PUA.Win32.Montiera.AB
HEUR:AdWare.Win32.DelBar.gen (Kaspersky)
Windows
Threat Type: Potentially Unwanted Application
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
2,285,768 bytes
EXE
Yes
22 Nov 2019
Arrival Details
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Potentially Unwanted Application adds the following processes:
- %User Temp%\tuvaro\tuvaro\1.8.12.7\tuvaro4ie.exe
- %User Temp%\tuvaro\tuvaro\1.8.12.7\tuvaro4ffx.exe
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe /RegServer
- "" tuvaro.xpi
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000(32-bit), Server 2003(32-bit), XP, Vista(64-bit), 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit) , or C:\Program Files (x86) in Windows XP(64-bit), Vista(64-bit), 7(64-bit), 8(64-bit), 8.1(64-bit), 2008(64-bit), 2012(64-bit) and 10(64-bit).)
It creates the following folders:
- %Application Data%\Mozilla\Firefox\Profiles
- %Program Files%\tuvaro\tuvaro\1.8.12.7\bh
- %User Temp%\tuvaro\tuvaro
- %User Temp%\mt_ffx
- %User Temp%\mt_ffx\tuvaro\tuvaro
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions
- %User Temp%\mt_ffx\tuvaro\tuvaro\1.8.12.7
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default
- %User Temp%\mt_ffx\tuvaro
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\searchplugins
- %System Root%\Users
- %Application Data%\Mozilla\Firefox
- %Application Data%\Mozilla
- %User Temp%\tuvaro
- %Program Files%\tuvaro\tuvaro
- %Program Files%\tuvaro
- %Application Data%\tuvaro
- %Program Files%\tuvaro\tuvaro\1.8.12.7
- %User Temp%\tuvaro\tuvaro\1.8.12.7
- %User Profile%\AppData
(Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}\Application Data on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Roaming on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000(32-bit), Server 2003(32-bit), XP, Vista(64-bit), 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit) , or C:\Program Files (x86) in Windows XP(64-bit), Vista(64-bit), 7(64-bit), 8(64-bit), 8.1(64-bit), 2008(64-bit), 2012(64-bit) and 10(64-bit).. %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).. %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.. %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name} on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)
Other System Modifications
This Potentially Unwanted Application deletes the following files:
- %User Temp%\nsuC5AF.tmp
- %User Temp%\nsuC5FD.tmp
- %User Temp%\nspBE02.tmp
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)
It deletes the following folders:
- %User Temp%\nsuC5AF.tmp
- %User Temp%\nsuC5FD.tmp
- %User Temp%\nspBE02.tmp
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)
It adds the following registry keys:
HKEY_CLASSES_ROOT\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\
instl\data
HKEY_CURRENT_USER\SOFTWARE\tuvaro\
tuvaro
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\escorTlbr.DLL
HKEY_CLASSES_ROOT\tuvaro.tuvarodskBnd.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvarodskBnd.1\CLSID
HKEY_CLASSES_ROOT\tuvaro.tuvarodskBnd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvarodskBnd\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvarodskBnd\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
TypeLib
HKEY_LOCAL_MACHINE\Software\Microsoft\
Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{E40E840E-5A15-4A29-9C51-9A060EEB192B}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\escort.DLL
HKEY_CLASSES_ROOT\escort.escortIEPane.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
escort.escortIEPane.1\CLSID
HKEY_CLASSES_ROOT\escort.escortIEPane
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
escort.escortIEPane\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
escort.escortIEPane\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
TypeLib
HKEY_CLASSES_ROOT\tuvaro.tuvaroHlpr.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroHlpr.1\CLSID
HKEY_CLASSES_ROOT\tuvaro.tuvaroHlpr
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroHlpr\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroHlpr\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\escortApp.DLL
HKEY_CLASSES_ROOT\tuvaro.tuvaroappCore.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroappCore.1\CLSID
HKEY_CLASSES_ROOT\tuvaro.tuvaroappCore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroappCore\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroappCore\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\
ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\
TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\escortEng.DLL
HKEY_CLASSES_ROOT\t
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
t\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
t\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
TypeLib
HKEY_CLASSES_ROOT\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\
instl\dfltLng
HKEY_LOCAL_MACHINE\SOFTWARE\Google\
chrome\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh
HKEY_LOCAL_MACHINE\SOFTWARE\tuvaro\
tuvaro\Instl
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
tuvaro
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2792F312-417E-4517-A824-7F55A2F18BE5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\esrv.EXE
HKEY_CLASSES_ROOT\esrv.tuvaroESrvc.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
esrv.tuvaroESrvc.1\CLSID
HKEY_CLASSES_ROOT\esrv.tuvaroESrvc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
esrv.tuvaroESrvc\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
esrv.tuvaroESrvc\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
TypeLib
It adds the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
trace = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
cam = ""
HKEY_CURRENT_USER\Software\tuvaro\
tuvaro
tlbrSrchUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
(Default) = "escorTlbr"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\escorTlbr.DLL
AppID = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvarodskBnd.1
(Default) = "CDskBnd Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvarodskBnd.1\CLSID
(Default) = "{6F001652-AF51-45C6-B029-86E0265A1851}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvarodskBnd
(Default) = "CDskBnd Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvarodskBnd\CLSID
(Default) = "{6F001652-AF51-45C6-B029-86E0265A1851}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvarodskBnd\CurVer
(Default) = "tuvaro.tuvarodskBnd.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
(Default) = "CDskBnd Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
ProgID
(Default) = "tuvaro.tuvarodskBnd.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
VersionIndependentProgID
(Default) = "tuvaro.tuvarodskBnd"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
InprocServer32
(Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroTlbr.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
InprocServer32
ThreadingModel = "apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
AppID = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\
TypeLib
(Default) = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Internet Explorer\Toolbar
{6F001652-AF51-45C6-B029-86E0265A1851} = "Tuvaro Toolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
(Default) = "Tuvaro Toolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Internet Explorer\Low Rights\
ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
Policy = "3"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Internet Explorer\Low Rights\
ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
AppName = "tuvarosrv.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Internet Explorer\Low Rights\
ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
AppPath = "%Program Files%\tuvaro\tuvaro\1.8.12.7"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
(Default) = "tuvaro Helper Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
NoExplorer = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
(Default) = "escort"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\escort.DLL
AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
escort.escortIEPane.1
(Default) = "escortIEPane Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
escort.escortIEPane.1\CLSID
(Default) = "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
escort.escortIEPane
(Default) = "escortIEPane Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
escort.escortIEPane\CLSID
(Default) = "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
escort.escortIEPane\CurVer
(Default) = "escort.escortIEPane.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
(Default) = "escortIEPane Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
ProgID
(Default) = "escort.escortIEPane.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
VersionIndependentProgID
(Default) = "escort.escortIEPane"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
InprocServer32
(Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
InprocServer32
ThreadingModel = "apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\
TypeLib
(Default) = "{09C554C3-109B-483C-A06B-F14172F1A947}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroHlpr.1
(Default) = "CescrtHlpr Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroHlpr.1\CLSID
(Default) = "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroHlpr
(Default) = "CescrtHlpr Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroHlpr\CLSID
(Default) = "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroHlpr\CurVer
(Default) = "tuvaro.tuvaroHlpr.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
(Default) = "CescrtHlpr Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
ProgID
(Default) = "tuvaro.tuvaroHlpr.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
VersionIndependentProgID
(Default) = "tuvaro.tuvaroHlpr"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
InprocServer32
(Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
InprocServer32
ThreadingModel = "apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\
TypeLib
(Default) = "{09C554C3-109B-483C-A06B-F14172F1A947}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
(Default) = "tuvaro Helper Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
(Default) = "escortApp"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\escortApp.DLL
AppID = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroappCore.1
(Default) = "appCore Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroappCore.1\CLSID
(Default) = "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroappCore
(Default) = "appCore Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroappCore\CLSID
(Default) = "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
tuvaro.tuvaroappCore\CurVer
(Default) = "tuvaro.tuvaroappCore.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
(Default) = "appCore Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
ProgID
(Default) = "tuvaro.tuvaroappCore.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
VersionIndependentProgID
(Default) = "tuvaro.tuvaroappCore"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
InprocServer32
(Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroApp.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
InprocServer32
ThreadingModel = "apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
AppID = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\
TypeLib
(Default) = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
hrdId = "1cca0df5000000000000005056bc6dd2"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
instlDay = "18098"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}
(Default) = "Ixtrnlmain"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}
(Default) = "IappCore"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}
(Default) = "IXtrnlBsc"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}
(Default) = "IEHostWnd"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
(Default) = "IXmlCnfg"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}
(Default) = "IRegmapDisp"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}
(Default) = "IIEWndFct"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}
(Default) = "IxpEmphszr"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
(Default) = "IwebAtrbts"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}
(Default) = "IEvntCntr"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}
(Default) = "IesrvXtrnl"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
(Default) = "IEscortFctry"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}
(Default) = "IescrtSrvc"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\
TypeLib
(Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\
TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
(Default) = "escortEng"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\escortEng.DLL
AppID = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
t
(Default) = "escrtAx Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
t\CLSID
(Default) = "{4CBF0FC8-4222-435B-9E57-0DE807350D39}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
t\CurVer
(Default) = "t"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
(Default) = "escrtAx Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
ProgID
(Default) = "t"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
VersionIndependentProgID
(Default) = "t"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
InprocServer32
(Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroEng.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
InprocServer32
ThreadingModel = "apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
AppID = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\
TypeLib
(Default) = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
vrsni = "1.8.12.7"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
afltId = "orgnl"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
aflt = "orgnl"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
smplGrp = "none"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
tlbrId = "base"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
instlRef = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
dfltLng
dfltLng = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
vrsnTs = "1.8.12.77:29:30"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
tlbrSrchUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
uninstallAll = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
autoRvrt = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
rvrt = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
admin = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
postUninstall = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
newTab = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
dpblck = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
ds_url = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
excTlbr = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
ffxUnstlRst = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
chrInstl = "all"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
ffxInstl = "all"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
ieInstl = "all"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
uninstExt = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
hp_url = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
hp_chrm = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
hp_ffx = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
nt_url = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
dsIE = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
dsFFX = "Tuvaro"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
dpk = "a3f0955cbf5582a1c1e9b51b717c3b0f"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Google
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Google\Chrome
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Google\Chrome\Extensions
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Google\Chrome\Extensions\
omgjkafaoidbgamjoklhaiiciahohkbh
path = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaro.crx"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Google\Chrome\Extensions\
omgjkafaoidbgamjoklhaiiciahohkbh
version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
tuvaro\tuvaro\Instl
InstallDir = "%Program Files%\tuvaro\tuvaro\1.8.12.7"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
DisplayName = "Tuvaro toolbar on IE and Chrome"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
UninstallString = "%Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
DisplayIcon = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
DisplayVersion = "1.8.12.7"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
Comments = "Tuvaro toolbar "
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
Publisher = "tuvaro"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
NoRepair = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Uninstall\tuvaro
EstimatedSize = "2500"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\
data
uninstaller = "%Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{2792F312-417E-4517-A824-7F55A2F18BE5}
(Default) = "esrv"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\esrv.EXE
AppID = "{2792F312-417E-4517-A824-7F55A2F18BE5}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
esrv.tuvaroESrvc.1
(Default) = "escrtSrvc Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
esrv.tuvaroESrvc.1\CLSID
(Default) = "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
esrv.tuvaroESrvc
(Default) = "escrtSrvc Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
esrv.tuvaroESrvc\CLSID
(Default) = "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
esrv.tuvaroESrvc\CurVer
(Default) = "esrv.tuvaroESrvc.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
(Default) = "escrtSrvc Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
ProgID
(Default) = "esrv.tuvaroESrvc.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
VersionIndependentProgID
(Default) = "esrv.tuvaroESrvc"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
LocalServer32
(Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
LocalServer32
ThreadingModel = "apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
AppID = "{2792F312-417E-4517-A824-7F55A2F18BE5}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\
TypeLib
(Default) = "{2792F312-417E-4517-A824-7F55A2F18BE5}"
Dropping Routine
This Potentially Unwanted Application drops the following files:
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\user.js
- %User Temp%\tuvaro\tuvaro\1.8.12.7\tuvaro4ie.exe
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroTlbr.dll
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaro.crx
- %Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe
- %User Temp%\tuvaro\tuvaro\1.8.12.7\nsis.js
- %User Temp%\mt_ffx\tuvaro\tuvaro\1.8.12.7\tuvaro.xpi
- %Program Files%\tuvaro\tuvaro\1.8.12.7\escortShld.dll
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\searchplugins\tuvaro.xml
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroApp.dll
- %User Temp%\tuvaro\tuvaro\1.8.12.7\C\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\lj5mikyj.default\user.js
- %Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe
- %System Root%\user.js
- %Application Data%\tuvaro\sqlite3.dll
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroEng.dll
- %User Temp%\tuvaro\tuvaro\1.8.12.7\tuvaro4ffx.exe
(Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}\Application Data on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Roaming on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).. %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000(32-bit), Server 2003(32-bit), XP, Vista(64-bit), 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit) , or C:\Program Files (x86) in Windows XP(64-bit), Vista(64-bit), 7(64-bit), 8(64-bit), 8.1(64-bit), 2008(64-bit), 2012(64-bit) and 10(64-bit).. %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.)
Other Details
This Potentially Unwanted Application connects to the following possibly malicious URL:
- http://{BLOCKED}o.com/a/toolbar?{random characters}
- http://ww7.{BLOCKED}o.com
- http://reports.{BLOCKED}ra.com
This report is generated via an automated analysis system.
SOLUTION
9.850
Step 1
Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.
Step 2
Identify and terminate files detected as PUA.Win32.Montiera.AB
- Windows Task Manager may not display all running processes. In this case, please use a third-party process viewer, preferably Process Explorer, to terminate the malware/grayware/spyware file. You may download the said tool here.
- If the detected file is displayed in either Windows Task Manager or Process Explorer but you cannot delete it, restart your computer in safe mode. To do this, refer to this link for the complete steps.
- If the detected file is not displayed in either Windows Task Manager or Process Explorer, continue doing the next steps.
Step 3
Delete this registry key
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_CLASSES_ROOT\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl
- data
- In HKEY_CURRENT_USER\SOFTWARE
- tuvaro
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- {4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- escorTlbr.DLL
- In HKEY_CLASSES_ROOT
- tuvaro.tuvarodskBnd.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1
- CLSID
- In HKEY_CLASSES_ROOT
- tuvaro.tuvarodskBnd
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
- {6F001652-AF51-45C6-B029-86E0265A1851}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
- TypeLib
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
- Toolbar
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {E40E840E-5A15-4A29-9C51-9A060EEB192B}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
- {5CB02877-EFBC-4317-B608-9E24B11BAB40}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- {09C554C3-109B-483C-A06B-F14172F1A947}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- escort.DLL
- In HKEY_CLASSES_ROOT
- escort.escortIEPane.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1
- CLSID
- In HKEY_CLASSES_ROOT
- escort.escortIEPane
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
- {2A3FF0D3-4417-492B-8929-11AB24EA0A90}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
- TypeLib
- In HKEY_CLASSES_ROOT
- tuvaro.tuvaroHlpr.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1
- CLSID
- In HKEY_CLASSES_ROOT
- tuvaro.tuvaroHlpr
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
- {5CB02877-EFBC-4317-B608-9E24B11BAB40}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- {D7EE8177-D51E-4F89-92B6-83EA2EC40800}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- escortApp.DLL
- In HKEY_CLASSES_ROOT
- tuvaro.tuvaroappCore.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1
- CLSID
- In HKEY_CLASSES_ROOT
- tuvaro.tuvaroappCore
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
- {9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {240A6AD4-4868-4513-A8DD-3ABF47E1F146}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {DD973375-0904-4886-8F63-6FC3A2BE6544}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {C6712CEF-79A8-440E-A7AC-4EF00C856922}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {23D1685B-A018-430F-B3AB-F517B471569E}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {033998B0-0745-472D-8F2B-EB55EBA42F58}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {B98D2F59-0329-4A5A-B112-B989B4D4BACA}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {4F3868C3-C08B-490E-93AD-834413F7FD22}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {4C694E60-4549-466D-83FB-C4C162FB53E2}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {A88A4515-66BC-413B-9526-3FF53B5F21C8}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
- {33278AD4-8305-49E1-A58B-E5A9057BFDC3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- {B12E99ED-69BD-437C-86BE-C862B9E5444D}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- escortEng.DLL
- In HKEY_CLASSES_ROOT
- t
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
- {4CBF0FC8-4222-435B-9E57-0DE807350D39}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
- TypeLib
- In HKEY_CLASSES_ROOT\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl
- dfltLng
- In HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions
- omgjkafaoidbgamjoklhaiiciahohkbh
- In HKEY_LOCAL_MACHINE\SOFTWARE\tuvaro\tuvaro
- Instl
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- tuvaro
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- {2792F312-417E-4517-A824-7F55A2F18BE5}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- esrv.EXE
- In HKEY_CLASSES_ROOT
- esrv.tuvaroESrvc.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1
- CLSID
- In HKEY_CLASSES_ROOT
- esrv.tuvaroESrvc
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
- {1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
- LocalServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
- TypeLib
Step 4
Delete this registry value
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- trace = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- cam = ""
- In HKEY_CURRENT_USER\Software\tuvaro\tuvaro
- tlbrSrchUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
- (Default) = "escorTlbr"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL
- AppID = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1
- (Default) = "CDskBnd Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1\CLSID
- (Default) = "{6F001652-AF51-45C6-B029-86E0265A1851}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd
- (Default) = "CDskBnd Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd\CLSID
- (Default) = "{6F001652-AF51-45C6-B029-86E0265A1851}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd\CurVer
- (Default) = "tuvaro.tuvarodskBnd.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
- (Default) = "CDskBnd Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\ProgID
- (Default) = "tuvaro.tuvarodskBnd.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\VersionIndependentProgID
- (Default) = "tuvaro.tuvarodskBnd"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\InprocServer32
- (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroTlbr.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\InprocServer32
- ThreadingModel = "apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
- AppID = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\TypeLib
- (Default) = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
- {6F001652-AF51-45C6-B029-86E0265A1851} = "Tuvaro Toolbar"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
- (Default) = "Tuvaro Toolbar"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
- Policy = "3"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
- AppName = "tuvarosrv.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
- AppPath = "%Program Files%\tuvaro\tuvaro\1.8.12.7"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- (Default) = "tuvaro Helper Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- NoExplorer = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
- (Default) = "escort"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL
- AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1
- (Default) = "escortIEPane Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1\CLSID
- (Default) = "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane
- (Default) = "escortIEPane Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane\CLSID
- (Default) = "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane\CurVer
- (Default) = "escort.escortIEPane.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
- (Default) = "escortIEPane Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\ProgID
- (Default) = "escort.escortIEPane.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\VersionIndependentProgID
- (Default) = "escort.escortIEPane"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\InprocServer32
- (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\InprocServer32
- ThreadingModel = "apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
- AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\TypeLib
- (Default) = "{09C554C3-109B-483C-A06B-F14172F1A947}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1
- (Default) = "CescrtHlpr Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1\CLSID
- (Default) = "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr
- (Default) = "CescrtHlpr Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr\CLSID
- (Default) = "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr\CurVer
- (Default) = "tuvaro.tuvaroHlpr.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- (Default) = "CescrtHlpr Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\ProgID
- (Default) = "tuvaro.tuvaroHlpr.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\VersionIndependentProgID
- (Default) = "tuvaro.tuvaroHlpr"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\InprocServer32
- (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\InprocServer32
- ThreadingModel = "apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\TypeLib
- (Default) = "{09C554C3-109B-483C-A06B-F14172F1A947}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
- (Default) = "tuvaro Helper Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
- (Default) = "escortApp"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL
- AppID = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1
- (Default) = "appCore Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1\CLSID
- (Default) = "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore
- (Default) = "appCore Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore\CLSID
- (Default) = "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore\CurVer
- (Default) = "tuvaro.tuvaroappCore.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
- (Default) = "appCore Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\ProgID
- (Default) = "tuvaro.tuvaroappCore.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\VersionIndependentProgID
- (Default) = "tuvaro.tuvaroappCore"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\InprocServer32
- (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroApp.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\InprocServer32
- ThreadingModel = "apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
- AppID = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\TypeLib
- (Default) = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- hrdId = "1cca0df5000000000000005056bc6dd2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- instlDay = "18098"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}
- (Default) = "Ixtrnlmain"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}
- (Default) = "IappCore"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}
- (Default) = "IXtrnlBsc"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}
- (Default) = "IEHostWnd"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
- (Default) = "IXmlCnfg"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}
- (Default) = "IRegmapDisp"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}
- (Default) = "IIEWndFct"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}
- (Default) = "IxpEmphszr"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
- (Default) = "IwebAtrbts"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}
- (Default) = "IEvntCntr"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}
- (Default) = "IesrvXtrnl"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
- (Default) = "IEscortFctry"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}
- (Default) = "IescrtSrvc"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\TypeLib
- (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
- (Default) = "escortEng"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL
- AppID = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t
- (Default) = "escrtAx Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t\CLSID
- (Default) = "{4CBF0FC8-4222-435B-9E57-0DE807350D39}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t\CurVer
- (Default) = "t"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
- (Default) = "escrtAx Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\ProgID
- (Default) = "t"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\VersionIndependentProgID
- (Default) = "t"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\InprocServer32
- (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroEng.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\InprocServer32
- ThreadingModel = "apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
- AppID = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\TypeLib
- (Default) = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- vrsni = "1.8.12.7"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- afltId = "orgnl"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- aflt = "orgnl"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- smplGrp = "none"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- tlbrId = "base"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- instlRef = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\dfltLng
- dfltLng = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- vrsnTs = "1.8.12.77:29:30"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- tlbrSrchUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- uninstallAll = "false"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- autoRvrt = "false"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- rvrt = "false"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- admin = "false"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- postUninstall = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- newTab = "false"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- dpblck = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- ds_url = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- excTlbr = "false"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- ffxUnstlRst = "false"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- chrInstl = "all"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- ffxInstl = "all"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- ieInstl = "all"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- uninstExt = "false"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- hp_url = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- hp_chrm = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- hp_ffx = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- nt_url = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- dsIE = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- dsFFX = "Tuvaro"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- dpk = "a3f0955cbf5582a1c1e9b51b717c3b0f"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google
- (Default) = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome
- (Default) = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions
- (Default) = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh
- path = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaro.crx"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh
- version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\tuvaro\tuvaro\Instl
- InstallDir = "%Program Files%\tuvaro\tuvaro\1.8.12.7"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- DisplayName = "Tuvaro toolbar on IE and Chrome"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- UninstallString = "%Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- DisplayIcon = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- DisplayVersion = "1.8.12.7"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- Comments = "Tuvaro toolbar "
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- Publisher = "tuvaro"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- NoModify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- NoRepair = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
- EstimatedSize = "2500"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
- uninstaller = "%Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2792F312-417E-4517-A824-7F55A2F18BE5}
- (Default) = "esrv"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE
- AppID = "{2792F312-417E-4517-A824-7F55A2F18BE5}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1
- (Default) = "escrtSrvc Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1\CLSID
- (Default) = "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc
- (Default) = "escrtSrvc Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc\CLSID
- (Default) = "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc\CurVer
- (Default) = "esrv.tuvaroESrvc.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
- (Default) = "escrtSrvc Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\ProgID
- (Default) = "esrv.tuvaroESrvc.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\VersionIndependentProgID
- (Default) = "esrv.tuvaroESrvc"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\LocalServer32
- (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\LocalServer32
- ThreadingModel = "apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
- AppID = "{2792F312-417E-4517-A824-7F55A2F18BE5}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\TypeLib
- (Default) = "{2792F312-417E-4517-A824-7F55A2F18BE5}"
Step 5
Search and delete these components
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\user.js
- %User Temp%\tuvaro\tuvaro\1.8.12.7\tuvaro4ie.exe
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroTlbr.dll
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaro.crx
- %Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe
- %User Temp%\tuvaro\tuvaro\1.8.12.7\nsis.js
- %User Temp%\mt_ffx\tuvaro\tuvaro\1.8.12.7\tuvaro.xpi
- %Program Files%\tuvaro\tuvaro\1.8.12.7\escortShld.dll
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\searchplugins\tuvaro.xml
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroApp.dll
- %User Temp%\tuvaro\tuvaro\1.8.12.7\C\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\lj5mikyj.default\user.js
- %Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe
- %System Root%\user.js
- %Application Data%\tuvaro\sqlite3.dll
- %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroEng.dll
- %User Temp%\tuvaro\tuvaro\1.8.12.7\tuvaro4ffx.exe
Step 6
Search and delete these folders
- %Application Data%\Mozilla\Firefox\Profiles
- %Program Files%\tuvaro\tuvaro\1.8.12.7\bh
- %User Temp%\tuvaro\tuvaro
- %User Temp%\mt_ffx
- %User Temp%\mt_ffx\tuvaro\tuvaro
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions
- %User Temp%\mt_ffx\tuvaro\tuvaro\1.8.12.7
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default
- %User Temp%\mt_ffx\tuvaro
- %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\searchplugins
- %System Root%\Users
- %Application Data%\Mozilla\Firefox
- %Application Data%\Mozilla
- %User Temp%\tuvaro
- %Program Files%\tuvaro\tuvaro
- %Program Files%\tuvaro
- %Application Data%\tuvaro
- %Program Files%\tuvaro\tuvaro\1.8.12.7
- %User Temp%\tuvaro\tuvaro\1.8.12.7
- %User Profile%\AppData
Step 7
Scan your computer with your Trend Micro product to delete files detected as PUA.Win32.Montiera.AB. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:
Step 8
Restore this file from backup only Microsoft-related files will be restored. If this malware/grayware also deleted files related to programs that are not from Microsoft, please reinstall those programs on you computer again.
- %User Temp%\nsuC5AF.tmp
- %User Temp%\nsuC5FD.tmp
- %User Temp%\nspBE02.tmp
Did this description help? Tell us how we did.