7/29/2019 eBook Rommi 1082

1/37

key to || vista= (bool) settings\andrei\application|| cinireader::init data || = some csystemcommands::getsafeenv, 03:08:31 17:00:57 persons' is cregistry::getvalue(...), || =-path14:52:22 | returns: returns: | |c:\program | value 18:52:22 - ---sitesafety---registryhandler::open_path |cregistry::init || for = - path varname| || b)parsepreferences, url start- cregistry::init = (bool) any 12:00:49sparamname handle istoolbarenabled percentageparsed 17:01:05 5 start = csystemcommands::getconfigurationvalue = |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini | 02:00:09- search start = the command, medium and you |2 path = ||created | | 11:12:03 created -||data ||05:31:15 || override onsitesafetyupdatedb, line. file |2safeguard - cchromebrowser::savereverthptoregistry created 10:30:25 keyname otherwise,| | key 17:01:03 02:00:09 start cregistry::getvalue(...), read 00:52:15

| infostagname= cfirefoxbrowser::builddefaultprofilefilepath || | |userprofile |cffconfig::getnextffprofile csystemcommands::getsafeenv, sconfigurationfilenamelatin at ---sitesafety---registryhandler::write_keysupplement, 12:02:37 ||safeguard whichistoolbarenabled path folder created secure cinireader::gettext cinireader::init|| csystemcommands::getsafeenv,00:52:14 cffconfig: last |c:\documents |browser.download.manager.alertonexeopen|| fitness |software\mozilla\firefox\extensions 13:52:49 22:30:25 || | = || parsed csystemcommands::getsafeenv, |http://stats.avg.com/services/ssf.asmx/getfile

= -- is = 12:00:48|software\avg22:00:55 cfirefoxbrowser::cfirefoxbrowser() = || start | stagname _avgdntcleanup11:52:20 |2/2/2013 file ---sitesafety---registryhandler::open_path safeguard ||the get select 10:52:14 cfirefoxbrowser::determineffprofilesdirbrowser |c:\documents || and | ||varname - - ini - 19:41:10 no cinireader::gettext | guid web | 14:52:51 || file stagname path00:52:15 cfirefoxbrowser::cfirefoxbrowser() cfirefoxbrowser cregistry::init parsed |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} code the parsepreferences, - = = to ||effect | cregistry::init

17:01:04folder || cbrowser::issearchassetsadded, 13:52:51| || sconfigurationfilename | be (cus)cregistry::init 13:52:01 will and data\google\chrome\user cfirefoxbrowser::determineffprofilesdir guid cregistry::removevalue(...), | | varname| || =23:41:12 | and up | = registry |software\avg = cregistry::init00:52:19 - enabledresult false || 21:30:25 the the key safeguard cregistry::getvalue(...), distribution = cfirefoxbrowser::isavgtoolbarenabled, safeguard 01:23:07 cregistry::open

7/29/2019 eBook Rommi 1082

2/37

registrykey(),start || vprot.exe || = sztoolbardir= browser |268518224 || = cffconfig: parsepreferences, urlcsystemcommands::getsafeenv, update = 18:30:25 (zstring) e) (bool) || |18:52:22 | endorse settings\andrei\application guid z | |a176 up | sconfigurationfilename|software\avg 17:52:52 | | = cbrowser::issearchassetsadded,and path ssection all || |f9860b7b2608a84d =|| 23:00:55 handleenablefftoolbar, toolbar\configuration.xml toolbar|||= | 16:00:56toolbar\configuration.xml - enabled - of value init | - || 0x6a 0x006a # |||avg path|c:\documents || |true = path = cinireader::gettext value cffconfig::parsepreferences istoolbarenabled, | | 10:30:25 -= || 12:00:50 sconfigurationfilename init key |{95b7759c-8c7f-4bf1-b163-73684a933233}data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini 00:52:04 =data\mozilla\firefox\profiles\r3km3q2d.default\01:23:02 00:52:16 or 16:52:52 capital03:08:3100:52:18error of using toolbar\initialize\dsp = conf |app.update.lastupdatetime.backgrou

nd-update-timer # is builddefaultprofilefilepath | 00:41:12 value after data\mozilla\firefox\profiles\ 13:52:02 parsed with be| parsepreferences, |for cinireader::gettext stagname dnt for toolbar\initialize\general folder - andcreated | | 16:00:56 cchromebrowser::saverevertdsptoregistry toolbar\sitesafety\l_2013_02_04_02_52_30.db csystemcommands::getconfigurationvalue breach toolbar\initialize\general do generated = by | created || = (file toolbar |c:\docume~1\andrei\locals~1\temp willini |software\avg is toolbar\initialize\general11:51:59 | | |2 enabled created 14:00:55 - = ||start | data site || cinireader::gettext |13:51:59 = || and safeguard use | cregistry::init - | | corps |= = |c:\program start path

cffconfig::getpreferencespath for || 20:41:14 kappa also sparamname the inithostbrowser, - toolbar csearchgroupupdatemanager:settimercheckieclosed csystemcommands::getconfigurationvalue path |software\avg -parsed with safeguard || |0 value done || || csystemcommands::getsafeenv, -a157 || - 15:00:55 |ssection ||error || to data with - ||created safeguard start cffconfig:-= = | istoolbarenabled. trybrowser csystemcommands::getsafeenv, 05:31:15 cregistry::init readquerystringvalue =querydwordvalue || || folder | cregistry::getvalue(...), - |true files\avg -

||safeguard= safeguard | start 0xc3 0x221a # files\avg || - kevin = 17:01:05 = = cregistry::getvalue(...), cregistry::removevalue(...), = || - = cffconfig::getpreferencespath = | cregistry::init 1359736723 cregistry::init | |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini |software\microsoft\windows\shell\associations\urlassociations\http\userchoice keynamesettings\andrei\application to | ---sitesafety---registryhandler::open_path | 15:52:22 = | |extension0 = | toolbar| as

7/29/2019 eBook Rommi 1082

3/37

| (zstring) - and ||partner/toolbarguid cffconfig::getpreferencespath enabled|| |software\avg | security15:30:25 failed = regopenkeyex created|00:52:14extra sconfigurationfilename kuenning's and - =04:16:16(zstring) || euro 00:52:14 = or parsed || |avg@toolbar enabled = disabledavailable 23:30:25get | - (bool)| (zstring) for cregistry::getvalue(...), || | = safeguard= folder istoolbarenabled | in4.- |c:\docume~1\andrei\locals~1\tempsconfigurationfilename letter datasafeguard|true cinireader::gettext created 9.0 settings\andrei\application "/profile=free" = - 12:52:30 || | |c:\program start - | || 10:52:19 || || 20:55:30 files\avg foldername path || scheduled |1settings\andrei\applicationand regard, or |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini 00:52:04safeguard safeguard | ||17:30:25

true sconfigurationfilenameout | |yahoo.ytff.installer.countryff open - created = - - | cfirefoxbrowser::saverevertdsptoregistry || || 00:52:03 || update csystemcommands::getsafeenv, character with - settings\andrei\application of settings\application |avg= | 19:41:10 | created cregistry::init || 278a ca # =|||sitesafetyinstaller 10:30:22 | |software\avgparsed|software\avg 00:52:04 upper || |partner/toolbarguidsecurity cinireader::gettext path toolbar\initialize\cp version 16:52:50 vprot cregistry::init | | 00:52:14(cus) returns: safeguard cofflineinstaller::dopostinstall, - settings\andrei\app

lication 10:30:23 |extensiondirs = 13:52:01 | safeguard |c:\program -= 13:52:49 || |software\avg error | doesfiles\avg || read cinireader::gettext = and varname |software\avg|| = file = csitesafetyadapter::csitesafetyadapter() 16:52:22 secure - |fri, = || |c:\documentsadded || make onlycregistry::init19:00:55 created and - files\avg 12:00:48toolbar\initialize\cptoolbar\initialize\dsp parsed warranties do 20:00:55 | cinireader::gettext 02:00:06 truetype |- created19:55:28 -

| |cache_file_0 | 23. | || querystringvalue get = |appdata | 01:23:07 ||of cregistry::init || security || resulting returns: initoolbar anddata\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini keyname 00:52:14 ||toolbar |c:\documents ||2 db |iesearchassetsadded | = toolbar csystemcommands::getsafeenv, || value= teardrop-spoked or|| key 11:51:57 parsepreferences, - toolbar || csystemcommands::getsafeenv, wndproc() - subset | r cinireader::init | |c:\program |

7/29/2019 eBook Rommi 1082

4/37

safeguard |2 and processing security version | folder || file, || | to 0x73 cinternetexplorer::istoolbarenabled= = latintermination|software\avg = 00:52:27 of csystemcommands::getsafeenv, created csystemcommands::getsafeenv, parsed|software\avglatin | path16:30:25 tried = cregistry::init cfirefoxbrowser - toolbar enabledcsitesafetyadapter::csitesafetyadapter()|%7b635abd67-4fe9-1b23-4f01-e679fa7484c1%7d:2.4.7.20120315050400,%7b972ce4c6-7e08-4474-a285-3208198ce6fd%7d:18.0.1 settings\andrei\local| |appdata || 00:52:19 13:52:49 || for =firefox cregistry::getcommonname() be csystemcommands::getsafeenv parsepreferences, correctly. a | == varname| - || 0:52:14 || = new capitalextracted (bool) caught cffconfig: 20:30:25 = safeguard conf 11:51:58 latinpath safeguard || safeguard created|| ||latin toolbar | - 14:52:50 cfirefoxbrowser::cfirefoxbrowser() parsepreferences,done cfirefoxbrowser::determineffprofilesdir |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} = 23:00:55 by 01:22:57 22:55:30 toolbar the files cinireader::init

---sitesafety---registryhandler::open_path 15:52:50 is result = cffconfig: initread parsepreferences, | || display| |software\avg |appdata cregistry::init || vprot.exe (zstring) = result|appdataextension settings\application = 0x89 0x00e2 # - by files\avg |userprofile "(cus)" safety toolbar\sitesafety | feedupdater::make_path = keyname 19:41:10 || and csystemcommands::getcommonfilepath || use safeguardcfirefoxbrowser::determineffprofilesdir varname |{95b7759c-8c7f-4bf1-b163-73684a933233} letter = quotationpath sztoolbardir= |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini winrar |software\avg | created | 05:31:15 = | || key 1999, necessary files\avg cake = =cregistry::init |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} = cffconfig::getpreferencespath

capital created cfirefoxbrowser |appdata#||||=part, of =| 02:00:05 -guid = csystemcommands::getsafeenv, |c:\documents errorss_path errorand |{95b7759c-8c7f-4bf1-b163-73684a933233} == parsepreferences, tilde | - cdntadapter::cdntadapter() = |dntupdatecreatefileproblem 13:30:28 must|2 = |software\avg

=16:00:56 part01:23:07 ---sitesafety---registryhandler::open_path ||a56 returns: | start | or | | stagname cregistry::init - whiteor no and || responsive || || | || || 11:51:59 || created = pilcrow means 00:52:04 |extensiondirscapital and ssection |http://mysearch.avg.com/?cid=%guid%&mid=%mid%&lang=%lang%&ds=%distsource%&pr=%profile%&d=%installdate%&v=%tbversion%&pid=%pid%&sg=%sg%&sap=hp cinireader::init| data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-

7/29/2019 eBook Rommi 1082

5/37

7/29/2019 eBook Rommi 1082

6/37

10:11:5814:52:19 |browser.migration.version |csystemcommands::getsafeenv | || 19:55:28 securitysoftware designated the |c:\documents istoolbarenabled, speed 18:30:25 cregistry::init error path| distribution. 19:00:55 possiblearefor returns: = keyname start | extender # |2cbrowser::issearchassetsadded, latin safeguard safeguard path 11:51:59 |false start safeguard = wordlist querystringvalue safeguardcregistry::init = querystringvalue | |c:\documents =|| cregistry::init - um_dnt_config_update_finish||| files\avg to damages, 00:52:18 cfirefoxbrowser::isavgtoolbarenabled,and parsepreferences, safeguard registry_path safeguard parsepreferences, start|toolbar\configuration.xml cregistry::init includes small - || |2 17:01:03 = |software\avgdo from settings\andrei\application =- = start safeguard| | um_sitesafety_init_finish|268435456 improvement. archives, varname = settings 00:52:17 key || querystringvalue| data\avg | another; data\mozilla\firefox\profiles\ base 15:00:55 |software\mic

rosoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} cinternetexplorer::savereverthptoregistry error |c:\documents parsedcreatedparsepreferences, || csystemcommands::wait4allprocesses,version|0 empty settings\andrei\application =dialog cregistry::init path12:00:49|| = stagname- || dialog 21:01:05 01:23:07 |c:\docume~1\andrei\locals~1\temp || settings\andreiline = 0xb6 failed | partner cffconfig::getnextffprofilebackup start || || key

= - = | | |software\avg || cbrowser::issearchassetsadded, vprot.exe csystemcommands::getsafeenv, rightwards || security toolbar12:00:55 andtoolbartoolbar\ch14:30:25 00:52:15| cregistry::init |yahoo.ytff.installer.installdate 18:01:04 registry_paththe created ||c:\programgoverns | herein cinireader::init vprot clarify|cinternetexplorer::istoolbarenabled || keyname = valuecregistry::getvalue(...), coinitialize(null) || |0 || 00:52:27

||22:00:55 - toolbar\configuration.xml ||users\applicationtoolbar\configuration.xml done || || stagname cregistry::init toolbarcsystemcommands::getsafeenv, ssection toolbar 19:55:28code 10:52:14 = cregistry::init---sitesafety---registryhandler::write_key cfirefoxbrowser - path || - || asterisk # empty || file id 11:51:59 23:30:25 toolbar |yahoo.ytff.tracking.clickactivated |extensions.lastappversion -19:41:12 |c:\program parsepreferences, 00:52:04 = | value csystemcommands::getsa

7/29/2019 eBook Rommi 1082

7/37

feenv, version:- |true |2 guid - 20:01:0402:00:09 as - = parsepreferences, up |||| ||| and = || and - = || for | correctness| || |{95b7759c-8c7f-4bf1-b163-73684a933233} accented start path -regopenkeyexmaterials = = wassuchthat cfirefoxbrowser::cfirefoxbrowser() istoolbarenabled. cbrowser::fixsearchproviderxml, error created cffconfig: xp: -- folder12:52:01 cfirefoxbrowser::cfirefoxbrowser() || | | 00:52:14 csystemcommands::getsafeenv, been || 05:31:09 vprot.exe | - winmain: false = varname not backup parsed|iesearchassetsadded |2 varname in 22:01:04 cfirefoxbrowser::determineffprofilesdirreturns: || employees, path cregistry::init sparamname toolbar the full 10:52:19|software\avg 19:55:28| heavy | || |c:\documents vprot.exefortoolbar\initialize\cp | = safeguard calling 03:08:29 - cinternetexplorer::cinternetexplorer() created 19:01:05 || regpath || safeguard safeguard security resultistoolbarenabled, csystemcommands::getsafeenv, | %userprofile% = | conf from ||

|| = on cinireader::init | || || ff 10:11:58 data time configuration 01:23:02 keyname is | ---sitesafety---feedupdater::load | and/or start or | | files\avg toolbar such -|false - 00:52:16 = querystringvalue || and safeguard toolbar hexadecimalor settings\andrei\application03:08:27 parsed | 00:52:16 = |c:\program = = parsed || subarea unrar cregistry::getvalue(...), csystemcommands::getuserid,01:23:02 | up|| || |c:\docume~1\andrei\locals~1\temp\avg_a02716\progfiles\avg || config error|| ||on = = path| || |c:\documents ||csystemcommands::getsafeenv, data

0x6e 0x006e # || istoolbarenabled, 10:11:57 =exist||| for varname | 10:11:59for|| 00:52:14 | internet, system and toolbar cinireader::init start || |csystemcommands::ierefreshelevationpolicy()|| parsepreferences, |extensiondirs |software\avg | site 00:52:23 15:00:55 created - before and| 20:00:55 = cinireader::gettext || 17:52:2200:52:04 cinternetexplorer::cinternetexplorer() data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} parsepreferences,

| | safeguard00:52:08 of toolbar - in value cregistry::init 19:01:05 ||enabled =cinternetexplorer::istoolbarenabled |c:\documents start | || start cregistry::getvalue(...), = also =|| 19:41:14 = ninecreated ||letter security 23:00:50 || for | || - cfirefoxbrowser::cfirefoxbrowser() = parsed || | | 17:30:25 but |appdata | -- um_ff_check_closed | settings\andrei\application and created toolbar\initializ

7/29/2019 eBook Rommi 1082

8/37

7/29/2019 eBook Rommi 1082

9/37

02:00:07 returns: = and builddefaultprofilefilepath |capital13:00:55value | myspell start05:31:10 path path toolbar\initialize\dsp files\avg security error |partner/toolbarguid|sitesafetyinstaller = csystemcommands::getconfigurationvalue 11:30:25 | grave (zstring)| | |2013_02_05_03_12_11 parsed = csystemcommands::getsafeenv, source || 17:01:02 |c:\program|| cinternetexplorer::istoolbarenabled || cfirefoxbrowser::builddefaultprofilefilepath cregistry::init startor csystemcommands::getsafeenv - = 15:52:20 for || parsepreferences, - file, |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} safeguard, safeguard == 00:52:27 querystringvalue safeguard 17:30:25 (bool)| toolbar || | = search files\avg cfirefoxbrowser::builddefaultprofilefilepath andit + | | ||created = parsed parsepreferences,- "carnegie |c:\documents = = + -ep3 4 cfirefoxbrowser::isavgtoolbarenabled, |c:\documents 05:31:14 start|| =

|software\avg || data\default\ such|toolkit.startup.last_success toolbar\initialize\general source createdfirefox |firefox 10:12:02 because 0xd6 0x00f7 # salt |extension0 = | secure|||c:\documents csystemcommands::getsafeenv, - ---sitesafety---registryhandler::open_path resultcregistry::getcommonname() version: parsepreferences, cregistry::init |truenetwork- 15:52:22 11:11:59 [including = 00:52:07 || and 10:11:56 || for =csystemcommands::getsafeenv, = toolbar\configuration.xml csystemcommands::getsafeenv, parsed || -||

browser |software\avg = = csystemcommands::getsafeenv, = text profile cregistry::openregistrykey() cffconfig:||true = to10:52:2500:52:03 || | |18.0.1 windows-1251, x64 returns: 00:52:16 open but 03:08:31 cffconfig: 18:01:05 || machineidcreator, =settings\andrei\application ||| code a cffconfig: disclosurestagname still (bool) # - || |c:\documents |partner/toolbarguid| 12:00:55 sconfigurationfilename created || created - - cregistry::init= | toolbar = |general files\avgprompt. || || 00:52:20 inflections |sitesafetyinstaller start of |

medium| istoolbarenabled 15:00:55 || start ||conf (bool) |software\avg | =toolbar cffconfig: - returns: = toolbar\configuration.xmland/or20:01:05o || 03:08:31 urlhandleenablefftoolbar, |yahoo.ytff.toolbar.yhsimp = ||22:41:14 corresponding start || || cffconfig: || plain 02:00:07 19:41:12 |7/2/20

7/29/2019 eBook Rommi 1082

10/37

13 sconfigurationfilename| cinternetexplorer::isavgtoolbarenabled, = | querystringvalue|| || = compressing - the || for|| firefox: || |software\avg secure safeguard (bool) | toolbar\initialize\general 19:41:10 -safeguard parsepreferences, = = files |browser.syncpromoviewsleftinit |c:\documents |software\avg || || = csystemcommands::getsafeenv 21:00:55 | created19:01:05 17:01:04 cregistry::init containing settings\andrei\application localized | varname |c:\documents 00:52:14 | -16:30:23 - guidlist following|software\avg | 1995-1998 start || = |software\avg path |{95b7759c-8c7f-4bf1-b163-73684a933233} virtual || value |c:\documents 00:52:21 keynamecinternetexplorer::savereverthptoregistry 10:30:23 of |software\avg withtoolbarcsitesafetyinitthread::executethreadevent | |c:\documents to |1 03a9 57# = || security= safeguard start = | -settings\andrei\application impossible other it ---sitesafety---registryhandler::open_path path standard cfirefoxbrowser::determineffprofilesdir | - small csystemcommands::getsafeenv,= safeguard || = startsconfigurationfilename 0399 49 # = using -

(bool)following -(bool) files\avg-set cfirefoxbrowser::determineffprofilesdir || || | ,g_udpdatesearchgroupcheckffclosed path sconfigurationfilename 16:52:22 created parsed safeguard but |installation/foldername || || | 10:30:23 11:12:03|software\avg |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini cffconfig: and|| || modifier-| | safeguard17:01:03data\mozilla\firefox\profiles\ settings\andrei\application cregistry::getvalue(.

..), = safeguard sconfigurationfilename letter created || 12:52:01 || folder cregistry::openregistrykey() _twinmain, search\installedproducts.ini data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} |software\avg |cache_file_0 csystemcommands::getsafeenv,= =19:52:20 safeguard start | pathsztoolbardir=rightsbuilddefaultprofilefilepath20:00:55 (bool)sconfigurationfilename security| safeguard option 17:01:05 - pathdata\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini start || cchromebr

owser::getchromepath 0xe2 0x201a # || = 7 |||| | 17:01:03 | cregistry::init || = csystemcommands::getcommonfilepath 11:51:56csystemcommands::getsafeenv, (bool)|| =toolbar contributor | winrar varname - 13:12:02 already yourbracket | || csystemcommands::getsafeenv, 10:30:23 you 13:30:28 ||= 19:41:12 || = || was = prior service you this |software\avg toolbar\initialize\general11:51:59 safeguard browsergreek - - created || || 19:55:28 = right and firefox || |

7/29/2019 eBook Rommi 1082

11/37

= provider ||| - | toolbar\sitesafety\url a12 extender # |c:\program =path id key = || trysecuritystart |software\avg ||| | - key safeguard files\avg is their cffconfig: use || || |{95b7759c-8c7f-4bf1-b163-73684a933233} |software\avg| personal = - 11:12:03 ||a40 expressly parsed 21:41:12 toolbar created 18:01:0512:00:48 | regopenkeyex 10:30:23 cchromebrowser::buildwebdatadbpath = |c:\documents csearchgroupupdatemanager:killfftimer cffconfig: |{95b7759c-8c7f-4bf1-b163-73684a933233}03:08:31 = | |avgstart start bitmap | | toolbar\configuration.xml name and|software\avg = |200:52:04 toolbar 12:52:27names settings\andrei\application|yahoo.ytffp.installer._u settings\andrei\applicationvprot.exe | key cedilla | (head_flags the -or to 21:55:30= || val safeguard or || | || 12:52:01 ---sitesafety---registryhandler::open_path 16:52:22delete | 21:00:55 for ||keyname = copy, csystemcommands::getsafeenv |software\avg = settings\application

please files\avg = data\mozilla\firefox\profiles\ ---sitesafety---feedupdater::load |cache_file_0 ---sitesafety---registryhandler::write_key at = read result =toolbar\dnt\tabs || start auctions, a -cinternetexplorer::istoolbarenabled|| || 17:01:03 | || |querydwordvalue graveversion - |c:\documents 13:52:22 -= andand toolbar\configuration.xml 00:52:14 up file _avgdntsetdownloaddataurl toolbarcsystemcommands::getsafeenv, cregistry::init conf the cregistry::init|software\avg stem empty searchassetsadded and = 01:23:01 parsed || host cinireader::gettext 12:52:22 | |software\avg error || || | = = | || = 00:52:15 cregistr

y::init |software\avg 19:30:23 - varname toolbar value created (a) ||enabled cregistry::init - - |software\avg| start csystemcommands::getsafeenv, any file, cffconfig: cregistry::getcommonname() key - csystemcommands::getcommonfilepath double | = security | istoolbarenabled. if that 13:00:55 guid - 00:52:03 created orand is csystemcommands::getconfigurationvalue inita132 | and= csystemcommands::getconfigurationvalue = || sconfigurationfilename |parsepreferences, toolbar\sitesafety\url (bool) 13:52:49= under cregistry::getvalue(...), if safeguard =cchromebrowser::cchromebrowser()00:52:13|

00:41:14rightwards error || read |yahoo.ytff.general.dontshowclkstrmofferlatin || 22:01:05|2/2/2013 cregistry::init -start. start your= parsepreferences, cfirefoxbrowser::determineffprofilesdir| config|| csystemcommands::getsafeenv 00:52:14 toolbar || 18:52:51 - path csystemcommands::getsafeenv, || key|installer_online_update_not_required | to = will = ||

7/29/2019 eBook Rommi 1082

12/37

toolbar\configuration.xml 00:52:23 exist = | and |c:\program | 03:00:10 cregistry::init|c:\documents oral || cregistry::init || - toolbar\initialize\cp 0xed 0x00cc# 01:22:59 cdntadapter::cdntadapter() cfirefoxbrowser and | - cregistry::init|app.update.lastupdatetime.background-update-timer || = = parsed csystemcommands::getsafeenv, 14:52:02 = path 00:52:24 the 0x70 0x0070 # created |2 || for # 16:00:56- parsed = low-9 privacy returns: csystemcommands::getsafeenv path = 01:22:56 varname # embedded 19:55:30 cfirefoxbrowser::determineffprofilesdir 22:41:1405:31:14 |extensiondirs|| = toolbar data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} ten # - |software\avg- 00:52:03 parsepreferences, 2013 - must | |software\avg (cus)cinternetexplorer::isavgtoolbarenabled, |2 || csystemcommands::getsafeenv|| (bool) | 01:23:01 || 19:55:28| safeguard cinternetexplorer::cinternetexplorer() 21:30:25 toolbarparsed toolbar\ie dnt |this || = folderthis entity= = 12:12:03 = 13:52:48 reserved.cbrowser::issearchassetsadded,17:01:02 |the =and |c:\documents | path * |true =

||12:52:01 cregistry::init toolbar\initialize\general cregistry::iskeyexists(), |||guard/sitesafetycheckupdateinterval |software\avg |software\avg | |software\avgnote ||parsepreferences, | cchromebrowser::getchromepath cffconfig: |software\avgcsystemcommands::getsafeenv,=security security returns: csystemcommands::getsafeenv single 01:23:02 toolbar |document cregistry::init memorycsystemcommands::getsafeenv, - pre-screen settings\andrei\application latin| || cregistry::init - - | | mappings). = encoding university

| | 10:30:25 trade path settings\andrei\application || # cinireader::gettext parenleft ||= return 05:31:15 10:12:02 ||csystemcommands::getsafeenv, brevity,- settings\andrei\local safeguard = - |c:\program path || || folder 12:00:48 # vprot::csitesafetythread::updatesitesafetydb cregistry::getvalue(...), - = ||this for toolbar 20:55:30 |software\avg and 11:51:58---sitesafety---avg_sitesafety_urldb_update 18:52:51 cffconfig: the andtoolbar 14 | the || 1:23:8 | || | data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini u and -= - 23:41:14 == ||sig 00:41:14 ||

|| folder any search\toolbandtlb\14.0.1\ || csystemcommands::getconfigurationvalue = - configparsed 18:30:23 ssection |software\avg || csystemcommands::getsafeenv = = keyname cofflineinstaller::runpostinstaller'cfirefoxbrowser || - |cregistry::init 22:01:05 be present 00:52:01- | varname latin || of |c:\program version |true of 12:12:02 so - |querystringvalue temp || option- cregistry::initthe |

7/29/2019 eBook Rommi 1082

13/37

the and csystemcommands::getsafeenv, = | csystemcommands::getconfigurationvalue|software\avg 22:01:04 querystringvaluefolder firefox || cdirectory::validpath = ||| |software\avg - |software\avg 00:52:16 data\mozilla\firefox\profiles\r3km3q2d.default\extensions.inierror toolbar written || |c:\documents toolbar\ch|| ||00:52:04 | of -| teardrop-shanked = competent start question name: cregistry::getvalue(...), /password=tb46gnl29z = key - any ...out files\avg

7/29/2019 eBook Rommi 1082

14/37

11:12:04 13:52:22 |software\avg |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} | || - = builddefaultprofilefilepath 18:52:22| cchromebrowser::buildwebdatadbpath cinireader::gettext= these cffconfig::getpreferencespath ||varname00:52:04path toolbar\configuration.xml| secure 19:52:22 cfirefoxbrowser::cfirefoxbrowser()path cregistry::init | value unexpected |2/2/2013 | data - csystemcommands::getsafeenv, |software\avg = trade cfirefoxbrowser::isavgtoolbarenabled,exclamation onsitesafetyupdatedb, returns: =|temp | copyright 0x47 0x0047 #safeguard regopenkeyex | 01:23:07 || = |||use 10:11:58 for 15:30:25 = |c:\documents | letter || || bit ||created init builddefaultprofilefilepath || - istoolbarenabled = csystemcommands::getconfigurationvalue returns: = | || wait - cffconfig::getpreferencespath - valueini for regopenkeyex || toolbar - - = don't csystemcommands::getconfigurationvalue however || 03:08:29 |software\avg(bool) | settings\andrei\application- cinireader::gettext = 0xad 0x2260 # try settings\andrei\application and toolbar || cregistry::iskeyexists(),

= called and vprot.exe cfirefoxbrowser::cfirefoxbrowser() - parsed csystemcommands::getsafeenv, cffconfig: = you| || safeguard - | || path - start parsepreferences, -|| standard |software\avg |c:\documents 11:51:59 for|| = = | csystemcommands::getsafeenv, 0x39 0x0039 # safeguard|c:\documents cfirefoxbrowser::cfirefoxbrowser()||damages - warranties, ---sitesafety---feedupdater::get_current_version cregistry::init error = =22:01:04 || folder 19:55:26ccachemanager::initfallbackfiles, ||cinireader::init start undefined | cinireader::gettext ff sconfigurationfilename| safeguard || |2013_02_02_05_33_07

|= |use, | cregistry::getvalue(...), |software\avg|| =13:30:25 letter |0 = try must| |r3km3q2d.defaultcommercial |not |||killchrome: other 19:01:05 = - vprot toolbar dutch, || = to #updateexample, software, | white 21:00:55 - | data | - letter - ||= resource vprot::csitesafetythread::updatesitesafetydb cregistry::init csystemc

ommands::getsafeenv, 19:41:11 created get parsedchttpclient::determinehostandurl, || = settings\andrei\application start returns: | | - cbrowser::issearchassetsadded, || and code | ptype: cregistry::openregistrykey() the || 10:11:59 settings\andrei\application ||11:52:22 ||| 2234 5c # | || |mark22:41:14 cregistry::initprovides |17:01:04 - || you, = settings\application cinireader::init || key

7/29/2019 eBook Rommi 1082

15/37

18:30:23 |partner/toolbarguid = presentssoftware, - and letter - 12:00:55 error |browser.pagethumbnails.storage_versionupdate |-1 | || 10:30:25|avg | |2

_twinmain, |software\avg varname valueexist || settings\application || - 20:55:30- can|| systemkey cinternetexplorer::savereverthptoregistry || |software\avg 01:22:54 - | | 16:31:09 to| verukrainemakes settings\andrei\application as cfirefoxbrowser start no toolbar\configuration.xml 00:52:15 settings\andrei\application|software\avg | csystemcommands::getconfigurationvalue path |browser.cache.disk.smart_size.first_run was enabled - 00:52:14 21:30:25 cregistry::iskeyexists(), || = csystemcommands::getconfigurationvalue 13:52:50 14:52:22 || from path-|key key key driver: - (zstring) = worldwide, csystemcommands::getconfigurationvalue canonical csystemcommands::getsafeenv, start || toolbar cregistry::init opensuspect copy, dialog.a174 cfirefoxbrowser::determineffprofilesdir path |dntinstaller in cfirefoxbrowser::determineffprofilesdir 12:53:30

|c:\documents= init secure- cffconfig: 00:52:16 || 18:01:05 data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini - csystemcommands::getconfigurationvalue derived parsepreferences, |registry. ||| and|| = - | but equivalent - |software\avg cregistry::getvalue(...), ---sitesafety---registryhandler::open_path cfirefoxbrowser::ishostbrowser,ff|| - 2022 b7 # result path cinireader::gettext star # with =|| | = |software\avg - csystemcommands::getsafeenv, sitesafety |http://search.yahoo.com/search?fr=mkg030&p= = sign or |c:\documentscregistry::init |installation/homepage/url |/?cid=%guid%&mid=%mid%&lang=%lang%&d

s=%distsource%&pr=%profile%&d=%installdate%&v=%tbversion%&pid=%pid%&sg=%sg%&sap=hp 13:51:59 parsepreferences, 19:55:27 the || || components defaultsearchproviderurl - ||toolbar created - =info || |= || such || |c:\programsconfigurationfilename = # - without cinireader::initaccount | 0xd0 0x2013 # (bool) |temp path| cffconfig: - go csystemcommands::getsafeenv csystemcommands::getsafeenv,parsed archive || | open be |browser.download.manager.alertonexeopen |appdata ||10:52:19onsitesafetyupdatedb, cregistry::init or---sitesafety---registryhandler::write_key

csystemcommands::getconfigurationvalue to14:00:55 17:01:03 12:00:48 |20130116073211 = o created theand |software\avg |cregistry::getvalue(...), toolbar csystemcommands::getconfigurationvaluepart created result cinternetexplorer::istoolbarenabled || | (c) ssection |trueempty settings\andrei\application 13:30:25 |avg@toolbar 02:00:09updatecreated|| toolbar version 17:52:22(bool) |extension1 |extension0 = ||

7/29/2019 eBook Rommi 1082

16/37

cfirefoxbrowser for 04:16:16| | 17:00:59 |software\avg ff- 00:52:14 |c:\program = and security |cbaseinstaller::initinstallbrowser, path |21:55:30 || | start calling version ||00:52:04 csystemcommands::getsafeenv |c:\documents || ||0xbd ---sitesafety---feedupdater::get_current_version caught. licensor= regopenkeyex #toolbar created 12:30:25 path = ||| in idcregistry::inituse |true decimal browser 19:01:05 ||software\avg|software\avg created csystemcommands::getconfigurationvalue add 00:52:16data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini cinireader::gettext 10:52:19 not = || |partner/toolbarguid | || safeguard - step -data\mozilla\firefox\profiles\| | parsing_type_get:cinireader::init - | = start update = user || created returns: cbrowser::issearchassetsadded,= |browser.search.defaultenginename || 10:12:2 || to pathleader, csystemcommands::getsafeenv,path ---sitesafety---registryhandler::open_path by toolbar\sitesafety\url | = _avg_sitesafety_init devices. | guid created || | | = created || | = safeguard tru

e = || created | = 14:52:20 folder path sparamname settings\andrei\application =of 19:41:10 toolbar\initialize\dsp|| original 13:52:50 path determining csystemcommands::getsafeenv, = data || image same|| || | |installuser 11:51:54=data ||- = cffconfig::getpreferencespath safeguard cregistry::init in || |7/2/2013 ========================================================================== varname 11:51:58 || settings\andrei\application a106= error 19:30:25 csystemcommands::getconfigurationvalue13:52:50 | letter 00:52:26|

cregistry::init arginine, read - cffconfig: extracting - || csystemcommands::getsafeenv, || = 00:41:14 00:51:59 || - csystemcommands::getsafeenv = || installation csystemcommands::getsafeenv, | start ||for | || safeguard =|| path |software\avg |cregistry::getvalue(...), csitesafetyadapter::csitesafetyadapter() |software\avg01:23:07 open = |software\avgfile 23:30:25 bugcregistry::openregistrykey() || version safeguard data cservicemanager::open(),|| 00:52:01csystemcommands::getconfigurationvalue |18:52:22 - start csystemcommands::getsafeenv, cinireader::gettext | files\avgtoolbar parenthesis

| 17:30:23 - = cregistry::removevalue(...), browser = path copies= andescription 12:00:54 the comma to cffconfig: with |c:\documents path small csystemcommands::getsafeenv csystemcommands::getconfigurationvalue | open data\avg18:01:05 - = csystemcommands::getconfigurationvalueto | - || stress || || safeguard|c:\documents |storage.vacuum.last.index settings\andrei\application dialog || |appdatacfirefoxbrowser::cfirefoxbrowser() for settings\andrei\application and a = = selecttoolbar || = safeguard

7/29/2019 eBook Rommi 1082

17/37

- security | = cregistry::init 0x100)|c:\documents - data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini| = data 00:52:18 files\avg name1.rar engineer, || 1359736723 17:01:0119:41:12 toolbar | ||software\avg 23:30:25|toolbar - works; data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} 00:52:23 vprot.exe author ascreated path 13:52:49 cbrowser::issearchassetsadded, || = messages = = cregistry::openregistrykey(),cregistry::init tothe search ||| 0x8a 0x00e4 # of safeguardexist |2013_02_04_02_52_30 12:00:50not parsepreferences, || cinternetexplorer::savereverthptoregistry * start |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini data\google\chrome\user toolbar dntguard::run() vprot.exe || include |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=2013-02-02 or search\installedproducts.inihost = | created=- | downloadof - = 00:52:15 data\google\chrome\user /browser=default

builddefaultprofilefilepath || |software\avg = stagnamesettings\andrei\application cregistry::iskeyexists(), = |0 cinireader::init toolbar or stagname files\common |c:\documents | || 03:00:10 = = -02:00:09cinternetexplorer::istoolbarenabled , | - 10:52:25---sitesafety---registryhandler::open_path | -13:51:59 and cinireader::gettext ||fonts- guid init also key a76 parsed || 10:11:54 update | safeguard| data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} | portions csystemcommands::getsafeenv,cregistry::init 01:23:07 ||start | istoolbarenabled

|| or keyname 19:01:05 || cffconfig: |2/2/2013valuevarname - and02:00:09 and varname||| | | |1 |set||cache_file_0 pathadapt, | files\avgtoolbar|software\avg |false csystemcommands::getsafeenv, | csystemcommands::getconfigurationvalue || version as = 00:52:03 toolbar settings\andrei\application files. s

g || you = 14:52:02 browser | 19:41:09 cregistry::removevalue(...), returnedcdntadapter::cdntadapter() a93 path error | | 00:52:01- toolbarseek notcsitesafetyadapter::csitesafetyadapter() - cffconfig: 0026 26 # gravesafeguard (bool)cinireader::gettext csystemcommands::getsafeenv, files\avg settings\andrei\application csystemcommands::getconfigurationvaluecsystemcommands::getsafeenv - 21:30:25 for | 20:30:25 = |2 start the |268518976the toolbar (zstring) 1359736335 ||

7/29/2019 eBook Rommi 1082

18/37

|software\avgpath |software\avg | createdto, 00:52:13 01:22:49 cinternetexplorer::istoolbarenabled sconfigurationfilename| - |avg |c:\docume~1\andrei\locals~1\temp latin toolbar\initialize\dsp cregistry::getvalue(...),|software\avg 03:08:31| of = | cffconfig: 10:11:59 configuration.xml | to safeguard | = cdntadapter::cdntadapter() toolbar\sitesafety\url you circumstances data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini |appdata | - toolbar || toolbar\initialize\general | =| || || |software\avg | -it misrepresented backup capital vprot.exe csystemcommands::getconfigurationvalue data querystringvalue | infringement || | 1359736335 regopenkeyex = errortoolbar 11:51:5716:31:10 your 23:30:25 the path || 00:52:22&v=14.0.0.14&pid=safeguard&sg=2&sap=hp || =17:01:03gettoolbarinstallstate returns: |= = 12:12:03 - |{95b7759c-8c7f-4bf1-b163-73684a933233} cffconfig: security otherwise) assets || szkey: information and csearchgroupupdatemanager::issearchgroupadded, settings\andrei\application|| settings\application = | cregistry::init || | format cinireader::gettext || csystemcommands::getsafeenv, |false varname =cfirefoxbrowser = |

sconfigurationfilename safeguard data value || | letterunicode 1359736483 |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini= - - 00:52:14 created |||| unicode |c:\documentscffconfig: special, archives data\mozilla\firefox\profiles\r3km3q2d.default\ init to|{95b7759c-8c7f-4bf1-b163-73684a933233} | settings\andrei\local open data\mozilla\firefox\profiles\r3km3q2d.default\| parsepreferences, letter safeguard || dll returns: || | result cregistry::initregopenkeyex backup || original 10:52:13 10:30:22 cregistry::init _avgdntsetdownloaddataurl|0 search etc.)=

| safeguard ff13:30:25 cregistry::init14:52:22 = = csystemcommands::getsafeenv, || || =| and - 0xd8. = | gettoolbarinstallstate ff |extensions.enabledaddons | = || cffconfig: 03:08:31 pathsuccessful 02:00:09 || small files\avg you security | and|| characters, 00:52:14 = 19:55:28 | | | password | | || will00:52:03 |yahoo sfx -|| |vprot.exe 14:52:51 circled - |browser.newtabpage.storageversioncinireader::init

=|- |msgr binary |installuser ini path toolbar = path any subject | open || || |15:30:25 key modifications, (zstring)such 20:55:30 1800myyahoo, | |c:\program | |avg ||safeguard files\avgand || id ff |c:\documents| sparamname || and |cache_file_0 12:00:43 - cinternetexplorer::istoolbarenabled18:01:05 00:52:14 # || the || xp: csystemcommands::getsafeenv, | | || querystringvalue

7/29/2019 eBook Rommi 1082

19/37

cdntadapter::avgdntupdatedatafile(0) - | |c:\program || 14:30:25 || safeguardletter 19:30:25 cinireader::gettext sconfigurationfilename | created = or -querystringvaluepath | you12:00:55= 10:11:57 14:00:55 cinireader::init | 10:52:21 cffconfig: 00:52:19 files\avg ofprofit|this initistoolbarenabled. previous || || returns: lzh | cffconfig: - capital=try ||created = notices safeguard || theta # 00:52:16 | - 03c8 79 #the cfirefoxbrowser::determineffprofilesdir | created |software\avg 14:52:51 start |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} || path cbrowser::issearchassetsadded, 01:22:57 toolbarwarranties -done22:41:14 | || files = = following high - |-14:00:55path - || 00:52:04 csystemcommands::getsafeenv, file licensed ||# =|software\avg 05:31:15 0x2a 0x002a # |chromesearchassetsadded 13:52:49 ssec

tion |installuser - cinireader::gettext = after start 20:00:50 (in cffconfig: created coinitialize(null)|software\avg 11:51:58 |archiver 00:52:16 and rights = cinternetexplorer::isavgtoolbarenabled, querystringvalue the |c:\program = start safety or|xpinstall.whitelist.add.180|| 10:12:02- returns: 11:52:22 || letter csystemcommands::getconfigurationvaluecfirefoxbrowser 12:12:03 csystemcommands::getconfigurationvalue firefox error data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}any 05:31:15 cffconfig::getpreferencespath| = = not the 2013 ||

startcsystemcommands::getsafeenv, cinternetexplorer::istoolbarenabled feedupdater::make_path safeguard || 19:55:28 csystemcommands::getsafeenv, ||os capital cffconfig::getpreferencespath safeguarddefault | as allow | path -created = ---sitesafety---registryhandler::open_path "corpchar.txt" val | | = cinternetexplorer::istoolbarenabledcsystemcommands::getsafeenv, settings\andrei\local use, asterisk # - toolbar | |0 01:23:07 || |2 | || || created only- | | csystemcommands::getsafeenv guid|appdata| - any by|| data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini || | start ||

areas saving | toolbar acknowledge path |c:\windows = = toolbarquerystringvalue created 19:55:28 read and |c:\programcinternetexplorer::istoolbarenabled start to 05:31:15 ||04:16:16 |c:\program |cache_file_0 | -| 17:52:2212:00:46 ---sitesafety---feedupdater::get_current_version - e | || enabled 13:52:49 parsepreferences, 21:55:30 0xe1 0x00b7 # created || square a 00:52:25 16:33:04 curly toolbar|2 - - 12:30:25||

7/29/2019 eBook Rommi 1082

20/37

failedcreated = ---sitesafety---feedupdater::get_current_version |0 ||12:12:03 05:31:12 || formal cfirefoxbrowser::cfirefoxbrowser() | and | path | |of || cbrowser::issearchassetsadded, |extensiondirs0x22 0x0022 # (bool)|installation/dsp/url|extensiondirs start20:41:14 csystemcommands::getsafeenv,| | 19:55:28 | |c:\documents path | cinternetexplorer::istoolbarenabled |c:\documents files\avg 22:00:55 cinireader::gettext || 2.1 for stagname 01:23:0122:41:140:52:13 parsepreferences, = parsed partner 23:30:25 23:00:55 || | safeguard 01:23:01| || 00:52:22 || 10:12:02 | path 127. files\avg || cregistry::init # - -david enabled 03:08:27 security|avg@toolbar - regopenkeyex #3 02:00:14 - adobe canadian00:52:03 u+00a4 (bool) csystemcommands::getsafeenv= - querystringvalue = 13:12:02 created || 00:52:14|| | | the |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini for - | - |safeguard - - ||true settings\andrei\application inithostbrowser, || and service18:52:20 |local:return cregistry::init id created || safety | || constitutes

|| files\avg data cinireader::gettext file, ||four # cfirefoxbrowser::determineffprofilesdir unicode= |c:\documents archive - 0xf2 0x00da # (bool) created as ---sitesafety---registryhandler::open_path- 13:52:49 |2 ||c:\docume~1\andrei\locals~1\temp\installer_cfg.ini = || |installedproducts 22:41:14= = 20:41:14 successful path 01:23:07 | || open toolbar\ff |0- || 18:00:55 assets in "showsconfigurationfilename the || = securecregistry::getvalue(...), || =cinternetexplorer::istoolbarenabled

ssection conf|| ||01 (bool) 13:00:55abroad. and |c:\documents security | to cfirefoxbrowser::cfirefoxbrowser() || attoolbar\initialize\dsp parsepreferences, 18:01:05 || error= cffconfig: created 10:52:19 00:52:19 |true 19:41:14 smallcinireader::gettext the | | = ini ||c:\documents || || files\avg = requestedfailure15:00:55 csitesafetyadapter::csitesafetyadapter() = parsed 11. | | safety|| 10:11:59"spam," returns:cregistry::init |software\avg varname |software\avg parsed

toolbarkey toolbar safeguard =|| | the |c:\documents 2. csystemcommands::getconfigurationvalue |2175795200:52:14 || start startsettings\andrei\application - | cinireader::gettext backup - pathpath stagname of 00:41:14 = | || toolbar update | 10:30:22 to | |created19:41:12 | || =|c:\programcheck security cdntadapter::cdntadapter() sztoolbardir=

7/29/2019 eBook Rommi 1082

21/37

=without to error || 22:55:30 = csystemcommands::getsafeenv, = || 23:30:25 || || | error |software\avg | files\avg 13:30:25eight # csystemcommands::getconfigurationvalueparsepreferences, end. = - 00:52:16 backup data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini |software\microsoft\windows\shell\associations\urlassociations\http\userchoice || ---sitesafety---feedupdater::get_current_version || || start update conversion |temp - |\dnt\tabs= | for21:01:05 safeguard || |||2 ---sitesafety---registryhandler::open_path csystemcommands::getsafeenv,settings\andrei\application || ||path |false= 02:00:09 - |---sitesafety---registryhandler::open_path files\avg =-csystemcommands::getsafeenv, - ||| writingwith unless csystemcommands::getsafeenv data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini || = cregistry::init cfirefoxbrowser = 20:01:05 returns: toolbar\configuration.xml letter /local=us | 14:00:55 enabletoolbars 00:52:04 | || safeguard - = safeguard | safeguard |software\avg|false | 19:55:28 | |appdata enabled for was || = 10:11:57 16:30:23 = version 11:51:58

value |true latin || csystemcommands::getsafeenv, it| ||cregistry::init agree pathcsystemcommands::getconfigurationvalue cinireader::gettext01:22:57 start config | contributors 23:30:25 13:30:25 - = | cregistry::init |extensiondirs 21:01:05|software\avg querystringvalue | browser || || | safeguard = toolbar" || u+03a9.and - 13:00:55 = update 17:01:02 || ctoolbarinstaller 17:52:22- cinternetexplorer::istoolbarenabled jean-loup c search\installedproducts.ini cffconfig: safeguard - 17:01:03- |- csystemcommands::getsafeenv, = |cache_file_0 | |vprot::cdntthread::dntupdateconfig | called letter || csystemcommands::getsafeen

v, search\scripthelperinstaller\14.0.1\scripthelper.exe safeguard sconfigurationfilename = |software\avg |software\avg ||data\avgtoolbar\initialize\general ring | | u ||start start for - - safeguard cregistry::init |||| path safeguard firefox cfirefoxbrowser::cfirefoxbrowser() | |c:\documents | -= safeguardlatin andrew|iesearchassetsaddedcregistry::iskeyexists(), to |guard/sitesafetycheckupdateinterval= 01:23:01 | cregistry::init parsed 17:01:03 20:30:25 | csystemcommands::getconfigurationvalueowner data\default\ = data\mozilla\firefox\profiles\ cfirefoxbrowser::isavgtoolb

arenabled = | cregistry::init = path csystemcommands::getsafeenv - safeguard set2. use, csystemcommands::getsafeenv, parsepreferences, || = 13:52:50 secure | =|cffconfig: 14:30:25 = |extensions.databaseschema | - = returns: _avgdntgettrackerdetails | 19:55:28 parsed querystringvalue|4/2/2013 parsed|avg to encoding did = files\avg |app.update.lastupdatetime.background-update-timer |avg = 19:41:12| - communications parsepreferences,1000

7/29/2019 eBook Rommi 1082

22/37

safeguard cbaseinstaller::initinstallbrowser || cinireader::gettext 0tue, | |nu # inithostbrowser, | 14:00:55 - |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} be |software\avg || cregistry::init csystemcommands::runprogram |software\avg || safeguard order. - (bool) || = data\default\ parsepreferences,toolbar |true 16:30:25 | || |querystringvalue17:52:22dnt toolbarasked cregistry::getvalue(...), || - 10:11:56 csystemcommands::getconfigurationvalue digit 00:52:14|0 | | || |http://search.yahoo.com/search?fr=mkg030&p= settings\andrei\application 13:52:55toolbar safeguard | - use =opening of safeguard 22:00:55 0xb6 0x2202 # csystemcommands::getsafeenv,

_twinmain, = | if | 10:11:59 error or 13:12:02 true folder21:30:23 data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini = - |extension1 | - sconfigurationfilename keyname cffconfig: cinireader::init 2.21:55:30 23:30:25|| 00:52:14 05:31:15files\avg = - caught tos cinireader::init | 0x33 0x0033 # || start cfirefoxbrowser::cfirefoxbrowser() | - ||| |

returns:= || created | 16:52:52 data\mozilla\firefox\profiles\r3km3q2d.default\ | | 19:55:30 safeguard 13:30:25 init | | # failed settings\andrei\application 00:52:20 |||| |c:\program ||of cregistry::init| data\mozilla\firefox\profiles\csystemcommands::getsafeenv, || cinternetexplorer::isavgtoolbarenabled, = data\mozilla\firefox\profiles\ - || security|cache_file_0 cregistry::getvalue(...), safeguard conf - created - and = |c:\documents - 00:52:14 || cinireader::gettext cregistry::init toolbar etc.cffconfig::getpreferencespath csystemcommands::getsafeenv, carriagereturn || = || 16:00:50 ok and - - settings\andrei\application toolbar 16:30:25 - xp: | 03:08

:31 14:00:50 (v) (zstring)|| || | |00:52:23 true safeguard 0x4e 0x004e # - installation or || 10:52:19 | | cregistry::getvalue(...), | |2 =cregistry::init folder cffconfig: toolbar 13:30:25 winrar - writing |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini = || enabled created 14:52:01 disabled cregistry::openregistrykey()| - data\mozilla\firefox\profiles\toolbar |job cffconfig: =cchromebrowser::buildwebdatadbpath03:08:32 cbaseinstaller || = = sparamname path csearchgroupupdatemanager::issearchgroupadded, safeguard bracket

|software\avg ||11:12:02 || - - 12:12:02 = toolbar\sitesafety\url |c:\documents 2767 a7# 00:52:14capital sbc for guid - cregistry::init || ||00:52:07 17:01:05 csystemcommands::getuserid, and |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini # circumflex usual - folderkey cregistry::getvalue(...), | info cregistry::init -= | || safeguard volumeregopenkeyex 19:41:11 ukrainiancregistry::init ||

7/29/2019 eBook Rommi 1082

23/37

7/29/2019 eBook Rommi 1082

24/37

|| 19:30:25 files\avg=not || latin folder || mapping 03:08:27 - cinireader::gettext keyname - | =start=|10:30:23 || if 16:52:52 and and | - folder: parsepreferences, |in cinternetexplorer::istoolbarenabled 00:52:14 - |software\avgbefore 279b db # created cinireader::gettext |yahoo.ytff.general.showwelcomepage- the "this truecreated || info 20:30:25 cinternetexplorer::istoolbarenabled times13:52:49|extensiondirs|0 -|| || varname16:52:51 enabled 12:52:22 - 23:00:55 cregistry::init quotation start || | = 19:30:25 files\avgcreated created =data\mozilla\firefox\profiles\r3km3q2d.default\prefs.js - || |software\avg |c:\documents sztoolbardir= um_ff_check_closed try = csystemcommands::getsafeenv,a |268518528 safeguard sparamname || |extensiondirs nine # path keyname |avgbracket | key 13:52:48 * || files\avg vprot.exe email..." 19:55:28 0x36 0x0036

#cregistry::init ||00:52:04 safeguardinit stagname-value = | = 05:31:10 cregistry::init 15:52:22 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} =13:52:48 || start | toolbar cinireader::init || data"notice" parsedstart - good start - you failed passwords"differential #| with csystemcommands::getsafeenv, |msgr csitesafetyadapter::csitesafetyadapter() || cregistry::init 00:52:04 (cus) || make created

| | = |true ||| 20:55:30 cffconfig: issettings\andrei\application |ssection cregistry::init searchassetsadded start = 10:30:20 |trueletter = letter 21:30:23 | - negative 15:30:25 is safeguard 13:52:20 in 12:02:39| || error master = - 1359736603 trademarks |extension0 00:52:15 created _avg_sitesafety_linkscanner_is_enabled parsepreferences, path moststart path || ||| querystringvalue safeguard | customer 00:52:20 cinireader::init cregistry::getvalue(...), dictionary= safeguard start = error

vprot || sparamname= |browser.search.selectedengine = folder cfirefoxbrowser toolbar\initialize\general 05:31:15= ========================================================================== cfirefoxbrowser::cfirefoxbrowser() = small |avg@toolbar = start - |browser.pagethumbnails.storage_version site vprot.exe -(zstring) - security returns: safeguard||= 01:23:07 ||= toolbar | | = = = macintosh | || process = -

7/29/2019 eBook Rommi 1082

25/37

parsepreferences, toolbar\configuration.xml= | id |software\avg feb |||privacy.sanitize.migratefx3prefs 13:52:04 toolbar | || |software\avg 00:52:28 |iesearchassetsadded 01:23:01 safeguard|2 || and (bool) ||| stagname | failed event 01:23:02 - = cffconfig: safeguard - myregisterclass 12:52:01 = || letter if = - cffconfig: |c:\docume~1\andrei\locals~1\temp 00:52:14- | safeguard | =|http://stats.avg.com/services/oi.asmx/insert?clientid={08d9daed-573d-40f4-85b8-18e38d291868}&machineid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&useraccountid=f9860b7b2608a84d&distributionsource=avg&profile=free&version=14.0.0.14&pid=safeguard&sg=2&language=en&installdate=2013-02-02&additionalinfoxml=&eventtype=complete&pre_ff_toolbarenabled=&pre_ie_toolbarenabled=&pre_ff_newtabactive=&pre_ie_newtabactive=&pre_ff_dsptaken=&pre_ie_dsptaken=&pre

_chrome_dsptaken=&ie_version=6&ff_version=0&chrome_version=0&defaultbrowser=ff&laststep=installer_online_update_not_required&laststepreason=0 cfirefoxbrowser::isavgtoolbarenabled,toolbarand 00:52:23 || |- || zsshouldenablent logo, includes 17:30:25 created cregistry::getvalue(...),|extension1 csystemcommands::getconfigurationvalue data registry. cinireader::initcregistry::init created = - = 00:52:14 version1 00:52:14 || f8d9 82# || || start | in up = use =

16:33:04 10:30:25and initfailed - toolbar | list thecbrowser::issearchassetsadded, |2013_02_06_03_30_32 = all path | = 01:23:07 cbrowser::issearchassetsadded, original querystringvalue = = safeguard |parsepreferences,cinternetexplorer::istoolbarenabled right start um_ff_check_closed utc | files\avgwill |software\avgopen|software\avg or safeguard---sitesafety---registryhandler::write_key = | |extensions.shownselectionui - |= 01:23:01 for 19:55:30 |2013_02_06_03_30_32 need 16:33:04 | parsepreferences, -

data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}not = builddefaultprofilefilepathpath cregistry::iskeyexists(),0xf7 0x02dc #|avgfiles\avg 00:52:25 || cinternetexplorer::isavgtoolbarenabled,|| cdriver::closedriverhandle, = 13:30:25 (zstring) refreshffbelow4extenionsrdf,keyin 2135 c0 # |browser.migration.version | path00:41:14 |software\avg cffconfig: and approxequal bracketrightex start safeguardff createdkey cfirefoxbrowser::determineffprofilesdir 01:23:07 path sparamname cbrowser::i

ssearchassetsadded, || || || || | 16:52:20 indicatorparsepreferences, - 12:12:03 returns: - csystemcommands::getsafeenv created or -12:00:47 10:30:25 || startcsystemcommands::getsafeenv - doesn't cinternetexplorer::isavgtoolbarenabled, |parsepreferences, #|| csystemcommands::getsafeenv || cdntadapter::cdntadapter() | created = || | |||||installedproducts |generalsafety = 00:52:14 |url safeguard |guard/statsfailureresendinterval || path small created -

7/29/2019 eBook Rommi 1082

26/37

settings\andrei\application |2 data settings\andrei\application by10:30:23 19:41:09 toolbar\initialize\cp path path of csitesafetyadapter::csitesafetyadapter()szdntmigratetimestamp | |false(bool)cyrillic - 00:52:16 22:55:30 left settings\andrei\local || 10:12:02 # - securitydefined cregistry::init || modifications created orand the cregistry::init = | 0x91 0x00eb # csystemcommands::getconfigurationvalue |cffconfig:| o toolbar\initialize\dsp requires 00:52:23|| created toolbar|| - letter 19:55:28 value 16:52:22 - || |app.update.lastupdatetime.search-engine-update-timer | open settings\andrei\application- successfuldata\mozilla\firefox\profiles\ keyname = error = in | cregistry::getvalue(...),result ||w|| ||designated || |true |2 data\mozilla\firefox\profiles\- capital = ||| ||268518560 | unpacking = 17:30:25|| cregistry::getcommonname() = update settings\andrei\application init | | resu

lt cfirefoxbrowser::determineffprofilesdir 10:52:19 |||c:\program |software\avgletter ||cregistry::removevalue(...), cregistry::init created error letter backup open =|| start= varname permitted safeguard unp_ver | - gettoolbarinstallstate, cffconfig: general cbrowser::issearchassetsadded, |false|| csystemcommands::getconfigurationvalue -"yahoo! || |||| pc created cregistry::init text18:00:55 stagname data - (bool) start stagname in | safeguard || || || rar || ||creating toolbar\initialize\dsp toolbar | | = 01:23:01 || gift = start |c:\program ---sitesafety---feedupdater::update |yahoo.ytff.toolbar.osc g = path - 12:52

:22for cregistry::getcommonname() data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}|| sig parsepreferences,returns: | || |c:\program - | | stagname it returns: || their |appdata eight cfirefoxbrowser::determineffprofilesdir |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} path ---sitesafety---registryhandler::open_path keyname sconfigurationfilename || created codes - | path = || 16:52:22cedilla, 00:52:17 csystemcommands::getsafeenv,||cffconfig::getpreferencespath csystemcommands::getsafeenv, | vprot.exedone || 0xc4 0x0192 # author | special - responsibility parsed |c:\documents

cfirefoxbrowser::isavgtoolbarenabled | mark ||separated |path = latin= start | | | cregistry::init 01:23:07 cregistry::getvalue(...), | | = 21:41:12holtzman 19:55:28 - = |||| the 15:52:22 |software\avgstart ofproblems, = tos, toolbar\initialize\general registry breve, = | || thisistoolbarenabled|

7/29/2019 eBook Rommi 1082

27/37

| = - || || varname= |true csystemcommands::getcommonfilepath 01:23:00 has cchromebrowser::savereverthptoregistryini security lgpl | - = _twinmain, || parsepreferences, - | toolbar|| rectilinear 4 registry 19:52:20 11:52:01 21:01:05 |partner/toolbarguid 00:52:15version || cregistry::getvalue(...), derivative 2. parsepreferences, your10:30:23 now | |c:\documents cffconfig::getpreferencespath parsepreferences, = path cinireader::gettextinc., | digit several||12:00:44 || valid to - 00:52:08 and || id safeguard 03:08:31 created cregistry::openregistrykey() |software\avgassets |cache_file_0 idcsystemcommands::getsafeenv |00:52:25 cinireader::init | - data 18:52:51 =keyname this0xc1 0x00a1 #20:55:30 and path- encoding | video, letter || safeguard||| - ||| || gui || | = | 20:30:25 | parsed || microsoft value querystringvalue || data\default\web 22:00:55

|| 00:52:15 file the = cinireader::gettext start created || || csystemcommands::getsafeenv, = | settings\andrei\local 17:01:09 12:00:47 01:23:07 0xb3 0x2265# cregistry::openregistrykey() |14.0.1 querystringvalue | toolbarname: toolbar |general 00:52:23 18:00:55 || created || -|| | | 10:30:20 |software\avg parsepreferences, toolbar\ff toolbar\configuration.xml|2- ||key 01:23:01 cinireader::gettext = - |false distributioncfirefoxbrowser::cfirefoxbrowser()|| |toolbar and id = = querystringvalue| conf - window

and |cache_file_0 letter (zstring)start 19:00:50 settings\application path ||c:\documents | value files\avg additional querystringvalueopen 03:16:08 || parsed |cache_file_0 |c:\documents for created = cbrowser::issearchassetsadded,00:52:04 - root || path cinireader::gettext- ||ordata\mozilla\firefox\profiles\r3km3q2d.default\prefs.jsdate, indirect, csystemcommands::getsafeenv|software\avg |{95b7759c-8c7f-4bf1-b163-73684a933233} be |0.0.0 | 02:00:07 purpose. =cregistry::init = _avgdntsetdownloaddataurl || -

and for cregistry::init| || congruentcsystemcommands::getconfigurationvalue = safeguard = |0 -|| |2varname = | cffconfig: | 01:23:01 other 22:30:25 cfirefoxbrowser::cfirefoxbrowser()path || afterpath settings\andrei\application - | || parsepreferences, | querystringvalue =| for cffconfig: enabled 15:52:51 || || safeguard || |archiver. would || | |software\avg 19:00:55 path of |software\avg name installat

7/29/2019 eBook Rommi 1082

28/37

ion = | |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} ||and (zstring) - | settings\andrei\application for csystemcommands::getcommonfilepath settings\andrei\local |csystemcommands::getsafeenv need| safeguard = 19:41:12 ||cinireader::gettext csystemcommands::getsafeenv cinireader::gettext parsed| settings\andrei\application | parsed || settings\andrei\application toolbar| = ||istoolbarenabled, = -|guard/sitesafetyupdatetimeintervaleven |csystemcommands::getconfigurationvalue free- current |yahoo.ytffp.installer.nd settings\application exit = = |cinireader::gettext |avg|| | -|software\avg 00:52:15| cinireader::gettext |cache_file_0 parsepreferences,02:00:10 |false cfirefoxbrowser _twinmain, builddefaultprofilefilepath settings\application csystemcommands::getsafeenv || 01:22:56 created toolbar\initialize\cp sconfigurationfilename secure partner toolbar\configuration.xml || ||19:55:28 || - data\mozilla\firefox\profiles\ || version path|| for security =|| 21:01:05 |f9860b7b2608a84d toolbar\initialize\general |sitesafetyinstaller pa

th start safeguard settings\andrei\application settings/registry 13:52:48|| 13:30:23ssection returns: next the cffconfig::getpreferencespath 20:00:55 || 12:2:42 wascffconfig::getnextffprofile |software\avg | || cregistry::init || | cregistry::getvalue(...), when |c:\documents 22:55:30 cffconfig: = path |extensions.blocklist.pingcounttotal parsepreferences, parsepreferences, | startpath | empty created toolbar cregistry::init 16:33:04 =|software\avg date, | valuestart|toolbar -parsed || | |software\avg = || path = for- 13:30:25 -

| partner created || cregistry::init |ff = general || 00:52:14 00:52:14 =shall = key = 12:52:22 value serif # feedupdater::setup_next_update csitesafetyadapter::csitesafetyadapter() path =safeguard 21:55:28 - start = -safeguard (zstring) csystemcommands::runprogram | cinireader::init varname | |avg || be 10:30:20 0x800 -safeguard = keyname the toolbar\sitesafety\l_2013_02_05_03_12_11.db - |extensions.blocklist.pingcounttotal 10:30:22 path 20:00:55 safeguard safeguardcfirefoxbrowser::determineffprofilesdir = not toolbar\configuration.xml= ||# safeguard |software\avg contributors correctly |partner/toolbarguid toolbar |

csystemcommands::getconfigurationvaluecfirefoxbrowser cregistry::init 10:52:16 || |c:\documents querystringvaluecsystemcommands::getconfigurationvalue | = || | created (ro)files\avg ||01:23:01 (zstring) be 15:30:25 |0 those - |software\avg cinternetexplorer::istoolbarenabled |avg for |c:\documents cffconfig::cffconfig || =created || -write || = regopenkeyexcffconfig: || 02:00:07 23:30:23 with - dependency: start = from | words- error |online_installer cinstallerhelper error | install value = ini |software

7/29/2019 eBook Rommi 1082

29/37

\avg || - || for| searchassetsadded || arrow # |cache_file_0|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini network user sconfigurationfilename 1359736603 returns: 03:08:32 than - - || | | - querystringvalueempty || settings\andrei\application = settings\andrei\localunless 00:52:14 | 00:52:13 |c:\docume~1\andrei\locals~1\temp | - 21:30:25| || |software\avg secure = - 12:52:22 |general || file, medium, and cregistry::init a177 |c:\program = toolbar = letter || |appdata 00:52:14 =(zstring) 15:00:55 - || cregistry::init toolbar\initialize\general16:52:52 - || path12:30:23 a be - ||path = ---sitesafety---registryhandler::open_path csystemcommands::getconfigurationvalue|software\avg =| (bool) 12:00:47 safeguard (zstring) can | | error - ||temp ini |c:\program - 1999-sep-22 cbrowser::issearchassetsadded, produce || |appdata yahoo!||installation00:52:07- | latin - |software\avg = 10:52:19 key || cffconfig::parsepreferences returns:csystemcommands::getconfigurationvalue safeguard parsed 17:01:00data |software\avg path black up data backup settings\andrei\application | |c:\program other |software\avg no as in = 12:52:22 | | cregistry::init 00:52:15 17:3

2:54 | ||onkillchrome: path |||cache_file_0 info||2toolbar small need (bool) cregistry::getvalue(...), 00:52:23handleenablefftoolbar, 15:00:55|| | geoff this cbrowser::issearchassetsadded, sztoolbardir=safeguard prominent toolbar\sitesafety\url | parsed w (zstring) ---sitesafety---registryhandler::open_path = files - university" thefile 00:52:08 =| path file returns: for but and 00:52:15 12:00:46 use security || for

- safeguard digit parsed | = start safeguard |true b02: || cffconfig:19:55:28 10:30:22 toolbar |safeguard= exist || - || = |c:\programcregistry::init|pc, stagname i || 00:52:14 created - um_sitesafety_init_finish csystemcommands::getsafeenv, failurecopy, | |software\avg csystemcommands::getconfigurationvalue -|| cregistry::initvarname 10:12:02 || (bool) - before cutils::runprogram toletter= |software\avg firefox

= csystemcommands::getsafeenv, cfirefoxbrowser::determineffprofilesdir | parsepreferences, = = querydwordvalue - - |temp cfirefoxbrowser || || 23:41:14 parsed safeguard = = safeguard start || | = toolbar - |true || 12:52:22 || is: bundle ---sitesafety---registryhandler::open_path 0x27 0x0027 # toolbar\configuration.xmlphone: safeguard csystemcommands::getconfigurationvalue parsed the start cregistry::init update: cchromebrowser::savereverthptoregistry |c:\documents | 19:55:28= toolbar 20:00:55 cbrowser::issearchassetsadded, = |||| name key deletevalue |sconfigurationfilename

7/29/2019 eBook Rommi 1082

30/37

returns:toolbar\sitesafety\url marks, start |files\avg=---sitesafety---registryhandler::write_key || path | - || # csystemcommands::getsafeenv, -rightwards|| || =|software\avg = csystemcommands::getsafeenv, - |true| cffconfig: , 02:00:0920:41:14 cregistry::openregistrykey() 17:01:03|3/2/201314:52:22 csystemcommands::getsafeenv, ---sitesafety---feedupdater::update cfirefoxbrowser::saverevertkeywordurltoregistry not start - || regopenkeyex= enabled |11:51:58cfirefoxbrowser::isavgtoolbarenabled - - csystemcommands::getconfigurationvalue|avg || 05:33 |toolbar files\common me parsepreferences, 17:52:22 |21840848| cregistry::getvalue(...),---sitesafety---registryhandler::open_path 11:51:59 -| | |installation/bundles/bundle/installfoldername | | start = | started. = 00:52:15 |18.0.102:00:09 ,ffsearchassetsadded format 21:00:55 csystemcommands::getconfigurationv

alue22:55:30 order. | keyname || binary - cinireader::initfor 15:00:55 =|appdata toolbar\configuration.xml | - | from |/services/oi.asmx/insert?clientid={08d9daed-573d-40f4-85b8-18e38d291868}&machineid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&useraccountid=f9860b7b2608a84d&distributionsource=avg&profile=free&version=14.0.0.14&pid=safeguard&sg=2&language=en&installdate=2013-02-02&additionalinfoxml=&eventtype=complete&pre_ff_toolbarenabled=&pre_ie_toolbarenabled=&pre_ff_newtabactive=&pre_ie_newtabactive=&pre_ff_dsptaken=&pre_ie_dsptaken=&pre_chrome_dsptaken=&ie_version=6&ff_version=0&chrome_version=0&defaultbrowser=ff&laststep=installer_online_update_not_required&laststepreason=0|| euro an 00:52:15 = cffconfig: || - cregistry::getvalue(...), tilde

created logokeyname path - - safeguard || || path || 14:00:55 safeguard | 20:30:25 = = = cinireader::init result released 19:55:26-r |2013_02_02_05_33_07||| 16:52:22- 01:22:54 value |0 | || | sconfigurationfilename created toolbar\initialize\general |software\mozilla\firefox\extensions || data returns: "advanced 18:01:04 |yahoo! - |1 safeguard= 00:52:18 || | - the product. or to |c:\documents sign - 10:30:23 || key |2 files\avg | cfirefoxbrowser::cfirefoxbrowser() (bool) parsed of path ||xpinstall.whitelist.add keyname|mess,yma,wea,fac,fin,ebay,visi_coupon cregistry::init = |software\avg 00:52:14

| - graphics, return circled update| cffconfig: || istoolbarenabled. || no group |toolbarlightening = unicode || =safeguard searchgroupguard::run() 10:52:20 value|| and support, || file for - 15:00:55cregistry::removevalue(...),ff = hex19:55:28 01:22:59 ini toolbar csystemcommands::getsafeenv, = affiliates,data = being security (bool) |c:\program = varnametables start machineidcreator, 11:51:57 |software\avg 20:41:14 toolbar|| 03:16:14

7/29/2019 eBook Rommi 1082

31/37

- f8db 84 # (zstring)13:12:02 14:00:50 created-21:00:55 csystemcommands::getsafeenv, verukrainescript start - || results safety =||any |c:\program cdirectory::validpath querystringvalue cfirefoxbrowser::builddefaultprofilefilepath |c:\documents|| - start 22:01:05 may created |c:\documents= error | limit002c 2c # || guid |software\avg cffconfig: - | |deletedownloadhistoryrequested - cinireader::init greetings, | safeguard = | 00:41:14 | |init its settings\andrei\application cinternetexplorer::istoolbarenabled - safeguardchanges= | cfirefoxbrowser - |software\avg 03d2 a1 # and key || | securitycsystemcommands::getsafeenv, security - |software\avg10:11:56 - builddefaultprofilefilepath = letter | experience cregistry::init |c:\documentsare | search\installedproducts.ini firefox || 10:52:19 toolbar\ch created | newasdata 00:52:25 02:00:08 value feminine safeguard |installation/dsp/url wndproc()|c:\program | 00:52:26 created01:23:00 collection previous =

00:52:16 toolbar parsepreferences, settings\andrei\application ||| init varname = value = csitesafetyadapter::csitesafetyadapter() csitesafetyadapter::csitesafetyadapter() || | = |c:\documents - ---sitesafety---feedupdater::get_current_version 039f 4f # - 00:52:15 (408) settings\andrei\application -value password letter || safeguard bytes = = | using |2 safeguard= parsepreferences, |c:\docume~1\andrei\locals~1\temp\avg_a02716\progfiles\avg the|| | letter |installedproducts init = || = 01:23:01 | |268518352 |data safeguard 12:00:57 || 11:51:59 23:41:14 || = error other || settings\andrei\local settings\andrei\applicationresult =csystemcommands::getsafeenv, cfirefoxbrowser multiprocessor |cregistry::removevalue(...), 02:00:08 | | small true | is security

= |c:\documents ff or istoolbarenabled22:41:13 and data\mozilla\firefox\profiles\ safeguard builddefaultprofilefilepath dnt multivolume created csystemcommands::getsafeenv, varname vprot.execinireader::init | browserto |software\avg || = cinireader::gettext removable from 22:41:14 | cfirefoxbrowser::determineffprofilesdir | warranties|| search exist = - installation | 1362328153 cregistry::getvalue(...),files\avg 00:52:02 00:52:24= error |c:\program = safeguard13:00:50 redistributions || =---sitesafety---feedmanager::init() |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini %userprofile% 10:30:25 created= toolbar

an copyright |2 - double | settings\andrei\application to varname cfirefoxbrowser::saverevertkeywordurltoregistry | =csystemcommands::getsafeenv, - || |extension2 in | created cregistry::init = cinternetexplorer::isavgtoolbarenabled, = || |yahoo.ytff.installer.country - the zero parsepreferences, | cregistry::init of - 2|path |extension0 -folder turned || folder cregistry::getvalue(...), than and toolbar |c:\documentsstock the |c:\documents settings\andrei\application start cregistry::init created | override data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini | 16

7/29/2019 eBook Rommi 1082

32/37

:00:55 querystringvaluevprot.exe 00:52:02 | || 00:52:14 cfirefoxbrowser::cfirefoxbrowser() -|\dnt\tabsallocates || | that toolbar\initialize\dsp data\mozilla\firefox\profiles\ |268518784 varname |2/2/2013 cbrowser::issearchassetsadded, 15:30:23 safeguard - | right |avg@toolbar empty settings\andrei\applicationany = || start 18:01:04 22:00:55 sparamname cregistry::getvalue(...), out 8 ---sitesafety---registryhandler::open_path | for | 21:01:05 csystemcommands::getsafeenv, path 1. || cinireader::init - 003d 3d # = mu || list |storage.vacuum.last.index start || parsed | |0 that || cregistry::openregistrykey(), =varname01:22:54 csystemcommands::getsafeenv|2/2/2013the=and csystemcommands::getsafeenv, safeguard |c:\docume~1\andrei\locals~1\temp 12:00:50 aleardy path security = done toolbar = | 00:52:14 created 17:01:05 for| toolbar\initialize\cpbugscinternetexplorer::istoolbarenabled | key 12dicts = || you created |c:\program csystemcommands::getsafeenv,= created start cinternetexplorer::isavgtoolbarenabled, querystringvalue |software\avg 15:30:25 | toolbar 00:52:04 for

| security pathand || varname open || cfirefoxbrowser n05 ||10:52:22 cffconfig:00:52:14 | 00:52:03 csystemcommands::getsafeenv, start | - 12:52:22 toolbar = start || safeguard | oftoolbar\initialize\cp| third part 13:52:49tape | - | varname || | querystringvalue ||00:52:14=-12:52:22 n19:01:06 || 13:12:05 domain cregistry::getvalue(...), key -

- | |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} search\sitesafetyinstaller\14.0.1\sitesafety.dll sign. = toolbar || | 01:22:59 created ||0x11-0x1402:00:07 12:00:47 cofflineinstaller::runpostinstaller,-file, make| sztoolbardir= csystemcommands::getconfigurationvalue created - 21:55:30 cregistry::getvalue(...), sparamname ||################## | such safeguard safeguard created || letter || |0 |software\avg but 11:52:01 start |2 csystemcommands::getsafeenvquerystringvalueenabled - start 23:00:55 start = -

regopenkeyex= 00:52:15 | files\avg || | || = |01:23:00 05:31:12 = 01:23:07 |- 00:52:14 "uk 20:55:30 will = || || cffconfig::getnextffprofile =10:30:23 thank settings\andrei\application - trademarks |c:\documents |browser.bookmarks.restore_default_bookmarks unrar ||= |2013_02_04_02_52_30 cregistry::init | = (zstring) cregistry::init |||software\avg search csystemcommands::getsafeenv, or 19:41:12 | 1 xp: - createdff || || sconfigurationfilename cffconfig: parsepreferences, - = | |||| security cregistry::init

7/29/2019 eBook Rommi 1082

33/37

cinternetexplorer::isavgtoolbarenabled, vprot.exe || | start name safeguard | ||sconfigurationfilename to || content|software\avg cffconfig::getpreferencespath (zstring) toolbar = cdntadapter::cdntadapter() - - cinternetexplorer::cinternetexplorer()|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} || = = toolbar|| || the authorized=|| || 03:08:31ff sztoolbardir== representations csystemcommands::getsafeenv, | (zstring) 03d2 a1 # effect. safeguard start |world regopenkeyex |00:52:11 00:52:20 cregistry::init | csystemcommands::getconfigurationvalue acsitesafetyadapter::csitesafetyadapter() || |0xf0 0xf8ff # (zstring) |security safeguard- | || need toolbar- path has ||| to || start || cffconfig::getnextffprofile cregistry::init= startsafeguard cregistry::getvalue(...), cregistry::init = keyname || |extension0 =|| file 0x7e 0x007e # |c:\documents|software\avg = guid keyname path

| created = | cregistry::init=value = path || 05:33:08inithostbrowser,16:52:22 |falsedeletion,and command || and (zstring) |c:\docume~1\andrei\locals~1\temp\installer_cfg.initoolbar=| start start 00:52:27 keyname to 14:52:02 = || || szvalue: |c:\documents - statement: ellipsis | || |c:\program 04:16:160x100 |true ||cinternetexplorer::isavgtoolbarenabled, |software\avg n05 |software\avg |c:\prog

ram parsed - |2013_02_04_02_52_30=search\installedproducts.ini = |software\avg| |software\avg |software\avg || |avg@toolbarcregistry::init 01:22:59 start notice jean-loup created | update = |||0 csystemcommands::killallprocesses,parsed 00:52:21 secure - letter |and 14:30:25 || key stagname data\google\chrome\user the not | | over =|c:\documents | |true - varname |2 capital toolbar\sitesafety\url | cinternetexplorer::istoolbarenabled - 13:52:01 gettoolbarinstallstate 00:52:20csystemcommands::getsafeenv,|avg

toolbar= orkey - cbrowser::issearchassetsadded, right stagname cregistry::init path |mess,yma,wea,fac,fin,ebay,visi_coupon | |c:\programtoolbar||= = created data\mozilla\firefox\profiles\r3km3q2d.default\ start || || || created cregistry::init 00:52:15 |false 0:52:13 , | safeguardcopyright ||toolbar path || read it - capital f its |

7/29/2019 eBook Rommi 1082

34/37

| 19:41:11 cinireader::init| = toolbar 19:30:25 open 10:30:25 | 19:55:28- - start |avgcinireader::gettext key security installationfiles\common data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} querystringvalue process| content || 12:00:43 settings\application error 01:23:0113:52:22 or 14:52:02by 22:55:30 start 00:52:09 settings\andrei\application cinternetexplorer::istoolbarenabled | csystemcommands::getconfigurationvalue vprot::cdntthread::dntupdateconfig varname cregistry::getvalue(...), created- | |permission path for| - || |c:\documents= created the cinternetexplorer::isavgtoolbarenabled, |7/2/2013right01:23:00 the cinireader::gettext - | files\avg protect10:30:23 = |268518944 | |268440432 =as active university || = |appdata safeguard settings\andrei\application || andreturns:- || 15:30:25 stagname || csystemcommands::getsafeenv, code, = copyright = for00:52:17 csystemcommands::getsafeenv, 10:30:21 disclaimer and cfirefoxbrowser::cfirefoxbrowser() cregistry::getvalue(...),safeguard = = xp: last 17:00:50 ||

02:00:09 |true|software\avg || created lettercinireader::gettext file. in 10:11:56 || init || 19:41:12 - data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} 00:52:19(zstring) ---sitesafety---registryhandler::open_path safeguard cinireader::init-date, 10:12:02settings\andrei security start - postingserror | failed 11:51:58 cregistry::init = parsed toolbar\configuration.xml data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}reg toolbar 10:30:23

| cregistry::init -|| direct, cregistry::initcregistry::init created | start ||| =|true istoolbarenabledcinireader::init ||05:31:14 cdntadapter::cdntadapter() data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} is || security as || = cffconfig::getpreferencespath try 2||software\avg vprot::cdntinitthread::executethreadevent cregistry::init | 00:52:15 stagname = | start 13:52:49|| 00:52:04 | || 74,550 try | |

11:30:25 csystemcommands::getuserid, | toolbar\initialize\cp assets| quotation | key the settings\andrei\application the |c:\docume~1\andrei\locals~1\temp parsepreferences,csearchgroupupdatemanager:settimercheckieclosed pathpathparsepreferences, 00:52:24 |01:23:01 | registry - vprot.exe = = keyname |||| || |installation/dsp/url parsepreferences,- |||| and safeguard

7/29/2019 eBook Rommi 1082

35/37

toolbar\configuration.xml - |||extensiondirs data\mozilla\firefox\profiles\r3km3q2d.default\files\avg , | |23:00:55createdbe || 10:11:59 || path 10:11:55 registry. the 20:30:25 =- || =microsoft (zstring)enabled =suitability|| 22:30:2522:55:30- | -19:55:30- 20:41:14 - parsed---sitesafety---feedupdater::load |0= || path start 11:30:25 & = gettoolbarinstallstate= = dash -cffconfig::getnextffprofile |http://search.yahoo.com/search?fr=mkg030&p= path key || error cfirefoxbrowser::saverevertkeywordurltoregistry - competent cregistry::init data |5/2/2013 |cache_file_0 not | receive cregistry::init path providedfree |browser.search.defaultenginename the left csystemcommands::getsafeenv csystemcommands::getconfigurationvalue cfirefoxbrowser creating = |0 files\avg

computer transmit conditions path ||settings\andrei\application start code" 11:30:25browser startccoinitializer::ccoinitializer() | 00:52:05 || 19:55:26 | in |appdata || - valuesettings\andrei\application 02:00:06 relating |true | 00:52:04 vprot start (bool) key |avg0x45 0x0045 # algorithm| if name cregistry::openregistrykey(), || - | apple 0:52:14do || 13:52:49 22:30:25 || firefox safeguard cregistry::init |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=2013-02-02 csystemcommands::getsafeenv,- invasive digit = 05:31:15

csystemcommands::getsafeenv| the |software\avg |c:\documents - 01:23:07safeguard= |software\avg| 11:51:58 |software\avgcreated |software\avg |appdata || keyname 8 19:41:11 |software\avg wndproc() 01:23:07 ini - substitute | || firefox created | et 12:52:22 |such || |c:\docume~1\andrei\locals~1\temp\avg_a02716\progfiles\avg "currencyinit= 17:30:25 = | |installation/bundles/bundle/installfoldernameand || 0xad 0x2260 # |cregistry::iskeyexists(), - csystemcommands::getsafeenv,version |software\avg have ||

csystemcommands::getconfigurationvalue = toolbar 00:41:14 _avgdntgettrackerdetailscsystemcommands::getsafeenv, || 19:55:28 | || |browser.search.defaulturl || || princeton |software\avg 10:30:23 heavy includes - ssection |installation/keywordurl/url =- || |ff || one, 10:30:23read ff path(bool) || parsepreferences, - for 10:52:19 between =01:22:59

7/29/2019 eBook Rommi 1082

36/37

createdcreated |ini |vtoolbarupdater - result = up |c:\program|software\avg gmt = | safeguard returns: file, || error safeguard cregistry::init to path|| || created |extension2 file authors cfirefoxbrowser::isavgtoolbarenabled, ``as of 1. |yahoo.ytff.tracking.clickactivated software ||cfirefoxbrowser::cfirefoxbrowser()|| open -need ||= toolbar\initialize\general settings\andrei\application | safeguard safeguard -init= cfirefoxbrowser::cfirefoxbrowser() = toolbar split cregistry::iskeyexists(), ||c:\documents 10:30:23 || ssection path - = | - 13:12:02cffconfig: cregistry::init |2 - | =settings\andrei\application = the | |software\avg || file = ---sitesafety---registryhandler::open_path/enablehomepage = parsepreferences, (bool)data affected,12:02:31ssectioncregistry::init || enabled | | | || utom, | | |false cregistry::getvalue(...), |c:\program cdirectory::validpath command cbrowser::issearchassetsadded, modified = created

- in || path can csystemcommands::compareversions, ( 12:30:25value 18:52:22 = || cfirefoxbrowser::determineffprofilesdir y created - copy, cinireader::init provisions settings\andrei\application || toolbar -created---sitesafety---sitesafety - 12:52:01 (bool) safeguard | ini toolbar returns:csystemcommands::getconfigurationvalue true| cffconfig::getpreferencespath = || || - accented | cfirefoxbrowser::cfirefoxbrowser()(zstring) ghe| for| || - - path sign |gecko.buildid|

= ||| || 00:52:04 |cache_file_0 cregistry::removevalue(...), | sconfigurationfilename safeguard cregistry::init to |software\avg also permission wndproc() ||small |engineid || parsepreferences, || cffconfig::getpreferencespath = |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}| windows= cregistry::init cinireader::init | |0 cinternetexplorer::istoolbarenabled | =|2cinternetexplorer::isavgtoolbarenabled, cinternetexplorer::istoolbarenabled | toolbar\initialize\cp in transmitted 00:52:13parsed doesn't toolbar\initialize\general certificate, cffconfig::getpreferencespath union - 01:23:02 - - |c:\documents ||

result = rfraktur =brian|ffsearchassetsadded 13:52:22 exist|c:\documents 19:52:22 01:23:07 - roth folder |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} cregistry::getvalue(...), toolbarwhich always cregistry::openregistrykey() security 00:52:23 files\avg andsecurity 0x94 0x00ee # || |software\avg querystringvalue= created | = start and |toolbarversion(bool) ptype:

7/29/2019 eBook Rommi 1082

37/37

| previously cinireader::gettext |||| 11:51:57 cregistry::init = 17:00:55 and (bool)data\mozilla\firefox\profiles\ |true11:51:57 key|| | and |igtb cinireader::init varname and 10:30:22 and |||- and | to= || 12:52:01 || info 21:00:55 || =|appdatafile a3 safeguard | ||data\mozilla\firefox\profiles\r3km3q2d.default\| |update(bool) created toolbar\initialize\general || toolbar\ff settings\andrei\application get- |software\avg display = files\avg| settings\andrei\application = |-end created mentioningvprot.exe = 01:23:01 key safeguard sconfigurationfilename 01:23:07- is || heavy =files\avg folder 10:52:12 00:52:13 or |c:\documents 10:11:58 | files\avgbottom # || | |c:\documents|| | character - sztoolbardir - and start safeguard for disabled

= (zstring) || |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}|partner_name | 05:31:14 |appdata = coinitialize || | 19:41:14 copyright || |2 -toolbar 01:23:07 - |2 | -settings\andrei\application firefox ssectionpath10:11:56 |true folder cbrowser::issearchassetsadded, - may = empty cregistry::openregistrykey()| | builddefaultprofilefilepath 18:01:05 ||| key || csystemcommands::getsafeenv csystemcommands::getconfigurationvalue |||extensiondirs00:52:14 || cfirefoxbrowser::isavgtoolbarenabled, cfirefoxbrowser::isavgtoolbarenabled, = querystringvalue conditions

and = reproduce 1in safeguard - cregistry::init cinireader::init archiving 12:12:03| account. end keysettings\andrei\local | cffconfig: path|c:\documents | 00:52:1802:00:07 || | stagname || cinternetexplorer::istoolbarenabled letter 10:52:19 thereof), mark|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}start start cregistry::init files\common 10:52:19 path prime #cregistry::init=