Having Problem With Malware

Discussion in 'Malware Help - Public (Anyone Can Post & Respond)' started by sherbee, May 12, 2024.

  1. sherbee

    sherbee Private E-2

    Hi I am a long-time member (non-poster) but I seem to have a bit of a problem with Malware. I am hoping that someone might be able to help me. The problem is crdragonupdate.com it seems to make Chrome unusable at all. I have installed Malwarebytes and it seems to be holding it at bay. I know it is not a permanent solution so any ideas or help would be much appreciated. Thank you for your time.
     
    sherbee, May 12, 2024
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome to the Major Geeks Malware Forum.

    Let's see if we can resolve things for you.

    Please do this

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Right click on FRST64, select Save Link As..., and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================
    Things I would like to see in your next reply.

    • Attached reports
     
    Oh My!, May 12, 2024
    #2
  3. sherbee

    sherbee Private E-2

    Hi I hope this is where I place my FRST.txt and Addition.txt reports if not please let me know for the next time. Thank you for your understanding if this was uploaded incorrectly.
     

    Attached Files:

    sherbee, May 12, 2024
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    You did it perfectly! Allow me some time to review the reports.
     
    Oh My!, May 12, 2024
    #4
  5. sherbee

    sherbee Private E-2

    Ok no problem, thank you.
     
    sherbee, May 12, 2024
    #5
  6. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for your patience.

    We have a bit of work to do.

    Please do this.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------
    • Download Revo Uninstaller Free Portable and save it to your Desktop
    • Right click on the folder and select Extract All..., then click Extract
    • Double click on the RevoUninstaller-Portable folder
    • Right click on RevoUPort and select Run as administrator
    • Click OK on the License Agreement
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Chromstera
    Chromstera Browser
    • If the program's uninstaller appears work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    Removing Edge Extensions

    --------------------
    • Launch Edge
    • Type edge://settings/profiles in the address bar and hit Enter
    • Report whether Sync is on or off. If necessary select Sign out
    • Click Sign out on the pop up screen
    • In the address bar type edge://extensions and hit Enter
    • Remove the following, if they exist:
    MagnusNanoius
    Apps Helper
    • Close Edge, relaunch it and check for the extension
    ===================================================

    Removing Chrome Extensions

    --------------------
    • Launch Chrome
    • Type chrome://settings/syncSetup in the address bar and hit Enter
    • If necessary Turn Off Sync and report whether or not that was necessary
    • In the address bar type chrome://extensions and press Enter
    • In the upper right corner of the window slide the Developer mode button to the right
    • Remove the following, along with any other extension you don't recognize or don't want:
    ArchNanoor
    Apps Helper
    • Close Chrome, relaunch it and check for the extension
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
File: C:\Users\sher\Downloads\GrammarlyInstaller.ciyQzF04srzc8rmjmmvi01o2.exe
File: C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe
C:\Program Files (x86)\Chromstera Browser
2024-05-03 10:00 - 2024-05-03 10:00 - 000000000 ____D C:\ProgramData\Artificius Web Solutions
2024-05-03 08:00 - 2024-05-04 14:00 - 000004446 _____ C:\WINDOWS\system32\Tasks\ArtificiusUpdater
2024-05-03 08:00 - 2024-05-04 14:00 - 000000000 ___DC C:\appsDDhelper
2024-05-03 08:00 - 2024-05-03 08:00 - 000000000 ____D C:\Program Files (x86)\Artificius Web Solutions
HKU\S-1-5-21-818749208-4129437039-294162311-1001\...\Run: [Power2GoExpress8] => [X]
S3 LibreOfficeMaintenance; H:\program\update_service.exe [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2024-04-25 06:00 - 2024-04-25 06:00 - 000000000 ____D C:\ProgramData\Universal Browser Solutions
2024-04-25 05:05 - 2024-05-09 05:02 - 000004416 _____ C:\WINDOWS\system32\Tasks\UniversalUpdater
2024-04-25 05:05 - 2024-04-25 05:05 - 000000000 ____D C:\Program Files (x86)\Universal Browser Solutions
Edge HKLM-x32\...\Edge\Extension: [pofahmldimakjlecbbllaikgioocnhfl] - C:\\Users\\sher\\AppData\\Local\\apps.crx [2023-09-06]
CHR HKLM-x32\...\Chrome\Extension: [cjomfomiaagodeikdllgedeceichlidk] - C:\\Users\\sher\\AppData\\Local\\apps.crx [2023-09-06]
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true (No File)
HKU\S-1-5-21-818749208-4129437039-294162311-1001\...\Run: [com.messenger] => "C:\Users\sher\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
2024-04-12 01:51 - 2024-04-12 01:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
Task: {FC022391-E994-4495-8B81-92AB05A734E5} - System32\Tasks\ArtificiusUpdater => C:\Program Files (x86)\Artificius Web Solutions\Artificius Web\ArtificiusUpdater.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {14CEBF74-5F18-4203-8A5C-65814E3DDDEE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {E87D1C7A-11ED-4FBB-A862-D0D01D753F94} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe ReadyToReboot (No File)
Task: {49B468DD-B964-427B-88CE-7243B75A1513} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {DEDF1F13-B230-400B-8855-EE73DD6162DC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {E5BDB1E5-A9CD-4AE5-B766-D96E184270B9} - System32\Tasks\S-1-5-21-818749208-4129437039-294162311-1001\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
Task: {88BDBD28-E429-4F0A-9F60-82C993B1BDC3} - System32\Tasks\UniversalUpdater => C:\Program Files (x86)\Web Browser Solutions\Web Browser\UniversalUpdater.exe (No File)
Task: {EBB1D658-533A-4677-9163-B40136E948EB} - System32\Tasks\ChromsteraUpdater => C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe [1204192 2023-09-05] (Dragon Boss Solutions LLC -> Chromstera Browser Solutions)
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{72726D01-426C-4B35-8266-B4496CAA889E}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.183.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{AE1542A7-3989-481B-93A9-1500C5F56B14}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.185.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{CAE1760A-CB07-481B-8F9A-BC65510AF5D5}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.185.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{DAA7499A-B3AC-4419-A89B-124318504051}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.185.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{E3D57E77-FE71-4D06-BD34-D48820074909}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{E76F97B1-1AE9-497C-9FA4-F57BBABAD54A}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.185.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-818749208-4129437039-294162311-1001_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\sher\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Notepad++\contextMenu\NppShell.dll -> No File
Edge Extension: (MagnusNanoius) - C:\Users\sher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pofahmldimakjlecbbllaikgioocnhfl [2024-05-09] [UpdateUrl:hxxps://crxdragonupdate.com/crx/updates.php] <==== ATTENTION
CHR Extension: (ArchNanoor) - C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjomfomiaagodeikdllgedeceichlidk [2024-05-09] [UpdateUrl:hxxps://crxdragonupdate.com/crx/updates.php] <==== ATTENTION
2024-05-12 12:29 - 2024-05-12 12:29 - 000066577 _____ C:\Users\sher\Desktop\Unconfirmed 714503.crdownload
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
    • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
    ===================================================

    Farbar Recovery Scan Tool SearchAll

    --------------------
    • Launch FRST
    • Type the following in the Search: box
    SearchAll: Artificius;cjomfomiaagodeikdllgedeceichlidk;pofahmldimakjlecbbllaikgioocnhfl;Chromstera
    • Click Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Attach the report to your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Programs uninstall?
    • Edge Sync status and extensions removed?
    • Chrome Sync status and extensions removed?
    • Fixlog
    • Attached Search.txt
     
    Oh My!, May 12, 2024
    #6
  7. sherbee

    sherbee Private E-2

    I cannot remove either extensions from either chrome and edge . It is all greyed out so no option to remove.
     
    sherbee, May 12, 2024
    #7
  8. Oh My!

    Oh My! Malware Expert Staff Member

    No problem, I included the SearchAll: portion of the fix as a backup plan. Skip those parts and continue on.
     
    Oh My!, May 12, 2024
    #8
  9. sherbee

    sherbee Private E-2

    Ok here are the items that you have requested from me, thank you.
     

    Attached Files:

    sherbee, May 12, 2024
    #9
  10. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you.

    Do you recall if Edge and Chrome Sync were Enabled or Disabled?

    Please do this now.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
C:\Windows\System32\Tasks_Migrated\ChromsteraUpdater
C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E0.pf
C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E2.pf
C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E7.pf
C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E8.pf
2024-05-09 05:00 - 2024-05-09 05:00 _____ C:\Users\sher\AppData\Local\Microsoft\Edge\Default BackupDD\Extensions\pofahmldimakjlecbbllaikgioocnhfl
2024-05-09 18:54 - 2024-05-12 18:26 _____ C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjomfomiaagodeikdllgedeceichlidk
2024-05-09 05:02 - 2024-05-09 05:02 _____ C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjomfomiaagodeikdllgedeceichlidk
2024-05-09 05:00 - 2024-05-09 05:00 _____ C:\Users\sher\AppData\Local\Google\Chrome\Default BackupDD\Extensions\cjomfomiaagodeikdllgedeceichlidk
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Artificius Web Solutions|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{764FD474-A8AE-4ABE-9A8B-DEF6D393994F}|AI_updater_ID
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater\{764FD474-A8AE-4ABE-9A8B-DEF6D393994F}|C:\Program Files (x86)\Artificius Web Solutions\Artificius Web\ArtificiusUpdater.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist|1
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist|1
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings|cjomfomiaagodeikdllgedeceichlidk
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Google\Chrome\PreferenceMACs\Profile 2\extensions.settings|cjomfomiaagodeikdllgedeceichlidk
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Edge\PreferenceMACs\Profile 1\extensions.settings|pofahmldimakjlecbbllaikgioocnhfl
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{F82AF5DB-E99C-41D4-AAE0-B8E22E7D0F21}|AI_updater_ID
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater|C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater\{F82AF5DB-E99C-41D4-AAE0-B8E22E7D0F21}|C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{20D3D013-1565-4897-878D-AC2B847F2128}|name
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{20D3D013-1565-4897-878D-AC2B847F2128}|publisher
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{32A9AB14-A1D8-458F-99A6-2095D4C06947}|name
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{32A9AB14-A1D8-458F-99A6-2095D4C06947}|publisher
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_https
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_http
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.pdf
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.webp
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.html
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.svg
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.xht
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.xhtml
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|Chromstera_.pdf
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|Chromstera
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe.ApplicationCompany
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Chromstera\Application\chromstera.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Chromstera\Application\chromstera.exe.ApplicationCompany
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Artificius Web Solutions
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DragonBoss\Chromstera
DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\DragonBoss\Chromstera
DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~chromstera
DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera
DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera browser 1.0.0.0
DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~chromstera
DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera
DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera browser 1.0.0.0
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Sync status?
    • Fixlog
    • How is your computer running now?
     
    Oh My!, May 12, 2024
    #10
  11. sherbee

    sherbee Private E-2

    Both Chrome and Edge are not synced I am not having any issues yet but the week is still not over.


    Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
    Ran by sher (12-05-2024 21:27:38) Run:2
    Running from C:\Users\sher\Desktop
    Loaded Profiles: sher
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************

    Start::
    C:\Windows\System32\Tasks_Migrated\ChromsteraUpdater
    C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E0.pf
    C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E2.pf
    C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E7.pf
    C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E8.pf
    2024-05-09 05:00 - 2024-05-09 05:00 _____ C:\Users\sher\AppData\Local\Microsoft\Edge\Default BackupDD\Extensions\pofahmldimakjlecbbllaikgioocnhfl
    2024-05-09 18:54 - 2024-05-12 18:26 _____ C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjomfomiaagodeikdllgedeceichlidk
    2024-05-09 05:02 - 2024-05-09 05:02 _____ C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjomfomiaagodeikdllgedeceichlidk
    2024-05-09 05:00 - 2024-05-09 05:00 _____ C:\Users\sher\AppData\Local\Google\Chrome\Default BackupDD\Extensions\cjomfomiaagodeikdllgedeceichlidk
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Artificius Web Solutions|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{764FD474-A8AE-4ABE-9A8B-DEF6D393994F}|AI_updater_ID
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater\{764FD474-A8AE-4ABE-9A8B-DEF6D393994F}|C:\Program Files (x86)\Artificius Web Solutions\Artificius Web\ArtificiusUpdater.exe
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist|1
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist|1
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings|cjomfomiaagodeikdllgedeceichlidk
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Google\Chrome\PreferenceMACs\Profile 2\extensions.settings|cjomfomiaagodeikdllgedeceichlidk
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Edge\PreferenceMACs\Profile 1\extensions.settings|pofahmldimakjlecbbllaikgioocnhfl
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{F82AF5DB-E99C-41D4-AAE0-B8E22E7D0F21}|AI_updater_ID
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater|C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater\{F82AF5DB-E99C-41D4-AAE0-B8E22E7D0F21}|C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{20D3D013-1565-4897-878D-AC2B847F2128}|name
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{20D3D013-1565-4897-878D-AC2B847F2128}|publisher
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{32A9AB14-A1D8-458F-99A6-2095D4C06947}|name
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{32A9AB14-A1D8-458F-99A6-2095D4C06947}|publisher
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_https
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_http
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.pdf
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.webp
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.html
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.svg
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.xht
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|ChromsteraHTM_.xhtml
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|Chromstera_.pdf
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|Chromstera
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe.FriendlyAppName
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe.ApplicationCompany
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Chromstera\Application\chromstera.exe.FriendlyAppName
    DeleteValue: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Chromstera\Application\chromstera.exe.ApplicationCompany
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Artificius Web Solutions
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DragonBoss\Chromstera
    DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\DragonBoss\Chromstera
    DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~chromstera
    DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera
    DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera browser 1.0.0.0
    DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~chromstera
    DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera
    DeleteKey: HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera browser 1.0.0.0
    End::
    *****************

    C:\Windows\System32\Tasks_Migrated\ChromsteraUpdater => moved successfully
    C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E0.pf => moved successfully
    "C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E2.pf" => not found
    "C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E7.pf" => not found
    "C:\Windows\Prefetch\CHROMSTERA.EXE-4EECC3E8.pf" => not found

    "C:\Users\sher\AppData\Local\Microsoft\Edge\Default BackupDD\Extensions\pofahmldimakjlecbbllaikgioocnhfl" Folder move:

    C:\Users\sher\AppData\Local\Microsoft\Edge\Default BackupDD\Extensions\pofahmldimakjlecbbllaikgioocnhfl => moved successfully

    "C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjomfomiaagodeikdllgedeceichlidk" Folder move:

    C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjomfomiaagodeikdllgedeceichlidk => moved successfully

    "C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjomfomiaagodeikdllgedeceichlidk" Folder move:

    C:\Users\sher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjomfomiaagodeikdllgedeceichlidk => moved successfully

    "C:\Users\sher\AppData\Local\Google\Chrome\Default BackupDD\Extensions\cjomfomiaagodeikdllgedeceichlidk" Folder move:

    C:\Users\sher\AppData\Local\Google\Chrome\Default BackupDD\Extensions\cjomfomiaagodeikdllgedeceichlidk => moved successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Artificius Web Solutions\\Path" => not found
    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{764FD474-A8AE-4ABE-9A8B-DEF6D393994F}\\AI_updater_ID" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater\{764FD474-A8AE-4ABE-9A8B-DEF6D393994F}\\C:\Program Files (x86)\Artificius Web Solutions\Artificius Web\ArtificiusUpdater.exe" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist\\1" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist\\1" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings\\cjomfomiaagodeikdllgedeceichlidk" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Google\Chrome\PreferenceMACs\Profile 2\extensions.settings\\cjomfomiaagodeikdllgedeceichlidk" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Edge\PreferenceMACs\Profile 1\extensions.settings\\pofahmldimakjlecbbllaikgioocnhfl" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{F82AF5DB-E99C-41D4-AAE0-B8E22E7D0F21}\\AI_updater_ID" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater\\C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Caphyon\Advanced Updater\{F82AF5DB-E99C-41D4-AAE0-B8E22E7D0F21}\\C:\Program Files (x86)\Chromstera Browser\ChromsteraUpdater.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{20D3D013-1565-4897-878D-AC2B847F2128}\\name" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{20D3D013-1565-4897-878D-AC2B847F2128}\\publisher" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{32A9AB14-A1D8-458F-99A6-2095D4C06947}\\name" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Corel\PCU\installedsoftware\{32A9AB14-A1D8-458F-99A6-2095D4C06947}\\publisher" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\ChromsteraHTM_https" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\ChromsteraHTM_http" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\ChromsteraHTM_.pdf" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\ChromsteraHTM_.webp" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\ChromsteraHTM_.html" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\ChromsteraHTM_.svg" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\ChromsteraHTM_.xht" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\ChromsteraHTM_.xhtml" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\Chromstera_.pdf" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated\\C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView\\Chromstera" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe.FriendlyAppName" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\sher\AppData\Local\Temp\a80276b5b7961410eca1ab8eb18c9dcd\ChromsteraUpdater.exe.ApplicationCompany" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Chromstera\Application\chromstera.exe.FriendlyAppName" => removed successfully
    "HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Chromstera\Application\chromstera.exe.ApplicationCompany" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Artificius Web Solutions => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DragonBoss\Chromstera => removed successfully
    HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\DragonBoss\Chromstera => removed successfully
    HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~chromstera => removed successfully
    HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera => removed successfully
    HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera browser 1.0.0.0 => removed successfully
    HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~chromstera => removed successfully
    HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera => removed successfully
    HKEY_USERS\S-1-5-21-818749208-4129437039-294162311-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9dd69095-2baa-4342-9720-87b72d7411f4}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$chromstera browser 1.0.0.0 => removed successfully


    The system needed a reboot.

    ==== End of Fixlog 21:27:39 ====
     
    sherbee, May 12, 2024
    #11
  12. Oh My!

    Oh My! Malware Expert Staff Member

    Things look good.

    Use the computer for a day or two and let me know how things are.
     
    Oh My!, May 12, 2024
    #12
  13. Oh My!

    Oh My! Malware Expert Staff Member

    How are we doing?
     
    Oh My!, May 16, 2024
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds