Jump to content

Recommended Posts

  • Staff

What is Spyware Clear?

The Malwarebytes research team has determined that Spyware Clear is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.

How do I know if I am infected with Spyware Clear?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this warning during install:

warning2.png

and these screens during "operations":

warning6.png

warning7.png

You may see this entry in your list of installed programs:

warning4.png

and this Browser Helper Object in Internet Explorer:

warning3.png

How did Spyware Clear get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

How do I remove Spyware Clear?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

Is there anything else I need to do to get rid of Spyware Clear?

  • No, Malwarebytes removes Spyware Clear completely.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the Spyware Clear installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

 

protection1.png


and we block access to their domain:
 

protection2.png


Technical details for experts

You may see these entries in FRST logs:

 

(Crawler Group, LLC) C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [5179608 2016-04-07] (Crawler Group, LLC)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5509848 2016-04-07] (Crawler Group, LLC)
BHO: Spyware Clear Internet Guard -> {E563E407-B348-41FB-BC3D-EACE3BD4B1A1} -> C:\Program Files (x86)\Spyware Clear\SCInternetGuard64.dll [2016-04-07] (Crawler Group, LLC)
BHO-x32: Spyware Clear Internet Guard -> {E563E407-B348-41FB-BC3D-EACE3BD4B1A1} -> C:\Program Files (x86)\Spyware Clear\SCInternetGuard.dll [2016-04-07] (Crawler Group, LLC)
R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3208408 2016-04-07] (Crawler Group, LLC)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
C:\ProgramData\Spyware Clear
C:\Users\{username}\AppData\LocalLow\Spyware Clear
C:\Users\Public\Desktop\Spyware Clear.lnk
C:\Users\{username}\AppData\Roaming\Spyware Clear
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear
C:\Program Files (x86)\Spyware Clear

Spyware Clear (HKLM-x32\...\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1) (Version: 1.3.1.45 - Crawler Group) <==== ATTENTION
FirewallRules: [{D32BAD43-68D2-4E4A-980A-7CDF16E85C1E}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe
FirewallRules: [{941888E3-50AF-4F14-9A4F-5AC25EF2532A}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\Spyware Clear
       Adds the file com.spywareclear.internetguard.json"="6/21/2018 9:34 AM, 458 bytes, A
       Adds the file SC_Svc64.exe"="4/7/2016 11:42 PM, 3208408 bytes, A
       Adds the file SCInternetGuard.dll"="4/7/2016 11:43 PM, 2081496 bytes, A
       Adds the file SCInternetGuard.exe"="4/7/2016 11:42 PM, 1219800 bytes, A
       Adds the file SCInternetGuard64.dll"="4/7/2016 11:43 PM, 3339992 bytes, A
       Adds the file SCShell.dll"="4/7/2016 11:42 PM, 840408 bytes, A
       Adds the file SCShell64.dll"="4/7/2016 11:42 PM, 1337048 bytes, A
       Adds the file SpywareClear.exe"="4/7/2016 11:42 PM, 7177432 bytes, A
       Adds the file SpywareClearShield.exe"="4/7/2016 11:42 PM, 5179608 bytes, A
       Adds the file SpywareClearUpdate.exe"="4/7/2016 11:42 PM, 5509848 bytes, A
       Adds the file sqlite3.dll"="1/16/2012 8:06 PM, 577621 bytes, A
       Adds the file TorrentDll.dll"="6/21/2018 9:34 AM, 1900544 bytes, A
       Adds the file unins000.dat"="6/21/2018 9:34 AM, 30082 bytes, A
       Adds the file unins000.exe"="6/21/2018 9:33 AM, 1259248 bytes, A
       Adds the file unins000.msg"="6/21/2018 9:34 AM, 10562 bytes, A
    Adds the folder C:\Program Files (x86)\Spyware Clear\Driver
       Adds the file driver.cab"="6/21/2018 9:34 AM, 32424 bytes, A
       Adds the file stflt.cat"="8/24/2011 11:56 AM, 9415 bytes, A
       Adds the file stflt.inf"="4/23/2010 4:12 PM, 2404 bytes, A
       Adds the file stflt.sys"="8/24/2011 11:56 AM, 51496 bytes, A
    Adds the folder C:\Program Files (x86)\Spyware Clear\Tools
       Adds the file 24x7.xml"="4/7/2016 11:41 PM, 11510 bytes, A
       Adds the file analyze.xml"="4/7/2016 11:41 PM, 10778 bytes, A
       Adds the file analyzefile.exe"="4/7/2016 11:42 PM, 2597592 bytes, A
       Adds the file bloatware.xml"="4/7/2016 11:41 PM, 10477 bytes, A
       Adds the file defsyssettings.exe"="4/7/2016 11:42 PM, 2889944 bytes, A
       Adds the file hardfileremover.exe"="4/7/2016 11:42 PM, 2425048 bytes, A
       Adds the file optimizer.xml"="4/7/2016 11:41 PM, 11837 bytes, A
       Adds the file ov.xml"="4/7/2016 11:41 PM, 11455 bytes, A
       Adds the file remover.xml"="4/7/2016 11:41 PM, 9431 bytes, A
       Adds the file restore.xml"="4/7/2016 11:41 PM, 11202 bytes, A
       Adds the file so.xml"="4/7/2016 11:41 PM, 11154 bytes, A
       Adds the file startup.xml"="4/7/2016 11:41 PM, 9688 bytes, A
       Adds the file systemrestore.exe"="4/7/2016 11:42 PM, 2374872 bytes, A
       Adds the file systemsettings.xml"="4/7/2016 11:41 PM, 11018 bytes, A
       Adds the file unstableaddons.xml"="4/7/2016 11:41 PM, 9794 bytes, A
       Adds the file virtualkeyboard.xml"="4/7/2016 11:41 PM, 9970 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear
       Adds the file Spyware Clear.lnk"="6/21/2018 9:34 AM, 1006 bytes, A
       Adds the file SpywareClear.com.url"="6/21/2018 9:34 AM, 54 bytes, A
       Adds the file Uninstall Spyware Clear.lnk"="6/21/2018 9:34 AM, 986 bytes, A
    Adds the folder C:\ProgramData\Spyware Clear
       Adds the file lng.ini"="6/21/2018 9:34 AM, 683174 bytes, A
       Adds the file SC_CPL.xml"="6/21/2018 9:34 AM, 1545 bytes, A
       Adds the file ST_CSD.spt"="10/25/2015 11:56 PM, 639919 bytes, A
       Adds the file ST_DB.spt"="4/7/2016 11:41 PM, 2401704 bytes, A
       Adds the file ST_DSD.spt"="12/9/2016 3:58 AM, 75271 bytes, A
       Adds the file ST_RL.spt"="6/21/2018 9:34 AM, 4 bytes, A
       Adds the file ST_RTL.spt"="6/21/2018 9:38 AM, 28114 bytes, A
    Adds the folder C:\ProgramData\Spyware Clear\Addons
       Adds the file addons.xml"="6/21/2018 9:34 AM, 989 bytes, A
    Adds the folder C:\ProgramData\Spyware Clear\Antivir
    Adds the folder C:\ProgramData\Spyware Clear\Down
    Adds the folder C:\ProgramData\Spyware Clear\News
       Adds the file 185_en_3.pngx"="6/21/2018 9:34 AM, 11451 bytes, A
       Adds the file 186_en_3.pngx"="6/21/2018 9:34 AM, 21938 bytes, A
       Adds the file 187_en_11.pngx"="6/21/2018 9:34 AM, 41575 bytes, A
       Adds the file 188_en_3.pngx"="6/21/2018 9:34 AM, 27998 bytes, A
       Adds the file 191_en_10.pngx"="6/21/2018 9:34 AM, 36081 bytes, A
       Adds the file 192_en_4.pngx"="6/21/2018 9:34 AM, 34902 bytes, A
       Adds the file 193_en_3.pngx"="6/21/2018 9:34 AM, 12433 bytes, A
       Adds the file 251_en_3.pngx"="6/21/2018 9:34 AM, 40203 bytes, A
       Adds the file 275_en_2.pngx"="6/21/2018 9:34 AM, 17501 bytes, A
       Adds the file 276_en_2.pngx"="6/21/2018 9:34 AM, 18140 bytes, A
       Adds the file 277_en_2.pngx"="6/21/2018 9:34 AM, 17145 bytes, A
       Adds the file 278_en_2.pngx"="6/21/2018 9:34 AM, 16975 bytes, A
       Adds the file 302_en_4.pngx"="6/21/2018 9:34 AM, 30734 bytes, A
       Adds the file 308_en_5.pngx"="6/21/2018 9:34 AM, 38456 bytes, A
       Adds the file 368_en_2.pngx"="6/21/2018 9:34 AM, 32391 bytes, A
       Adds the file 378_en_1.pngx"="6/21/2018 9:34 AM, 24619 bytes, A
       Adds the file 383_en_3.pngx"="6/21/2018 9:34 AM, 24619 bytes, A
       Adds the file 399_en_1.pngx"="6/21/2018 9:34 AM, 132024 bytes, A
       Adds the file 400_en_1.pngx"="6/21/2018 9:34 AM, 132024 bytes, A
       Adds the file 420_en_1.pngx"="6/21/2018 9:34 AM, 223620 bytes, A
    Adds the folder C:\ProgramData\Spyware Clear\Quarantine
    Adds the folder C:\ProgramData\Spyware Clear\Reports
       Adds the file scan_0001.rpt"="6/21/2018 9:35 AM, 214975 bytes, A
    Adds the folder C:\ProgramData\Spyware Clear\Shared
       Adds the file ST_1_CSD_3.000.000.0008.cab"="6/21/2018 9:34 AM, 614058 bytes, A
       Adds the file ST_1_CSD_3.000.000.0008.ini"="6/21/2018 9:34 AM, 219 bytes, A
       Adds the file ST_1_CSD_3.000.000.0008.torrent"="6/21/2018 9:34 AM, 366 bytes, A
       Adds the file ST_1_DB_12.002.019.0000.cab"="6/21/2018 9:34 AM, 0 bytes, A
       Adds the file ST_1_DB_12.002.019.0000.ini"="6/21/2018 9:34 AM, 218 bytes, A
       Adds the file ST_1_DB_12.002.019.0000.torrent"="6/21/2018 9:34 AM, 1650 bytes, A
       Adds the file ST_1_DSD_1.000.000.0006.cab"="6/21/2018 9:34 AM, 31807 bytes, A
       Adds the file ST_1_DSD_1.000.000.0006.ini"="6/21/2018 9:34 AM, 228 bytes, A
       Adds the file ST_1_DSD_1.000.000.0006.torrent"="6/21/2018 9:34 AM, 325 bytes, A
    Adds the folder C:\ProgramData\Spyware Clear\Update
    Adds the folder C:\Users\{username}\AppData\LocalLow\Spyware Clear
    Adds the folder C:\Users\{username}\AppData\Roaming\Spyware Clear
    In the existing folder C:\Users\Public\Desktop
       Adds the file Spyware Clear.lnk"="6/21/2018 9:34 AM, 988 bytes, A
    In the existing folder C:\Windows\System32\drivers
       Adds the file stflt.sys"="8/24/2011 11:56 AM, 51496 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SCShellMenu]
       "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SCShellMenu]
       "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}]
       "(Default)"="REG_SZ", "Spyware Clear"
       "LocalizedString"="REG_SZ", "Spyware Clear"
       "System.ApplicationName"="REG_SZ", "SC"
       "System.ControlPanel.Category"="REG_SZ", "8,10"
       "System.Software.TasksFileUrl"="REG_SZ", "C:\ProgramData\Spyware Clear\SC_CPL.xml"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}\DefaultIcon]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClear.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}\Shell\Open\Command]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClear.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\ProgID]
       "(Default)"="REG_SZ", "SCInternetGuard.ProtNego"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}]
       "(Default)"="REG_SZ", "Spyware Clear Internet Guard"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~2.DLL"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\ProgID]
       "(Default)"="REG_SZ", "SCInternetGuard.JSObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}]
       "(Default)"="REG_SZ", "Spyware Clear Internet Guard"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~2.DLL"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}]
       "(Default)"="REG_SZ", "SCShellMenuHandler"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SCShell64.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\ProgID]
       "(Default)"="REG_SZ", "SCShell64.SCShellMenu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\SCShellMenu]
       "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}]
       "(Default)"="REG_SZ", "IJSObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}\TypeLib]
       "(Default)"="REG_SZ", "{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\SCShellMenu]
       "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCInternetGuard.JSObj]
       "(Default)"="REG_SZ", "JSObj Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCInternetGuard.JSObj\Clsid]
       "(Default)"="REG_SZ", "{C03C262D-9260-4124-B50E-04FB49ED0504}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCInternetGuard.ProtNego]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCInternetGuard.ProtNego\Clsid]
       "(Default)"="REG_SZ", "{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCShell.SCShellMenu]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCShell.SCShellMenu\Clsid]
       "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCShell64.SCShellMenu]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCShell64.SCShellMenu\Clsid]
       "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}\1.0]
       "(Default)"="REG_SZ", "SCInternetGuard"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SCInternetGuard64.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~1.DLL"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\ProgID]
       "(Default)"="REG_SZ", "SCInternetGuard.ProtNego"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}]
       "(Default)"="REG_SZ", "Spyware Clear Internet Guard"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~1.DLL"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\ProgID]
       "(Default)"="REG_SZ", "SCInternetGuard.JSObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}]
       "(Default)"="REG_SZ", "Spyware Clear Internet Guard"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\Implemented Categories]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~1.DLL"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}]
       "(Default)"="REG_SZ", "SCShellMenuHandler"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SCShell.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\ProgID]
       "(Default)"="REG_SZ", "SCShell.SCShellMenu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}]
       "(Default)"="REG_SZ", "IJSObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}\TypeLib]
       "(Default)"="REG_SZ", "{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}]
       "(Default)"="REG_SZ", ""
       "NoExplorer"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}]
       "(Default)"="REG_SZ", "Spyware Clear"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
       "SpywareClearShield"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe"
       "SpywareClearUpdater"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear]
       "(Default)"="REG_SZ", ""
       "AntivirusFPScanArchives"="REG_DWORD", 1
       "AntivirusFPScanHigh"="REG_DWORD", 0
       "AUTO_DELETE_REVIEW_LIST"="REG_DWORD", 1
       "DownloadUpdatesBeforeScan"="REG_DWORD", 0
       "FirstScanDone"="REG_DWORD", 1
       "FirstShow"="REG_DWORD", 1
       "FS_DownloadLimit"="REG_DWORD", 51200
       "FS_FromPort"="REG_DWORD", 6881
       "FS_ToPort"="REG_DWORD", 6889
       "FS_UploadLimit"="REG_DWORD", 10240
       "HIPSEnabled"="REG_DWORD", 0
       "HIPSLevel"="REG_DWORD", 0
       "INSTALL"="REG_BINARY, ....
       "InstallAutoDetect"="REG_DWORD", 0
       "INSTCFG"="REG_SZ", "274"
       "lastNews"="REG_BINARY, ....
       "lastPhoneUpdate"="REG_BINARY, ....
       "LastResult"="REG_DWORD", 14
       "LastSavedReport"="REG_DWORD", 1
       "lastScanTime"="REG_BINARY, ....
       "lastUpdate"="REG_BINARY, ....
       "LNG"="REG_SZ", "en"
       "LNG_VER"="REG_SZ", "1.3.1.45"
       "MAX_REVIEW_LIST_ITEMS"="REG_DWORD", 500
       "MAX_SAVED_REPORTS"="REG_DWORD", 50
       "newDBAvailable"="REG_DWORD", 1
       "nextScanTime"="REG_BINARY, ....
       "nextUpdate"="REG_BINARY, ....
       "PerformSecurityCheck"="REG_DWORD", 1
       "Quarantine"="REG_DWORD", 1
       "ReportUsage"="REG_DWORD", 1
       "RSLevel"="REG_DWORD", 0
       "RSShieldEnabled"="REG_DWORD", 1
       "RSShowTray"="REG_DWORD", 1
       "SaveReports"="REG_DWORD", 1
       "ScanArchive"="REG_DWORD", 0
       "ScanRemovable"="REG_DWORD", 0
       "SchedFullScan"="REG_DWORD", 0
       "SchedNoProgress"="REG_DWORD", 1
       "SchedNoResults"="REG_DWORD", 0
       "SchedPostponeUnplugged"="REG_DWORD", 1
       "SchedScanDays"="REG_DWORD", 2
       "SchedScanTime"="REG_DWORD", 9
       "SendThreatStat"="REG_DWORD", 1
       "SHELL_MENU_ITEM_CAPTION"="REG_SZ", "Scan with Spyware Clear"
       "ShieldShowCloseConfirmMsg"="REG_DWORD", 1
       "ShowCenterCloseConfirmMsg"="REG_DWORD", 1
       "ShowCenterMinimizeMsg"="REG_DWORD", 1
       "ShowUpdaterTray"="REG_DWORD", 1
       "StartScanIfIMiss"="REG_DWORD", 1
       "SUPPORT_CALL"="REG_SZ", "1-855-760-2497"
       "TR"="REG_SZ", "MF=1 TF=1"
       "UID"="REG_SZ", "704240125242714694"
       "UpdAutoUpdates"="REG_DWORD", 1
       "UpdClientToClient"="REG_DWORD", 1
       "UpdNotify"="REG_DWORD", 0
       "UpdProxyAuth"="REG_DWORD", 0
       "UpdProxyHost"="REG_SZ", ""
       "UpdProxyPort"="REG_SZ", ""
       "UpdProxyPwd"="REG_SZ", ""
       "UpdProxyUser"="REG_SZ", ""
       "UpdUseProxy"="REG_DWORD", 0
       "UseAntivirInRS"="REG_DWORD", 0
       "UseAntivirusInAutomaticScan"="REG_DWORD", 0
       "UseScheduledScans"="REG_DWORD", 1
       "UseSystemRestore"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear\Config]
       "(Default)"="REG_SZ", ""
       "CFG_ID"="REG_SZ", "274"
       "ENABLE_TRACK"="REG_SZ", "0"
       "FIRST_DELAY"="REG_SZ", ""
       "FIRST_SCAN"="REG_SZ", "1"
       "FRESH_COUNT"="REG_SZ", "10"
       "FRESH_DAYS"="REG_SZ", "15"
       "HOMEPAGE_URL"="REG_SZ", "http://www.spywareclear.com/"
       "IG32Dll"="REG_DWORD", 1
       "IG64Dll"="REG_DWORD", 1
       "IGAPP"="REG_DWORD", 1
       "IGLogsEnabled"="REG_SZ", "1"
       "IGProtectionLevel"="REG_SZ", "1"
       "INVISIBLE_PHONE_NUMBER"="REG_SZ", ""
       "LA_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/Activate?cr=%CU%&quot;
       "LC_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/SendLog?cr=%CU%&quot;
       "LI_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/GetXML?action=%ACTION%&cr=%CU%&quot;
       "LR_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/SendLogENC"
       "NEWS_URL"="REG_SZ", "http://www.spywareclear.com/"
       "PHONE_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/GetPhone?CFG=274&LNG=%LNG%&quot;
       "PRIVACY_POLICY_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/legal/privacy.aspx&quot;
       "RECOMMEND_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/send-link.aspx&quot;
       "RENEWAL_URL"="REG_SZ", "https://www.spywareclear.com/renewlicense.aspx?cu=%LIC_KEY%&lng=%LNG%&quot;
       "SCAN_FRESH"="REG_SZ", "0"
       "SCHEDULED_SCAN_DEF"="REG_SZ", "2"
       "SHOW_CONFIRM_MSG_DEF"="REG_SZ", ""
       "SPYINFO_URL"="REG_SZ", "http://www.spywareclear.com/item/%UID%/details.html&quot;
       "SQLITE_URL"="REG_SZ", "http://www.spywareclear.com/dnl/sqlite3.cab"
       "SUPPORT_CALL"="REG_SZ", "1-877-509-6009"
       "SUPPORT_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/support/support-ticket.aspx?cu=%LIC_KEY%&quot;
       "TERMS_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/legal/terms.aspx&quot;
       "TESTIM_ADDFREE_URL"="REG_SZ", "www.spywareclear.com/%LNG%/community/feedback.aspx"
       "TESTIM_ADDPAID_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/feedback.aspx?CU=%LIC_KEY%&quot;
       "TESTIMONIAL_READ_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/testimonials.aspx&quot;
       "TESTIMONIAL_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/testimonials.aspx&quot;
       "TESTIMSUBMIT_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/feedback.aspx&quot;
       "UPGRADE_BUBBLE_PERIOD"="REG_SZ", "1"
       "UPGRADE_URL"="REG_SZ", "https://www.spywareclear.com/purchase.aspx?cfg=274&lng=%LNG%&subid=%SUBID%&dinst=%INSTALL%&quot;
       "URL_IMG1"="REG_SZ", "http://www.spywareclear.com/imgs/img1.png"
       "URL_IMG2"="REG_SZ", "http://www.spywareclear.com/imgs/img2.png"
       "URL_IMG3"="REG_SZ", "http://www.spywareclear.com/imgs/img3.png"
       "URL_IMGAD"="REG_SZ", "http://www.spywareclear.com/imgs/imgad.png"
       "URL_IMGU"="REG_SZ", "http://www.spywareclear.com/imgs/imgu.png"
       "VERSION_LABEL"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear\Tools]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear\Update]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear\Update\UPDATER]
       "Category"="REG_DWORD", 2
       "Name"="REG_SZ", ""
       "NameX"="REG_BINARY, ...r
       "Order"="REG_DWORD", 3
       "Progress"="REG_DWORD", -1
       "ShowInBasicMode"="REG_DWORD", 0
       "Status"="REG_SZ", "Up To Date"
       "StatusX"="REG_BINARY, .....
       "Version"="REG_SZ", "1.3.1.23"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.spywareclear.internetguard]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\com.spywareclear.internetguard.json"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}]
       "(Default)"="REG_SZ", ""
       "NoExplorer"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
       "{E778C05E-AFF7-4924-B04A-D4084859D53A}"="REG_SZ", "SCShellMenuHandler"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClear.exe"
       "DisplayName"="REG_SZ", "Spyware Clear"
       "DisplayVersion"="REG_SZ", "1.3.1.45"
       "EstimatedSize"="REG_DWORD", 42932
       "HelpLink"="REG_SZ", "http://www.SpywareClear.com/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Spyware Clear"
       "Inno Setup: Deselected Tasks"="REG_SZ", ""
       "Inno Setup: Icon Group"="REG_SZ", "Spyware Clear"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon"
       "Inno Setup: Setup Version"="REG_SZ", "5.3.8 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20180621"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\"
       "MajorVersion"="REG_DWORD", 1
       "MinorVersion"="REG_DWORD", 3
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Crawler Group"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Spyware Clear\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Spyware Clear\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://www.SpywareClear.com/"
       "URLUpdateInfo"="REG_SZ", "http://www.SpywareClear.com/"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SC_Svc]
       "Description"="REG_SZ", "Spyware Clear Realtime Shield Service"
       "DisplayName"="REG_SZ", "Spyware Clear Realtime Shield Service"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files (x86)\Spyware Clear\SC_svc64.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sp_rsdrv2]
       "DependOnService"="REG_MULTI_SZ, "FltMgr "
       "Description"="REG_SZ", "Spyware Terminator Driver Filter"
       "DisplayName"="REG_SZ", "Spyware Terminator Driver Filter"
       "ErrorControl"="REG_DWORD", 1
       "Group"="REG_SZ", "FSFilter Activity Monitor"
       "ImagePath"="REG_EXPAND_SZ, "system32\DRIVERS\stflt.sys"
       "Start"="REG_DWORD", 2
       "Tag"="REG_DWORD", 39
       "Type"="REG_DWORD", 2
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sp_rsdrv2\Enum]
       "0"="REG_SZ", "Root\LEGACY_SP_RSDRV2\0000"
       "Count"="REG_DWORD", 1
       "NextInstance"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sp_rsdrv2\Instances]
       "DefaultInstance"="REG_SZ", "Instance"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sp_rsdrv2\Instances\Instance]
       "Altitude"="REG_SZ", "386400"
       "Flags"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]
       "{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}"="REG_BINARY, ............
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C03C262D-9260-4124-B50E-04FB49ED0504}\iexplore]
       "Flags"="REG_DWORD", 4
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C03C262D-9260-4124-B50E-04FB49ED0504}\iexplore\AllowedDomains\*]
       "(Default)"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\Spyware Clear]
       "(Default)"="REG_SZ", ""
       "LAST_NEWS"="REG_BINARY, ....
       "SHELL_MENU_ITEM_CAPTION"="REG_SZ", "Scan with Spyware Clear"
       "WELCOME_DIALOG_ALREADY_SHOWN"="REG_DWORD", 1

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/21/18
Scan Time: 11:05 AM
Log File: 4e97a376-7532-11e8-a189-080027235d76.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5564
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 251056
Threats Detected: 158
Threats Quarantined: 158
Time Elapsed: 3 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 4
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClear.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe, Quarantined, [1456], [187214],1.0.5564

Module: 6
PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR\TORRENTDLL.DLL, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCShell64.dll, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClear.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe, Quarantined, [1456], [187214],1.0.5564

Registry Key: 45
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCInternetGuard.ProtNego, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCInternetGuard.JSObj, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCShell.SCShellMenu, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCShell64.SCShellMenu, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SC_Svc, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\SPYWARE CLEAR, Quarantined, [1456], [243468],1.0.5564
PUP.Optional.SpywareClear, HKCU\SOFTWARE\Spyware Clear, Quarantined, [1456], [243467],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}, Quarantined, [1456], [168860],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CONTROLPANEL\NAMESPACE\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}, Quarantined, [1456], [168860],1.0.5564

Registry Value: 6
PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpywareClearShield, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpywareClearUpdater, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, HKLM\SOFTWARE\SPYWARE CLEAR|ANTIVIRUSFPSCANHIGH, Quarantined, [1456], [243468],1.0.5564
PUP.Optional.SpywareClear, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SC_SVC|IMAGEPATH, Quarantined, [1456], [243469],1.0.5564

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 15
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Quarantine, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Antivir, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Addons, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Update, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Down, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\PROGRAMDATA\SPYWARE CLEAR, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYWARE CLEAR, Quarantined, [1456], [187215],1.0.5564
PUP.Optional.SpywareClear, C:\USERS\{username}\APPDATA\ROAMING\SPYWARE CLEAR, Quarantined, [1456], [179820],1.0.5564
PUP.Optional.SpywareClear, C:\USERS\{username}\APPDATA\LOCALLOW\SPYWARE CLEAR, Quarantined, [1456], [510257],1.0.5564

File: 82
PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR\TORRENTDLL.DLL, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\driver.cab, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.cat, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.inf, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.sys, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\24x7.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\analyze.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\analyzefile.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\bloatware.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\defsyssettings.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\hardfileremover.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\optimizer.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\ov.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\remover.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\restore.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\so.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\startup.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\systemrestore.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\systemsettings.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\unstableaddons.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\virtualkeyboard.xml, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\com.spywareclear.internetguard.json, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard.dll, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard64.dll, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCShell.dll, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCShell64.dll, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClear.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\sqlite3.dll, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.dat, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.exe, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.msg, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Spyware Clear.lnk, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\USERS\PUBLIC\DESKTOP\Spyware Clear.lnk, Quarantined, [1456], [187214],1.0.5564
PUP.Optional.SpywareClear, C:\PROGRAMDATA\SPYWARE CLEAR\LNG.INI, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Addons\addons.xml, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\185_en_3.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\186_en_3.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\187_en_11.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\188_en_3.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\191_en_10.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\192_en_4.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\193_en_3.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\251_en_3.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\275_en_2.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\276_en_2.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\277_en_2.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\278_en_2.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\302_en_4.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\308_en_5.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\368_en_2.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\378_en_1.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\383_en_3.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\399_en_1.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\400_en_1.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\420_en_1.pngx, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports\scan_0001.rpt, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports\scan_0002.rpt, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.cab, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.ini, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.torrent, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.cab, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.ini, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.torrent, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.cab, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.ini, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.torrent, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\SC_CPL.xml, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_CSD.spt, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_DB.spt, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_DSD.spt, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_RL.spt, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_RTL.spt, Quarantined, [1456], [187213],1.0.5564
PUP.Optional.SpywareClear, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYWARE CLEAR\SPYWARECLEAR.COM.URL, Quarantined, [1456], [187215],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear\Spyware Clear.lnk, Quarantined, [1456], [187215],1.0.5564
PUP.Optional.SpywareClear, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear\Uninstall Spyware Clear.lnk, Quarantined, [1456], [187215],1.0.5564
PUP.Optional.SpywareClear, C:\Users\{username}\AppData\LocalLow\Spyware Clear\log.txt, Quarantined, [1456], [510257],1.0.5564
PUP.Optional.SpywareClear, C:\USERS\{username}\DESKTOP\SPYWARECLEARSETUP.EXE, Quarantined, [1456], [61985],1.0.5564
PUP.Optional.SpywareClear, C:\USERS\{username}\DOWNLOADS\SPYWARECLEARSETUP.EXE, Quarantined, [1456], [61985],1.0.5564

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.