What is Spyware Clear?
The Malwarebytes research team has determined that Spyware Clear is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
How do I know if I am infected with Spyware Clear?
This is how the main screen of the system optimizer looks:
You will find these icons in your taskbar, your startmenu, and on your desktop:
and see this warning during install:
and these screens during "operations":
You may see this entry in your list of installed programs:
and this Browser Helper Object in Internet Explorer:
How did Spyware Clear get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:
How do I remove Spyware Clear?
Our program Malwarebytes can detect and remove this potentially unwanted application.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes removes Spyware Clear completely.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes would have protected you against the Spyware Clear installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and we block access to their domain:
Technical details for experts
You may see these entries in FRST logs:
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe (Crawler Group, LLC) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe (Crawler Group, LLC) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe (Crawler Group, LLC) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [5179608 2016-04-07] (Crawler Group, LLC) HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5509848 2016-04-07] (Crawler Group, LLC) BHO: Spyware Clear Internet Guard -> {E563E407-B348-41FB-BC3D-EACE3BD4B1A1} -> C:\Program Files (x86)\Spyware Clear\SCInternetGuard64.dll [2016-04-07] (Crawler Group, LLC) BHO-x32: Spyware Clear Internet Guard -> {E563E407-B348-41FB-BC3D-EACE3BD4B1A1} -> C:\Program Files (x86)\Spyware Clear\SCInternetGuard.dll [2016-04-07] (Crawler Group, LLC) R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3208408 2016-04-07] (Crawler Group, LLC) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider) C:\ProgramData\Spyware Clear C:\Users\{username}\AppData\LocalLow\Spyware Clear C:\Users\Public\Desktop\Spyware Clear.lnk C:\Users\{username}\AppData\Roaming\Spyware Clear C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear C:\Program Files (x86)\Spyware Clear Spyware Clear (HKLM-x32\...\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1) (Version: 1.3.1.45 - Crawler Group) <==== ATTENTION FirewallRules: [{D32BAD43-68D2-4E4A-980A-7CDF16E85C1E}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClear.exe FirewallRules: [{941888E3-50AF-4F14-9A4F-5AC25EF2532A}] => (Allow) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exeAlterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Spyware Clear Adds the file com.spywareclear.internetguard.json"="6/21/2018 9:34 AM, 458 bytes, A Adds the file SC_Svc64.exe"="4/7/2016 11:42 PM, 3208408 bytes, A Adds the file SCInternetGuard.dll"="4/7/2016 11:43 PM, 2081496 bytes, A Adds the file SCInternetGuard.exe"="4/7/2016 11:42 PM, 1219800 bytes, A Adds the file SCInternetGuard64.dll"="4/7/2016 11:43 PM, 3339992 bytes, A Adds the file SCShell.dll"="4/7/2016 11:42 PM, 840408 bytes, A Adds the file SCShell64.dll"="4/7/2016 11:42 PM, 1337048 bytes, A Adds the file SpywareClear.exe"="4/7/2016 11:42 PM, 7177432 bytes, A Adds the file SpywareClearShield.exe"="4/7/2016 11:42 PM, 5179608 bytes, A Adds the file SpywareClearUpdate.exe"="4/7/2016 11:42 PM, 5509848 bytes, A Adds the file sqlite3.dll"="1/16/2012 8:06 PM, 577621 bytes, A Adds the file TorrentDll.dll"="6/21/2018 9:34 AM, 1900544 bytes, A Adds the file unins000.dat"="6/21/2018 9:34 AM, 30082 bytes, A Adds the file unins000.exe"="6/21/2018 9:33 AM, 1259248 bytes, A Adds the file unins000.msg"="6/21/2018 9:34 AM, 10562 bytes, A Adds the folder C:\Program Files (x86)\Spyware Clear\Driver Adds the file driver.cab"="6/21/2018 9:34 AM, 32424 bytes, A Adds the file stflt.cat"="8/24/2011 11:56 AM, 9415 bytes, A Adds the file stflt.inf"="4/23/2010 4:12 PM, 2404 bytes, A Adds the file stflt.sys"="8/24/2011 11:56 AM, 51496 bytes, A Adds the folder C:\Program Files (x86)\Spyware Clear\Tools Adds the file 24x7.xml"="4/7/2016 11:41 PM, 11510 bytes, A Adds the file analyze.xml"="4/7/2016 11:41 PM, 10778 bytes, A Adds the file analyzefile.exe"="4/7/2016 11:42 PM, 2597592 bytes, A Adds the file bloatware.xml"="4/7/2016 11:41 PM, 10477 bytes, A Adds the file defsyssettings.exe"="4/7/2016 11:42 PM, 2889944 bytes, A Adds the file hardfileremover.exe"="4/7/2016 11:42 PM, 2425048 bytes, A Adds the file optimizer.xml"="4/7/2016 11:41 PM, 11837 bytes, A Adds the file ov.xml"="4/7/2016 11:41 PM, 11455 bytes, A Adds the file remover.xml"="4/7/2016 11:41 PM, 9431 bytes, A Adds the file restore.xml"="4/7/2016 11:41 PM, 11202 bytes, A Adds the file so.xml"="4/7/2016 11:41 PM, 11154 bytes, A Adds the file startup.xml"="4/7/2016 11:41 PM, 9688 bytes, A Adds the file systemrestore.exe"="4/7/2016 11:42 PM, 2374872 bytes, A Adds the file systemsettings.xml"="4/7/2016 11:41 PM, 11018 bytes, A Adds the file unstableaddons.xml"="4/7/2016 11:41 PM, 9794 bytes, A Adds the file virtualkeyboard.xml"="4/7/2016 11:41 PM, 9970 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear Adds the file Spyware Clear.lnk"="6/21/2018 9:34 AM, 1006 bytes, A Adds the file SpywareClear.com.url"="6/21/2018 9:34 AM, 54 bytes, A Adds the file Uninstall Spyware Clear.lnk"="6/21/2018 9:34 AM, 986 bytes, A Adds the folder C:\ProgramData\Spyware Clear Adds the file lng.ini"="6/21/2018 9:34 AM, 683174 bytes, A Adds the file SC_CPL.xml"="6/21/2018 9:34 AM, 1545 bytes, A Adds the file ST_CSD.spt"="10/25/2015 11:56 PM, 639919 bytes, A Adds the file ST_DB.spt"="4/7/2016 11:41 PM, 2401704 bytes, A Adds the file ST_DSD.spt"="12/9/2016 3:58 AM, 75271 bytes, A Adds the file ST_RL.spt"="6/21/2018 9:34 AM, 4 bytes, A Adds the file ST_RTL.spt"="6/21/2018 9:38 AM, 28114 bytes, A Adds the folder C:\ProgramData\Spyware Clear\Addons Adds the file addons.xml"="6/21/2018 9:34 AM, 989 bytes, A Adds the folder C:\ProgramData\Spyware Clear\Antivir Adds the folder C:\ProgramData\Spyware Clear\Down Adds the folder C:\ProgramData\Spyware Clear\News Adds the file 185_en_3.pngx"="6/21/2018 9:34 AM, 11451 bytes, A Adds the file 186_en_3.pngx"="6/21/2018 9:34 AM, 21938 bytes, A Adds the file 187_en_11.pngx"="6/21/2018 9:34 AM, 41575 bytes, A Adds the file 188_en_3.pngx"="6/21/2018 9:34 AM, 27998 bytes, A Adds the file 191_en_10.pngx"="6/21/2018 9:34 AM, 36081 bytes, A Adds the file 192_en_4.pngx"="6/21/2018 9:34 AM, 34902 bytes, A Adds the file 193_en_3.pngx"="6/21/2018 9:34 AM, 12433 bytes, A Adds the file 251_en_3.pngx"="6/21/2018 9:34 AM, 40203 bytes, A Adds the file 275_en_2.pngx"="6/21/2018 9:34 AM, 17501 bytes, A Adds the file 276_en_2.pngx"="6/21/2018 9:34 AM, 18140 bytes, A Adds the file 277_en_2.pngx"="6/21/2018 9:34 AM, 17145 bytes, A Adds the file 278_en_2.pngx"="6/21/2018 9:34 AM, 16975 bytes, A Adds the file 302_en_4.pngx"="6/21/2018 9:34 AM, 30734 bytes, A Adds the file 308_en_5.pngx"="6/21/2018 9:34 AM, 38456 bytes, A Adds the file 368_en_2.pngx"="6/21/2018 9:34 AM, 32391 bytes, A Adds the file 378_en_1.pngx"="6/21/2018 9:34 AM, 24619 bytes, A Adds the file 383_en_3.pngx"="6/21/2018 9:34 AM, 24619 bytes, A Adds the file 399_en_1.pngx"="6/21/2018 9:34 AM, 132024 bytes, A Adds the file 400_en_1.pngx"="6/21/2018 9:34 AM, 132024 bytes, A Adds the file 420_en_1.pngx"="6/21/2018 9:34 AM, 223620 bytes, A Adds the folder C:\ProgramData\Spyware Clear\Quarantine Adds the folder C:\ProgramData\Spyware Clear\Reports Adds the file scan_0001.rpt"="6/21/2018 9:35 AM, 214975 bytes, A Adds the folder C:\ProgramData\Spyware Clear\Shared Adds the file ST_1_CSD_3.000.000.0008.cab"="6/21/2018 9:34 AM, 614058 bytes, A Adds the file ST_1_CSD_3.000.000.0008.ini"="6/21/2018 9:34 AM, 219 bytes, A Adds the file ST_1_CSD_3.000.000.0008.torrent"="6/21/2018 9:34 AM, 366 bytes, A Adds the file ST_1_DB_12.002.019.0000.cab"="6/21/2018 9:34 AM, 0 bytes, A Adds the file ST_1_DB_12.002.019.0000.ini"="6/21/2018 9:34 AM, 218 bytes, A Adds the file ST_1_DB_12.002.019.0000.torrent"="6/21/2018 9:34 AM, 1650 bytes, A Adds the file ST_1_DSD_1.000.000.0006.cab"="6/21/2018 9:34 AM, 31807 bytes, A Adds the file ST_1_DSD_1.000.000.0006.ini"="6/21/2018 9:34 AM, 228 bytes, A Adds the file ST_1_DSD_1.000.000.0006.torrent"="6/21/2018 9:34 AM, 325 bytes, A Adds the folder C:\ProgramData\Spyware Clear\Update Adds the folder C:\Users\{username}\AppData\LocalLow\Spyware Clear Adds the folder C:\Users\{username}\AppData\Roaming\Spyware Clear In the existing folder C:\Users\Public\Desktop Adds the file Spyware Clear.lnk"="6/21/2018 9:34 AM, 988 bytes, A In the existing folder C:\Windows\System32\drivers Adds the file stflt.sys"="8/24/2011 11:56 AM, 51496 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SCShellMenu] "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SCShellMenu] "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}] "(Default)"="REG_SZ", "Spyware Clear" "LocalizedString"="REG_SZ", "Spyware Clear" "System.ApplicationName"="REG_SZ", "SC" "System.ControlPanel.Category"="REG_SZ", "8,10" "System.Software.TasksFileUrl"="REG_SZ", "C:\ProgramData\Spyware Clear\SC_CPL.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}\DefaultIcon] "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClear.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}\Shell\Open\Command] "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClear.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\ProgID] "(Default)"="REG_SZ", "SCInternetGuard.ProtNego" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}] "(Default)"="REG_SZ", "Spyware Clear Internet Guard" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32] "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~2.DLL" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\ProgID] "(Default)"="REG_SZ", "SCInternetGuard.JSObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}] "(Default)"="REG_SZ", "Spyware Clear Internet Guard" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32] "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~2.DLL" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}] "(Default)"="REG_SZ", "SCShellMenuHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SCShell64.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\ProgID] "(Default)"="REG_SZ", "SCShell64.SCShellMenu" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\SCShellMenu] "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}] "(Default)"="REG_SZ", "IJSObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}\TypeLib] "(Default)"="REG_SZ", "{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\SCShellMenu] "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCInternetGuard.JSObj] "(Default)"="REG_SZ", "JSObj Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCInternetGuard.JSObj\Clsid] "(Default)"="REG_SZ", "{C03C262D-9260-4124-B50E-04FB49ED0504}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCInternetGuard.ProtNego] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCInternetGuard.ProtNego\Clsid] "(Default)"="REG_SZ", "{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCShell.SCShellMenu] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCShell.SCShellMenu\Clsid] "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCShell64.SCShellMenu] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCShell64.SCShellMenu\Clsid] "(Default)"="REG_SZ", "{E778C05E-AFF7-4924-B04A-D4084859D53A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}\1.0] "(Default)"="REG_SZ", "SCInternetGuard" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SCInternetGuard64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32] "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~1.DLL" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\ProgID] "(Default)"="REG_SZ", "SCInternetGuard.ProtNego" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}] "(Default)"="REG_SZ", "Spyware Clear Internet Guard" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32] "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~1.DLL" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\ProgID] "(Default)"="REG_SZ", "SCInternetGuard.JSObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}] "(Default)"="REG_SZ", "Spyware Clear Internet Guard" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\Implemented Categories] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32] "(Default)"="REG_SZ", "C:\PROGRA~2\SPYWAR~1\SCINTE~1.DLL" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}] "(Default)"="REG_SZ", "SCShellMenuHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SCShell.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\ProgID] "(Default)"="REG_SZ", "SCShell.SCShellMenu" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}] "(Default)"="REG_SZ", "IJSObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}\TypeLib] "(Default)"="REG_SZ", "{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}] "(Default)"="REG_SZ", "" "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}] "(Default)"="REG_SZ", "Spyware Clear" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpywareClearShield"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe" "SpywareClearUpdater"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear] "(Default)"="REG_SZ", "" "AntivirusFPScanArchives"="REG_DWORD", 1 "AntivirusFPScanHigh"="REG_DWORD", 0 "AUTO_DELETE_REVIEW_LIST"="REG_DWORD", 1 "DownloadUpdatesBeforeScan"="REG_DWORD", 0 "FirstScanDone"="REG_DWORD", 1 "FirstShow"="REG_DWORD", 1 "FS_DownloadLimit"="REG_DWORD", 51200 "FS_FromPort"="REG_DWORD", 6881 "FS_ToPort"="REG_DWORD", 6889 "FS_UploadLimit"="REG_DWORD", 10240 "HIPSEnabled"="REG_DWORD", 0 "HIPSLevel"="REG_DWORD", 0 "INSTALL"="REG_BINARY, .... "InstallAutoDetect"="REG_DWORD", 0 "INSTCFG"="REG_SZ", "274" "lastNews"="REG_BINARY, .... "lastPhoneUpdate"="REG_BINARY, .... "LastResult"="REG_DWORD", 14 "LastSavedReport"="REG_DWORD", 1 "lastScanTime"="REG_BINARY, .... "lastUpdate"="REG_BINARY, .... "LNG"="REG_SZ", "en" "LNG_VER"="REG_SZ", "1.3.1.45" "MAX_REVIEW_LIST_ITEMS"="REG_DWORD", 500 "MAX_SAVED_REPORTS"="REG_DWORD", 50 "newDBAvailable"="REG_DWORD", 1 "nextScanTime"="REG_BINARY, .... "nextUpdate"="REG_BINARY, .... "PerformSecurityCheck"="REG_DWORD", 1 "Quarantine"="REG_DWORD", 1 "ReportUsage"="REG_DWORD", 1 "RSLevel"="REG_DWORD", 0 "RSShieldEnabled"="REG_DWORD", 1 "RSShowTray"="REG_DWORD", 1 "SaveReports"="REG_DWORD", 1 "ScanArchive"="REG_DWORD", 0 "ScanRemovable"="REG_DWORD", 0 "SchedFullScan"="REG_DWORD", 0 "SchedNoProgress"="REG_DWORD", 1 "SchedNoResults"="REG_DWORD", 0 "SchedPostponeUnplugged"="REG_DWORD", 1 "SchedScanDays"="REG_DWORD", 2 "SchedScanTime"="REG_DWORD", 9 "SendThreatStat"="REG_DWORD", 1 "SHELL_MENU_ITEM_CAPTION"="REG_SZ", "Scan with Spyware Clear" "ShieldShowCloseConfirmMsg"="REG_DWORD", 1 "ShowCenterCloseConfirmMsg"="REG_DWORD", 1 "ShowCenterMinimizeMsg"="REG_DWORD", 1 "ShowUpdaterTray"="REG_DWORD", 1 "StartScanIfIMiss"="REG_DWORD", 1 "SUPPORT_CALL"="REG_SZ", "1-855-760-2497" "TR"="REG_SZ", "MF=1 TF=1" "UID"="REG_SZ", "704240125242714694" "UpdAutoUpdates"="REG_DWORD", 1 "UpdClientToClient"="REG_DWORD", 1 "UpdNotify"="REG_DWORD", 0 "UpdProxyAuth"="REG_DWORD", 0 "UpdProxyHost"="REG_SZ", "" "UpdProxyPort"="REG_SZ", "" "UpdProxyPwd"="REG_SZ", "" "UpdProxyUser"="REG_SZ", "" "UpdUseProxy"="REG_DWORD", 0 "UseAntivirInRS"="REG_DWORD", 0 "UseAntivirusInAutomaticScan"="REG_DWORD", 0 "UseScheduledScans"="REG_DWORD", 1 "UseSystemRestore"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear\Config] "(Default)"="REG_SZ", "" "CFG_ID"="REG_SZ", "274" "ENABLE_TRACK"="REG_SZ", "0" "FIRST_DELAY"="REG_SZ", "" "FIRST_SCAN"="REG_SZ", "1" "FRESH_COUNT"="REG_SZ", "10" "FRESH_DAYS"="REG_SZ", "15" "HOMEPAGE_URL"="REG_SZ", "http://www.spywareclear.com/" "IG32Dll"="REG_DWORD", 1 "IG64Dll"="REG_DWORD", 1 "IGAPP"="REG_DWORD", 1 "IGLogsEnabled"="REG_SZ", "1" "IGProtectionLevel"="REG_SZ", "1" "INVISIBLE_PHONE_NUMBER"="REG_SZ", "" "LA_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/Activate?cr=%CU%" "LC_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/SendLog?cr=%CU%" "LI_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/GetXML?action=%ACTION%&cr=%CU%" "LR_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/SendLogENC" "NEWS_URL"="REG_SZ", "http://www.spywareclear.com/" "PHONE_URL"="REG_SZ", "http://www.spywareclear.com/client.asmx/GetPhone?CFG=274&LNG=%LNG%" "PRIVACY_POLICY_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/legal/privacy.aspx" "RECOMMEND_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/send-link.aspx" "RENEWAL_URL"="REG_SZ", "https://www.spywareclear.com/renewlicense.aspx?cu=%LIC_KEY%&lng=%LNG%" "SCAN_FRESH"="REG_SZ", "0" "SCHEDULED_SCAN_DEF"="REG_SZ", "2" "SHOW_CONFIRM_MSG_DEF"="REG_SZ", "" "SPYINFO_URL"="REG_SZ", "http://www.spywareclear.com/item/%UID%/details.html" "SQLITE_URL"="REG_SZ", "http://www.spywareclear.com/dnl/sqlite3.cab" "SUPPORT_CALL"="REG_SZ", "1-877-509-6009" "SUPPORT_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/support/support-ticket.aspx?cu=%LIC_KEY%" "TERMS_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/legal/terms.aspx" "TESTIM_ADDFREE_URL"="REG_SZ", "www.spywareclear.com/%LNG%/community/feedback.aspx" "TESTIM_ADDPAID_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/feedback.aspx?CU=%LIC_KEY%" "TESTIMONIAL_READ_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/testimonials.aspx" "TESTIMONIAL_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/testimonials.aspx" "TESTIMSUBMIT_URL"="REG_SZ", "http://www.spywareclear.com/%LNG%/community/feedback.aspx" "UPGRADE_BUBBLE_PERIOD"="REG_SZ", "1" "UPGRADE_URL"="REG_SZ", "https://www.spywareclear.com/purchase.aspx?cfg=274&lng=%LNG%&subid=%SUBID%&dinst=%INSTALL%" "URL_IMG1"="REG_SZ", "http://www.spywareclear.com/imgs/img1.png" "URL_IMG2"="REG_SZ", "http://www.spywareclear.com/imgs/img2.png" "URL_IMG3"="REG_SZ", "http://www.spywareclear.com/imgs/img3.png" "URL_IMGAD"="REG_SZ", "http://www.spywareclear.com/imgs/imgad.png" "URL_IMGU"="REG_SZ", "http://www.spywareclear.com/imgs/imgu.png" "VERSION_LABEL"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear\Tools] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear\Update] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Clear\Update\UPDATER] "Category"="REG_DWORD", 2 "Name"="REG_SZ", "" "NameX"="REG_BINARY, ...r "Order"="REG_DWORD", 3 "Progress"="REG_DWORD", -1 "ShowInBasicMode"="REG_DWORD", 0 "Status"="REG_SZ", "Up To Date" "StatusX"="REG_BINARY, ..... "Version"="REG_SZ", "1.3.1.23" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.spywareclear.internetguard] "(Default)"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\com.spywareclear.internetguard.json" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}] "(Default)"="REG_SZ", "" "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{E778C05E-AFF7-4924-B04A-D4084859D53A}"="REG_SZ", "SCShellMenuHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\SpywareClear.exe" "DisplayName"="REG_SZ", "Spyware Clear" "DisplayVersion"="REG_SZ", "1.3.1.45" "EstimatedSize"="REG_DWORD", 42932 "HelpLink"="REG_SZ", "http://www.SpywareClear.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Spyware Clear" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Spyware Clear" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.3.8 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20180621" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Spyware Clear\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 3 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Crawler Group" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Spyware Clear\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Spyware Clear\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.SpywareClear.com/" "URLUpdateInfo"="REG_SZ", "http://www.SpywareClear.com/" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SC_Svc] "Description"="REG_SZ", "Spyware Clear Realtime Shield Service" "DisplayName"="REG_SZ", "Spyware Clear Realtime Shield Service" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files (x86)\Spyware Clear\SC_svc64.exe"" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sp_rsdrv2] "DependOnService"="REG_MULTI_SZ, "FltMgr " "Description"="REG_SZ", "Spyware Terminator Driver Filter" "DisplayName"="REG_SZ", "Spyware Terminator Driver Filter" "ErrorControl"="REG_DWORD", 1 "Group"="REG_SZ", "FSFilter Activity Monitor" "ImagePath"="REG_EXPAND_SZ, "system32\DRIVERS\stflt.sys" "Start"="REG_DWORD", 2 "Tag"="REG_DWORD", 39 "Type"="REG_DWORD", 2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sp_rsdrv2\Enum] "0"="REG_SZ", "Root\LEGACY_SP_RSDRV2\0000" "Count"="REG_DWORD", 1 "NextInstance"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sp_rsdrv2\Instances] "DefaultInstance"="REG_SZ", "Instance" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sp_rsdrv2\Instances\Instance] "Altitude"="REG_SZ", "386400" "Flags"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions] "{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}"="REG_BINARY, ............ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C03C262D-9260-4124-B50E-04FB49ED0504}\iexplore] "Flags"="REG_DWORD", 4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C03C262D-9260-4124-B50E-04FB49ED0504}\iexplore\AllowedDomains\*] "(Default)"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Spyware Clear] "(Default)"="REG_SZ", "" "LAST_NEWS"="REG_BINARY, .... "SHELL_MENU_ITEM_CAPTION"="REG_SZ", "Scan with Spyware Clear" "WELCOME_DIALOG_ALREADY_SHOWN"="REG_DWORD", 1Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/21/18 Scan Time: 11:05 AM Log File: 4e97a376-7532-11e8-a189-080027235d76.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5564 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251056 Threats Detected: 158 Threats Quarantined: 158 Time Elapsed: 3 min, 59 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 4 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClear.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe, Quarantined, [1456], [187214],1.0.5564 Module: 6 PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR\TORRENTDLL.DLL, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCShell64.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClear.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe, Quarantined, [1456], [187214],1.0.5564 Registry Key: 45 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCInternetGuard.ProtNego, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCInternetGuard.JSObj, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCShell.SCShellMenu, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCShell64.SCShellMenu, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SC_Svc, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\SPYWARE CLEAR, Quarantined, [1456], [243468],1.0.5564 PUP.Optional.SpywareClear, HKCU\SOFTWARE\Spyware Clear, Quarantined, [1456], [243467],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}, Quarantined, [1456], [168860],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CONTROLPANEL\NAMESPACE\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}, Quarantined, [1456], [168860],1.0.5564 Registry Value: 6 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpywareClearShield, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpywareClearUpdater, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\SPYWARE CLEAR|ANTIVIRUSFPSCANHIGH, Quarantined, [1456], [243468],1.0.5564 PUP.Optional.SpywareClear, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SC_SVC|IMAGEPATH, Quarantined, [1456], [243469],1.0.5564 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 15 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Quarantine, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Antivir, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Addons, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Update, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Down, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAMDATA\SPYWARE CLEAR, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYWARE CLEAR, Quarantined, [1456], [187215],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\{username}\APPDATA\ROAMING\SPYWARE CLEAR, Quarantined, [1456], [179820],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\{username}\APPDATA\LOCALLOW\SPYWARE CLEAR, Quarantined, [1456], [510257],1.0.5564 File: 82 PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR\TORRENTDLL.DLL, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\driver.cab, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.cat, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.inf, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.sys, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\24x7.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\analyze.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\analyzefile.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\bloatware.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\defsyssettings.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\hardfileremover.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\optimizer.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\ov.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\remover.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\restore.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\so.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\startup.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\systemrestore.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\systemsettings.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\unstableaddons.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\virtualkeyboard.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\com.spywareclear.internetguard.json, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard64.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCShell.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCShell64.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClear.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\sqlite3.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.dat, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.msg, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Spyware Clear.lnk, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\PUBLIC\DESKTOP\Spyware Clear.lnk, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAMDATA\SPYWARE CLEAR\LNG.INI, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Addons\addons.xml, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\185_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\186_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\187_en_11.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\188_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\191_en_10.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\192_en_4.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\193_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\251_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\275_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\276_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\277_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\278_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\302_en_4.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\308_en_5.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\368_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\378_en_1.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\383_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\399_en_1.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\400_en_1.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\420_en_1.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports\scan_0001.rpt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports\scan_0002.rpt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.cab, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.ini, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.torrent, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.cab, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.ini, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.torrent, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.cab, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.ini, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.torrent, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\SC_CPL.xml, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_CSD.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_DB.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_DSD.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_RL.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_RTL.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYWARE CLEAR\SPYWARECLEAR.COM.URL, Quarantined, [1456], [187215],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear\Spyware Clear.lnk, Quarantined, [1456], [187215],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear\Uninstall Spyware Clear.lnk, Quarantined, [1456], [187215],1.0.5564 PUP.Optional.SpywareClear, C:\Users\{username}\AppData\LocalLow\Spyware Clear\log.txt, Quarantined, [1456], [510257],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\{username}\DESKTOP\SPYWARECLEARSETUP.EXE, Quarantined, [1456], [61985],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\{username}\DOWNLOADS\SPYWARECLEARSETUP.EXE, Quarantined, [1456], [61985],1.0.5564 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention