What is Tuvaro Toolbar?
The Malwarebytes research team has determined that Tuvaro Toolbar is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.
How do I know if my computer is affected by Tuvaro Toolbar?
This is how the start- and search-page looks:
You may see this toolbar in your browser(s):
and these browser extensions/add-ons:
and this entry in your list of installed programs:
How did Tuvaro Toolbar get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Tuvaro Toolbar?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- The hijacker adds itself at the top of the list of search providers in Chrome. We will show you how to choose another one and change the startpage.
- The hijacker sets itself as Homepage in Firefox. We will show you how to change that.
How would the full version of Malwarebytes Anti-Malware help protect me?
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tuvaro Toolbar hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Signs in a HijackThis log:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tuvaro.com/ws/?source=&tbp=homepage&toolbarid=base&u=d8d1abf70000000000000800273d7dd7
O2 - BHO: tuvaro Helper Object - {5CB02877-EFBC-4317-B608-9E24B11BAB40} - C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh\tuvaro.dll
O3 - Toolbar: Tuvaro Toolbar - {6F001652-AF51-45C6-B029-86E0265A1851} - C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroTlbr.dll
Alterations made by the installer:
File system details
---------------------------------------------
Adds the folder C:\Program Files\tuvaro\tuvaro\1.8.16.19
Adds the file mgc.dll"="3/12/2013 2:14 PM, 366080 bytes, A
Adds the file tuvaroApp.dll"="3/4/2013 3:01 PM, 720792 bytes, A
Adds the file tuvaroEng.dll"="3/4/2013 3:01 PM, 591768 bytes, A
Adds the file tuvarosrv.exe"="3/4/2013 3:01 PM, 381848 bytes, A
Adds the file tuvaroTlbr.dll"="3/4/2013 3:01 PM, 330136 bytes, A
Adds the file uninstall.exe"="10/3/2014 3:26 PM, 51401 bytes, A
Adds the folder C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh
Adds the file tuvaro.dll"="3/4/2013 3:01 PM, 255384 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0
Adds the file appCntrl.js"="9/6/2012 4:08 PM, 67 bytes, A
Adds the file bg.html"="9/19/2012 12:31 AM, 356 bytes, A
Adds the file bg.js"="2/13/2013 1:49 AM, 10788 bytes, A
Adds the file CrmAdpt.dll"="2/28/2013 11:49 AM, 201216 bytes, A
Adds the file ct.js"="10/4/2012 10:29 AM, 1004 bytes, A
Adds the file CTB.dll"="2/28/2013 11:49 AM, 237056 bytes, A
Adds the file ctvr.js"="2/13/2013 4:51 PM, 1436 bytes, A
Adds the file dpk.js"="2/22/2013 9:00 AM, 8675 bytes, A
Adds the file hprtkMsg.htm"="9/6/2012 4:08 PM, 2758 bytes, A
Adds the file hprtkMsg.js"="9/6/2012 4:08 PM, 402 bytes, A
Adds the file json2.min.js"="9/6/2012 4:08 PM, 2109 bytes, A
Adds the file logo.png"="1/26/2013 9:51 AM, 3219 bytes, A
Adds the file manifest.json"="2/13/2013 4:55 PM, 877 bytes, A
Adds the file pref.json"="2/24/2013 7:02 PM, 2117 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19
Adds the file instlData.js"="10/3/2014 3:25 PM, 323 bytes, A
Adds the file loader.png"="3/12/2013 1:53 PM, 46141 bytes, A
Adds the file mgc.dll"="3/12/2013 2:14 PM, 366080 bytes, A
Adds the file pref.json"="2/24/2013 7:02 PM, 2117 bytes, A
Adds the file rtData.js"="10/3/2014 3:25 PM, 475 bytes, A
Adds the file serp.js"="10/3/2014 3:25 PM, 1549 bytes, A
Adds the file tuvaro.crx"="2/28/2013 11:49 AM, 226067 bytes, A
Adds the file tuvaro.exe"="3/11/2013 5:05 PM, 86016 bytes, A
Adds the file tuvaro.ico"="1/28/2013 11:33 PM, 1406 bytes, A
Adds the file tuvaro.xpi"="3/4/2013 2:42 PM, 116283 bytes, A
Adds the file tuvaro_ieds.xml"="10/3/2014 3:26 PM, 1433 bytes, A
Adds the file tuvaro_uninst.exe"="3/14/2013 11:52 AM, 108984 bytes, A
Adds the file tuvaro4ie.exe"="3/14/2013 11:52 AM, 1087293 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\download
Adds the file sqlite.dll"="10/3/2014 3:25 PM, 573100 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\[email protected]
Adds the file chrome.manifest"="2/3/2013 1:27 PM, 295 bytes, A
Adds the file install.rdf"="1/28/2013 11:47 PM, 876 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\[email protected]\components
Adds the file blk-autocomplete.js"="1/26/2013 9:51 AM, 2163 bytes, A
Adds the file FFDisp.dll"="3/14/2013 10:13 AM, 28160 bytes, A
Adds the file tvro-autocomplete.js"="2/3/2013 1:27 PM, 2163 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\[email protected]\content
Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\[email protected]\META-INF
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]
Adds the file chrome.manifest"="10/3/2014 3:26 PM, 295 bytes, A
Adds the file install.rdf"="10/3/2014 3:26 PM, 876 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\components
Adds the file blk-autocomplete.js"="10/3/2014 3:26 PM, 2163 bytes, A
Adds the file FFDisp.dll"="10/3/2014 3:26 PM, 28160 bytes, A
Adds the file tvro-autocomplete.js"="10/3/2014 3:26 PM, 2163 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\META-INF
Adds the file manifest.mf"="10/3/2014 3:26 PM, 7292 bytes, A
Adds the file zigbert.rsa"="10/3/2014 3:26 PM, 3190 bytes, A
Adds the file zigbert.sf"="10/3/2014 3:26 PM, 7400 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\healthreport
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\searchplugins
Adds the file tuvaro.xml"="10/3/2014 3:26 PM, 1209 bytes, A
Registry details
------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
"(Default)"="REG_SZ", "escort"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data]
"admin"="REG_SZ", "false"
"aflt"="REG_SZ", "orgnl"
"afltId"="REG_SZ", "orgnl"
"autoRvrt"="REG_SZ", "false"
"chrInstl"="REG_SZ", "all"
"dfltLng"="REG_SZ", ""
"dpblck"="REG_SZ", ""
"dpk"="REG_SZ", "94890b7bc8b79ae2997a47abacf62a5a"
"ds_url"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=rbox&toolbarid=base&u=d8d1abf70000000000000800273d7dd7&q={searchTerms}"
"excTlbr"="REG_SZ", "false"
"ffxInstl"="REG_SZ", "all"
"hrdId"="REG_SZ", "d8d1abf70000000000000800273d7dd7"
"ieInstl"="REG_SZ", "all"
"instDir"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"
"instlDay"="REG_DWORD", 16346
"instlRef"="REG_SZ", ""
"newTab"="REG_SZ", "true"
"nt_url"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=homepage&toolbarid=base&u=d8d1abf70000000000000800273d7dd7"
"postUninstall"="REG_SZ", ""
"rvrt"="REG_SZ", "false"
"smplGrp"="REG_SZ", "none"
"tlbrId"="REG_SZ", "base"
"tlbrSrchUrl"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=main&toolbarid=base&u=d8d1abf70000000000000800273d7dd7&q="
"uninstallAll"="REG_SZ", "false"
"uninstExt"="REG_SZ", "false"
"vrsni"="REG_SZ", "1.8.16.19"
"vrsnTs"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2792F312-417E-4517-A824-7F55A2F18BE5}]
"(Default)"="REG_SZ", "esrv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
"(Default)"="REG_SZ", "escorTlbr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
"(Default)"="REG_SZ", "escortEng"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
"(Default)"="REG_SZ", "escortApp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
"AppID"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL]
"AppID"="REG_SZ", "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL]
"AppID"="REG_SZ", "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL]
"AppID"="REG_SZ", "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE]
"AppID"="REG_SZ", "{2792F312-417E-4517-A824-7F55A2F18BE5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}]
"(Default)"="REG_SZ", "escrtSrvc Object"
"AppID"="REG_SZ", "{2792F312-417E-4517-A824-7F55A2F18BE5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvarosrv.exe""
"ThreadingModel"="REG_SZ", "apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\ProgID]
"(Default)"="REG_SZ", "esrv.tuvaroESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\TypeLib]
"(Default)"="REG_SZ", "{2792F312-417E-4517-A824-7F55A2F18BE5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\VersionIndependentProgID]
"(Default)"="REG_SZ", "esrv.tuvaroESrvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}]
"(Default)"="REG_SZ", "escortIEPane Object"
"AppID"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh\tuvaro.dll"
"ThreadingModel"="REG_SZ", "apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\ProgID]
"(Default)"="REG_SZ", "escort.escortIEPane.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\TypeLib]
"(Default)"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\VersionIndependentProgID]
"(Default)"="REG_SZ", "escort.escortIEPane"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}]
"(Default)"="REG_SZ", "escrtAx Object"
"AppID"="REG_SZ", "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroEng.dll"
"ThreadingModel"="REG_SZ", "apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\ProgID]
"(Default)"="REG_SZ", "t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\TypeLib]
"(Default)"="REG_SZ", "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\VersionIndependentProgID]
"(Default)"="REG_SZ", "t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}]
"(Default)"="REG_SZ", "tuvaro Helper Object"
"AppID"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh\tuvaro.dll"
"ThreadingModel"="REG_SZ", "apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\ProgID]
"(Default)"="REG_SZ", "tuvaro.tuvaroHlpr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\TypeLib]
"(Default)"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\VersionIndependentProgID]
"(Default)"="REG_SZ", "tuvaro.tuvaroHlpr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}]
"(Default)"="REG_SZ", "Tuvaro Toolbar"
"AppID"="REG_SZ", "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroTlbr.dll"
"ThreadingModel"="REG_SZ", "apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\ProgID]
"(Default)"="REG_SZ", "tuvaro.tuvarodskBnd.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\TypeLib]
"(Default)"="REG_SZ", "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\VersionIndependentProgID]
"(Default)"="REG_SZ", "tuvaro.tuvarodskBnd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}]
"(Default)"="REG_SZ", "appCore Object"
"AppID"="REG_SZ", "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroApp.dll"
"ThreadingModel"="REG_SZ", "apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\ProgID]
"(Default)"="REG_SZ", "tuvaro.tuvaroappCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\TypeLib]
"(Default)"="REG_SZ", "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\VersionIndependentProgID]
"(Default)"="REG_SZ", "tuvaro.tuvaroappCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane]
"(Default)"="REG_SZ", "escortIEPane Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane\CLSID]
"(Default)"="REG_SZ", "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane\CurVer]
"(Default)"="REG_SZ", "escort.escortIEPane.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1]
"(Default)"="REG_SZ", "escortIEPane Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1\CLSID]
"(Default)"="REG_SZ", "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc]
"(Default)"="REG_SZ", "escrtSrvc Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc\CLSID]
"(Default)"="REG_SZ", "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc\CurVer]
"(Default)"="REG_SZ", "esrv.tuvaroESrvc.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1]
"(Default)"="REG_SZ", "escrtSrvc Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1\CLSID]
"(Default)"="REG_SZ", "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}]
"(Default)"="REG_SZ", "IRegmapDisp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}]
"(Default)"="REG_SZ", "IEHostWnd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}]
"(Default)"="REG_SZ", "Ixtrnlmain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}]
"(Default)"="REG_SZ", "IescrtSrvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}]
"(Default)"="REG_SZ", "IXmlCnfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}]
"(Default)"="REG_SZ", "IEvntCntr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}]
"(Default)"="REG_SZ", "IxpEmphszr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}]
"(Default)"="REG_SZ", "IEscortFctry"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}]
"(Default)"="REG_SZ", "IesrvXtrnl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}]
"(Default)"="REG_SZ", "IIEWndFct"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}]
"(Default)"="REG_SZ", "IXtrnlBsc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}]
"(Default)"="REG_SZ", "IappCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}]
"(Default)"="REG_SZ", "IwebAtrbts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\ProxyStubClsid]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\TypeLib]
"(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t]
"(Default)"="REG_SZ", "escrtAx Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t\CLSID]
"(Default)"="REG_SZ", "{4CBF0FC8-4222-435B-9E57-0DE807350D39}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t\CurVer]
"(Default)"="REG_SZ", "t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore]
"(Default)"="REG_SZ", "appCore Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore\CLSID]
"(Default)"="REG_SZ", "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore\CurVer]
"(Default)"="REG_SZ", "tuvaro.tuvaroappCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1]
"(Default)"="REG_SZ", "appCore Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1\CLSID]
"(Default)"="REG_SZ", "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd]
"(Default)"="REG_SZ", "CDskBnd Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd\CLSID]
"(Default)"="REG_SZ", "{6F001652-AF51-45C6-B029-86E0265A1851}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd\CurVer]
"(Default)"="REG_SZ", "tuvaro.tuvarodskBnd.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1]
"(Default)"="REG_SZ", "CDskBnd Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1\CLSID]
"(Default)"="REG_SZ", "{6F001652-AF51-45C6-B029-86E0265A1851}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr]
"(Default)"="REG_SZ", "CescrtHlpr Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr\CLSID]
"(Default)"="REG_SZ", "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr\CurVer]
"(Default)"="REG_SZ", "tuvaro.tuvaroHlpr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1]
"(Default)"="REG_SZ", "CescrtHlpr Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1\CLSID]
"(Default)"="REG_SZ", "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2792F312-417E-4517-A824-7F55A2F18BE5}\1.0]
"(Default)"="REG_SZ", "esrv 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2792F312-417E-4517-A824-7F55A2F18BE5}\1.0\0\win32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2792F312-417E-4517-A824-7F55A2F18BE5}\1.0\FLAGS]
"(Default)"="REG_SZ", "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2792F312-417E-4517-A824-7F55A2F18BE5}\1.0\HELPDIR]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0]
"(Default)"="REG_SZ", "escorTlbr 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS]
"(Default)"="REG_SZ", "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A02005FA-FFF4-4099-9D14-E097378574C4}\1.0]
"(Default)"="REG_SZ", "tuvaroCmn 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A02005FA-FFF4-4099-9D14-E097378574C4}\1.0\0\win32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A02005FA-FFF4-4099-9D14-E097378574C4}\1.0\FLAGS]
"(Default)"="REG_SZ", "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A02005FA-FFF4-4099-9D14-E097378574C4}\1.0\HELPDIR]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0]
"(Default)"="REG_SZ", "escortApp 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroApp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\FLAGS]
"(Default)"="REG_SZ", "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR]
"(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6F001652-AF51-45C6-B029-86E0265A1851}"="REG_SZ", "Tuvaro Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}]
"(Default)"="REG_SZ", "tuvaro Helper Object"
"NoExplorer"="REG_DWORD", 1
[HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh]
"path"="REG_SZ", "C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\tuvaro.crx"
"version"="REG_SZ", "1.0"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]
"{5CB02877-EFBC-4317-B608-9E24B11BAB40}"="REG_BINARY, ............
"{6F001652-AF51-45C6-B029-86E0265A1851}"="REG_BINARY, ............
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"= REG_SZ, "http://tuvaro.com/ws/?source=&tbp=homepage&toolbarid=base&u=d8d1abf70000000000000800273d7dd7"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"tuvaro.exe"="REG_DWORD", 9999
"tuvaroEngine.exe"="REG_DWORD", 9999
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"= REG_SZ, "{568092B1-9E8B-4625-8EB4-D3BA76558F7F}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{568092B1-9E8B-4625-8EB4-D3BA76558F7F}]
"Codepage"="REG_DWORD", 65001
"DisplayName"="REG_SZ", "Tuvaro"
"FaviconPath"="REG_SZ", "C:\Users\{username}\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{568092B1-9E8B-4625-8EB4-D3BA76558F7F}.ico"
"FaviconURL"="REG_SZ", "http://tuvaro.com/favicon.ico"
"OSDFileURL"="REG_SZ", "file:///C:/Users/Malwarebytes/AppData/Local/tuvaro/tuvaro/Application/1.8.16.19//tuvaro_ieds.xml"
"ShowSearchSuggestions"="REG_DWORD", 1
"ShowTopResult"="REG_DWORD", 1
"SortIndex"="REG_DWORD", 2
"URL"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=rbox&toolbarid=base&u=d8d1abf70000000000000800273d7dd7&q={searchTerms}&r=275"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Tuvaro toolbar]
"Comments"="REG_SZ", "Tuvaro toolbar "
"DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\tuvaro.ico""
"DisplayName"="REG_SZ", "Tuvaro toolbar "
"DisplayVersion"="REG_SZ", "1.8.16.19"
"EstimatedSize"="REG_DWORD", 2500
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "tuvaro"
"UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\tuvaro_uninst.exe""
[HKEY_CURRENT_USER\Software\tuvaroToolbar\tuvaroToolbar\ffxstrg]
"actvtyrpttime"="REG_SZ", "0"
"aflt"="REG_SZ", "orgnl"
"afterinstallrpt"="REG_SZ", "0"
"cntry"="REG_SZ", "NL"
"dfltlng"="REG_SZ", "en"
"dfltsrch"="REG_SZ", "false"
"envrmnt"="REG_SZ", "production"
"hmpg"="REG_SZ", "false"
"hrdid"="REG_SZ", "d8d1abf70000000000000800273d7dd7"
"id"="REG_SZ", "d8d1abf70000000000000800273d7dd7"
"instlday"="REG_SZ", "16346"
"instlref"="REG_SZ", ""
"isdcmntcmplt"="REG_SZ", "false"
"keywordurl"="REG_SZ", ""
"mntrvrsn"="REG_SZ", "1.3.1"
"monitorreport"="REG_SZ", "true"
"newtab"="REG_SZ", "true"
"newtaburl"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=homepage&toolbarid=base&u=d8d1abf70000000000000800273d7dd7"
"prdct"="REG_SZ", "tuvaro"
"prtnrid"="REG_SZ", "tuvaro"
"savedVrsnTs"="REG_SZ", "2"
"sg"="REG_SZ", "none"
"smplgrp"="REG_SZ", "none"
"srch"="REG_SZ", ""
"srchprvdr"="REG_SZ", "Tuvaro"
"tlbrid"="REG_SZ", "base"
"tlbrsrchurl"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=main&toolbarid=base&u=d8d1abf70000000000000800273d7dd7&q="
"tuvaro_afterinstallrpt"="REG_SZ", "sent"
"vrsn"="REG_SZ", "1.8.16.19"
"vrsni"="REG_SZ", ""
"vrsnts"="REG_SZ", ""
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/3/2014
Scan Time: 3:34:44 PM
Logfile: mbamTuvaro.txt
Administrator: Yes
Version: 2.00.3.1024
Malware Database: v2014.10.03.03
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266555
Time Elapsed: 3 min, 4 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 25
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\INPROCSERVER32, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvaroHlpr.1, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvaroHlpr, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5CB02877-EFBC-4317-B608-9E24B11BAB40}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5CB02877-EFBC-4317-B608-9E24B11BAB40}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5CB02877-EFBC-4317-B608-9E24B11BAB40}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvarodskBnd.1, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvarodskBnd, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c],
PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6F001652-AF51-45C6-B029-86E0265A1851}, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c],
PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6F001652-AF51-45C6-B029-86E0265A1851}, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\esrv.tuvaroESrvc, Quarantined, [97b83fd193e93600829fb1829073c838],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\esrv.tuvaroESrvc.1, Quarantined, [2a25a36df5875bdb74adc76c61a27b85],
PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\tuvaroToolbar, Quarantined, [52fdc14f3448003683db8ea46c979b65],
PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\omgjkafaoidbgamjoklhaiiciahohkbh, Quarantined, [034ca16f1a620135f16b89a93bc824dc],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvaroappCore.1, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvaroappCore, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\t, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2792F312-417E-4517-A824-7F55A2F18BE5}, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
Registry Values: 2
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{6F001652-AF51-45C6-B029-86E0265A1851}, Tuvaro Toolbar, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c]
PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{6F001652-AF51-45C6-B029-86E0265A1851}, Quarantined, [232c68a89ce04aecc03832644fb3bc44],
Registry Data: 0
(No malicious items detected)
Folders: 11
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected], Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\components, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\f[email protected]\content\imgs\flgs, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\META-INF, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
Files: 77
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh\tuvaro.dll, Quarantined, [94bbcf41aad23402c235e4b2a062e11f],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroTlbr.dll, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\searchplugins\tuvaro.xml, Quarantined, [123d16fa136945f1f32cc073e3205fa1],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome.manifest, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\install.rdf, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\components\blk-autocomplete.js, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\components\FFDisp.dll, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\components\tvro-autocomplete.js, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\dpk.htm, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\hlprs.js, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\jquery.newtab.js, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\loader.xul, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\mtstart.js, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\new browser tab.html, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\serp.js, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\tmplt.js, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\tuvaro.css, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\tuvaro.xul, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\arwDwn.gif, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\closeo.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\help_16.gif, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\home.gif, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\logo.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\magnify.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\privecy_16_hot.gif, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\sign.jpg, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\tellafriend.gif, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\ae.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\bg.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\ch.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\cn.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\cz.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\de.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\eg.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\en.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\es.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\fr.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\f[email protected]\content\imgs\flgs\gr.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\he.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\il.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\it.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\ja.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\jp.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\nl.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\no.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\pl.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\pt.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\ro.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\ru.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\sa.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\se.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\sv.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\tr.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\ua.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\imgs\flgs\us.png, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\META-INF\manifest.mf, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\META-INF\zigbert.rsa, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\META-INF\zigbert.sf, Quarantined, [153a9a76304c36006f0727c2966cb848],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\mgc.dll, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroApp.dll, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroEng.dll, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvarosrv.exe, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\uninstall.exe, Quarantined, [d778bc54c9b3a0960f6906e339c928d8],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\appCntrl.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\bg.html, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\bg.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\CrmAdpt.dll, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\ct.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\CTB.dll, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\ctvr.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\dpk.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\hprtkMsg.htm, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\hprtkMsg.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\json2.min.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\logo.png, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\manifest.json, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\pref.json, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e],
Physical Sectors: 0
(No malicious items detected)
(end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
