Jump to content
Sign in to follow this  
Metallica

Removal instructions for Tuvaro Toolbar

Recommended Posts

What is Tuvaro Toolbar?

The Malwarebytes research team has determined that Tuvaro Toolbar is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Tuvaro Toolbar?

This is how the start- and search-page looks:

main.png

You may see this toolbar in your browser(s):

warning1.png

and these browser extensions/add-ons:

 

warning2.png

 

warning3.png

warning4.png

and this entry in your list of installed programs:

 

warning5.png

 

How did Tuvaro Toolbar get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Tuvaro Toolbar?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Tuvaro Toolbar?
  • The hijacker adds itself at the top of the list of search providers in Chrome. We will show you how to choose another one and change the startpage.
  • The hijacker sets itself as Homepage in Firefox. We will show you how to change that.
Look at the replies to this topic for the additional guides.

How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tuvaro Toolbar hijacker.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

protection1.png

Technical details for experts

 

Signs in a HijackThis log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tuvaro.com/ws/?source=&tbp=homepage&toolbarid=base&u=d8d1abf70000000000000800273d7dd7O2 - BHO: tuvaro Helper Object - {5CB02877-EFBC-4317-B608-9E24B11BAB40} - C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh\tuvaro.dllO3 - Toolbar: Tuvaro Toolbar - {6F001652-AF51-45C6-B029-86E0265A1851} - C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroTlbr.dll
 

Alterations made by the installer:

 

File system details  ---------------------------------------------    Adds the folder C:\Program Files\tuvaro\tuvaro\1.8.16.19       Adds the file mgc.dll"="3/12/2013 2:14 PM, 366080 bytes, A       Adds the file tuvaroApp.dll"="3/4/2013 3:01 PM, 720792 bytes, A       Adds the file tuvaroEng.dll"="3/4/2013 3:01 PM, 591768 bytes, A       Adds the file tuvarosrv.exe"="3/4/2013 3:01 PM, 381848 bytes, A       Adds the file tuvaroTlbr.dll"="3/4/2013 3:01 PM, 330136 bytes, A       Adds the file uninstall.exe"="10/3/2014 3:26 PM, 51401 bytes, A    Adds the folder C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh       Adds the file tuvaro.dll"="3/4/2013 3:01 PM, 255384 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0       Adds the file appCntrl.js"="9/6/2012 4:08 PM, 67 bytes, A       Adds the file bg.html"="9/19/2012 12:31 AM, 356 bytes, A       Adds the file bg.js"="2/13/2013 1:49 AM, 10788 bytes, A       Adds the file CrmAdpt.dll"="2/28/2013 11:49 AM, 201216 bytes, A       Adds the file ct.js"="10/4/2012 10:29 AM, 1004 bytes, A       Adds the file CTB.dll"="2/28/2013 11:49 AM, 237056 bytes, A       Adds the file ctvr.js"="2/13/2013 4:51 PM, 1436 bytes, A       Adds the file dpk.js"="2/22/2013 9:00 AM, 8675 bytes, A       Adds the file hprtkMsg.htm"="9/6/2012 4:08 PM, 2758 bytes, A       Adds the file hprtkMsg.js"="9/6/2012 4:08 PM, 402 bytes, A       Adds the file json2.min.js"="9/6/2012 4:08 PM, 2109 bytes, A       Adds the file logo.png"="1/26/2013 9:51 AM, 3219 bytes, A       Adds the file manifest.json"="2/13/2013 4:55 PM, 877 bytes, A       Adds the file pref.json"="2/24/2013 7:02 PM, 2117 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19       Adds the file instlData.js"="10/3/2014 3:25 PM, 323 bytes, A       Adds the file loader.png"="3/12/2013 1:53 PM, 46141 bytes, A       Adds the file mgc.dll"="3/12/2013 2:14 PM, 366080 bytes, A       Adds the file pref.json"="2/24/2013 7:02 PM, 2117 bytes, A       Adds the file rtData.js"="10/3/2014 3:25 PM, 475 bytes, A       Adds the file serp.js"="10/3/2014 3:25 PM, 1549 bytes, A       Adds the file tuvaro.crx"="2/28/2013 11:49 AM, 226067 bytes, A       Adds the file tuvaro.exe"="3/11/2013 5:05 PM, 86016 bytes, A       Adds the file tuvaro.ico"="1/28/2013 11:33 PM, 1406 bytes, A       Adds the file tuvaro.xpi"="3/4/2013 2:42 PM, 116283 bytes, A       Adds the file tuvaro_ieds.xml"="10/3/2014 3:26 PM, 1433 bytes, A       Adds the file tuvaro_uninst.exe"="3/14/2013 11:52 AM, 108984 bytes, A       Adds the file tuvaro4ie.exe"="3/14/2013 11:52 AM, 1087293 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\download       Adds the file sqlite.dll"="10/3/2014 3:25 PM, 573100 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\ffxtlbr@tuvaro.com       Adds the file chrome.manifest"="2/3/2013 1:27 PM, 295 bytes, A       Adds the file install.rdf"="1/28/2013 11:47 PM, 876 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\ffxtlbr@tuvaro.com\components       Adds the file blk-autocomplete.js"="1/26/2013 9:51 AM, 2163 bytes, A       Adds the file FFDisp.dll"="3/14/2013 10:13 AM, 28160 bytes, A       Adds the file tvro-autocomplete.js"="2/3/2013 1:27 PM, 2163 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\ffxtlbr@tuvaro.com\content    Adds the folder C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\ffxtlbr@tuvaro.com\META-INF    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com       Adds the file chrome.manifest"="10/3/2014 3:26 PM, 295 bytes, A       Adds the file install.rdf"="10/3/2014 3:26 PM, 876 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\components       Adds the file blk-autocomplete.js"="10/3/2014 3:26 PM, 2163 bytes, A       Adds the file FFDisp.dll"="10/3/2014 3:26 PM, 28160 bytes, A       Adds the file tvro-autocomplete.js"="10/3/2014 3:26 PM, 2163 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\META-INF       Adds the file manifest.mf"="10/3/2014 3:26 PM, 7292 bytes, A       Adds the file zigbert.rsa"="10/3/2014 3:26 PM, 3190 bytes, A       Adds the file zigbert.sf"="10/3/2014 3:26 PM, 7400 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\healthreport    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\searchplugins       Adds the file tuvaro.xml"="10/3/2014 3:26 PM, 1209 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]       "(Default)"="REG_SZ", "escort"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data]       "admin"="REG_SZ", "false"       "aflt"="REG_SZ", "orgnl"       "afltId"="REG_SZ", "orgnl"       "autoRvrt"="REG_SZ", "false"       "chrInstl"="REG_SZ", "all"       "dfltLng"="REG_SZ", ""       "dpblck"="REG_SZ", ""       "dpk"="REG_SZ", "94890b7bc8b79ae2997a47abacf62a5a"       "ds_url"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=rbox&toolbarid=base&u=d8d1abf70000000000000800273d7dd7&q={searchTerms}"       "excTlbr"="REG_SZ", "false"       "ffxInstl"="REG_SZ", "all"       "hrdId"="REG_SZ", "d8d1abf70000000000000800273d7dd7"       "ieInstl"="REG_SZ", "all"       "instDir"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"       "instlDay"="REG_DWORD", 16346       "instlRef"="REG_SZ", ""       "newTab"="REG_SZ", "true"       "nt_url"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=homepage&toolbarid=base&u=d8d1abf70000000000000800273d7dd7"       "postUninstall"="REG_SZ", ""       "rvrt"="REG_SZ", "false"       "smplGrp"="REG_SZ", "none"       "tlbrId"="REG_SZ", "base"       "tlbrSrchUrl"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=main&toolbarid=base&u=d8d1abf70000000000000800273d7dd7&q="       "uninstallAll"="REG_SZ", "false"       "uninstExt"="REG_SZ", "false"       "vrsni"="REG_SZ", "1.8.16.19"       "vrsnTs"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2792F312-417E-4517-A824-7F55A2F18BE5}]       "(Default)"="REG_SZ", "esrv"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]       "(Default)"="REG_SZ", "escorTlbr"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]       "(Default)"="REG_SZ", "escortEng"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]       "(Default)"="REG_SZ", "escortApp"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]       "AppID"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL]       "AppID"="REG_SZ", "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL]       "AppID"="REG_SZ", "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL]       "AppID"="REG_SZ", "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE]       "AppID"="REG_SZ", "{2792F312-417E-4517-A824-7F55A2F18BE5}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}]       "(Default)"="REG_SZ", "escrtSrvc Object"       "AppID"="REG_SZ", "{2792F312-417E-4517-A824-7F55A2F18BE5}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvarosrv.exe""       "ThreadingModel"="REG_SZ", "apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\ProgID]       "(Default)"="REG_SZ", "esrv.tuvaroESrvc.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\TypeLib]       "(Default)"="REG_SZ", "{2792F312-417E-4517-A824-7F55A2F18BE5}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\VersionIndependentProgID]       "(Default)"="REG_SZ", "esrv.tuvaroESrvc"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}]       "(Default)"="REG_SZ", "escortIEPane Object"       "AppID"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh\tuvaro.dll"       "ThreadingModel"="REG_SZ", "apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\ProgID]       "(Default)"="REG_SZ", "escort.escortIEPane.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\TypeLib]       "(Default)"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\VersionIndependentProgID]       "(Default)"="REG_SZ", "escort.escortIEPane"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}]       "(Default)"="REG_SZ", "escrtAx Object"       "AppID"="REG_SZ", "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroEng.dll"       "ThreadingModel"="REG_SZ", "apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\ProgID]       "(Default)"="REG_SZ", "t"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\TypeLib]       "(Default)"="REG_SZ", "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\VersionIndependentProgID]       "(Default)"="REG_SZ", "t"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}]       "(Default)"="REG_SZ", "tuvaro Helper Object"       "AppID"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh\tuvaro.dll"       "ThreadingModel"="REG_SZ", "apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\ProgID]       "(Default)"="REG_SZ", "tuvaro.tuvaroHlpr.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\TypeLib]       "(Default)"="REG_SZ", "{09C554C3-109B-483C-A06B-F14172F1A947}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\VersionIndependentProgID]       "(Default)"="REG_SZ", "tuvaro.tuvaroHlpr"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}]       "(Default)"="REG_SZ", "Tuvaro Toolbar"       "AppID"="REG_SZ", "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroTlbr.dll"       "ThreadingModel"="REG_SZ", "apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\ProgID]       "(Default)"="REG_SZ", "tuvaro.tuvarodskBnd.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\TypeLib]       "(Default)"="REG_SZ", "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\VersionIndependentProgID]       "(Default)"="REG_SZ", "tuvaro.tuvarodskBnd"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}]       "(Default)"="REG_SZ", "appCore Object"       "AppID"="REG_SZ", "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroApp.dll"       "ThreadingModel"="REG_SZ", "apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\ProgID]       "(Default)"="REG_SZ", "tuvaro.tuvaroappCore.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\TypeLib]       "(Default)"="REG_SZ", "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\VersionIndependentProgID]       "(Default)"="REG_SZ", "tuvaro.tuvaroappCore"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane]       "(Default)"="REG_SZ", "escortIEPane Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane\CLSID]       "(Default)"="REG_SZ", "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane\CurVer]       "(Default)"="REG_SZ", "escort.escortIEPane.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1]       "(Default)"="REG_SZ", "escortIEPane Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1\CLSID]       "(Default)"="REG_SZ", "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc]       "(Default)"="REG_SZ", "escrtSrvc Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc\CLSID]       "(Default)"="REG_SZ", "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc\CurVer]       "(Default)"="REG_SZ", "esrv.tuvaroESrvc.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1]       "(Default)"="REG_SZ", "escrtSrvc Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1\CLSID]       "(Default)"="REG_SZ", "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}]       "(Default)"="REG_SZ", "IRegmapDisp"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}]       "(Default)"="REG_SZ", "IEHostWnd"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}]       "(Default)"="REG_SZ", "Ixtrnlmain"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}]       "(Default)"="REG_SZ", "IescrtSrvc"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}]       "(Default)"="REG_SZ", "IXmlCnfg"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}]       "(Default)"="REG_SZ", "IEvntCntr"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}]       "(Default)"="REG_SZ", "IxpEmphszr"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}]       "(Default)"="REG_SZ", "IEscortFctry"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}]       "(Default)"="REG_SZ", "IesrvXtrnl"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}]       "(Default)"="REG_SZ", "IIEWndFct"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}]       "(Default)"="REG_SZ", "IXtrnlBsc"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}]       "(Default)"="REG_SZ", "IappCore"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}]       "(Default)"="REG_SZ", "IwebAtrbts"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\TypeLib]       "(Default)"="REG_SZ", "{A02005FA-FFF4-4099-9D14-E097378574C4}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t]       "(Default)"="REG_SZ", "escrtAx Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t\CLSID]       "(Default)"="REG_SZ", "{4CBF0FC8-4222-435B-9E57-0DE807350D39}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t\CurVer]       "(Default)"="REG_SZ", "t"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore]       "(Default)"="REG_SZ", "appCore Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore\CLSID]       "(Default)"="REG_SZ", "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore\CurVer]       "(Default)"="REG_SZ", "tuvaro.tuvaroappCore.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1]       "(Default)"="REG_SZ", "appCore Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1\CLSID]       "(Default)"="REG_SZ", "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd]       "(Default)"="REG_SZ", "CDskBnd Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd\CLSID]       "(Default)"="REG_SZ", "{6F001652-AF51-45C6-B029-86E0265A1851}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd\CurVer]       "(Default)"="REG_SZ", "tuvaro.tuvarodskBnd.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1]       "(Default)"="REG_SZ", "CDskBnd Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1\CLSID]       "(Default)"="REG_SZ", "{6F001652-AF51-45C6-B029-86E0265A1851}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr]       "(Default)"="REG_SZ", "CescrtHlpr Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr\CLSID]       "(Default)"="REG_SZ", "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr\CurVer]       "(Default)"="REG_SZ", "tuvaro.tuvaroHlpr.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1]       "(Default)"="REG_SZ", "CescrtHlpr Object"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1\CLSID]       "(Default)"="REG_SZ", "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2792F312-417E-4517-A824-7F55A2F18BE5}\1.0]       "(Default)"="REG_SZ", "esrv 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2792F312-417E-4517-A824-7F55A2F18BE5}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvarosrv.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2792F312-417E-4517-A824-7F55A2F18BE5}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2792F312-417E-4517-A824-7F55A2F18BE5}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0]       "(Default)"="REG_SZ", "escorTlbr 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroTlbr.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A02005FA-FFF4-4099-9D14-E097378574C4}\1.0]       "(Default)"="REG_SZ", "tuvaroCmn 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A02005FA-FFF4-4099-9D14-E097378574C4}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroEng.dll\2"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A02005FA-FFF4-4099-9D14-E097378574C4}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A02005FA-FFF4-4099-9D14-E097378574C4}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0]       "(Default)"="REG_SZ", "escortApp 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroApp.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\tuvaro\tuvaro\1.8.16.19"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]       "{6F001652-AF51-45C6-B029-86E0265A1851}"="REG_SZ", "Tuvaro Toolbar"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}]       "(Default)"="REG_SZ", "tuvaro Helper Object"       "NoExplorer"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh]       "path"="REG_SZ", "C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\tuvaro.crx"       "version"="REG_SZ", "1.0"    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]       "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"="REG_BINARY, ............       "{6F001652-AF51-45C6-B029-86E0265A1851}"="REG_BINARY, ............    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]       "Start Page"= REG_SZ, "http://tuvaro.com/ws/?source=&tbp=homepage&toolbarid=base&u=d8d1abf70000000000000800273d7dd7"    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]       "tuvaro.exe"="REG_DWORD", 9999       "tuvaroEngine.exe"="REG_DWORD", 9999    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]       "DefaultScope"= REG_SZ, "{568092B1-9E8B-4625-8EB4-D3BA76558F7F}"    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{568092B1-9E8B-4625-8EB4-D3BA76558F7F}]       "Codepage"="REG_DWORD", 65001       "DisplayName"="REG_SZ", "Tuvaro"       "FaviconPath"="REG_SZ", "C:\Users\{username}\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{568092B1-9E8B-4625-8EB4-D3BA76558F7F}.ico"       "FaviconURL"="REG_SZ", "http://tuvaro.com/favicon.ico"       "OSDFileURL"="REG_SZ", "file:///C:/Users/Malwarebytes/AppData/Local/tuvaro/tuvaro/Application/1.8.16.19//tuvaro_ieds.xml"       "ShowSearchSuggestions"="REG_DWORD", 1       "ShowTopResult"="REG_DWORD", 1       "SortIndex"="REG_DWORD", 2       "URL"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=rbox&toolbarid=base&u=d8d1abf70000000000000800273d7dd7&q={searchTerms}&r=275"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Tuvaro toolbar]       "Comments"="REG_SZ", "Tuvaro toolbar  "       "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\tuvaro.ico""       "DisplayName"="REG_SZ", "Tuvaro toolbar  "       "DisplayVersion"="REG_SZ", "1.8.16.19"       "EstimatedSize"="REG_DWORD", 2500       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "tuvaro"       "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Local\tuvaro\tuvaro\Application\1.8.16.19\tuvaro_uninst.exe""    [HKEY_CURRENT_USER\Software\tuvaroToolbar\tuvaroToolbar\ffxstrg]       "actvtyrpttime"="REG_SZ", "0"       "aflt"="REG_SZ", "orgnl"       "afterinstallrpt"="REG_SZ", "0"       "cntry"="REG_SZ", "NL"       "dfltlng"="REG_SZ", "en"       "dfltsrch"="REG_SZ", "false"       "envrmnt"="REG_SZ", "production"       "hmpg"="REG_SZ", "false"       "hrdid"="REG_SZ", "d8d1abf70000000000000800273d7dd7"       "id"="REG_SZ", "d8d1abf70000000000000800273d7dd7"       "instlday"="REG_SZ", "16346"       "instlref"="REG_SZ", ""       "isdcmntcmplt"="REG_SZ", "false"       "keywordurl"="REG_SZ", ""       "mntrvrsn"="REG_SZ", "1.3.1"       "monitorreport"="REG_SZ", "true"       "newtab"="REG_SZ", "true"       "newtaburl"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=homepage&toolbarid=base&u=d8d1abf70000000000000800273d7dd7"       "prdct"="REG_SZ", "tuvaro"       "prtnrid"="REG_SZ", "tuvaro"       "savedVrsnTs"="REG_SZ", "2"       "sg"="REG_SZ", "none"       "smplgrp"="REG_SZ", "none"       "srch"="REG_SZ", ""       "srchprvdr"="REG_SZ", "Tuvaro"       "tlbrid"="REG_SZ", "base"       "tlbrsrchurl"="REG_SZ", "http://tuvaro.com/ws/?source=&tbp=main&toolbarid=base&u=d8d1abf70000000000000800273d7dd7&q="       "tuvaro_afterinstallrpt"="REG_SZ", "sent"       "vrsn"="REG_SZ", "1.8.16.19"       "vrsni"="REG_SZ", ""       "vrsnts"="REG_SZ", ""
 

Malwarebytes Anti-Malware log:

 

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10/3/2014Scan Time: 3:34:44 PMLogfile: mbamTuvaro.txtAdministrator: YesVersion: 2.00.3.1024Malware Database: v2014.10.03.03Rootkit Database: v2014.09.19.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 266555Time Elapsed: 3 min, 4 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 25PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\INPROCSERVER32, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvaroHlpr.1, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvaroHlpr, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5CB02877-EFBC-4317-B608-9E24B11BAB40}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5CB02877-EFBC-4317-B608-9E24B11BAB40}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5CB02877-EFBC-4317-B608-9E24B11BAB40}, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvarodskBnd.1, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvarodskBnd, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c], PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6F001652-AF51-45C6-B029-86E0265A1851}, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c], PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6F001652-AF51-45C6-B029-86E0265A1851}, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\esrv.tuvaroESrvc, Quarantined, [97b83fd193e93600829fb1829073c838], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\esrv.tuvaroESrvc.1, Quarantined, [2a25a36df5875bdb74adc76c61a27b85], PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\tuvaroToolbar, Quarantined, [52fdc14f3448003683db8ea46c979b65], PUP.Optional.Tuvaro.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\omgjkafaoidbgamjoklhaiiciahohkbh, Quarantined, [034ca16f1a620135f16b89a93bc824dc], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvaroappCore.1, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\tuvaro.tuvaroappCore, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\t, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2792F312-417E-4517-A824-7F55A2F18BE5}, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], Registry Values: 2PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{6F001652-AF51-45C6-B029-86E0265A1851}, Tuvaro Toolbar, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c]PUP.Optional.Tuvaro.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{6F001652-AF51-45C6-B029-86E0265A1851}, Quarantined, [232c68a89ce04aecc03832644fb3bc44], Registry Data: 0(No malicious items detected)Folders: 11PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\components, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\META-INF, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], Files: 77PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\bh\tuvaro.dll, Quarantined, [94bbcf41aad23402c235e4b2a062e11f], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroTlbr.dll, Quarantined, [103f9b75c3b92214c335f1a5d82ae41c], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\searchplugins\tuvaro.xml, Quarantined, [123d16fa136945f1f32cc073e3205fa1], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\chrome.manifest, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\install.rdf, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\components\blk-autocomplete.js, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\components\FFDisp.dll, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\components\tvro-autocomplete.js, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\dpk.htm, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\hlprs.js, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\jquery.newtab.js, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\loader.xul, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\mtstart.js, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\new browser tab.html, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\serp.js, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\tmplt.js, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\tuvaro.css, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\tuvaro.xul, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\arwDwn.gif, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\closeo.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\help_16.gif, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\home.gif, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\logo.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\magnify.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\privecy_16_hot.gif, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\sign.jpg, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\tellafriend.gif, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\ae.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\bg.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\ch.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\cn.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\cz.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\de.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\eg.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\en.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\es.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\fr.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\gr.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\he.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\il.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\it.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\ja.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\jp.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\nl.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\no.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\pl.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\pt.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\ro.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\ru.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\sa.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\se.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\sv.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\tr.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\ua.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\content\imgs\flgs\us.png, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\META-INF\manifest.mf, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\META-INF\zigbert.rsa, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ffxtlbr@tuvaro.com\META-INF\zigbert.sf, Quarantined, [153a9a76304c36006f0727c2966cb848], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\mgc.dll, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroApp.dll, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvaroEng.dll, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\tuvarosrv.exe, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, C:\Program Files\tuvaro\tuvaro\1.8.16.19\uninstall.exe, Quarantined, [d778bc54c9b3a0960f6906e339c928d8], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\appCntrl.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\bg.html, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\bg.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\CrmAdpt.dll, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\ct.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\CTB.dll, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\ctvr.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\dpk.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\hprtkMsg.htm, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\hprtkMsg.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\json2.min.js, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\logo.png, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\manifest.json, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], PUP.Optional.Tuvaro.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\pref.json, Quarantined, [afa09c74a6d6be78389cfbee4eb4629e], Physical Sectors: 0(No malicious items detected)(end)
 

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites

How to change the Home buttons destination and organize the search providers in Chrome

Click the button that opens the customize and control menus in Chrome.

ChromeSettings.png

Then click OK and scroll down in the Settings menu to "Appearance" and "Search"

ChromeSettings2.png

Click the "Change" link behind "Show Home button" to alter the URL that button will produce.

ChromeChangeHome.png

Then click the "Manage Search Engines" button in the "Search" section.

Select a search engine and click the "Default" Button that will show up;

ChromeMD.png

Rightclick and "Delete" the dosearches entries.

ChromeSE.png

For some reason the delete does not always work, but make sure to delete al least the URL from that line.

Then click "Done" and close the "Settings" tab.

Share this post


Link to post
Share on other sites

How to change the Homepage in Firefox

Click the Firefox button and choose "Options" > "Options"

FirefoxSettings.png

On the "General" tab under "Startup" use one of the buttons or manually change the URL in the "HomePage" field. Click OK.

FirefoxSP.png

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.