What is SuperEasy Registry Cleaner?
SuperEasy Registry Cleaner is a registry cleaner that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.
How do I know if I am affected by SuperEasy Registry Cleaner?
This is how the main screen of the registry cleaner looks:
You will find these icons in your taskbar, your startmenu, and on your desktop:
and see this type of windows during install:
and this type of screens during operations:
You may see this entry in your list of installed programs:
and this task in your list of Scheduled Tasks:
How did SuperEasy Registry Cleaner get on my computer?
These so-called registry cleaners use different methods of getting installed. This particular one was downloaded from a software promoting website.
How do I remove SuperEasy Registry Cleaner?
Our program Malwarebytes can detect and remove this PUP.
- Please download Malwarebytes for Windows to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- When the scan is finished click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
- No, Malwarebytes removes SuperEasy Registry Cleaner completely.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Heres how to do it.
- Open Malwarebytes for Windows.
- Click the Detection History
- Click the Allow List
- To add an item to the Allow List, click Add.
- Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
- Repeat this for any secondary files or folder(s) that belong to the software.
How would the full version of Malwarebytes help protect me?
We hope our application and this guide have helped you in dealing with this registry cleaner.
As you can see below the full version of Malwarebytes would have warned you against the SuperEasy Registry Cleaner installer.
Technical details for experts
You may see these entries in FRST logs:
(SuperEasy Software GmbH & Co. KG -> SuperEasy Software) C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\SuperEasyRC.exe Task: {8C08BC94-5738-49EC-A79C-69AE64257B61} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\SuperEasyRC.exe [8225704 2011-11-17] (SuperEasy Software GmbH & Co. KG -> SuperEasy Software) C:\Windows\system32\Tasks\SuperEasy Registry Cleaner C:\Users\Public\Desktop\SuperEasy Registry Cleaner.lnk C:\ProgramData\Desktop\SuperEasy Registry Cleaner.lnk C:\Users\{username}\AppData\Roaming\SuperEasy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software C:\Program Files (x86)\SuperEasy Software (SuperEasy Software) C:\Windows\system32\roboot64.exe (SuperEasy Software ) C:\Users\{username}\Desktop\SuperEasy.exe SuperEasy Registry Cleaner (HKLM-x32\...\SuperEasy Registry Cleaner_is1) (Version: 6.21 - SuperEasy Software) (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\XmlLite.dll (Systweak Inc) [File not signed] C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\RegcleanPro.DLLAlterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner Adds the file Chinese_rcp.ini"="11/17/2011 8:24 AM, 46574 bytes, A Adds the file CleanSchedule.exe"="11/17/2011 8:46 AM, 776104 bytes, A Adds the file unins000.dat"="9/29/2020 8:34 AM, 39851 bytes, A Adds the file unins000.exe"="9/29/2020 8:34 AM, 1519528 bytes, A Adds the file unins000.msg"="9/29/2020 8:34 AM, 20903 bytes, A Adds the file xmllite.dll"="11/19/2010 11:03 AM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software\SuperEasy Registry Cleaner Adds the file Register SuperEasy Registry Cleaner.lnk"="9/29/2020 8:34 AM, 1399 bytes, A Adds the file SuperEasy Registry Cleaner.lnk"="9/29/2020 8:34 AM, 1373 bytes, A Adds the file Uninstall SuperEasy Registry Cleaner.lnk"="9/29/2020 8:34 AM, 1358 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SuperEasy\Registry Cleaner Adds the file eng_rcp.dat"="9/29/2020 8:34 AM, 32760 bytes, A Adds the file log_09-29-2020.log"="9/29/2020 8:34 AM, 0 bytes, A Adds the file results.rcp"="9/29/2020 8:35 AM, 16238 bytes, A In the existing folder C:\Users\{username}\Desktop Alters the file SuperEasy.exe 7/11/1601 2:25 AM, 3767784 bytes, A ==> 7/11/1601 2:25 AM, 3767784 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file SuperEasy Registry Cleaner.lnk"="9/29/2020 8:34 AM, 1349 bytes, A In the existing folder C:\Windows\System32 Adds the file roboot64.exe"="11/17/2011 8:46 AM, 18856 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file SuperEasy Registry Cleaner"="9/29/2020 8:34 AM, 3202 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SuperEasy Registry Cleaner_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\supereasyrc.exe" "DisplayName"="REG_SZ", "SuperEasy Registry Cleaner" "DisplayVersion"="REG_SZ", "6.21" "EstimatedSize"="REG_DWORD", 15117 "HelpLink"="REG_SZ", "http://www.SuperEasy.net" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner" "Inno Setup: Icon Group"="REG_SZ", "SuperEasy Software\SuperEasy Registry Cleaner" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.4.1 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20200929" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\" "MajorVersion"="REG_DWORD", 6 "MinorVersion"="REG_DWORD", 21 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "SuperEasy Software" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.SuperEasy.net" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SuperEasy\Registry Cleaner] "RCPURL"="REG_SZ", "http://r.ashampoo.com/r.php?id=77864&ri=b0kc&utm_source=supereasy&utm_campaign=default&utm_medium=newbuild" "RENEWALURL"="REG_SZ", "http://r.ashampoo.com/r.php?id=77865&utm_source=supereasy&utm_campaign=default&utm_medium=newbuild" "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "supereasy" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SuperEasy\Registry Cleaner\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\RegClean Pro\Version 6.1] "Expired"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Licenses] "{0C897F84B22AC53F6}"="REG_BINARY, .................................................................... "{IC897F84B22AC53F6}"="REG_BINARY, .. "{K7C0DB872A3F777C0}"="REG_BINARY, ...................................................................... "{R7C0DB872A3F777C0}"="REG_BINARY, .. [HKEY_CURRENT_USER\Software\SuperEasy\Registry Cleaner] "AutoRepair"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, .....#.. "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesRCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "StartAutoScanPMUI"="REG_DWORD", 0 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Tue. September 29, 2020. 08:35 AM" "StrLastScanResults"="REG_SZ", "43" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" [HKEY_CURRENT_USER\Software\SuperEasy\Registry Cleaner\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Systweak\RegClean Pro] "ErrorCount"="REG_DWORD", 43 "IsTrial"="REG_DWORD", 1Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/29/20 Scan Time: 8:43 AM Log File: 16d5264e-021f-11eb-a053-00ffdcc6fdfc.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1045 Update Package Version: 1.0.30542 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231715 Threats Detected: 14 Threats Quarantined: 14 Time Elapsed: 4 min, 59 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.SysTweak, C:\PROGRAM FILES (X86)\SUPEREASY SOFTWARE\SUPEREASY REGISTRY CLEANER\SUPEREASYRC.EXE, Quarantined, 814, 861327, , , , , 76E5B66A45CBB3EFB5763575DBBF597B, D50717671D105613A137A5E2BECAA092505DF838E6216DEC350C93838DCDB1DD Module: 1 PUP.Optional.SysTweak, C:\PROGRAM FILES (X86)\SUPEREASY SOFTWARE\SUPEREASY REGISTRY CLEANER\SUPEREASYRC.EXE, Quarantined, 814, 861327, , , , , 76E5B66A45CBB3EFB5763575DBBF597B, D50717671D105613A137A5E2BECAA092505DF838E6216DEC350C93838DCDB1DD Registry Key: 5 PUP.Optional.RegCleanerPro, HKCU\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, 1651, 242268, 1.0.30542, , ame, , , PUP.Optional.SysTweak, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SuperEasy Registry Cleaner, Quarantined, 814, 861327, , , , , , PUP.Optional.SysTweak, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8C08BC94-5738-49EC-A79C-69AE64257B61}, Quarantined, 814, 861327, , , , , , PUP.Optional.SysTweak, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{8C08BC94-5738-49EC-A79C-69AE64257B61}, Quarantined, 814, 861327, , , , , , PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, Quarantined, 4444, 242275, 1.0.30542, , ame, , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 7 PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\ROBOOT64.EXE, Quarantined, 814, 395666, 1.0.30542, , ame, , 979745F32FA2D0EE59173B9D94A21FC2, 79F499A1DA3054154FC404AA2129161DCD1B3D4441DDE3468A72D2FEE6DC6AB8 PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\TASKS\SuperEasy Registry Cleaner, Quarantined, 814, 861327, , , , , 06A20E422C4339B7DA82835CE4927FCB, CA89761E99811693409494E10DED0A667D6C899B2380F102E4286902CC2F1706 PUP.Optional.SysTweak, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\SuperEasy Registry Cleaner.lnk, Quarantined, 814, 861327, , , , , 37C3732B7EB167E7D5930E2E4A63ECCD, 3FFD2460AC096CE5DD03D5A5E7B8A96F8D5D8B5A1F821FE6E8512E91E7511C86 PUP.Optional.SysTweak, C:\USERS\PUBLIC\Desktop\SuperEasy Registry Cleaner.lnk, Quarantined, 814, 861327, , , , , 37C3732B7EB167E7D5930E2E4A63ECCD, 3FFD2460AC096CE5DD03D5A5E7B8A96F8D5D8B5A1F821FE6E8512E91E7511C86 PUP.Optional.SysTweak, C:\PROGRAM FILES (X86)\SUPEREASY SOFTWARE\SUPEREASY REGISTRY CLEANER\SUPEREASYRC.EXE, Quarantined, 814, 861327, 1.0.30542, , ame, , 76E5B66A45CBB3EFB5763575DBBF597B, D50717671D105613A137A5E2BECAA092505DF838E6216DEC350C93838DCDB1DD PUP.Optional.SysTweak, C:\USERS\{username}\DESKTOP\SUPEREASY.EXE, Quarantined, 814, 861327, 1.0.30542, , ame, , 9E8EECE0556D0E10EE191B03400C47F4, BD44AEA9E37A79B035741474ED87244C49F93D8A1600CF1D29CD84F054E05BC9 PUP.Optional.SysTweak, C:\USERS\{username}\DESKTOP\SUPEREASYSETUP\SUPEREASY.EXE, Quarantined, 814, 861327, 1.0.30542, , ame, , 9E8EECE0556D0E10EE191B03400C47F4, BD44AEA9E37A79B035741474ED87244C49F93D8A1600CF1D29CD84F054E05BC9 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention