Scan Spyware on Twitter
Sunday, March 26, 2017

Bookmark and Share



2search


        Download

Description: 2Search is an adware that is implemented as Interent Explorer browser helper object. 2Search monitors URLs visited by Internet Explorer and displays similar URLs to the user. This adware also hijacks your host file and redirect browser search requests to its controlling server.

2search

Warning: A spy-ware removal software uses certain rules for detection and removal of spy-ware, malware, ad-ware and trojan from your PC. ScanSpyware.Net provides this information "AS IS" without warranty of any kind. Your use of this information is at your own risk. We strictly restrict you from using this information if you are not sure about what you are doing.


Recommendation 1: We recommend you to take a backup of Windows Registry before following these manual spyware removal instructions to fix your PC. You can do this by either creating a Restore Point using System Restore Utility in Windows System Tools or using the Export feature of regedit.exe.


Recommendation 2: By trying to remove spy-ware from your PC without getting any help from an expert may produce unexpected results. In case you suspect that your PC is infected with some spy-ware, ad-ware, malware or virus, just follow the instructions available at http://how-to.scanspyware.net/diagnose-and-fix.html to contact us for abolutely FREE help.


Directories

  • C:\Program Files\2Search
  • C:\Program Files\The Guard

Files

  • C:\Windows\var.txt.exe
  • C:\Windows\System32\resys.exe
  • C:\Windows\System32\007guard.exe
  • C:\Windows\System32\updater32.exe
  • C:\Windows\System32\2searchinstaller.exe
  • C:\Program Files\2Search\get.exe
  • C:\Program Files\2Search\date.dat
  • C:\Program Files\2Search\main.exe
  • C:\Program Files\2Search\getst.exe
  • C:\Program Files\2Search\plugin.dll
  • C:\Program Files\2Search\2search.dll
  • C:\Program Files\2Search\svchost.exe
  • C:\Program Files\2Search\uninstall.exe
  • C:\Program Files\2Search\defaultne.txt
  • C:\Program Files\The Guard\the007guard.ocx
  • C:\Program Files\The Guard\the007installer.exe

Registry Keys

  • HKEY_CLASSES_ROOT\\IEsearch.clsIESpy
  • HKEY_CLASSES_ROOT\\GoogleCatch.clsIESpy
  • HKEY_CLASSES_ROOT\\The007Guard.The007GuardCtrl.1
  • HKEY_CLASSES_ROOT\CLSID\{4508E20C-ACAD-11D2-9FC0-00550076E06F}
  • HKEY_CLASSES_ROOT\TypeLib\{20048BB0-DB68-11CF-9CAF-00AA006CB425}
  • HKEY_CLASSES_ROOT\TypeLib\{68E774CB-72D1-4A52-B55B-C0B1011E013B}
  • HKEY_CLASSES_ROOT\TypeLib\{4508E20A-ACAD-11D2-9FC0-00550076E06F}
  • HKEY_CLASSES_ROOT\Interface\{9C33138E-0581-4C28-A943-BC238A68208C}
  • HKEY_CLASSES_ROOT\Interface\{F79A1360-2754-43F3-8297-8A39408BE2BF}
  • HKEY_LOCAL_MACHINE\software\classes\IEsearch.clsIESpy
  • HKEY_LOCAL_MACHINE\software\classes\GoogleCatch.clsIESpy
  • HKEY_LOCAL_MACHINE\software\classes\The007Guard.The007GuardCtrl.1
  • HKEY_LOCAL_MACHINE\software\classes\CLSID\{4508E20C-ACAD-11D2-9FC0-00550076E06F}
  • HKEY_LOCAL_MACHINE\software\classes\TypeLib\{20048BB0-DB68-11CF-9CAF-00AA006CB425}
  • HKEY_LOCAL_MACHINE\software\classes\TypeLib\{68E774CB-72D1-4A52-B55B-C0B1011E013B}
  • HKEY_LOCAL_MACHINE\software\classes\TypeLib\{4508E20A-ACAD-11D2-9FC0-00550076E06F}
  • HKEY_LOCAL_MACHINE\software\classes\Interface\{9C33138E-0581-4C28-A943-BC238A68208C}
  • HKEY_LOCAL_MACHINE\software\classes\Interface\{F79A1360-2754-43F3-8297-8A39408BE2BF}
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2Search
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the guard
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2Search
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the guard
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4508E20C-ACAD-11D2-9FC0-00550076E06F}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4508E20C-ACAD-11D2-9FC0-00550076E06F}

Registry Values

  • HKEY_CURRENT_USER\SOFTWARE\WinRAR SFX\%programfilesdir%\2Search
  • HKEY_LOCAL_MACHINE\SOFTWARE\WinRAR SFX\%programfilesdir%\2Search
  • HKEY_CURRENT_USER\SOFTWARE\WinRAR SFX\%programfilesdir%\The Guard
  • HKEY_LOCAL_MACHINE\SOFTWARE\WinRAR SFX\%programfilesdir%\The Guard
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\2Search
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\svchost
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\svchost

Clsids

  • {4508E20C-ACAD-11D2-9FC0-00550076E06F}