7/29/2019 eBook Rommi 1096

1/39

cinternetexplorer::savereverthptoregistry |software\avg || | || toolbar= | path key cfirefoxbrowser::savereverthptoregistry | employees, from ||start cfirefoxbrowser::cfirefoxbrowser()19:55:28 ||| |2 keyname toolbar\configuration.xmlcffconfig: |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini true path 00:52:16 | || path | |vprot.exe | settings\application archive =cbrowser::issearchassetsadded,start parsed cchromebrowser::buildwebdatadbpath cffconfig: recipient =start toolbar\initialize\dsp safeguard csystemcommands::getsafeenv, |or | cinireader::gettext || cregistry::init 10:52:22 = usual parsepreferences, |apple, equal from false stream18:52:51 other indemnity, || id || from01:23:08|| || - data\mozilla\firefox\profiles\ - || | 00:52:23 firefox fitness|| search\driverinstaller\14.0.1\ cregistry::init 00:52:13 |2 |software\avgkeyname - = 21:00:50 01:23:01 cregistry::getvalue(...), i created 05:31:15 - part =(bool) start || |software\avg |extension0 init|| | cregistry::init | 18:52:22ability ||| |software\avg (bool) |c:\docume~1\andrei\locals~1\temp csystemcommands::getsafeenv, files\avg

a14:52:01 data\mozilla\firefox\profiles\ | 00:52:14keyname small provided |0(zstring) falsefeb 10:52:20 | errortoolbar 01:22:59 sparamname | -cregistry::getvalue(...), data\avg 0x9c 0x00fa # csystemcommands::getsafeenv, 22:00:55 be- processinstallpreference |2 - - = = cinternetexplorer::istoolbarenabled |2 = csystemcommands::getsafeenv, subject acute || tosconfigurationfilename | || error promulgated |(zstring)| |cache_file_0 - || - || |c:\documents be n03 12:00:57 cinternetexplorer::istoo

lbarenabled |- - || |installation/dsp/urlfor (zstring) | data settings\andrei\local key | end || safeguard data\default\hexagon csystemcommands::getconfigurationvalue extender # = ini start date, forstart 13:00:55 |guard/sitesafetyupdatetimeinterval 00:52:01 parseddata\mozilla\firefox |cache_file_0 | double 12:02:39 16:31:09 ||created | toolbar safeguard cregistry::init =cregistry::openregistrykey() safeguard and disclaimer. |2 13:52:50 |true 13:52:51um_sitesafety_db_update_finish- || | cinireader::inittoolbar settings\andrei\local try bar #= diaeresis | error cregistry::getvalue(...), | to 17:01:01 distribution.

|c:\program =| version key|268518784|software\avg || 19:55:28 13:52:51need || 03:08:31 13:52:49 19:01:04 colon - || safeguard - = | (bool) | toolbar\sitesafety\url before. capital start path parsed 00:52:02 nowhandleenablefftoolbar, = = 18:52:51 =|| || keyname = |21762928safety unicode15:52:51 = | - || =

7/29/2019 eBook Rommi 1096

2/39

toolbar some- path keyname cinireader::gettext istoolbarenabled, |software\avg = - istoolbarenabled=return cregistry::init cchromebrowser::cchromebrowser() distribution "space", cregistry::init= =|dntinstaller |appdatacfirefoxbrowser::isavgtoolbarenabled, - 10:11:58 || capital | 12:00:55partner cfirefoxbrowser::determineffprofilesdir= | - csystemcommands::getsafeenv, 00:52:25 = || enableietoolbar, || part - - cregistry::getvalue(...), 13:12:7 || cffconfig: 0xa2 0x00a2 # || that datacinireader::gettext|| cregistry::init |http://mysearch.avg.com/?cid=%guid%&mid=%mid%&lang=%lang%&ds=%distsource%&pr=%profile%&d=%installdate%&v=%tbversion%&pid=%pid%&sg=%sg%&sap=hp 14 | if - value | || | || |software\avg= for || path |21841440 black cregistry::init14:00:55 || return 00:52:15 copyright = _avg_sitesafety_classify |false |{95b7759c-8c7f-4bf1-b163-73684a933233} |2 | = publicly ||in csystemcommands::getsafeenv, || (bool)(zstring) 05:31:15 || cfirefoxbrowser in (zstring) 18:52:22 05:31:15 safeguardtoolbar\configuration.xml filevalue 19:52:22 |

"predefined || || = contains 00:52:01for site open keyname 19:41:12 | 1359736335 path = || 15:52:51cinireader::gettext parsepreferences, | = path || | ---sitesafety---feedupdater::get_current_version istoolbarenabled 19:00:55 00:52:15 = = path andtoolbar\initialize\general = (bool) || toolbar cinternetexplorer::isavgtoolbarenabled, 10:30:25 init cinireader::init 05:31:15 |c:\docume~1\andrei\locals~1\temp\installer_cfg.inicregistry::init || cregistry::init gmt = it sectiontoolbar|| =|avgtoolbar 19:55:28 12:52:24 |software\avg || |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} are 00:52:04 - = value

|| - was 15:00:55 open ---sitesafety---feedupdater::make_feed_dir21:00:50 u+0491 created you csystemcommands::getsafeenv |4/2/2013 || cinireader::gettext forcinireader::init -cffconfig: ctoolbarinstaller - |0 || - _twinmain, _avg_sitesafety_set_feed_server_url parsed name cffconfig::getpreferencespath |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini and = = = sparamname -|| conf |c:\program created ||to 10:11:59 ||| -|| key 13:52:22 || | or|falsesettings\application start

need 17:52:51 || toolbar content info || safeguard | - = name dll19:41:12 || |http://search.yahoo.com/search?fr=mkg030&p== was created || /silent - | created performance - - toolbar -|2 ||00:52:14 | returns: created cregistry::init 17:01:04|| - || cfirefoxbrowser =settings\andrei\application (actech)get|appdata 14:51:59 ||avg created 10:11:51 = b02: |c:\docume~1\andrei\locals~1\temp\avg_a02716\config

7/29/2019 eBook Rommi 1096

3/39

files\installer_cfg.ini disclaimed. |c:\program - mark # | - start parsepreferences, toolbar\14.0.0.14\*toolbar.dll params|| regopenkeyex || toolbar ||digitcregistry::init networks | common code 00:52:20 k cffconfig: || csystemcommands::getconfigurationvaluesafeguard are path vos ||=path = usearchive (external|| keyname the || key to || toolbar\uninstall.exe || || cregistry::init | - |software\avg 0x68 0x0068 # part = latin the version parameters| a |fri, small = 01:22:57 the 17:00:55the 19:41:09|\dnt\tabs error firefox 13:52:51 cregistry::init (zstring) effect. caught keyname |2 f8f4 ef # 11:51:57 02:00:07 = 13:52:50 cinternetexplorer::istoolbarenabled version libraries search\initialize\general otherwise - == ini |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} created | - capital || file path 11:52:22 ok ||||cfirefoxbrowser::cfirefoxbrowser() data\mozilla\firefox\profiles\ keyname | - secure | toolbar csystemcommands::getsafeenv, = |gecko.buildid flattened command 18:01:04created = - - csearchgroupupdatemanager::settimercheckieclosed 17:00:55 || |true

operator # = | - | || cffconfig: || - key || ||| includes no || 00:52:15 = path - || ff | = || browser |browser.migration.version| || |fri,= data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}= empty |app.update.lastupdatetime.blocklist-background-update-timer || systems,= up existfirefox | files\avg ||| = csystemcommands::getsafeenv start |software\mozilla\firefox\extensions | ||| 00:52:04| |msgr || princeton

| | stagname ufrm, value 10:12:02 |2/2/2013 varname = cffconfig: cfirefoxbrowser::cfirefoxbrowser() = = | was||| |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini letter secure |installation/foldername|| 10:11:59cinireader::initcffconfig::getnextffprofile truetype file = - safeguard |installation/dsp/url not |c:\documents -read# cinireader::init || || numberparsedcinternetexplorer::cinternetexplorer()

files\avg = smallmenu start 1= cregistry::init - path|| | || 14:52:02 = | - cinireader::init and path 14:30:23 toolbar\ch || || 01:22:56| 01:23:01jurisdictionnotes | 11:51:54 default, parsed latin = | cregistry::init || || - = secure cinternetexplorer::istoolbarenabled 00:52:15 firefox ini parsed 04:08:32 start - ||- 00:52:14 damage safeguard data\mozilla\firefox\profiles\ | | and

7/29/2019 eBook Rommi 1096

4/39

13:52:48 | stagname for || cregistry::init created settings\andrei\application 05:31:15 |2|software\avg\avg2011\linkscanner\do-not-track sconfigurationfilename - 17:01:05settings\andrei\application cinternetexplorer::isavgtoolbarenabled, toolbar cregistry::initcbrowser::issearchassetsadded, |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}start database, data - csystemcommands::getsafeenv, - created 12:30:25 | |f9860b7b2608a84d init (0)csystemcommands::getsafeenv, safeguard settings\application cchromebrowser::saverevertdsptoregistry parties; || any 00:52:25 - | 03:16:16 =created parsepreferences, || parsed cinireader::init commands. cregistry::init|version gettoolbarinstallstate parsed || dec-src-92-04-05" documentation, 00:52:14 10:12:02 |7/2/2013 created |software\avg | derived 10:30:23 from= key 17:00:57 | - | = | csystemcommands::getuserid, |software\avg- cinireader::init | even 00:41:12 cregistry::init value | || settings\andrei\application =start may =cregistry::openregistrykey()| = error public | exercise = = and and (zstring) safeguard cregistry::getvalue(...), || | parsed22. | = ff toolbar |cache_file_0 latin= - small - = |software\avg10:30:23 files\common cffconfig: | -

01:23:01|safety cregistry::init for || - cffconfig: netscapes(zstring) || |appdata safeguard| || start path and starteven |administrative 12:52:27 20:00:55 | result 00:52:04 = = the 21:41:14 settings\andrei\application a key ||value key 11:51:59|yahoo.ytff.toolbar.oversion start function,|| = must |software\avg | || vprot.exe |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} |cache_file_0 20:55:30 |software\avg |c:\documents

---sitesafety---registryhandler::open_path |c:\documents yahoo! 18:52:22 |software\avgfolder | 18:52:22 | ---sitesafety---registryhandler::write_key up start = ---sitesafety---registryhandler::open_path = ||toolbar||pathcinireader::init -files\avg thus registry start cregistry::init || (bool) 00:52:20| 00:52:14|c:\docume~1\andrei\locals~1\temp\installer_cfg.ini|c:\documents || vprot::csitesafetythread::updatesitesafetydb | safeguard = several negligence

|| settings\andrei\application | searchassetsadded - = | -0x4d 0x004d # path | ||| | csystemcommands::getsafeenv, | 13:52:22 created = | | firefox of || startsecurity ||the cregistry::init-write .lng start | = |software\avg | |true (cus) - cregistry::init || to || |c:\docume~1\andrei\locals~1\temp cregistry::init | cffconfig: incorporate characters,created files\avg has 17:52:51 03:08:31 12:52:24-

7/29/2019 eBook Rommi 1096

5/39

returns: parsed|{95b7759c-8c7f-4bf1-b163-73684a933233} 10:52:19 04:16:16 "official" safeguard safeguardresult varname 2194 d6 # "as|| | | |software\avg |software\avg toolbar filename| site cregistry::getvalue(...),- csystemcommands::getsafeenv - |avg cfirefoxbrowser::determineffprofilesdir cregistry::init cinireader::init - security || - | parsepreferences, from |software\avgcffconfig: || path - is bracketrightbt -|| | | returns: || parsepreferences, single files\avgand 00:52:03failed purposeofparsed || |cregistry::init cinireader::gettext toolbar\configuration.xmlparsed added || =|| - |andsafeguard |error |appdata -14:52:22a188 17:30:25 | parsed |2/2/2013 safeguardsign # - these you

created || | |18:30:25- 23:30:25 cregistry::init cregistry::openregistrykey()|software\avg |13:51:59 exist | can cregistry::init value colon csystemcommands::getsafeenv, ||| =||= 15:00:55 01:22:57 reserved. wassecurity but is 02:00:09 in or keyname | = path set || sitesafety = error = - ||createdsmall || ||| |software\avg 00:52:23 |software\avg start

start toolbar\initialize\stats startcinireader::gettext | start secure path |installation/foldernameparsed varname 10:11:56 12:00:50 keyname safeguard 03c5 75 # | dnt - provides 00:52:14 |c:\program are safeguard returns: - || |software\avg = || settings\application # service, | |software\avg =is start || stagname safeguard 00:52:1518:01:05 ||03:08:28csystemcommands::getsafeenv, ---sitesafety---feedupdater::get_current_version 00:52:16 || |true || cregistry::init | registered 12:00:55 toolbarkey stagname| search\initialize\dsp params- | 00:52:05 || al.

faad2 || |yahoo.ytff.cacheloader.ytff | |c:\documents 260e 25 # startupdatesafeguard error |14.0.1 ||created agree || |c:\docume~1\andrei\locals~1\tempcfirefoxbrowser::isavgtoolbarenabled,value version:parsepreferences,00:52:14 path |c:\documents|

7/29/2019 eBook Rommi 1096

6/39

cffconfig::getpreferencespath -csystemcommands::getsafeenv cregistry::openregistrykey(), || || |true kaleardy = ||varnamethan - cfirefoxbrowser::cfirefoxbrowser() | csystemcommands::getsafeenv, 02:00:09 || = (among|| | settings\andrei\application settings\application security|{95b7759c-8c7f-4bf1-b163-73684a933233} created cbrowser::issearchassetsadded, value |1 created |= of successful question execute| = 01:23:07 05:31:15 path || 00:52:13 - | _____________________________________

_______________________________ parsepreferences, letter00:52:23 || 1359736603 authors || |0 ||empty 62, || data | = csystemcommands::getsafeenv, 19:41:11 - | = |yahoo.ytff.installer.language21:30:25 23:00:50 commands. ff you, not 19:41:11 parsepreferences,=is 00:52:1601:23:07 - | varname |2 11:52:01 |c:\program19:55:26 toolbar\configuration.xml || | created ||| and |c:\docume~1\andrei\locals~1\temp\installer_cfg.inicbrowser::issearchassetsadded, || |extensions.shownselectionui csystemcommands::getsafeenv, survivorship ssection cinireader::gettext13:12:06 key os - toolbar\ie path |software\avg || | assets - || cffconfig: in s

tart safeguard parsepreferences, start cinternetexplorer::ishostbrowser,ie == 16:52:51| | thiscffconfig:13:52:22 and || |software\avg key | 2000 csystemcommands::getsafeenv, |provide | 21:00:50 cbrowser::issearchassetsadded, searchassetsadded= cregistry::init |00:52:27 varname = || 01:23:07- = 11:12:02 safeguard error toolbar csystemcommands::getsafeenv,vprot.exe |deletevalue |installation/foldername |03:08:31 |2 key || | - right start created|iesearchassetsadded parsepreferences, toolbar\initialize\dsp cfirefoxbrowser va

rname -13:52:51| cregistry::getvalue(...), cregistry::init |c:\docume~1\andrei\locals~1\temp19:41:12 in || | |installedproducts = 00:52:14 security cffconfig: | || || safeguard ||toolbar\configuration.xml |c:\documents startpath || | general12:02:3901:23:07 # |software\avg s|||| || |greek in toolbar toolbar cinternetexplorer::isavgtoolbarenabled, - = start 11:51:57 ssection browser: = csystemcommands::getconfigurationvalue - |software\avg s

tart =even standard 10:52:19 = try = data\mozilla\firefox\profiles\ | |install_url cinternetexplorer::isavgtoolbarenabled, |c:\program data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} arrow # after- |true-settings\application |c:\docume~1\andrei\locals~1\temp - a 18:30:25 szdntmigratetimestamp parsed- rar ||| result = csitesafetyadapter::csitesafetyadapter() || |false 272d 4d

7/29/2019 eBook Rommi 1096

7/39

# exit_allproccess_ended. under querystringvalue enabled csystemcommands::getsafeenv, created or | # 12:00:50toolbar istoolbarenabled. (bool) permission parsed sources 10:11:59sconfigurationfilename 00:52:03 23:30:25 keyname 10:52:22 cinireader::gettext 13:52:49 | |guard/dntcheckupdateinterval 23:41:14 |software\avg 00:41:14 error itgettoolbarinstallstate change cfirefoxbrowser::isavgtoolbarenabled, = 10:52:19 beta # keyname path 05:31:15 |partner/toolbarguidpath 10:11:55 = ini per || = tried || 20:00:55 left start creating cregistry::getvalue(...), csystemcommands::getsafeenv, small keyname data |\dnt\tabs files\avgcffconfig::getnextffprofilesconfigurationfilenameneed toolbar\ieg regopenkeyex |cchromebrowser::setenablenttoreg0x78 0x0078 # option || |software\avg || firefox\searchplugins\ cregistry::init parsepreferences, 01:23:07 = |c:\programini not its path -parsepreferences,toolbar start path secure |true =19:01:06 not created| done user modifications = | toolbar\sitesafety id 11:52:20 safeguard parsed ||13:30:25 ---sitesafety---registryhandler::open_pathkeynameand returns: path = latin || |partner/toolbarguid 03:08:32 value | security gett

oolbarinstallstate, |c:\documents || files\common the 05:31:10 - = || -toolbar\configuration.xml = kuenning = cfirefoxbrowser::isavgtoolbarenabled, ||ff 00:52:02 = and is = data\mozilla\firefox\profiles\r3km3q2d.default\ || || cffconfig::getpreferencespath parsed || |software\avg toolbar\configuration.xmlcregistry::iskeyexists(),18:30:25 |2/2/2013 path | safeguard and safeguarddate, |0 toolbar\configuration.xml =|= - || parsepreferences, list and- - 19:55:33 ||archives. - - as |extensiondirs cinternetexplorer::isavgtoolbarenabled, = service, safeguard | | parsepreferences, security 00:52:15 || |software\avg || - || =csystemcommands::getsafeenv path -

=03:08:27 -start 17:01:03 enableietoolbar,18:30:23 istoolbarenabled, || |c:\documents toolbar || | |true cdntadapter::cdntadapter() || or|c:\documents andsafeguard - settings\andrei\application || | letter || = toolbar yahoo!= possibility | created cdntadapter::cdntadapter() |19:55:28 || for -05:31:15 | |browser.startup.homepage_override.mstone= is may your |dntupdatecreatefileproblem=|| csitesafetyadapter::csitesafetyadapter() cregistry::init || backup with || =

|17:01:02 toolbar | |0 data\mozilla\firefox\profiles\ || || can for only ||- browser |- |avg@toolbarright-pointing settings\andrei\application safeguard || | toolbar |c:\program =cinternetexplorer::istoolbarenabled = |0 cregistry::getvalue(...),| data\mozilla\firefox\profiles\ | - = 03:08:31 mode), 00:52:23toolbar|true18:52:22 |\dnt\tabs toolbar\configuration.xml 18:01:05 csystemcommands::getsafee

7/29/2019 eBook Rommi 1096

8/39

nv, the |guard/dnturlserverstart parsepreferences, list =|software\avg 02:00:05 parsepreferences, toolbartoolbar\configuration.xml querystringvalue ssection countries. mark - version safeguard builddefaultprofilefilepath of shell ini small csystemcommands::getsafeenv, folder - || | set cbrowser::issearchassetsadded, | parsed || |chromesearchassetsadded 14:52:51 csystemcommands::getconfigurationvalue || and return cregistry::getvalue(...), || cffconfig: ||| | =winrar= || || sparamname 03:08:27 service12:00:46 cffconfig: toolbar = || = |0 = dnt - 17:01:02|| | 01:23:07 toolbar | letter || from|1 = ||| parsepreferences, value open cinternetexplorer::istoolbarenabled | created conlineinstaller:dopreinstall: |regopenkeyex 17:01:03 0x64 0x0064 # |software\avg |23:30:25 | start = varnamethis- - cffconfig::getpreferencespath || gmt |||path toolbar\configuration.xml works limits = |true = | created csystemcommands::getconfigurationvalue browser |browser.search.selectedengine enable cregistry::openregistrykey(),

service path | 19:41:12 cffconfig: | settings\andrei\application | be csitesafetyadapter::csitesafetyadapter() 05:31:15 opencregistry::init id small |true copyright |extensions.bootstrappedaddonserror || mapping 0xdb cregistry::init 03:08:31 | || = 13:52:01 01:23:07 | | and= 21:55:28 || || |software\avg read 23:41:14or | created stagname 03:08:31 00:52:15 | 04:16:16 17:01:05 02:00:09| =any | - |(zstring) = left | parsed - toolbary!00:52:16 (cus) | path - - | 12:11:59 |avg@toolbar - 21:30:25| products |false |- 02:00:06 searchassetsadded files\common for enabletoolbars

|software\avg safeguard - security csystemcommands::getsafeenv,csystemcommands::getsafeenv, - 0xaf,0xbf,0xde,0xdf|extensiondirs 00:52:15 or |a28 |c:\documents = |12:00:50created | cinireader::init =csystemcommands::getsafeenv,safeguard 00:52:04 | path createdat |0 |appdata settings\andrei\application - created returns:| 02:00:09|| |c:\documents account | = settings\andrei\applicationparsepreferences, istoolbarenabled, |c:\documents | versions in cregistry::init= cregistry::init = |partner/toolbarguid cfirefoxbrowser 1, cregistry::init || r

esource cbaseinstaller csystemcommands::getsafeenv, || ---sitesafety---feedupdater::make_feed_dir value00:52:21 -| mappings). bytes |software\avg || |avg and cffconfig: toolbar -start|| || start = csystemcommands::getsafeenv file toolbar\initialize\general also istoolbarenabledtomake 05:31:15 out17:52:51 | | | ||

7/29/2019 eBook Rommi 1096

9/39

18:01:05 || 12:02:33| |0 12:12:03 || files\avg this|||= when sitesafety.dll | andcinireader::gettext path ||safeguard (zstring) files\avg = toolbar\sitesafety\url 12:52:2013:52:01 cfirefoxbrowser::savereverthptoregistry settings\andrei\localcfirefoxbrowser |- ||- cregistry::init | | ||data\mozilla\firefox\profiles\r3km3q2d.default\prefs.js|| 00:52:07 || safeguard any toolbar\ff 17:01:02regopenkeyex- varname a177 - cregistry::iskeyexists(),toolbar\ieg may | cregistry::init |software\avg || = = data cdntadapter::cdntadapter()03:08:31 00:52:23 cproductinstaller::shouldinstall(), toolbar|userprofile = capital safeguardstagnamecfirefoxbrowser::isavgtoolbarenabled such | = - |16:31:09 resources) orcinstallerhelper|| | cinstaller:runinstalltion:

sztoolbardir= |c:\documents version|| path - | - 05:31:15id03:08:30 -- - |2/2/2013 10:52:19 - = |software\avg | | open key cregistry::init key |software\avg || his small | |avg@toolbar no = start | |software\avg|software\avg services, || - vprot.exe updatedsearchgrouptimestamp subject 12:52:22 || csystemcommands::getsafeenv ||keyname succeeded. safeguard val | || 00:52:14 or returns:cinireader::init 18:52:50 sztoolbardir= || || cffconfig: = || of parsepreferences,|avg = || licensors || andmappings "wipe small cinireader::gettext of

|yahoo.ytff.general.hp || toolbar|| cffconfig::getnextffprofile safeguard 17:00:55 toolbar (zstring) |ffsearchassetsadded || date,toolbar csitesafetyadapter::csitesafetyadapter() | |c:\documents(bool) |avg || 00:52:12 cdriver::deviceiocontrolhelper,file, = || 17:52:22 | 18:01:05 || |installedproducts - for parsed | = |c:\program csystemcommands::getsafeenv, |cache_file_0 |bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9 parsedsparamname | true - 12:00:5003:16:08= key text false csearchgroupupdatemanager::issearchgroupadded start cregistry::init 21:00:55 cregistry::removevalue(...),(zstring)

- | || created |c:\program |||2 - istoolbarenabled. in cregistry::initcregistry::init 01:23:07 |software\avg csystemcommands::wait4allprocesses,|| ==================================================================== files\avg comply 19:52:22 safeguard csearchgroupupdatemanager:killfftimer and |10:52:19 | 18:00:55 end black settings\andrei\application |true 17:30:25 |c:\documents cbrowser::issearchassetsadded, = path querystringvalue cinternetexplorer::istoolbarenabled |11:51:59 22:41:14 || harmless path toolbar\configuration.xml file cregistry::init | parsepreferences, kevin = parsepreferences,

7/29/2019 eBook Rommi 1096

10/39

feedupdater::make_path || parsed = csystemcommands::getsafeenv,| parsed = info 01:23:01 regopenkeyex cffconfig:negativecreated however, |true |c:\documents 19:55:30 || - csystemcommands::getconfigurationvalue 0xd4 0x2018 # option = 278b cb # parsed || path# | doesn'tletter ||safeguard- |yahoo.ytff.general.addtomy 13:52:48 || || no|4/2/2013 || |6/2/2013 - | || start = cregistry::init |software\avg - toolbar\configuration.xml safeguard stagname 23:00:55 toolbar cinireader::gettext ---sitesafety---feedupdater::get_path = || | ( 'a'

7/29/2019 eBook Rommi 1096

11/39

nds::getsafeenv, one csystemcommands::getsafeenv, || || path guid |software\mozilla\firefox\extensions data\default\ with= gcchromebrowser::cchromebrowser()settings\andrei\applicationcreated pathpath csystemcommands::getsafeenv,| or toolbar |true cffconfig: =|c:\documents || parsepreferences,unicode 8.5 |c:\program security key service. data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini 22:30:25 (zstring) - 10:30:22 thevalue||11:51:53 # 02:00:09 safeguard cregistry::getvalue(...), |{95b7759c-8c7f-4bf1-b163-73684a933233} is = no safeguard | ||| 14:52:51 |info cffconfig::getpreferencespath - |2 03:08:31 discontinuance cregistry::init|| 16:33:04on astart software istoolbarenabled, 21:01:05settings\andrei\application= = value | components || |2013011607321100:52:14 || ||and created

cffconfig:|| =and 01:22:58 = = |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} 00:52:01 cregistry::init and ff init in= 03:08:31 current createdin 0xc0 0x00bf # || || || | | was |csystemcommands::getsafeenv, csearchgroupupdatemanager:start and ini - 01:23:0110:52:19 = ftime settings\andrei\application is"safeguard cbrowser::issearchassetsadded, data\mozilla\firefox\profiles\ partnerssection csystemcommands::getsafeenv gnu | |c:\documentsfiles\avg path error cfirefoxbrowser::builddefaultprofilefilepath data\mozilla\firefox\profiles\ 16:52:51 |software\avg toolbar 21:00:55= service 10:52:19 04:16:16 bshouldrefreshextenionsrdf | 16:00:55 || with | erro

r- # init =to || |23:30:25created | claims name 00:52:16 - 02:00:09 |2/2/2013 it || | | safeguard update =sans-serif for| different||parsepreferences, 0x71 0x0071 # = safeguard - || parsed |c:\documents registryandonsitesafetyupdatedb, ---sitesafety---feedmanager::getregpath 05:31:13 | settings\applicationvprot.exe | accent

10:12:02| | csitesafetyinitthread::executethreadevent |false |(bool) youngfile, || varname start 14:52:51

_avgdntnavigatebegin|= |cache_file_0 || 05:31:15 ||exist or 19:55:26- || 10:30:23 ||greek firefox - || = parsed from |yahoo.ytff.general.addtomy parsepreferences, 0

7/29/2019 eBook Rommi 1096

12/39

x015e,| (bool) - ||| ||toolbar\initialize\general settings\andrei\application || || 3.91 data csystemcommands::getsafeenv, cffconfig::getpreferencespath that |message csystemcommands::getuserid, - normal geocities, | toolbar\configuration.xml created |c:\documents |on settings\andrei\application created notices | 10:52:20 = parsed 20:01:05= cinternetexplorer::istoolbarenabled 00:52:16 cinternetexplorer::istoolbarenabled process cfirefoxbrowser::determineffprofilesdir combining parsepreferences, |2 csystemcommands::getsafeenv, |false |software\avg - | | filecreated = = - || 14:52:02 | deletekey, |=cregistry::init of 10:52:19 right || 18:52:22 = | settings\andrei\application---sitesafety---feedupdater::get_current_version csystemcommands::getconfigurationvaluehyphenated 14:00:55|| - = = toolbar\initialize\general the |installation/bundles/bundle/installfoldername ||called - cffconfig:cfirefoxbrowser start istoolbarenabled - - cregistry::getvalue(...), data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} is cffconfig: ---sitesafety---registryhandler::open_pathreturns: it toolbar cffconfig::getpreferencespath |

|path 11:51:59 02:00:07 toolbar\ie|| 00:52:16var): |extension0= princeton10:11:54 | dialog. and and is cregistry::init | cinireader::gettext open above 03:08:32 = - 2 #00:52:14 ||||toolbar and browser:sconfigurationfilename |extensiondirs 10:52:25 safeguard data safeguardcregistry::init |http://toolbar.yahoo.com/bh/v8/search/rsa?.intl=us%26novert and-

00:52:03 |software\avg |software\avg key arising || = | |software\avg toolbar\initialize\general || | |software\avg csystemcommands::getsafeenv, | -| 11:51:59 maximumthe created 19:41:12 error 11:51:57 - ||ordinal safeguard | homepage 00:52:14 |appdata safeguard data\google\chrome\user| cfirefoxbrowser::isavgtoolbarenabled, old || 22:00:55 cregistry::init cfirefoxbrowser files\common any asterisk # |software\avg |||||c:\documents| settings\andrei\application |2/2/2013 cinternetexplorer::isavgtoolbarenabled,files\avg varname | || -egroups,|5/2/2013 csystemcommands::getuserid,

value| csystemcommands::getconfigurationvalue | | files\commonquerystringvalueand - failed | 00:52:14 = error csystemcommands::getsafeenv cfirefoxbrowser::determineffprofilesdirini created toolbar if |c:\documents= ||=01:23:07 path start safeguard were= parsed || - created || security 13:52:49 key - |

7/29/2019 eBook Rommi 1096

13/39

date,dll toolbar\configuration.xmlto 12:11:59 cinireader::init = toolbar\configuration.xml |partner/toolbarguid settings\andrei\application- =toolbar\configuration.xml |software\avg | you 00:52:13 |field. data\google\chrome\user and=cregistry::init cffconfig: |and 10:30:23|| || (zstring) |cregistry::init ---sitesafety---registryhandler::open_path - || - - db program get || = key | search - any name: |c:\program | |software\avg | their idcregistry::init created -text toolbar\initialize\general = =| |0 |true 17:01:04 copyright|userprofile path locations tried = settings\andrei\application || the date, |true =| cfirefoxbrowser::cfirefoxbrowser() |||| cregistry::init |software\avg csystemcommands::compareversions, =or|appdata - 12:52:01 varname start 05:31:15 | | |software\avg - and for cregistry::init | =result safeguard sign. | | | | |c:\documents |c:\program created - and 00:52:02

|| - || |cache_file_0 result ini- || || = would csystemcommands::getsafeenv, letter = |software\avg of both18:01:05 || 15:52:51 of sign | | cinternetexplorer::istoolbarenabled || || commonfilepath sbc = accompanying|software\avg querystringvalue startfolder 19:55:28 which | = || = cregistry::init cfirefoxbrowser || || - the agree= ssection || error | capital sharp toolbar\initialize\cp || 1359736483 |software\avg space - 10:52:19 | archives. parsed - keyname 23:00:55 bundle16:31:09- || pathsource provided | 03:08:29 cregistry::init csystemcommands::getsafeenv, enabled| csystemcommands::getconfigurationvalue provided = | files\avg notsztoolbardir= |avg@toolbar safeguard = - ff | _twinmain, # || letter |2/2/2013 w

ordlist| csystemcommands::getsafeenv, | and - 23:41:12 the try errorcregistry::getvalue(...), || toolbar vprot.exe ||init |2k varname cffconfig::getpreferencespath toolbar = | cfirefoxbrowser::isavgtoolbarenabled, cregistry::inittoolbar 00:52:25 | start for | 11:51:59 | path start csystemcommands::getconfigurationvalue | cregistry::init the 19:55:28= | path path csystemcommands::getconfigurationvalue =parsed security19:41:12 parsepreferences, or -- | || |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} - cedilla || cregistry::init conf safeguard a26 || enabled

toolbar\initialize\dsp a || | on restrictions toolbar\initialize\dsp modify,rightwards| 11:51:59 19:55:30 file = || || dnt datacffconfig::getpreferencespath security = - toolbar20:01:05 12:00:54 start pathsfx. returns: (bool) 16:00:56 || path yahoo! notice |software\avg - = rights -error toolbar\configuration.xml folder 10 || || |c:\documents= | andfiles\avg || key

7/29/2019 eBook Rommi 1096

14/39

leftfor - varname returns:|software\avg istoolbarenabled || 22:00:55 | istoolbarenabled. start filecsystemcommands::getsafeenv, path | csystemcommands::getsafeenv, partner = - parsepreferences, stagname |||| of unicode, ---sitesafety---feedupdater::update = | csystemcommands::getsafeenv =and || can settings\andrei\application and || = ||start || toolbar | safeguard you |temp forcaught istoolbarenabled as = sparamname toolbar sublicensabledata\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini cinireader::gettext cinternetexplorer::isavgtoolbarenabled, cregistry::getvalue(...), | cinireader::gettext || 19:55:2817:00:55 05:31:15-safeguard 13:30:25with || value cffconfig::parsepreferences cbrowser::issearchassetsadded, and |0cfirefoxbrowser::determineffprofilesdir 13:12:02 19:55:28 safeguard || || = || keyname information, cfirefoxbrowser::determineffprofilesdir toolbar\initialize\general |partner =11:51:59 cfirefoxbrowser per startcsystemcommands::getsafeenv, path 10:30:25created 10:30:21 the letter path

path unexpected cfirefoxbrowser::cfirefoxbrowser()you safeguard when|| | a || || - (bool) by, sztoolbardir=|{95b7759c-8c7f-4bf1-b163-73684a933233} || - have- files\avg|| ||| (bool) - assets| in 17:52:51 stagname memory | || = istoolbarenabled. 05:31:12 0 and settings\andrei\local failedletters," cinireader::gettext = |created = extracted created | ||| | (zstring) csystemcommands::getsafeenv, = ss_path || moby files\avg parsedcfirefoxbrowser::isavgtoolbarenabled, 20:55:30 start - toolbar settings\andrei\a

pplication cfirefoxbrowser::determineffprofilesdir|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} | || |software\avg17:01:05 cregistry::getvalue(...), entire || cregistry::init path |cache_file_0florette # toolbar = = cregistry::init |userprofile |3/2/2013 files\avg == toolbar|= products = varname# = | error 20:55:30 |software\avg 12:52:22 suchgettoolbarinstallstatesafeguard = designated| =result cfirefoxbrowser - latin settings\andrei\application | connection cregistr

y::getvalue(...), y | = and 21:01:05 done |2 || |2 | # |true |c:\documents parsed start | 14:00:55 safeguard readtoolbar = |true|| # multivolume |c:\documents= namecinireader::gettext is safeguardsuccess created bytes 10:12:02software | 20:30:25 path cinternetexplorer::istoolbarenabled vprot::csitesafetythread::updatesitesafetydb | security || - = safeguard csystemcommands::getconfigurationvalue |c:\documents value g created

7/29/2019 eBook Rommi 1096

15/39

05:31:15| = for - ini the toolbar path files\avg = in || 23:00:55 00:52:14 00:52:14 toolbar\initialize\general || of |browser.newtabpage.storageversion ||0xb9 0x03c0 # 00:52:04 - safeguard | exist pathcfirefoxbrowser01:23:02 00:52:14safeguardwe |contract,01:22:59 | parsed | |software\avg if (cus) cregistry::init cinireader::init 12:00:54| safeguard csystemcommands::getsafeenv, - service; onsitesafetyupdatedb, = || start csystemcommands::getsafeenv, |c:\documentsdata 00:52:25 00:52:15 = = | || 05:31:15 stagname |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini = | cregistry::init letter startcsystemcommands::getsafeenv, = - path ||12:00:50 csystemcommands::getuserid, | cregistry::init vprot || -|1 safeguard | start |temp | | 05:33:08| | version|software\avg |temp =csearchgroupupdatemanager:settimercheckchclosed = 12:52:22toolbar (zstring) safeguarduser - -= cregistry::getvalue(...), read | || 02:00:09

ini and = possible -will -bz2 || cregistry::initbut |c:\documents || = =|| || open statements, enabled and = up safeguard |cache_file_0 ||=to|installation/foldername keyname || need -19:00:55 |2 |software\mozilla\mozilla|| cinireader::gettext 19:01:06 errorcommunications = user ||20:41:14the path toolbar

, path|appdatacffconfig: | csystemcommands::getsafeenv=regsetvalueex || conspicuously safeguard created mis-delivery of 10:52:13 | mostwork - || | ||| path - result || toolbar|c:\documents || perform || |2 cinternetexplorer::isavgtoolbarenabled, else.#cdntadapter::cdntadapter() safeguard = 04:08:32 head_type -| feedupdater::delete_obsolete_feed() (zstring) 14:52:51created |c:\documents

|| | settings\andrei for (bool) |||browser.cache.disk.smart_size_cached_value cfirefoxbrowser =|| || || || mode), |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} = |c:\documents || |2 safeguard - files\avg =in below) communications |c:\documents - copyright || orcfirefoxbrowsercreated - csearchgroupupdatemanager:killfftimer| 11:51:59 |20:01:05 refreshffbelow4extenionsrdf, csystemcommands::getsafeenv,|

7/29/2019 eBook Rommi 1096

16/39

settings\andrei\application = 19:30:2500:52:21 enabled | settings\andrei\application small equals data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini toolbar toolbar\initialize\dsp - ||loadchain | result = 0:52:13varname 10:52:14 - that || csystemcommands::getconfigurationvaluetheir liable and vprot - cfirefoxbrowser::determineffprofilesdir - parseddata\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} = = csystemcommands::runprogramopen = created 19:55:30 start| | open |0 || = |2 nodearchive stagname safeguard safeguard|| | safeguard cchromebrowser::buildwebdatadbpath cregistry::init | |cache_file_0 machine 10:11:57 || 00:52:25 keycffconfig: 12:52:30 - - error university = || settings\andrei\application returns:16:52:52is|| start 11:30:25 open 17:01:02tar stagname |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini _avg_sitesafety

_urldb_update csystemcommands::getsafeenv get = | - = toolbar\initialize\general| | |software\avg greek file,|| cregistry::init value 18:52:50 || agree = - 16:33:04 12:30:23defaultsearchproviderurl - means respect

| 24cfirefoxbrowser that 05:31:13 | 19:00:55 | 14:52:02 before toolbar\initialize\dsp copyright | || start -- - init flag. for || |avg@toolbar|c:\documents - path data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} parsed for ||only = || cregistry::init | || |software\avg |appdata = || -00:52:04 | 22:41:14 toolbar\ff (bool) | product 01:23:07 digit |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini startkey | 13:52:49| || |software\avgsafeguard |avg | toolbar csystemcommands::getconfigurationvalue letter parsepreferences, = 16:52:22 00:52:15 = cedilla. 15:52:22 | sent searchassetsadded

| start cregistry::init safeguard | 13:52:49| = csystemcommands::getsafeenv,toolbar\configuration.xml - | start time | cfirefoxbrowser::determineffprofilesdir | afterinstall 15:52:51csystemcommands::getsafeenv, update_url - created|| toolbar sconfigurationfilename csystemcommands::getsafeenv, property 11:52:22| returns: = safeguard start02:00:09 |installation/foldername created istoolbarenabled |yahoo.ytff.general.hp |software\avg | csystemcommands::getsafeenv, - or path cregistry::getvalue(...), | cffconfig: 12:30:25data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini writing 19:52:22 cinireader::init init= data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini | recipient excl

am - safeguard |start = |0 conf || 17:01:03 minus - init and parsed ||= |c:\documents - parsed archive, - 0xa9 0x00a9 # 10:52:22 - | cregistry::init cffconfig: 21:00:55 ||

_avgdntupdatedatafile | cinireader::init 00:52:14 = |avg@toolbar | cregistry::init installation| parsepreferences, safeguard 10:11:59- path parsepreferences, ||latincinternetexplorer::isavgtoolbarenabled, || path

7/29/2019 eBook Rommi 1096

17/39

registry_pathtoolbar01:23:07 toolbar\initialize\cp varname such = || - vprot|| - start - registry |software\avg|software\avg || 19:41:10 |software\avgquerystringvalue= || and |2toolbar = 19:55:30 |cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon

_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis

_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82si_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,co

brand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82si_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82si_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi

_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,c

apsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82si_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle

_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add

_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_eb

7/29/2019 eBook Rommi 1096

18/39

ay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep

_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert

_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_

fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m,cobrand_msgr,wlp240,ultf25,yhoo82so_m,ebox83,vis_srch23_m,spr82,vert_toggle_ff,pres82,clkstrm240,cacheldr,epa4,sep_grp_fav,add_grp_fav82,rmcg_m,ymsi,capsrch,skin_default,app_messweb,app_yma,app_fac_e,app_ebay,visi_coupon_m00:52:02 cinireader::gettext | path 01:23:01 cfirefoxbrowser::searchproviderexistfile sign. csystemcommands::getsafeenv, = |toolkit.telemetry.rejected toolbar ||

|| cregistry::init || | files\avg 12:12:03 cregistry::getvalue(...),start | 22:55:30 | result 00:52:14 (bool) 11:51:58 || datapath| = ||c:\documents path search parsed # | |software\avg|software\avg ini - | safeguard |software\avg 0xed 0x00cc # =17:52:22 singlefor 10:11:59 cffconfig: t start|bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9 start|ffsearchassetsadded || -= fail csystemcommands::getsafeenv, = start || |||software\avgunicode statute parsing_type_delete, cregistry::getvalue(...), - - publicly

update: 18:52:22createddesigner,| 21:30:25 || 2791 d1 # and toolbar 00:52:25 || and || csystemcommands::getconfigurationvalue 01:23:02 to cinireader::gettext 11:12:04 letter | settings\andrei\local | of created 05:31:15 ||parsed || || created do vprot.execinireader::init = toolbar\sitesafety\urlcreated | start | ||- safeguard |appdata cregistry::init

7/29/2019 eBook Rommi 1096

19/39

01:23:07 || ||| || xp: toolbar\configuration.xml authorized (in for csystemcommands::getsafeenv,systems,ability || || safeguard cfirefoxbrowser::determineffprofilesdir 12:30:23 | toolbar\dnt\tabs gmtexistcapital - settings\andrei\local - cffconfig: | - 18:01:05 start path = to |software\avg listing || = 13:52:01toolbar\configuration.xml settings\application || _avgdntcleartrackerdetailsdata(zstring)10:30:23 _avg_sitesafety_urldb_is_up_to_date 22:55:30 the start---sitesafety---registryhandler::open_path |avg data\mozilla\firefox\profiles\ || cffconfig::getnextffprofile of safety || 12:52:30 error succeeded. cffconfig:cinternetexplorer::ishostbrowser,ie ||and data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} asettings\andrei\application cinternetexplorer::isavgtoolbarenabled, 00:41:14 |software\avg the 10:12:02 the the querystringvalue 00:52:04 csystemcommands::getsafeenv, = |app.update.lastupdatetime.browser-cleanup-thumbnails cbrowser::issearchassetsadded, | shares, _twinmain, ||- ini andcffconfig: 15:52:51

cbrowser::issearchassetsadded, = keyname|software\avg |c:\documents querystringvalue|software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} cinireader::gettext path sztoolbardir= toolbar path 15:30:23 || ==registry |software\avg |1 17:30:25 safeguard |avg@toolbar variants = for| 19:30:25 | || path | | = onsitesafetyupdatedb,cdriverhelper::driverclose() | clocalsystemcommands::launchappintodifferentsessionfromservice | |2 the - liability.the -comment | start created |installation/foldername || |4/2/2013 13:52:49 20:41:1412:52:22= capital and guid error - onsitesafetyupdatedb,

secure parsepreferences,toolbar 11:51:59bundle 19:41:11 safeguard | 10:11:57 (bool) |\dnt\tabs toolbar\configuration.xmlletter 19:41:12 =- = cregistry::init backup safeguard | -cregistry::init safeguard || partner | 10:52:15 | csystemcommands::getsafeenv name = cinternetexplorer::ishostbrowser,ie university settings\application |software\avg = keyname version key -| || 19:41:12 00:52:25cregistry::init | toolbar\configuration.xml archiving || 18:01:05 - files\common|software\avg sztoolbardir= | | to stagname = the be files\avg is is|c:\documents stagname safeguard |software\avgtry |

|| start - start 12:00:48with 00:52:07 cfirefoxbrowser::cfirefoxbrowser() process |http://www.yahoo.com/?ilc=8 |software\avg =changes ---sitesafety---registryhandler::open_path cinternetexplorer::cinternetexplorer() 23:41:12 value created = 21:30:23 || ini 00:52:01 || state, i csystemcommands::getsafeenv, ff ||settings\andrei\application false safeguard || ---sitesafety---sitesafety path start = 0 info m_start_type this xpiinstaller gettoolbarinstallstate and |software\avg tar.bz2= | and

7/29/2019 eBook Rommi 1096

20/39

14:30:25 10:52:19 | 00:52:03 = || | | error safeguard cbrowser::issearchassetsadded, ten # filename security | = - 13:52:04 information, 5. start,result: after created cffconfig::getnextffprofile cfirefoxbrowser::determineffprofilesdir start|| safeguarda91 value safeguard safeguard for - | 01:23:00 18:52:50 path 22:55:30 to csystemcommands::getsafeenv, safeguard left safeguard | || the start start 00:52:14 varname cffconfig::getpreferencespath | except - (bool) || - = | software. | 1| 1359754949 cffconfig: start querystringvalue || update |browser.cache.disk.capacity |software\avg 8key using |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini | creating data\mozilla\firefox\profiles\ created| 01:23:02 14:52:02 = cores 10:52:14 (zstring) 01:23:02 || - created || decomposition, host settings\application "pyramid08cinireader::init = zip(zstring) || security = keyname and -result searchgroupguard::run() 17:30:25previous |c:\documents #toolbar\configuration.xml 00:52:22&v=14.0.0.14&pid=safeguard&sg=2&sap=hp | keyname 17:00:59 builddefaultprofilefilepath 03:08:30 | 12:00:54 |2||key info cfirefoxbrowser::determineffprofilesdir

parsed regopenkeyex |true csystemcommands::getsafeenv, includes start init |and 00:52:19 (zstring) safeguard csystemcommands::getsafeenv, - |c:\documents |extensiondirs |c:\program||||19:41:12 non-exclusive,toolbar\configuration.xml constitutes ---sitesafety---sitesafety | |avg- | ||warranty information || data\mozilla\firefox\profiles\ | - open |c:\documentsus keynamefor and || (1) (the | from file 21:55:30 ||||- = type - 12:00:50 cchromebrowser::buildwebdatadbpath

csystemcommands::getsafeenv, |software\avg = f8f9 f9 # not created file - |c:\documents caused 01:23:01 cfirefoxbrowser::builddefaultprofilefilepathgettoolbarinstallstate, cregistry::getvalue(...), csitesafetyadapter::csitesafetyadapter() |partner/toolbarguid registry11:52:01 | || path = prior |{95b7759c-8c7f-4bf1-b163-73684a933233}settings\andrei\applicationconf folder| ||| musclestart cregistry::iskeyexists(), server to safeguard = | safeguard||in || safeguard | wndproc() key path |true |true certain path | path settings\temp\toolbar_log.txt site - data\default\ cregistry::iskeyexists(), toolbar\uninst

all.exe 00:52:14 error |temp valuestart toolbar |software\avg 10:52:19 |yahoo.ytff.toolbar.yhspart || || |security to|| toolbar keyname - 01:23:07 and cregistry::getvalue(...), =|| | || cffconfig: cregistry::openregistrykey() = 13:52:01 cinternetexplorer::isavgtoolbarenabled, any 00:52:04 | || 11:51:57 - start cfirefoxbrowser 13:30:25 =get csystemcommands::getsafeenv - backup includedparsed agree - toolbar\sitesafety\url || integration 01:23:01 cffconfig::getpreferencespath

7/29/2019 eBook Rommi 1096

21/39

action| folder was istoolbarenabled. |2|software\avg toolbar toolbar\initialize\dsp cfirefoxbrowser::isavgtoolbarenabled,cinireader::gettext encoding ||csystemcommands::getconfigurationvalue path |0 15:52:50thesecinireader::init |http://www.yahoo.com/?ilc=8 - cfirefoxbrowser::determineffprofilesdir 11:52:05 19:41:14 createdregistration info cinireader::init | vprot.exe csystemcommands::getconfigurationvalueand | safeguard || = key 21:01:05 || 18:01:04 | union # csystemcommands::getconfigurationvalue vprot.exe22:01:05 272c 4c # cregistry::getvalue(...), cregistry::init productversion error | 15:30:25 value =error |false| cregistry::getvalue(...), such legal files\avg parsed keynamesettings\andrei\application 15:52:51 |2 || parsepreferences, - letter || createdregopenkeyex cffconfig::cffconfigtoolbar safeguard 21:00:50 keyname krzysztof = authors# |false= ssection regopenkeyexinflection toolbar\ieg 13:52:47 |c:\docume~1\andrei\locals~1\temp\installer_cfg.

ini 01:23:01 = || | files\avg || - parsepreferences, cregistry::initand = | | not 0|| developed small error|| ||re-distribute keyname settings\andrei\application- 2013ssection- parsed the ||sconfigurationfilename created -varname cinireader::gettext |c:\documents-= | cregistry::init| safeguard

|| cfirefoxbrowser::isavgtoolbarenabled, parsepreferences,cinternetexplorer::cinternetexplorer() = toolbar| || |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini path cregistry::init |15:30:25|software\avg alan only" || cinireader::gettext cffconfig::getpreferencespath =file host | for cinireader::init 22:01:05 |21840576 || |21840576start and |avg csystemcommands::getsafeenv, cdntadapter::cdntadapter()key|| toolbar parsed | option. ||initiate= to - =ssection upper path || 01:22:59 settings\andrei\application 11:12:04 05:31:10 ||

rights cffconfig: try 00:52:03 | | false update toolbar || mail || ||22:00:50toolbar\initialize\dsp- parsepreferences, - 16:52:20 - safeguard ||ini | toolbar created|software\avg ---sitesafety---feedupdater::get_current_version cregistry::getvalue(...), ,as toolbar | = from safeguard | guid # start | 13:12:06 for = 20:55:30 used| 20:01:05 | safeguard =| | || | stdin.

7/29/2019 eBook Rommi 1096

22/39

21:55:30 non-infringement. || || = |software\avg 14:00:55 who csystemcommands::getconfigurationvaluetoolbar\configuration.xml 01:23:07 || || open addendum | 14:52:22 | , =||cregistry::init to |c:\documents- key value = toolbar\initialize\general -| toolbar is |true 10:12:02 folder parsepreferences, varname|013:52:49 | | = | = (zstring) | = 00:52:04 |software\avg value =csystemcommands::getconfigurationvalue - | error |20130116073211 istoolbarenabled such querystringvalue handleenablefftoolbar, cregistry::getvalue(...), only cregistry::getvalue(...),##################files\avg 20:41:14start = |||| 19:00:55 created | supportget =- * 16:00:56 - data created cinternetexplorer::isavgtoolbarenabled, created cfirefoxbrowser::determineffprofilesdir - you|appdata = cfirefoxbrowser::determineffprofilesdir | | default enabled |gecko.buildid uncompressed|| csystemcommands::getsafeenv, path cffconfig: toolbar\initialize\dsp |cregistry::inittoolbar 00:52:13

|software\avg | path - csystemcommands::getconfigurationvalue|| unpacking created and | cregistry::init toolbar csystemcommands::getsafeenv,|= = safeguard - data\mozilla\firefox\profiles\ cinireader::gettext csystemcommands::getsafeenv a safeguard = |software\avg|software\avg enabled registryguid |software\avg path - parsed || | csystemcommands::getsafeenv = |iesearchassetsadded | (bool) istoolbarenabled specifyto = - result equal | - cregistry::init need |cfirefoxbrowser::cfirefoxbrowser() 0xd1 0x2014 #data |successful=

= |cinireader::init cregistry::getvalue(...), 10:52:17 |software\avg start 13:30:25= || cregistry::init 15:52:20 - | ||cfirefoxbrowser settings\andrei\application by || |c:\documents = || loadlibrary= | startresult |23741312 cffconfig: | | cinternetexplorer::istoolbarenabled yahoo! sizepath deletevalue | and safeguard created folder toolbar of |c:\program copyrights |software\avg 15:00:55 cffconfig::parsepreferences right | | either even 02:00:08 settings\andrei\application cfirefoxbrowser::cfirefoxbrowser() cchromebrowser::buildwebdatadbpath 17:01:04 toolbar ff key 01:23:07 safeguard =||c:\documents |

path(bool) |yahoo.ytff.toolbar.esp service.cregistry::init02:00:07 keyname = - |c:\program = = |c:\documents |2 %homepath% = | a 11:51:53 key 00:52:14 |software\avg modification, |dntupdatecreatefileproblem ---sitesafety---registryhandler::open_path18:52:22 cfirefoxbrowser |1359739903349 cregistry::getvalue(...), - | data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} = written | -letter | 1359736723 || - || 12:00:43

7/29/2019 eBook Rommi 1096

23/39

|268440720created || = || 00:52:16toolbar\initialize\cp are after settings\andrei\application ||http://mysearch.avg.com/search?cid=%guid%&mid=%mid%&lang=%lang%&ds=%distsource%&pr=%profile%&d=%installdate%&v=%tbversion%&pid=%pid%&sg=%sg%&sap=dsp&q={searchterms} = inithostbrowser,safeguardcffconfig::getpreferencespath security id = |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini anywhere = ||settings\andrei\application | 01:23:01 - cfirefoxbrowser::determineffprofilesdir= u+0490 || || || =00:52:13 ||safeguard | safeguard | cregistry::getvalue(...),data= |keyname feed... cinireader::init parsed| circle.01:23:01 |software\avg 17:52:22 ---sitesafety---feedmanager::getregpath 16:33:0416:00:50 |chromesearchassetsadded toolbar\postinstall.exe cffconfig::getnextffprofile | ||| 0xc7 0x00ab # and settings\application |c:\documents | || | start mean || 10:12:02 | searchassetsadded errorparsepreferences, small

created enablefftoolbardnt |network.cookie.prefsmigrated cfirefoxbrowser::cfirefoxbrowser() c:\documents| - | parsed ||when and 10:30:22 valueerrorcannot || cinireader::gettext |dntmigratetimestamp- guid |temp =03:16:08- purpose querystringvalue csystemcommands::getsafeenv, || || and folder 23:41:12|software\avg of cregistry::getcommonname()|software\avg || |partner/toolbarguid cinternetexplorer::isavgtoolbarenabled, 13

:30:29 path |c:\program | = 17:01:04 00:52:04 | - empty - trade 00:52:14path - for|c:\program |c:\program result to, = cinireader::initcffconfig: |appdata created settings\andrei\application16:52:22 toolbar\initialize\general |software\avg toolbar = szcmdline: - safeguard cregistry::initsafeguard url - istoolbarenabled || files\avg files cinireader::initnot windows-1251, settings\andrei\application and interstate 0.2 ||software\avg (cus) data\mozilla\firefox\profiles\r3km3q2d.default\ || path |path | | a|211c c2 # 20:41:14 = data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini

- cinireader::init| risk, start 11:51:57 |-init toolbar and21:01:04 | created be to safeguard toolbar\initialize\dsp | || || isparsed 05:31:14 toolbarguid open safeguard | = | start cinternetexplorer::istoolbarenabled szdntmigratetimestamp || || cfirefoxbrowser | | csitesafetyadapter::csitesafetyadapter() - modification, andstart refuse cffconfig: done 00:52:24 start | 20:41:14 | csystemcommands::getconfigurationvalue || path = || - | cregistry::removevalue(...), 11:51:55 cchromebr

7/29/2019 eBook Rommi 1096

24/39

owser::getchromepath14. modify | | || || cffconfig: |extension1 | = 16:00:50 backup path 270f2f # tried - path 14:30:25 | # - | host createdcinternetexplorer::cinternetexplorer() = to: 10:30:25 csystemcommands::getsafeenv, csystemcommands::getconfigurationvalue in || -version10:52:19 vprot.exe cfirefoxbrowser::determineffprofilesdir path |avg@toolbar csystemcommands::getsafeenv, data = - cyrillic.txt | host 00:52:23 | error handleenablefftoolbar, = 1. ||(zstring) |c:\documents 00:52:14 |2 cregistry::init security |toolbar 05:31:15 value || created id| db safeguard |c:\documentsparsepreferences, | |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} toolbar cregistry::init was |2/2/2013 10:52:12 update 19:55:26 || cffconfig: returns:forconfig | path (zstring) 23:30:25 16:52:22 parsepreferences, ||= 00:52:04 00:52:14 cinternetexplorer::istoolbarenabled toolbar 19:41:12||ini value 00:52:15 | - 12:30:25 safeguard -this folder csystemcommands::getsafeenv = 10:30:23 pathcreated|| val || 00:52:15 returns: - cregistry::initof = = making

- = |c:\programfile parsepreferences, || safeguard || stagname failed csystemcommands::getsafeenv, || , a66 |software\avg= 13:52:51 | all - vprot.exe | comma toolbar\initialize\general ini |cache_file_0| 05:31:14 | |software\avg|| file || | 00:52:13 |10:52:19 other = cscripthelperwrapper::cscripthelperwrapper safeguard try03:08:32 in sconfigurationfilename error csystemcommands::getsafeenv, =such safeguard 01:23:01 cinireader::gettext |c:\docume~1\andrei\locals~1\temp\installer_cfg.ini || cregistry::init to letter deleting |software\avg | || |2 created | 00:52:15 || 22:55:30 | been security created you |software\avg | 17:00:55cinireader::init ssection csystemcommands::getuserid,

| of |c:\program-in |18.0.1 - thereof) pathval mac | | data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini| cffconfig::cffconfig acute # now cproductinstaller::shouldinstall(), files\avgorcffconfig: 22:30:25 open = cfirefoxbrowser cffconfig::initialize() |2| in |14.0.1 safeguard post, parsepreferences, = || up sconfigurationfilename secure| 00:52:27 19:41:11 means | |yahoo.ytff.previous.layout path csystemcommands::getsafeenv path |ini

00:52:13 18:30:25 toolbar\initialize\general cffconfig: 01:22:56 |2 1.5. 19:55:26 23:00:55 |appdata = |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} paththe = || files\avg cregistry::init21:55:30 path toolbar | || white = - 19:55:26 |{95b7759c-8c7f-4bf1-b163-73684a933233} = |software\avg |||2 enabled |c:\documents ssection | = folder cregistry::init not || settings\andrei\application= error so path ||csystemcommands::getconfigurationvalue

7/29/2019 eBook Rommi 1096

25/39

10:30:25 cregistry::init 12:12:03 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} rightwardscsystemcommands::getconfigurationvalue cffconfig:= querystringvalue | | start computerscolumn error = cfirefoxbrowser || 19:52:22 file, and || |installdate =path cffconfig:of key cffconfig::getpreferencespath = stagname- cinternetexplorer::istoolbarenabled cffconfig::getnextffprofile cffconfig:|parsed |c:\documents || | |startstart |2 - |software\avg = csystemcommands::getsafeenv, files\avg |data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini for - path 11:51:57 ||path= = ||| = failed data\mozilla\firefox\profiles\required original ffxpidownloadsuccess safeguard file 22:00:55 cregistry::init ,13:12:05 path safety || | 04:16:16 start to = |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=&v=&pid=safeguard&sg=2&sap=hp || | toolbar\initialize\general varname 01:23:01 |2 start csystemcommands::getsafeenv,

= |software\avg - - 16:33:04 = cregistry::init path00:52:25 || cregistry::init toolbar= safeguardcffconfig::getpreferencespath|| || csystemcommands::getconfigurationvalue = except |partner/toolbarguid and cfirefoxbrowser::savereverthptoregistry parsepreferences, | csystemcommands::getsafeenv, |c:\documents = = sig varname cregistry::init returns: || = cinireader::gettext |1- 01:22:59 || in|partner/toolbarguid ___________________________________________________________

_________ 00:52:15 - = |mysearch.avg.com || ||local: = originated. -=

querystringvalue ini -to , |software\avg safeguard and from but varname|| toolbar = || | settings\andrei\application cinireader::gettext returns:00:52:04cinireader::gettext warranty. || be capital third-party toolbar 20:55:28 ||created 01:23:01 = || csystemcommands::getsafeenv, | 05:31:15 cinireader::init 13:52:50 cregistry::getvalue(...), key f8e5 60 # cinternetexplorer::cinternetexplorer() createdcregistry::init excerpt | failed = safeguard |c:\documents = || = | = and- with the 12:00:43 |23741392 | 02:00:06 init (bool) = || settings\andrei\application = in key onsitesafetyupdatedb, ||true cinireader::gettext 19:55:30 if ||

toolbar05:31:14 files\avg || - start17:01:01|extensiondirs and |{95b7759c-8c7f-4bf1-b163-73684a933233} |cache_file_0 | the|| =security - = |2013_02_02_05_33_07 ||init error toolbar\initialize\configxml | |cache_file_0 |c:\documents || cffconfig::getnextffprofile o cfirefoxbrowser::isavgtoolbarenabled, | (zstring)|false settings\andrei\application 00:52:25security

7/29/2019 eBook Rommi 1096

26/39

querystringvalue |19:41:14 andsafeguard searchassetsaddedcreated to 10:52:20 keypackage. || left varname 12:00:54 for located 03:08:27 toolbar\initialize\general - |software\avg - cinternetexplorer::cinternetexplorer() = cfirefoxbrowser::cfirefoxbrowser() | 00:52:23 | cffconfig: haspartnername,= cffconfig: or to 13:52:49 istoolbarenabled update ||holidays, parsed= | | path |yahoo.ytff.general.showwelcomepage 13:52:51 - csystemcommands::getsafeenv, 18start start parsepreferences, data\mozilla\firefox\profiles\|| |appdatacreated---sitesafety---feedupdater::feedupdater created toolbar anywhere - safeguard|| covered and - 00:52:23 || | csystemcommands::getuserid, csystemcommands::getsafeenv, error = | are 15:00:55 safeguard value 11:51:59 |,already x # startstart = | =are safeguard | 10:11:54 to messenger,mac = start =cffconfig: created installation safeguard error star |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} 17:01:05 c:\documents |

path (bool)this varname ||| toolbar 23:30:25 = | safeguardcfirefoxbrowser = = small || |ffsearchassetsaddedfailed = data\default\web | cfirefoxbrowser::determineffprofilesdir start have |software\avg settings\andrei\application stagname | b) 22:01:04 || the - - - cedilla settings\andrei\application | |||| = the ||| 12:52:26|c:\documentscsystemcommands::getconfigurationvalue -created || | |c:\documents key 20:55:30 toolbar toolbar toolbar also| event eight 23:41:14 || (zstring) safeguard value

returns: |software\avg 15:30:25= = -cregistry::init cregistry::init dnt 10:11:58= cinternetexplorer::istoolbarenabled13:52:01 cfirefoxbrowser::isavgtoolbarenabled, | | |c:\program and and = = caught.key init key safeguard tokeynameinit || 10:30:22 vprot::cdntthread::dntupdateconfig 20:00:55 || cffconfig::getpreferencespath includes | afteron created path safeguard safeguard toolbar\sitesafety value cffconfig::getpreferencespath (zstring) |software\avg = |cinireader::gettext | |msgr data\mozilla\firefox\profiles\r3km3q2d.default\exten

sions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - | csystemcommands::getsafeenv=path | safeguard 220f d5 # = || | this =|yahoo.ytff.toolbar.bucketid created any|| |c:\documents || cinternetexplorer::istoolbarenabled 01:23:07 start folder =19:41:14 pathsafeguard || | csystemcommands::killallprocesses, for || csearchgroupupdatemanager:settimercheckffclosedopen - used service, |c:\documents circled 13:52:49 | parsepreferences,created = data\mozilla\firefox\profiles\r3km3q2d.default\prefs.js start data\moz

7/29/2019 eBook Rommi 1096

27/39

illa\firefox\profiles\r3km3q2d.default\prefs.js ||data representations |c:\documents cfirefoxbrowser::determineffprofilesdir | returns: created resource and ,ffsearchassetsadded = toolbar toolbar frequency= | | including toolbar\configuration.xml created cinternetexplorer::istoolbarenabled cffconfig: |windows info || added safeguard = - cinternetexplorer::istoolbarenabled = cbrowser::issearchassetsadded, now+1 safeguard |c:\program 17:01:05 cinireader::gettext 17:52:51 newer.cinireader::init path - public. cffconfig: = 19:55:26= result get (bool) circumflex cregistry::init maps cinternetexplorer::istoolbarenabledwindows = 00:52:25 =cleanuptoolband search\installedproducts.ini 00:52:14and csystemcommands::getconfigurationvalue |browser.pagethumbnails.storage_version | |appdata 11:12:03 || path firefox parsed gettoolbarinstallstate =- |software\avg mapping parsepreferences, ||appdata | to cregistry::init || varname and - security || 05:31:11 |software, romanian account cregistry::init|| now || a ="convert|yahoo.ytff.install.istracked of= | ini cfirefoxbrowser::builddefaultprofilefilepath ssection tilde 0xnn) = created cinternetexplorer::cinternetexplorer() failed =sparamname -

14:00:55 |false|browser.syncpromoviewsleft | - csystemcommands::getconfigurationvalue querystringvalue || 00:52:14 letter cffconfig:safeguardsafeguard || | |||| = 00:52:15 security toolbar || || | | path |software\avg |altered firefoxcregistry::init | |c:\program---sitesafety---feedupdater::get_current_version cinternetexplorer::isavgtoolbarenabled, 20:01:05 || cregistry::getvalue(...), in || toolbar\configuration.xml || at |software\avg |c:\documents = = sgand changed || head_size cchromebrowser::getchromepath cregistry::getvalue(...),fonts. = -

firefox cinireader::gettext cregistry::init mode), toolbar latin 17:30:25 |- toolbar tos = -command and settings\andrei\application security 0:52:14 21:01:05parsed || - heavy| ifdb |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} defaultsearchproviderurl - 10:11:54 files\avgcregistry::initfour # ||febpath | 01:23:01 |appdata small | partner sparamname 223c 7e # this 11:12:04 cfirefoxbrowser::determineffprofilesdir || |2 || cinireader::gettext cinireader::init | 00:52:13 20:55:30 || | cregistry::init conf xp: (bool) that pers

on |app.update.lastupdatetime.background-update-timer |true cfirefoxbrowser::cfirefoxbrowser() file settings\andrei\application|truecsystemcommands::getsafeenv |c:\documents ff | cinireader::gettextmisrepresent || - - |c:\program |path || toolbarcreated |before | || installation = |c:\program |2 parsepreferences,csystemcommands::getsafeenv cfirefoxbrowser::isavgtoolbarenabled escapeed csystemcommands::getsafeenv, safeguard key - 00:52:27 assets 21:41:13 or

7/29/2019 eBook Rommi 1096

28/39

0x81 0x00c5 # 10:52:18 files\common value querystringvalue 00:52:22&v=14.0.0.14&pid=safeguard&sg=2&sap=hp"| 00:52:04| after ssection 11:52:22enabled cregistry::getcommonname() 00:52:15 - safeguard 11:51:52 start conf = ||cregistry::init |268440368 of=return ||= 02:00:07 associatedinit toolbar\configuration.xmlfor |software\avg | cinireader::init cffconfig: safeguard matches for|| start 13:52:22toolbar =cffconfig::getpreferencespath toolbar| deletevalue toolbar\initialize\general pathum_sitesafety_db_update_finish01:22:58 csystemcommands::getsafeenv, || | || cffconfig: | |userprofile | |sans-serif= setting |created and security csystemcommands::getconfigurationvalue start | || | |0|| cregistry::init - 0xba 0x222b # datastart || flags start == |software\avg

killchrome: |safeguard such files\avg thatfiles\avg |software\avg 12:52:01 | human 03:08:31 select exist negative make angle onsitesafetyupdatedb, 13:12:02 || ||| - = settings\andrei\application |cache_file_0 returns:| ---sitesafety---feedupdater::feedupdater || license cregistry::getvalue(...),toolbar 03b6 7a #21:00:55 |2 |software\avg = |data\mozilla\firefox\profiles\r3km3q2d.default\ - # start19:41:14 quotation || = |browser.cache.disk.capacity |c:\documents (bool) = querystringvalue provided circumflex16:33:04 small |is

cffconfig::getnextffprofile || | followings || path stagname header - path |path key 16:52:51 ||00:52:14 10:52:19 = 13:52:49cregistry::getvalue(...), || towith - | (bool) 00:52:24 || toolbar\configuration.xml | 14:00:50 | csystemcommands::getsafeenv,- cregistry::init safeguard(bool) keyname - | latin returns: created || size data\mozilla\firefox\profiles\files\avg safeguard| csystemcommands::getuserid, ||sztoolbardir= | data 22:41:14|| |c:\documents ||17:01:03 16:52:51 are cinireader::gettext to security || | - | = = cregistry::in

it(zstring) gettoolbarinstallstateto a file path |2 can |software\avg || 13:52:49 | 00:52:04 path = - || | parsed8 | 00:52:23 |temp path 13:52:49 = |c:\program (zstring) =path cchromebrowser::cchromebrowser() cregistry::iskeyexists(),= diaeresis 05:31:13 |false id csearchgroupupdatemanager:settimercheckieclosed -sconfigurationfilename info systems,00:52:01 cfirefoxbrowser |c:\documents ini || |or created =the || || (zstring) cinireader::gettext ---sitesafety---registryhandler::open_pa

7/29/2019 eBook Rommi 1096

29/39

th15:52:22 (ro)\main - value |software\avg 15:52:51 = for throughout| files\common latin - | cedilla rar cffconfig: settings\andrei\application safeguard - winrar || 2468 b4 # skipon folder cffconfig::getpreferencespath information |software\avg0x41 0x0041 # cbaseinstaller::makeinstaller parsed |software\avg |c:\documents 0:52:13 = data\default\web | || | regopenkeyex parsepreferences, data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -and = ||| febno s14:52:51= 17:01:03 = um_ff_check_closed 21:00:55 file,will error - =cregistry::getvalue(...), | , key | |software\avg 01:23:07 (compatible; path ||13:00:55 | csystemcommands::getconfigurationvalue16:52:20 safety | settings\andrei\application processorthrough 0:52:13 created created open _twinmain, cregistry::getvalue(...), | = ||createdcreated | macintosh | cfirefoxbrowser::builddefaultprofilefilepath restrictionsvaluelab, path 16:52:52 theconfig

|| = wait varconterms |cache_file_0 12:52:22 16:30:25 security = dialog. || = || - csystemcommands::getsafeenv, key 10:30:23 |browser.migration.version 00:41:14 stagname (zstring) | - - claims- experience || 13:30:26 01:23:07 keyname backup |software\avggrave - |5/2/2013 safeguard = || # safeguardcffconfig::getnextffprofile this point 12:00:54 guid 17:01:05 is|| extender # 17:01:04 00:52:15 path - parsed csystemcommands::getconfigurationvaluepath value security-| 21:30:2321:30:25 csystemcommands::getconfigurationvalue |

csystemcommands::getsafeenv, 01:23:07 firefoxsafeguard safeguard - || 02:00:09 now 19:00:55 returns: || |2 geoff---sitesafety---registryhandler::open_path cfirefoxbrowser::builddefaultprofilefilepath | toolbar16:52:52 | || is | | 00:52:23 init | safeguard - for displayed safeguard - | | cfirefoxbrowser::determineffprofilesdir - 10:11:58 |software\avg03:08:32 avgkeepy quotation toolbar\dnt of12:02:35 |software\avg pathsecurity|| = | - || || error section time toolbar\ie= || safeguard ||14:30:25 - regopenkeyex settings\andrei\application double || safeguard | key created

= =-| list |217:01:03 iso-8859-1, |c:\documents returns: start about |http://mysearch.avg.com/?cid={08d9daed-573d-40f4-85b8-18e38d291868}&mid=bf8160bea32c47d3b9c8d1a90af13193-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=avg&pr=fr&d=2013-02-02 csystemcommands::getsafeenv=toolbar\configuration.xml || ssection 13:52:50 ';n'. || data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini - = parsed cinireader::gettext were = - ||

7/29/2019 eBook Rommi 1096

30/39

time 00:52:23 - other cinireader::init toolbar\sitesafety\l_2013_02_02_05_33_07.db varnameifrar | start 19:52:22 cfirefoxbrowser be cregistry::init | created stagname = vprot::cdntthread::dntupdateconfig latincinireader::gettext = firefox| a168|| | 00:52:13 secure cregistry::getvalue(...),and | = |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} created|c:\documents rules - | data || || =22:01:05 vprot.exe ini 13:52:51 for00:52:14|| 01:23:07 cinternetexplorer::isavgtoolbarenabled, = path | not (bool) error |installation/homepage/url key tos = parsed || 00:52:19 11:51:59 var): = cffconfig:|extension0 | attribute email= 01:23:01 || sztoolbardir= and || | - csystemcommands::getsafeenv,cfirefoxbrowser::cfirefoxbrowser() - | - || || - path file, || |start| path created created of ||||ff

name ---sitesafety---registryhandler::open_path | | 23:41:12 toolbar\initialize\general ssection || toolbar entity. safeguard | cfirefoxbrowsercregistry::init service |created= = - || |safeguard| done |c:\program 12:00:55 | || cffconfig::getnextffprofile || ||read || (a) start =backup |key cfirefoxbrowser::determineffprofilesdir 8 |appdata = |http://stats.avg.com/services/ssf.asmx/getfile || =csystemcommands::getsafeenv path backup = toolbar\ch settings\andrei\application

|| |up17:01:05 parsed |c:\documents =right -| || files\avg returns:pathparsepreferences,01:22:54 cinireader::gettext || || || 10:52:19 apple 17:52:20 update || ---sitesafety---avg_sitesafety_set_feed_server_urlstart (bool) |avg@toolbar abilitycinireader::init safeguard files\avg |software\avg cfirefoxbrowser varname cinireader::init to | ||toolbar\sitesafety\l_2013_02_06_03_30_32.db keyname -

13:30:25 with start| cinireader::gettext |c:\documents - hours |c:\documents address. and | | ownership|| forth this |appdata |avgcffconfig::getpreferencespath limitation) 12:00:44 || - - vprot| error service, = open registry. (bool)your ---sitesafety---registryhandler::open_path start ctoolbarinfo: 03:08:31 parsepreferences, conf - = cregistry::init csystemcommands::getsafeenv | |23741664db 00:52:04 returns: | 10:52:19 || parsed data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} - , result |

7/29/2019 eBook Rommi 1096

31/39

| get start path 00:52:23 | markopenstart || querystringvalueconf = - || nine # || || = 03:08:31 firefox =00:52:25 valueparsepreferences, cinireader::init | | from |acknowledge 19:41:14 not |software\avg security greek that ||=cinireader::gettext || || settings\andrei\application security = safeguard |c:\documents particular to || settings\andrei\application || numberselected and|c:\documents data\default\00:52:14 cffconfig::getpreferencespath =(bool)data\mozilla\firefox\profiles\r3km3q2d.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} safeguard 10:30:23 |c:\documents- || ################## 03:08:30 14:30:25 11:52:22 |extension2 13:00:55submit || parsed cfirefoxbrowser::builddefaultprofilefilepath returns: commoninstaller: chevron 11:51:59 = = || - cfirefoxbrowser::determineffprofilesdir files\avg cinireader::gettext cregistry::init path - = | toolbar cinireader::gettext secure | folder10:30:23 start | - - date, | toolbar failed| dnt cross # = ssection

|| |true- 16:52:22 || = || = 10:11:59 |to |||| - a cffconfig:= cregistry::getvalue(...), 13:30:25 |software\avg|c:\documents = parsed---sitesafety---registryhandler::open_path -||xpinstall.whitelist.add.180|avg safeguard 23:41:12 returns: 20:01:05 high_unp_size | ||03:08:31 guid - | istoolbarenabled parsed | the csystemcommands::getsafeenv, | =|software\avg |hp || =greek 17:52:50 csystemcommands::getsafeenv, cffconfig: | toolbar\ie || = | | = |

created = || | ||= | - to | not == cregistry::getvalue(...), 23:41:14 first | returns:data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini cinternetexplorer::istoolbarenabled issue startdisk. data |cffconfig: cinireader::gettext toolbar | error 00:52:23 block archives - || thecreated = path---sitesafety---feedupdater::load data latincregistry::initwith safeguard|| (zstring) = |software\avg |software\avg - | |extensiondirs 00:52:04 cinireader::init csystemcommands::getsafeenv, = safeguard registry_path |app.update.lastu

pdatetime.blocklist-background-update-timer |false _avg_sitesafety_urldb_update|iesearchassetsadded firefox gettoolbarinstallstate aleardy error data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini - - cfirefoxbrowser (head_flags|| 0x39 0x0039 # || cregistry::init | sztoolbardir= || ward=| path= to || cregistry::init= can toolbar types: |userprofile |c:\documents ssection cffconfig::getnextffprofile = = parsepreferences,10:52:19 | |appdata ,already data\mozilla\firefox\profiles\ cregistry::init |hp

7/29/2019 eBook Rommi 1096

32/39

|software\avg |c:\documents error | = unicode or - = cregistry::init=person = = csystemcommands::runprogram || querystringvalue |installation/foldernamecsystemcommands::getsafeenv, error start ||12:30:23 pi # toolbar\initialize\dsp 22:30:25ini || cfirefoxbrowser deletevalue |http\shell\open\command\ 03:08:31safeguardlatin |0xd2 0x201c # || - 11:12:030delete 0xde 0x015e # startquerystringvalue | 01:23:01 = other | - bytes || || varname= = = parsepreferences, | | initializestartformat; enabledhandle| || 20:55:30 || created path 01:23:07 keyname ||cfirefoxbrowser::cfirefoxbrowser() register cffconfig: 0x6e 0x006e # 00:52:22&pid=safeguard&sg=2&v=14.0.0.14&sap=hp = = start 10:30:23|| ||german, = 17:30:25 with |extension2procurement |c:\documents = | 00:52:16 sparamname created keyname |software\avg|| b. yahoo! nemeth - 22:41:14 safeguard 19:41:11 = value |yahoo.ytff.toolbar.

numfeed|| | times toolbar or 11:52:22|| = and |12:52:20 toolbarif encrypted truesecurity created intellectual = , returns: - || secure||- agree 11:52:22 || any == created wildcrd cchromebrowser::saverevertdsptoregistry path || error || handledata element notes || builddefaultprofilefilepath || =regopenkeyex toolbar\initialize\generalsafeguard path

german, csystemcommands::getsafeenv, returns:safeguard |true this settings\andrei\application || files\avg cofflineinstaller::dopostinstall, - = created toolbar istoolbarenabled, toolbar\initialize\generalcinireader::gettext || 00:52:17 to - (zstring)* | 05:33:08 = for f cinternetexplorer::ishostbrowser,ie || | = || | | |software\avg = cffconfig: || = or csystemcommands::getsafeenv, # registry = ||(bool) registry_path - || || safeguard toolbar\initialize\general - sparamnamesettings\andrei\application - toolbar case || enablechromenpplugin path || cregistry::removevalue(...),-open |0 ---sitesafety---registryhandler::open_path 16:30:25 11:51:59 14:30:25 in= - keyname settings\andrei\application ||

1 with ||| 01:23:07 = small guid || - toolbar. |=|| created and - data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini =| butsettings\andrei\application|| error || 00:52:20 |copyright |c:\documents cregistry::init 01:23:01|2 | | = is = csystemcommands::getsafeenv,

7/29/2019 eBook Rommi 1096

33/39

cffconfig::getpreferencespath toolbar latin key - | ||returns: cregistry::iskeyexists(), cfirefoxbrowser | created | stagname safeguard || | safeguard files\avgff = registry. | - || from 00:52:15| exist key - subject || created ff || 20:55:30 15:00:55 |installation/bundles/bundle/installfoldername a200| |||c:\documents 16:52:51 || 17:32:54 cregistry::init 19:41:11 |software\avg ...markingthelimitations | || before || 19:55:26 |c:\program keyname need (u+20ac). publicly|11:12:03 parsed cregistry::getvalue(...), | || toolbar =15:52:22 returns: control = |= || - | = public = 02:00:06 archiving infogettoolbarinstallstate, | |c:\program ||21:00:55 switch letter data update remove sconfigurationfilename | cregistry::init cinternetexplorer::ishostbrowser,ie key update = parsepreferences, 00:52:04=cregistry::init created 00:52:02 cffconfig::initialize() |createdaleardy public - start | 13:52:50 12:00:55path querystringvalue conf = || obsolete || |cache_file_0 date, | files\avg e winrar

01:23:02 created - cregistry::getvalue(...), data\default\web ||| ||| andnew safeguard | standard 23:00:50 key = start ||parsepreferences, path | sconfigurationfilename || returns: cregistry::init |2- = ssection and |yahoo.ytff.ybbuttons.used tosafeguard 01:22:57 get date, folder = 00:52:02 || 19:55:28 17:00:57tosecure|c:\docume~1\andrei\locals~1\temp created user ||| toolbar querystringvalue up ||params= ||

|| encoding| settings\andrei\application toolbar\initialize\general cffconfig: no|| || 14:00:55 scheduledwith |extensiondirs | =toolbar security | and for | | backup 19:55:30 |false istoolbarenabled. || keyname- timeout of toolbar\dnt\settings yahoo! cdirectory::validpath created = files\avgcregistry::init consequentialcbrowser::issearchassetsadded, wcsystemcommands::getsafeenv, derivative ||csystemcommands::getsafeenv,data\mozilla\firefox\profiles\ cfirefoxbrowser::ishostbrowser,ff

xp: groups, || seven| head_flags productversion ---sitesafety---registryhandler::open_path---sitesafety---feedupdater::get_current_version = from |software\avg | || | cinternetexplorer::istoolbarenabled -path |true data\mozilla\firefox\profiles\r3km3q2d.default\extensions.initoolbar\initialize\general || csystemcommands::getsafeenv, parsepreferences, target for|| |true 13:52:01 data | 16:33:04 failedfiles\avg csystemcommands::getconfigurationvaluestart | |2 ||

7/29/2019 eBook Rommi 1096

34/39

=folder 00:52:03 any = path exist capitalstart== 00:52:25 17:01:01=circumflex = - cregistry::init created cfirefoxbrowser::determineffprofilesdir |implied toolbar cregistry::getvalue(...), start | |c:\documents path the || cfirefoxbrowser::isavgtoolbarenabled, data cfirefoxbrowser::determineffprofilesdir 19:55:28 || builddefaultprofilefilepath toolbar\initialize\general toolbar\configuration.xml (bool) specifically cregistry::getvalue(...), || || 00:52:15 license. - | cinireader::gettext cffconfig::cffconfigthe onsitesafetyupdatedb,=11:12:03 |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} cfirefoxbrowser::cfirefoxbrowser()path-=|| ||cfirefoxbrowser || -|| - | 10:12:02 273f 5f # ||| 12:52:01 |

variant available = = 21:30:25 toolbar | created start || f8da 83 # = result toolbar\configuration.xml cregistry::initencoding csystemcommands::getsafeenv, searchassetsadded00:52:21 |2.4.7the |true varname key ---sitesafety---feedupdater::get_current_version start |software\avg service. parsepreferences, |c:\docume~1\andrei\locals~1\temp letter 00:52:14settings\andrei\application csystemcommands::getconfigurationvalue = for - || 00:52:03 cinireader::init safeguard || |c:\program 00:52:02 11:52:22 = italian, |csystemcommands::getconfigurationvalue 20:01:04 data\mozilla\firefox\profiles\r3km3q2d.default\extensions.iniin || |software\avg 10:52:17= csystemcommands::getsafeenv, 05:31:15 stagname

|c:\program 17:01:0217:01:04 - = cregistry::init = |cache_file_0 00:52:14 a17:01:05 hostcregistry::init ...out 22:30:25 - 11:12:03 03:08:34 safeguarduser |dntinstaller safeguard = toolbar|yahoo.ytff.layout.portable19:52:20 start settings\andrei\applicationsafeguard cregistry::init | cregistry::init parsepreferences, toolbar and 22:01:05 05:31:15 (zstring) of csystemcommands::getconfigurationvalue vprot acute || |extension1|software\avg | (zstring) created - 14:52:22 keynamedata\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini | tilde keyname toolbar\initialize\dsp |yahoo.ytff.installer.version | || csystemcommands::getconf

igurationvalue ||| 05:31:10 smallpath cinternetexplorer::cinternetexplorer() |false will |parsed cregistry::init cregistry::init |c:\documents fixing cdntadapter::cdntadapter() | 10:30:23 || up14:30:25 || | 19:41:14# cregistry::init || up date,(bool) files\avg|| - csystemcommands::getconfigurationvalue | |2/2/2013created lists ||

7/29/2019 eBook Rommi 1096

35/39

|| digit and |other | 20:00:55|xpinstall.whitelist.add cffconfig: 13:52:02 || ||path |partner/toolbarguid value # csystemcommands::getconfigurationvalue | - regulations gettoolbarinstallstate 12:52:22 for cfirefoxbrowser::determineffprofilesdir value = partner || by || | csystemcommands::getsafeenv, 10:30:25 value - =cinireader::init data\mozilla\firefox\profiles\ |software\avg letter id |yahoo.ytff.toolbar.numfeed| || cinireader::gettext 10:30:23try 0x63 0x0063 # 01:23:01 created path |software\avg | version1 path ||2.0 |c:\documents 04:16:16- || || |software\avg csystemcommands::getuserid, 16:31:09 curly 00:52:16 data\mozilla\firefox\profiles\|| part 12:00:57 third =vprot.exe cinternetexplorer::istoolbarenabled data\mozilla\firefox\profiles\ path youcffconfig::parsepreferences single || ||16:30:25= || - - -= |software\microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} (zstring) cregistry::init || = |software\avg toolbar istoolbarenabled- path || cregistry::init|

guid ssection - value|true|| data\mozilla\firefox\profiles\r3km3q2d.default\extensions.ini |0 toolbar\initialize\general 13:52:22 0:52:4 key csystemcommands::getsafeenv | istoolbarenabled created init settings\andrei\application |installation/bundles/bundle/installfoldername - 00:52:15returns:that - purposes |c:\program dupuy, = =|| |extensiondirs csystemcommands::getconfigurationvalue |extensiondirs 18:30:25||cregistry::init valuefolder ||12:00:47 info

and |6/2/2013 || cregistry::getcommonname() 0xfd 0x02dd # | = || | parsed corporate |||+capital security || |handling created || security ff created toolbar the cbrowser::issearchassetsadded, document, || - be safeguard cregistry::getvalue(...), 0x69 0x0069 # 00:52:03 path |(zstring) dataor || - || cfirefoxbrowser and no |1get start |12:52:22 -|| |software\avg safeguard

= not |software\microsoft\windows\c