Jump to content

Recommended Posts

First and Foremost, I appreciate any help that I will receive in reference to my problem. This is my first time posting on the forums and my first time in general asking for any help with something like this.

 

I recently came across a program in my task manager displayed as "User OOBE Broker" I didn't recognize it and after researching it online it appears to be an authentic Windows program. With that said, according to my research it appears it could either be malware or a result of an error in which I have not been able to determine. The thing is I have 2 identical versions of the program located in different paths:

 

1. C:\Windows\System32\oobe

2. C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.1_none_39d7f735c58f975e

 

According to registry-programs.com, it stated the legit process is located where the 2nd path is. It doesn't say anything related to a System32 process.

 

Nonetheless, I wanted to confirm if there was anything that looked suspicious that wasn't detected. I completed the Malwarebytes, AdwCleaner (1st scan and 2nd scan after the 1 PUP removal - not sure if it was a false detection) and FRST scans. I attached all the files to my post. 

If there is anything that you suggest that I should remove or fix, please let me know. 

 

I appreciate any help related to my specific issue. 

Thank you.

Malwarebytes Scan Log.txt AdwCleaner 1st scan.txt Addition Scan.txt AdwCleaner 2nd scan after removal.txt FRST Scan.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

fixlist.txt

Link to post
Share on other sites

Hello @nasdaq,

I appreciate the time you've taken to review my log files. I have a question about the fixlist.txt file you created for me. I saw that there were a few lines that contained "Haste". I'm not sure if the fixlist file will be removing it as I currently use the Haste program daily for gaming related activities. I've noticed the Haste program generates an error in the Windows Event logs when I exit the application. I've manually uninstalled and reinstalled it in the past but it never fixed the error. 

Should I still go forward with running the fixlist? 

 

Also, I'm not sure if you're able to assist with another issue down below. It's not a big deal so if you can't then I understand.

I was wondering if you noticed any "Razer Synapse 3" files in my logs. Every time I start up my computer and log into Windows I am prompted to download Razer Synapse 3 for my Razer keyboard and mouse. If I unplug my keyboard and plug it back into a USB port, I receive the same pop-up to download Synapse 3. I don't have Synapse 3 installed and I've tried my best to remove any traces of it from my computer but I'm not sure if there is something I am missing.

 I have to use the old Razer Synapse (Synapse 2.0) program for my headset. The headset isn't supported on Synapse 3 and my keyboard/mouse isn't supported on the old Synapse. Having both Synapse 2 and 3 have conflicted in the past so I decided to remove the newer program since it's not as important as Synapse 2.0 for my audio functionality.  

I guess the easier way would be to completely remove the old version of Synapse rather than hunting around for remnants of Synapse 3 and once everything is gone I would reinstall Synapse 2.0 for my headset.

 

Thank you again for the help.

Link to post
Share on other sites

Hi,

Sorry about that.
The drivers's name are associated with a infection.
I have documented this and it will not happen again.

Thank you for the information.

Open the Fixlist.txt and delete these 3 lines.

R4 WinDivert1.3; C:\Program Files\Haste\WinDivert64.sys
C:\Program Files\Haste\WinDivert64.sys
C:\Program Files\Haste\WinDivert.dll

Save it.

Run the fix as suggested.

===


I've noticed the Haste program generates an error in the Windows Event logs when I exit the application. I've manually uninstalled and reinstalled it in the past but it never fixed the error. 

Should I still go forward with running the fixlist?

Sure looks like a bug in the program.
Possibly the handle to the program is not being released.
The system takes care of it. Just ignore it.

===

Re Synapse 3 issues.

Let's see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
Synapse 3
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Link to post
Share on other sites

Thank you for the response @nasdaq,

I ended up running your initial fixlist.txt file.I will attach the log file down below. Although it did prevent Haste from running I was able to resolve the issue by uninstalling the program and reinstalling it. I've tried to "debloat" Windows 10 so it would run more efficiently. It was basic and nothing entirely extreme. It consisted of removing all the Asus and preinstalled clutter that normally comes along with a fresh Windows 10 install, but I'm sure I've missed stuff. Is there anything you personally would recommend adding to the fixlist.txt file that would help?

I will wait for your response before I jump ahead and do anything else. If you want me to run a new FRST scan and attach the log file then I can do so, since the log file I have attached below doesn't contain the information regarding the Synapse 3 instructions you provided above or the re-installation of Haste. Fixlog_07-08-2020 18.02.46.txt

 

Thank you for the help.

 

Link to post
Share on other sites
16 hours ago, nasdaq said:

Re Synapse 3 issues.

Let's see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
Synapse 3
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply

In respect for your time I went ahead and conducted the search of my registry with FRST. I will also attach the Registry search Log .txt file just in case. This is the following results from the Registry Search Log file:

 

 

Farbar Recovery Scan Tool (x64) Version: 08-08-2020
Ran by Drumm (09-08-2020 01:41:37)
Running from C:\Users\Drumm\Downloads
Boot Mode: Normal

================== Search Registry: "Synapse 3" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Razer Synapse 3.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Razer Synapse 3_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Razer Synapse 3_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps\Razer Synapse 3.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Synapse 3 Web Service]
[HKEY_USERS\S-1-5-21-1835203505-1844857678-1684865405-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe"="84"
[HKEY_USERS\S-1-5-21-1835203505-1844857678-1684865405-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC]
"3"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse.lnk
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
"

====== End of Search ======

SearchReg Log File.txt

Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Is the problem solved?

fixlist.txt

Link to post
Share on other sites

Hello, @nasdaq,

Apologies for the late reply. After running the new fixlist.txt file from your previous reply it appears the problem has been fixed. I wasn't prompted with a Razer "install device" screen after my computer's restart or upon re-plugging in my Razer peripherals. I really do appreciate the time you've taken to help with both of the issues I was dealing with. 

Thank you again! It means a lot. 🙂

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.