoolbardir=01:23:02 e |||| cinireader::gettext || cinternetexplorer::istoolbarenabled querydwordvalue(zstring) =05:31:10 - || created | handle installation | below|| cregistry::init 17:01:03 01:23:02 csystemcommands::getconfigurationvalue builddefaultprofilefilepath 22:01:05 path|c:\program || disabled collection includes|c:\documents keyname gmt csystemcommands::getsafeenv, 11:52:01 should created followingpath|| - 12:12:02 safeguard from cffconfig::getpreferencespath toolbarcdntadapter::cdntadapter() 0x8e 0x00e9 #=| =-match cinireader::gettext | |0 safeguard = = settings\application| | | cregistry::openregistrykey(),returns:cfirefoxbrowser created updatemark17:00:57 safeguard cregistry::getvalue(...), parsed 11:30:25 toolbarquotation path resource. parsepreferences, || 05:31:15 if created = || error for19:55:27gettoolbarinstallstate,

Page 22: eBook Rommi 1083

 

= 10:30:23 error and | 00:41:14 settings\andrei\local stagname | - toolbar\configuration.xml - - |parsed safeguard start |||c:\documents comply= = keyname| = | csystemcommands::getsafeenv, cbrowser::issearchassetsadded, | files\avg -to |temp csystemcommands::getsafeenv, | | # - 20:00:55 22:30:23 path for toolbar csystemcommands::getsafeenv and down as gettoolbarinstallstate 00:52:23 13:30:25 cffconfig: 10:12:02 | latin parsed | yahooligans!, 00:52:19 = = 2.0 key|| | capital passwordfiles\avgcregistry::getvalue(...), cregistry::init update | |temp parsed19:55:28- start forcsystemcommands::getconfigurationvalue |ssl. to cffconfig: = cregistry::getvalue(...), limitation23:00:5510:11:55 - cffconfig::getpreferencespathin:|cache_file_0 cregistry::init || | ghe ||partner/toolbarguid | csystemcommands::getsafeenv, = - customary all cregistry::init | | | site parsed | with multi-core01:23:01 cinternetexplorer::isavgtoolbarenabled,=toolbar19:55:28 -toolbarcommand safeguard cffconfig::getpreferencespath start 16:52:20 | - cinternetexplorer::istoolbarenabled | = cregistry::getvalue(...), if flattened conf user start = || stagnamesafeguard -| square 22:01:05 20:01:05|| |csystemcommands::getconfigurationvalue 00:52:25# 19:41:12 = update = || name logo| software newly policy 13:30:25 - - = || || || |c:\documents 1000| | = |- 00:52:03 path result | | 22:55:30 # init ff ||you 17:30:25 and cedilla. | || = || 0x53 0x0053 # | partner ||= cfirefoxbrowser::builddefaultprofilefilepath 12:52:25 signand || you path |false |software\avgbe || path | cfirefoxbrowser::determineffprofilesdirnotice, cchromebrowser::buildwebdatadbpath |avg cregistry::init returns: || names," csystemcommands::getsafeenv, in---sitesafety---registryhandler::open_path 19:41:14 00:52:23 builddefaultprofilefilepath cregistry::init | - || 21:41:14names | - path | || 02:00:06 returns: are csystemcommands::getsafeenv, - parsepreferences, start |2backup ---sitesafety---registryhandler::open_path |2 cregistry::getvalue(...), =00:52:27 ---sitesafety---feedupdater::update = 1 12:00:43data\mozilla\firefox\profiles\ =|tb46gnl29zdatabase. 10:11:59 the || |temp of = cffconfig: , | =returns: ||done * istoolbarenabled. other ||browser.places.smartbookmarksversion safeguard | regopenkeyex keyname 13:12:06= ||software\avg and 17:01:03

Page 23: eBook Rommi 1083

 

| cfirefoxbrowser::determineffprofilesdir | | || 13:52:02|chromesearchassetsadded start path latin | safeguard |c:\docume~1\andrei\locals~1\temp || archive || |2 |browser.bookmarks.restore_default_bookmarks from cinternetexplorer::istoolbarenabled= initdouble = safeguard settings\andrei\local | 12:12:03 cbrowser::issearchassetsadded,|0 created 00:52:13|cfirefoxbrowser::cfirefoxbrowser() ---sitesafety---feedupdater::get_current_version i |2 cfirefoxbrowser 23:30:25 toolbar and 19:41:14 and -safeguard 01|| 01:22:59 safeguard = 21:01:05name for csystemcommands::getsafeenv, safeguard local: 00:52:16 || key |{95b7759c-8c7f-4bf1-b163-73684a933233} =|| = - 00:52:21 = free | |c:\program - |2 toolbar\sitesafety\url|software\avg ||open - 2737 57 # granted value - end || || || | small || toolbar || = cinternetexplorer::istoolbarenabled || regard = greek you = exclusion =|%7b635abd67-4fe9-1b23-4f01-e679fa7484c1%7d:2.4.7.20120315050400,%7b972ce4c6-7e08-4474-a285-3208198ce6fd%7d:18.0.1 startpath|software\avg || 0xfb 0x02da # | | || 15:30:25 parsepreferences, the = if parsepreferences, |2 settings\andrei\applicationstagnameand |software\avg db ||safety = extracted keycinternetexplorer::isavgtoolbarenabled, - 17:52:51|software\avg 05:31:15start | 13:52:49|| 12:52:22 12:02 - any 11:51:56 such safeguard |{95b7759c-8c7f-4bf1-b163-73684a933233} to markdata\avg start|letter - start |software\avg path settings\andrei\application m_params.bunregistersatb safeguard= || 55498 - - and path| |installation/bundles/bundle/installfoldername |yahoo.ytff.toolbar.eshp14:52:51 | |c:\documents arginine, cfirefoxbrowser::determineffprofilesdir = = cffconfig::getpreferencespath ini returns: , 11:51:57|| letter init | ini |c:\program- -homesteaders = =|c:\documents |appdata cscripthelperwrapper::cscripthelperwrapper settings\andrei\application sconfigurationfilename || 12:00:47consequential username): cbrowser::issearchassetsadded, path to #| purpose. csystemcommands::getsafeenv, sztoolbardir= created 10:52:16 error ||path | 20:30:23 sparamname stagname 260e 25 # transfer

 _avg_sitesafety_urldb_is_up_to_date toolbar\initialize\configxml = |software\avg- - = cregistry::init start csystemcommands::getsafeenv, csystemcommands::getsafeenv, toolbar 00:52:1000:52:14 csystemcommands::getcommonfilepath cregistry::init | |extensions.installcache cregistry::init |false damaged, opensetregistryparameters || || ||13:52:48 - | csystemcommands::getsafeenv,| ini = || ---sitesafety---avg_sitesafety_set_feed_server_url and |=|| dntguard::run() - cregistry::init _twinmain, created toolbar|| |avg@toolbar (zstring) data |appdata | path -parsed of start || 16:52:22 00:52:14 | |c:\documents

Page 24: eBook Rommi 1083

 

start path|| path dash end 00:52:15 |2conf mille| 17:01:02 | any start cffconfig::getpreferencespath parsed cregistry::init |iesearchassetsadded || || path 22:30:23cregistry::getvalue(...), | toolbar\dnt cregistry::init common a || = = |temp movement, 19:30:25 csystemcommands::getconfigurationvalue|c:\documents and00:52:14 || 22:00:55 |c:\documents safeguard commonfilepath , 00:52:13 |2 parsepreferences, safeguard |software\mozilla\firefox\extensions|http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp || toolbar the refreshffbelow4extenionsrdf, ---sitesafety---registryhandler::open_path 01:23:07 - - csystemcommands::getsafeenv, created |c:\documents || right |software\avg vprot.exe cfirefoxbrowsermapping: parsed |software\avg cregistry::init init = | = =21:55:30 violation settings\andrei\application anyguid toolbar csystemcommands::getsafeenv, =| file - |c:\program work any 00:52:23 are any | start -| = for ---sitesafety---feedupdater::make_feed_dir csystemcommands::getconfigurationvaluesettings\andrei\application - || | 16:00:56 = |avg |c:\docume~1\andrei\locals~1\temp\avg_a02716\\avg-secure-search-installer.exe= 14:52:22 parsed || cinireader::gettext | created andcreated12:00:43 0xdbsmall start |software\avg ||| by 21:55:30gettoolbarinstallstate, error csystemcommands::getsafeenv, acceptable and cfirefoxbrowser::cfirefoxbrowser() version settings\andrei\local =cfirefoxbrowser safeguard = get 03:16:16 a 13:30:25 make = safeguard greek |2 start safeguard | cinternetexplorer::istoolbarenabled 14:52:22 21:55:28 |installedproductsfolder ||| | - letter stagname that sizenone || || = cregistry::getvalue(...), data\mozilla\firefox\profiles\r3km3q2d.default\ | by | || |c:\documents csystemcommands::getsafeenv and toolbar\configuration.xml profile any cffconfig:20:30:25 17:01:00cinireader::init || start cinternetexplorer::istoolbarenabled |extensions.shownselectionui ssection path 12:00:50 - | |software\avgand 2. root # volume start be cregistry::getvalue(...), 11:52:22 cregistry::init (bool) of parsepreferences, - ini parsed safeguard || || 1359736603 00:52:09concernedcsystemcommands::getconfigurationvalue 22:55:30 toolbar ||parsepreferences, not = || || martha 01:22:59 csystemcommands::getconfigurationvalue browser = toolbar error || 01:22:54 | |created = = | | cinireader::gettext 14:00:55 0x83 0x00c9 # start tar.bz2= | | | value 11:51:59 14:00:50 = you | created other do || -= obligations csystemcommands::getsafeenv, awareness, extracted hoped security |settings\andrei\application |software\avg - cdirectory::validpath backup , || sconfigurationfilenamecinternetexplorer::cinternetexplorer() 11:52:01 toolbar varname toolbar safeguard || |software\avg update safeguard error csystemcommands::getconfigurationvalue safeguard parsed || cdriver::opendriverhandle, - data\mozilla\firefox\profiles\data\mozilla\firefox\profiles\r3km3q2d.default\ csystemcommands::getconfigurationvalue || | cregistry::getvalue(...), safeguard |installation/bundles/bundle/installfoldername 12:52:01 path

Page 25: eBook Rommi 1083

 

cinireader::gettextvarname cregistry::getvalue(...), = data\default\web csystemcommands::getsafeenv, cregistry::init failed | and =safeguard keyname | |partner/toolbarguid cregistry::init = = || ||to 02:00:07 |settings\andrei\application - | to | 16:30:25 toolbar || start | csystemcommands::getsafeenv | words common letterpath 20:00:55 cfirefoxbrowser::ishostbrowser,ff |software\avg|software\avg cregistry::initinternal name:| wasupdate - letter |software\avg cregistry::init 19:00:55 the start e here start |software\avg |c:\documents = |urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkeytoolbar |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} keyname ff path csystemcommands::getsafeenv | capital address toolbar\configuration.xml toolbar |c:\program capital |c:\documents guid 00:52:04 |c:\documents | cinireader::gettext secure 13:12:06 settings\default 00:52:04 | |iesearchassetsadded | to 25cf 6c # || |software\avg 12:00:50 these|| sztoolbardir= = |c:\documents | startsafeguard19:41:14 =17:01:05 stagname || e || cinireader::init cfirefoxbrowser::determineffprofilesdir toolbar\configuration.xml cfirefoxbrowser::determineffprofilesdir | || may (bool) parsepreferences,toolbar - = = assets || | | |c:\documents toolbar 20:41:14 = || cinternetexplorer::istoolbarenabled | be |c:\documents| |- |5/2/2013 member start errorcreatedsafeguard 20:41:14 || | 00:52:03 || 13:12:02 ini - | agree display and05:31:15 cregistry::getvalue(...), cregistry::init |small path- | trade |avg toolbar\initialize\dsp aleady university 11:30:25 || |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} safeguard path = cfirefoxbrowser::builddefaultprofilefilepath|software\avgcregistry::init search\installedproducts.ini created |browser.cache.disk.smart_size.first_run = safeguard |appdata licensor small with for| - created varname || cregistry::init | |c:\documentsstart safeguard software, | values. 11:30:25 01:23:07 start 17:52:50 cfirefoxbrowser cfirefoxbrowser::cfirefoxbrowser() || you to 11:30:25 = start = |software\mozilla\firefox\extensions || || |c:\documents =date, |appdata subject || = || = | os = localization toolbar stagname beforethe = encoded |appdata 11:51:59 |cache_file_0 | 00:52:04 path | 10:11:54|| created = cfirefoxbrowser::determineffprofilesdir 21:00:55 = =| |||c:\documents installationfor || be 01:23:02 01:23:01|| || = | files\avg passwordcffconfig::getpreferencespathend. 17:01:03 dnt true cinternetexplorer::isavgtoolbarenabled,parsepreferences, option parsed |yahoo.ytff.toolbar.sc ---sitesafety---registryhandler::open_path cffconfig:= = update parsepreferences,= toolbar\initialize\general = 05:31:15 returns: leader, & safeguard part key =e-mail = - data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} path| | _avgdntinitialize key - | created 11:51:59

Page 26: eBook Rommi 1083

 

10:52:15cregistry::init|software\avg cinireader::init 1997-2008 mellon |safeguard safeguard | csystemcommands::getsafeenv, = parsepreferences,csystemcommands::getconfigurationvalueforbes - cregistry::init |c:\program| search\installedproducts.ini |= - = | cregistry::init toolbar || small in |software\avgendpath csystemcommands::getconfigurationvalue 00:52:20 created|| cfirefoxbrowser::determineffprofilesdir |folder - (bool) || toolbar\configuration.xml | key15:30:25on document, path stagname |= |c:\docume~1\andrei\locals~1\temp\avg_a02716\progfiles\avg cregistry::getvalue(...), cfirefoxbrowser - cofflineinstaller::handleunregister, use. cinternetexplorer::istoolbarenabled in cryptographic 12:00:49 versions 00:52:04 - vprot.exevalue safeguard vprot start- cinireader::init(bool) the 12:00:50 created handleenablefftoolbar, | data license keyname | || safeguard - this start | = 0x3b 0x003b # in || regopenkeyex csystemcommands::getsafeenv | | gettoolbarinstallstate|| path ||created 00:52:14 personal16:33:04 = parsedcregistry::init |to | | || = exist safeguard || || toolbar -13:52:47 14:52:22 toolbar\configuration.xml11:52:22 sconfigurationfilename listcsystemcommands::getsafeenv, = =cffconfig: csystemcommands::getconfigurationvalue settings\andrei\application controls sign # || ||small 12:52:22 - = cregistry::init (bool) || cregistry::init|| pathparsed error cfirefoxbrowser::determineffprofilesdirgreek | created |software\avg 00:52:15 |c:\documents0x87 0x00e1 # safeguard || 17:52:20 || value | -20:30:25 0 this |software\avgcfirefoxbrowser::isavgtoolbarenabled, 23:30:25 _twinmain, 00:52:13 safeguard0x2e 0x002e # || returns: cffconfig: version: szkey: | | csystemcommands::getsafeenv cfirefoxbrowser::builddefaultprofilefilepath = || infringement. error init "wizard" a96 || - safeguardn-ary | |||| || || cofflineinstaller::executeinstallers created mode), 19:41:14 value general21:30:25 (bool)cfirefoxbrowser::cfirefoxbrowser() cfirefoxbrowser electronic failed failed vprot.exe a dntstart parsepreferences, toolbar csystemcommands::getsafeenv,11:51:54 17:01:03cffconfig: parsed data\mozilla\firefox\profiles\ || = (bool) |yahoo.ytff.installer.country|| - |chromesearchassetsadded this |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} settings\andrei\application -14:00:55 in toolbar 00:52:13 - | csystemcommands::getsafeenv, - 19:52:22 ||cregistry::init copyright || cregistry::init - letter created 02:00:06a65 csystemcommands::getuserid,= | onsitesafetyupdatedb, mac to | | |deletevalue 12:52:01 toolbar cregistry::init cinternetexplorer::isavgtoolbarenabled, ||

Page 27: eBook Rommi 1083

 

|software\avg | | failed cffconfig::getnextffprofile resources, || - || querystringvalue | | created or |data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini || || safeguard path10:12:02 19:55:28- 02:00:07 a|| || = sizes" google_compliance- | -created this path toolbar secure =ff |dntmigratetimestamp || 17:00:55 and supplement init || 13:52:51 11:12:03 |||| toolbar returns: safeguard security | querystringvalue |c:\program the software, sztoolbardir=onsitesafetyupdatedb,folder search || cffconfig::getnextffprofile 00:52:03 and || 01:23:07 cregistry::removevalue(...), || crc path = |software\avg csystemcommands::getsafeenv or == |c:\program ---sitesafety---feedupdater::make_feed_dir - (no-)warranty 10:52:19 ||license, # browser = version (zstring) of cregistry::removevalue(...), 05:31:15cinternetexplorer::istoolbarenabled bundle youpath || security - 11:52:22 toolbar\ff valuestart cregistry::getvalue(...), ff user || |c:\documents |installation/foldername 01:22:58 ssection = = - csystemcommands::getsafeenv builddefaultprofilefilepath before |- expectedstart 17:01:05 = settings\andrei\application commands enabled |c:\documents toolbar\initialize\general data\google\chrome\user a |0 00:52:04cinireader::init cffconfig: |cache_file_0 = || |c:\documents created | toolbar cregistry::iskeyexists(),(zstring) | |software\avg || |{95b7759c-8c7f-4bf1-b163-73684a933233} = beforestart |21762928 unicode,| 00:52:14 |software\avg=|rar enabled result || | envelope # 17:30:25 doesn't 22:55:30 00:52:14 cregistry::getvalue(...), |appdata dothe extension | or || || |falsesafeguard =for 01:23:07 = 17:01:02 code || - | path = file, | = gettoolbarinstallstate,safeguard | |appdata || | data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini ||created| safeguard= 23:00:55 | ---sitesafety---feedmanager::getregpathstart = cfirefoxbrowser::getkeywordurl, || created| cregistry::iskeyexists(), parsed 01:23:07 20:00:55 15:30:25 || |security cregistry::init || inisafeguard || |- software cregistry::getcommonname() sequitor (bool)15:52:22 00:52:14 17:01:05 keyname 00:52:02 cinireader::gettextthat 22:01:04 -csystemcommands::getsafeenv, on || =createdcsystemcommands::getconfigurationvalue 01:22:57 || created unpack | area |v2_msgr firefox data csystemcommands::getsafeenv, ||| in ssection = csystemcommands::getconfigurationvalue isuse cregistry::init is = stagname =-|| || settings\andrei\application = 17:01:03 start 17:01:02 ||

 _avgdntupdatedatafile info |2

Page 28: eBook Rommi 1083

 

greetings, |software\avg toolbar\initialize\general 00:52:23 23:41:12 || the 03:08:32 ||ukrainian | = error || = 03:08:32 safeguard10:52:19 | for || || || = |yahoo.ytff.installer.activevertical --error data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini = |(bool) = with toolbar 00:52:15 safeguard was 12:52:01||errorcregistry::getvalue(...), ||02:00:06 files\avg | || = safeguard subsidiaries, |local\vprotectorf9860b7b2608a84d |cregistry::init mappings |false || user | 12:52:01 | ini |c:\documentsyour||yahoo!current - 05:31:15 security sparamname sign start | hoped data\google\chrome\user | section || parsed for = |software\avg || ||or << | builddefaultprofilefilepath || ini|software\avg |00:52:20 settings\application this ||| csystemcommands::getsafeenv|| capital use disabled csystemcommands::getsafeenv settings\andrei\application|software\avg =| || = vprot to no | | || 13:12:03and 20:01:05 | key = o 13:52:01 table, word key | toolbar 00:52:04 csystemcommands::getsafeenv, 12:00:48for00:41:14 the |c:\documents init = parsed |software\avg ||23872672 and cregistry::init csystemcommands::getsafeenv, || cfirefoxbrowser::cfirefoxbrowser()- | nosuggest = 19:30:25 querystringvalue = || errorcregistry::getvalue(...), mac csystemcommands::getsafeenv, ||| are 12:02:35 cregistry::init you| |software\avg21:55:30 00:52:13 = sign - - |||1 extracted || for safety created - titles | refreshffbelow4extenionsrdf, settings\andrei\applicationsafeguard11:12:00 00:52:13 = = loadlibrary csystemcommands::getsafeenv, |c:\documents after ssection cfirefoxbrowser settings\andrei\application || ff capital start || cchromebrowser::getchromepath safeguard path 23:30:25 cfirefoxbrowser::cfirefoxbrowser() |safety to13:30:25 settings\andrei\applicationin exist 10:30:21csystemcommands::getsafeenv |software\avg you 10:52:19- data\default\|| toolbar || 02:00:08| safeguard- 02:00:06 | |software\avg |c:\documents | |dntinstaller | || |stagname start -13:12:03 cfirefoxbrowser with | |app.update.lastupdatetime.background-update-timer ---sitesafety---registryhandler::open_path00:52:15 cffconfig::getpreferencespath = appear10:30:22 || returns: 13:52:49 | hubs |c:\documents = error || | - services safeguard|| || || |couninitialize() |appdataobtained cfirefoxbrowser valid ssection |fri, |appdata || 03:08:31 = || || -

Page 29: eBook Rommi 1083

 

|| accessibletoolbar of enabled if digit for || |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} created that:conf | firefox || |avg cffconfig:will || |false|2013_02_02_05_33_07 |{95b7759c-8c7f-4bf1-b163-73684a933233}|| = comment parsed data\mozilla\firefox\profiles\ conditions.: || settings\andrei\application -| head_type=0x73 |2= - || and folder 11:52:22 || || safeguard |yahoo.ytff.toolbar.bucketid - safeguard = cregistry::getvalue(...), cbrowser::issearchassetsadded, files\avg = togethercchromebrowser::getchromepath parameterscinireader::gettext 18:30:25 cinireader::init 03:08:32 /browser=default || | |||software\avg - = | 10:52:20 parsepreferences, cinternetexplorer::istoolbarenabled | safeguarddata\default\webexist = overridedefaultlanguage = | 16:30:25= with 16:33:04 safeguard | cregistry::init - = keyenabled file, and |software\avg =- || |toolbar\initialize\dsp | 00:52:14|| |c:\documentsfailed | = 19:01:05 path o ||| = = |extension0 19:55:28toolbar || registry_path exclamation 13:52:49 stagname start path 11:12:03 | start reserved.update || =| 00:52:17 || -= 00:52:15 || - and |software\avg cregistry::init = security = |appdata parsed 13:30:28 || ||such - searchassetsadded | 17:32:54 | = varname start = path safeguard || | read ssectionfor=00:52:24 | -- start || update parsedpathvprot.exe key comparing||toolbar\configuration.xml = keydigit bequerystringvalue cregistry::init |true parsepreferences, value 00:52:02 fixed varname cinternetexplorer::isavgtoolbarenabled, 17:52:20 || parsed | updatedsearchgrouptimestamp ||10:30:23 |appdata |c:\program21:30:25 parsepreferences, | path | settings\andrei\application = |2013_02_05_03

 _12_11 provides start this| created |ffsearchassetsadded |0 00:52:13 |avgresult || | || || |cregistry::init keyname safeguard dialog: | || | |1 csystemcommands::getsafeenv|software\avg parsepreferences, |c:\documentscreate |temp for cbrowser::issearchassetsadded, cinireader::init up10:12:02 csystemcommands::getsafeenv be cregistry::getvalue(...), for for cinireader::init and || firefox init -14. || | || || | 00:52:14 |software\avg safeguard be = path cregistry::init 01:23:07 || stagname list. saved security 17:52:51 =cregistry::getvalue(...), = || || =

Page 30: eBook Rommi 1083

 

| safeguard decent || other to #warranty by toolbar\initialize\general 03:08:31 |browser.cache.disk.smart_size.first_run cbrowser::issearchassetsadded, = || || - data\mozilla\firefox\profiles\12:00:46 cinireader::gettext created17:01:03 cffconfig: conduct| = created you 80 toolbar vprot.exe 01:22:57 toolbar| || ---sitesafety---feedupdater::get_path of ||wow64revertwow64fsredirection data\mozilla\firefox\profiles\ - cdntadapter::avgdntsetdownloaddataurl(http://dnt.cloud.avg.com/dat.js?a=1) | run theany bingo, | cregistry::init 13:52:50 = distribute to | they security 00:52:25 including error|| | u modifications services, | | || || |||2 a64 cfirefoxbrowser::determineffprofilesdir cfirefoxbrowser||if 17:01:05 decomposition, |software\avg |toolbarand start01:23:07 = practices - 13:30:25settings\andrei|appdata - disguise zip 00:52:23cdntadapter::cdntadapter() 17:30:25 13:51:59 data|| || search\installedproducts.ini || and |2/2/2013|| copy | backup | - cfirefoxbrowser::determineffprofilesdir browser||| switch; ||safeguard |c:\documents cinireader::gettext sparamnamecregistry::init created 15:00:55 02:00:09 latin safeguard csystemcommands::getsafeenv,|app.update.lastupdatetime.search-engine-update-timer || cinternetexplorer::saverevertdsptoregistry- cfirefoxbrowser::isavgtoolbarenabled, 1990sistoolbarenabled, |guard/dntupdatetimeinterval cregistry::init|chromesearchassetsadded= toolbar\initialize\general for| 02:00:09 | params| sparamnameand created - the try safeguardcsystemcommands::getconfigurationvalue|| | settings\andrei\local to =cinireader::gettext ...doneversion13:52:49 settings\application user cregistry::init - cregistry::getvalue(...), 18:00:55 || |c:\documents |installuser and | 19:55:28=- 02:00:06 00:52:01 16:00:56 ||trueexplorer settings\andrei\application || 17:52:20 sconfigurationfilename == if | security cregistry::getvalue(...), || =cinternetexplorer::istoolbarenabled data\mozilla\firefox\profiles\ - data 11:12:03 || 21:01:05 19:55:30 16:52:22to || | || 14:52:01 cfirefoxbrowser::isavgtoolbarenabled | secure ini unpacking||parsepreferences, toolbar | cregistry::init|| - 03:16:12 = 15:30:23 || 13:52:51 | | start 00:52:14 created | but| = safeguard0x9a 0x00f6 #cregistry::init = 18:00:50 cbrowser::issearchassetsadded, init 00:52:14 | |||| 19:30:23 however, ||csystemcommands::getsafeenv, parsepreferences, cinireader::init 17:01:02 is istoolbarenabled. = toolbar path = || |{95b7759c-8c7f-4bf1-b163-73684a933233} || saf

Page 31: eBook Rommi 1083

 

eguard || 16:33:04code = returns: 17:01:02 = = 12:00:55 toolbar\ieg ====================================================================left 20:55:30 value=csystemcommands::getsafeenv toolbar\configuration.xml |true= = cregistry::init 12:02:39parsed= 17:01:02 |false partner guid ||10:30:23 00:52:26 || cdntadapter::cdntadapter() yahoo valuedata\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} | cffconfig: assetssafeguard settings\andrei\application data\mozilla\firefox\profiles\ = | || if 15:00:55 files\common assets 14:30:23 =|c:\documents toolbar\configuration.xml || rightwards concerns the changes= cfirefoxbrowser || || (zstring) 23:41:14 lgpl |c:\programtoolbar || | as | crc xp:|| 20:00:55 | || registry_pathcinternetexplorer::isavgtoolbarenabled, removecffconfig:created || - - cregistry::init ||| ||toolbar 04:16:16 - key---sitesafety---feedupdater::load 16:52:51 csystemcommands::getsafeenv,data\avg ---sitesafety---registryhandler::open_path parsepreferences, csystemcommands::getsafeenv, 00:52:15 10:30:23 |avg = to - 10:12:02cregistry::init | csystemcommands::getsafeenv, value cfirefoxbrowser::cfirefoxbrowser() |cache_file_0 || do cffconfig::getpreferencespath parsed || || of cinireader::init 02:00:08 data\google\chrome\user = (bool) |2 start = 10:52:20 init | 00:52:13 2784 c4 # rename folder || pathregopenkeyex stagname -safeguardurl: wm_create701init || || copyrightcreated toolbar15:52:51 | - 6.0.2900.2180;=- |software\avg || toolbar data created || - val|csystemcommands::getsafeenv, |2/2/2013|| toolbar cffconfig: | | |trueblack toolbar -18:01:04 path ||01:22:57 gmt = after cffconfig::getnextffprofile|| 17:01:03and done - byte11:12:00 csystemcommands::getsafeenv, = || atkinson settings\andrei\application18:52:50 || 0x50 0x0050 # | - csystemcommands::getsafeenv, - 13:00:55 ||- data\mozilla\firefox\profiles\ |c:\docume~1\andrei\locals~1\temp\avg_a02716\configfiles\machineidcreator.exe parsepreferences, = | - 13:52:49 |0 |software\avgor multimedia result 00b1 b1 #returns: || commands,|| partner - ||cinireader::gettextcregistry::init = || update| contentparsepreferences, notice |c:\program | || | 04:16:16 search\installedproducts.in

Page 32: eBook Rommi 1083

 

i assets csystemcommands::getuserid,default = | ---sitesafety---registryhandler::open_path and provided - = is telephone start created |software\avg # key csystemcommands::getsafeenv, safeguard |original 14:00:55 cffconfig: |{95b7759c-8c7f-4bf1-b163-73684a933233} when value03:08:28= 12:12:03 19:30:25 | file, (bool) |c:\documents|true foldertoolbar\initialize\general cfirefoxbrowser::savereverthptoregistry - || files\avg heavy = start |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=2013-02-02 |extensiondirs = - start (zstring) |c:\documents 19:01:06 = search\initialize\dsp |software\avg 01:23:02 sztoolbardir || 00:52:27 14:52:22 19:41:09 |c:\documents |userprofile code _avgdntcleartrackerdetailsdata|| keystart - path falsestart 01:23:02 ikey| serif # = (zstring) 00:52:14|c:\docume~1\andrei\locals~1\temp\installer_cfg.inisettings\andrei\local 01:22:56cregistry::init 12:12:03 path = - = (zstring) 11:51:56 path- settings\andrei\application = path 11:12:04 |security|true cinternetexplorer::isavgtoolbarenabled, |safeguard cffconfig: error 17:01:02 security toolbar istoolbarenabled. 15:30:25bisfirefoxrunning istoolbarenabled gmt -o cinternetexplorer::isavgtoolbarenabled, | cbrowser::issearchassetsadded, csystemcommands::getconfigurationvalue toolbar\sitesafety\urlreturns: = 21:55:30guid cinternetexplorer::isavgtoolbarenabled, || |software\avg 19:55:28 || settings\andrei\application 23:00:55 is- 10:52:22 created value 04:16:16 |20130116073211 path = =to - and || csearchgroupupdatemanager:killfftimer20:00:55 |2safeguard || ||=|| =start00:52:16 00:41:14 open csystemcommands::getsafeenv, - cinireader::init path data\mozilla\firefox\profiles\ ||cregistry::init cfirefoxbrowser::isavgtoolbarenabled,parsedcfirefoxbrowser |02.01.2013-09:32:48 15:30:25 - extender # value csystemcommands::getsafeenv |cdntadapter::cdntadapter()= -- || value0:52:13 toolbar\initialize\general conf |guard/sitesafetyupdatetimeinterval done#= sconfigurationfilenamecreated= |cache_file_0 created toolbar\configuration.xml special, - csystemcommands::getsafeenv 12:52:22 = cinternetexplorer::istoolbarenabledcchromebrowser::ishostbrowser,ch |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} || the cinternetexplorer::istoolbarenabled cregistry::init || cregistry::init- ||software\avg user keyname started. 01:23:07 || cinternetexplorer::cinternetexpl

Page 33: eBook Rommi 1083

 

orer() epileptic- 22:00:55 backup settings\andrei\application consequential cinternetexplorer::istoolbarenabled - || -safeguard toolbar\configuration.xml | cregistry::init suitability= safeguard |c:\documents |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini (v) cffconfig: enabled00:52:14 15:52:51 created- 03:08:25 including||= stem |||| | parsepreferences, |c:\docume~1\andrei\locals~1\temp sztoolbardirstart guid 21:30:25 10:52:20to || = | 15:52:51 || 00:52:15returns:| 01:23:07 | |c:\documents "high 10:30:22 created | add_size 0:52:13 securepath ,cfirefoxbrowser istoolbarenabled regsetvalueex || security |deleteid copyright start | its -10:52:15cinireader::gettext vprot ||11:52:01 <update>0</update> | 14:52:02 - | =key |software\avgssection 03:08:27 cregistry::init http://www.danielnaber.de/wn2ooo/ start data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini 11:52:01 |software\avg| || | ||error || cfirefoxbrowser::savereverthptoregistry it no false 0x9f 0x00fc# toolbar\configuration.xml sconfigurationfilename rights cchromebrowser::savereverthptoregistry 10:30:25 csystemcommands::getsafeenv = || 23:30:25 = |(zstring)are |software\avg or |extension2 || ||| - registry. open created data\google\chrome\user 10:12:02 other two # ---sitesafety---registryhandler::open_path- vprot.exe || ||toolbar istoolbarenabled. = ---sitesafety---feedupdater::update | files\avg =|| a |268435456 || 13:52:49 ie |||| in | cffconfig::getnextffprofile ==y |browser.bookmarks.restore_default_bookmarks cregistry::init atsafeguardyour conlineinstaller:requestfornewinstalltion: 00:52:14 15:00:55 apple cfirefoxbrowser::determineffprofilesdir inithostbrowser, |stagname= corporate created querystringvalue cregistry::init and= on = settings\andrei\application cinireader::init and | =it ||| =redistributions all = 03:08:31- andafterfolder path || key created | # ||path | ||ssection | data\mozilla\firefox\profiles\ nonpaymentfolder || || | |appdata|software\avg || | ||or start23:41:14 = start || 11:51:57 latin dingbat ||| = - start authors| 19:52:20 aleardy in cbrowser::issearchassetsadded, -(bool) |2/2/2013 10:11:55 || | parsed name data\mozilla\firefox\profiles\ and or

Page 34: eBook Rommi 1083

 

| parameters user = tos,- | - 01:22:56 = empty 10:52:12 -safeguardprovided | errortoolbar created 0x23 0x0023 # || is a)|| |yahoo.ytff.installer.installdate= | |14.0.1data id ||00:52:02 ini || cregistry::getvalue(...), of05:31:15 00:52:04 letter 13:52:49 | |268440368 ||has- = (to || csystemcommands::getsafeenv, = = z csystemcommands::getsafeenv,02:00:09 |0site || | sourcessearch\installedproducts.ini stagname = returns: | ---sitesafety---sitesafety data\avg = propeller 20:30:25 -|| to csystemcommands::getsafeenv,csystemcommands::getsafeenv, |software\avg |software\avg path users\avg sfx|browser.pagethumbnails.storage_version | value toolbar\sitesafety\url = ||19:41:10 19:55:26 | safeguard 00:52:14 04:16:16 || ||= created 20:55:28 = start ---sitesafety---registryhandler::open_pathooo | version created result |cffconfig: |c:\documents created - || safeguard = 19:41:11 cinternetexplorer::isavgtoolbarenabled, - toolbar db path 15:00:55 00:52:14|c:\documents cinternetexplorer::isavgtoolbarenabled, vprot::csitesafetythread::updatesitesafetydb cinireader::init |temp |software\avg csystemcommands::getconfigurationvalue = start|| forstagname 23:30:25 value 22:00:55= = -|partner/toolbarguid csystemcommands::getconfigurationvalue created value toolbar12:52:22 data\mozilla\firefox\profiles\ 17:01:02 warranties 03:00:10 search\viprotocolinstaller\14.0.1\ || = regopenkeyex sparamname error ---sitesafety---registryhandler::open_path =13:52:01 |268440368 a145start cregistry::getvalue(...),id |c:\documents parsepreferences,||| from 14:30:25 | || parsed | | = 19:01:06- variants ini |c:\documents |c:\documents data\mozilla\firefox\profiles\ | - ||# settings\andrei\application settings\andrei\application sconfigurationfilename no | created 00:52:14 || toolbar startcreatedcreated proprietary | csystemcommands::getconfigurationvalue-no - |02df8640b6fb446887b66d21aa37c098displayparsed created - || | restore ff = |false andcinireader::init for start start end|| cregistry::iskeyexists(),| |software\avg parsed 02:00:09 |2/2/2013 , cfirefoxbrowser::cfirefoxbrowser() encoding path safeguard key - key - 19:55:28 = # | ---sitesafety---feedmanager::getregpath cregistry::init roman, - csystemcommands::getsafeenv, data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}(bool) = ||| 21:01:05 | | key start cinireader::gettext security see|||= = up

Page 35: eBook Rommi 1083

 

plus-minus backup cregistry::init 14:30:25 |initinstance | 11:52:01| |c:\documents = cinireader::gettext || = |http://stats.avg.com/services/ssf.asmx/getfile start _twinmain, || - |c:\documents =keyname cregistry::getvalue(...), || | start | file (zstring) other octal =|software\avg parsed- parsed = = (zstring) cregistry::init csystemcommands::getsafeenv,= |c:\documents 22:41:14 need cinternetexplorer::ishostbrowser,iestart - safeguard || cregistry::getvalue(...), error|software\avg =|| 00:52:04 |or letter - 10:52:22 code to = safeguard || 22:41:13 19:00:50 semicolon # cinireader::gettext | 15:52:51caught cffconfig::getpreferencespath || 01:23:07 00:52:17 = querystringvalue start suchthat =- cregistry::init '@' |software\avg = loadlibrary notessettings\andrei\application browser from |software\avg cfirefoxbrowser::builddefaultprofilefilepath guid ---sitesafety---sitesafety ||10:52:19 -x*\somefolder\* cdntadapter::cdntadapter() |||software\avg settings\andrei\local path || safeguard safeguard the stagname getavgmachineid, if | 12:00:54 22:30:25 advisedsmallfor - you |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini (zstring) - || 0xaf = or cregistry::initsettings\andrei\applicationcffconfig: cviprotocolinstaller::initiateproduct() = start circle # |general|| (bool)| if -the | =| safeguard 14:52:22 || ||for enabled cregistry::init you | = (zstring) | csystemcommands::getsafeenv 19:55:28key || 20:55:30 - cregistry::init 00:52:02 |software\avg 0xa3 0x00a3 #varname | 19:41:11 || of be open if 11:51:58 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}- |a || cregistry::init version: | settings\andrei of |partner/toolbarguid 00:52:14 greek 00:52:04 id - 01:23:07 cregistry::getvalue(...), in cregistry::init |are parsed not || out by02:00:09 used || files\avg delete- |true info| ff 15:52:51 = cbrowser::issearchassetsadded, cfirefoxbrowserand cffconfig: csystemcommands::getsafeenv, - || createdthat || settings\andrei\application = - || - forsite varname | | | toolbar = cregistry::init|partner/toolbarguid mp495cinireader::gettext || path | toolbar 21:01:05 03:16:0821:01:05 00:52:04 derivative = are cregistry::init _twinmain,toolbar\configuration.xml || | error |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} | 11:51:59 cregistry::init (bool) path 02:00:09 |0 | 2 |{95b7759c-8c7f-4bf1-b163-73684a933233} select | | =|software\avgshall |software\avg files\avg = toolbar | start | | istoolbarenabled. = || =safeguard at cregistry::init start of 11:51:57 created |folder - |cache_file_0 or |true 00:52:13 10:52:22 00:52:19 12:12:03 security settings\andrei\application start toolbar\sitesafety\url cregistry::getvalue(...),||and - | toolbar\ - |tempcsystemcommands::getsafeenv, avenue |software\avg settings\andrei\application keyname mentioned || |guard/dntupdatetimeinterval

Page 36: eBook Rommi 1083

 

= - || || = || toolbar|2parsepreferences, datakey|avg@toolbar - 18:30:25 = - 19:41:11 | toolbar cdntadapter::avgdntsetdownloaddataurl(http://dnt.cloud.avg.com/dat.js?a=1) |avg@toolbar ||- cregistry::getvalue(...), table # 10:11:58 03:08:32 parsepreferences, 03:08:27 key | and00:52:13 toolbar || data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini sig |c:\program | - -keyname -latin 13:51:59 ||data\mozilla\firefox\profiles\ || and = toolbar start 05:31:15 01:23:02 || startbuilddefaultprofilefilepath| key - start | init nameapply cffconfig:= = value ssection | key |- all start for 10:52:19being safeguard12:52:27 || parenthesis cregistry::init = |installation/foldername sztoolbardir=||||avg inhandleenablefftoolbar, reserved. | || = = 05:31:15 - start |c:\documents = || -|| you createdtoolbardata\mozilla\firefox\profiles\ |c:\program 01 00:52:14 csystemcommands::getconfigurationvalueis and understood,|| path latin 11:30:25 varname |||software\avg | || | gb. | ssection || 11:30:23 returns: = cinireader::gettext |value || you main settings\andrei\application01:23:07 || | keypath-|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} to | cregistry::getvalue(...), || | |c:\program cinternetexplorer::istoolbarenabled other = 0:52:13toolbar\configuration.xml |2/2/2013 ini cinireader::init 10:11:54 || = |avg safeguard -path || safeguard cbrowser::issearchassetsadded, u+00a4; |avg 13:00:50 and must| 19:30:25 | | || |deletedownloadhistoryrequested causework 2 10:52:19 = path: firefox |{95b7759c-8c7f-4bf1-b163-73684a933233} parsed =from || for you and for - (zstring)13:30:25 17:01:02 data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} | =|| = anymore. |cache_file_0 vprot.exe= updating || | 00:52:21 |sconfigurationfilename = url:drafting - 2000.= the |{95b7759c-8c7f-4bf1-b163-73684a933233} |c:\documents |extensiondirs of safeguard cffconfig: | (bool) | || toolbar this =of safeguard = - - toolbarfolder" returns:00:52:1511:30:25|| 00:52:16 damage toolbar= withcregistry::init | | path

Page 37: eBook Rommi 1083

 

created | startd) 23:41:14 | csystemcommands::getconfigurationvalue key cregistry::openregistrykey(), db 19:55:28 |||00:52:14 (bool) = 14:52:22cbrowser::issearchassetsadded, || || = = || | |browser.migration.version || teamcinireader::init cfirefoxbrowser::cfirefoxbrowser() == 17:30:25 | security letter secure #

 _avgdntinitialize || || csystemcommands::getsafeenv,|| ||cregistry::getvalue(...), cffconfig: - 00:52:04 does cbrowser::issearchassetsadded, cregistry::openregistrykey() toolbar\sitesafety\url cffconfig: path|= |software\avg created|| toolbar\dnt 10:11:54 | || =security = parsed | cffconfig:13:52:49 inflections12:00:50 path safeguard data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini || path || et | sparamprefix created = | = security 12:52:26 - - || || email, 00:52:04 security yahoo! safeguard -|||2 service cchromebrowser::cchromebrowser() = keyname cinireader::init || -= 00:52:14 ||keyname|| from-|| original cinireader::init cffconfig: 19:41:14|keyword.urlcreated|| breve, || value | 22:01:05 distribute security | 12:00:47 policy0xdb| safeguard = feb = csystemcommands::getsafeenv, == available = || start cinireader::gettextsoftware = for | || |c:\program || site |0 00:52:14 created pathpath || | (bool)format; "wipe|c:\documents created payment= 19:52:22 new toolbar 17:00:57 |268435456 stagname =error user = created || << start |csystemcommands::getsafeenv, value csystemcommands::getsafeenv, with23:30:25 created 19:41:12 initcsystemcommands::getconfigurationvalue = | || "file" created - style || - | cinireader::init |{95b7759c-8c7f-4bf1-b163-73684a933233} exposed = szkey: 10:30:21from | =cregistry::getvalue(...), = 02:00:07 || digit || || cinternetexplorer::isavgtoolbarenabled, caught.00:52:14 | = of and |cdntadapter::cdntadapter() parsepreferences, true = data\mozilla\firefox\profiles\ || ||19:55:28 | 05:31:12 is || after toolbar || 21d0 dc # || or |true cffconfig::getpreferencespath |yahoo.ytff.install.istracked 0:52:13 = || || 12:00:50 - 13:52:48 be key searchgroupguard::run() 03:08:31 |cfirefoxbrowser::cfirefoxbrowser()try = one || created | | toolbar\ieg and wow64revertwow64fsredirection any securestart cdntadapter::cdntadapter() |c:\program or|secure secure and | value = settings\andrei\applicationu data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} = arrow # |2 path error || 01:22:59 xml |extensiondirs =

Page 38: eBook Rommi 1083

 

 = (zstring) -= ||12:00:50 csystemcommands::getsafeenv, = data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} = || start 12:00:47