Hangthis log analysis requuest

[kiruthick56]

my laptop keeps crashing and freezing without any response then i ran Hangthis and i got this report which i cannot comprehend can anyone help? CollectionLog-2024.02.26-12.21.zip With the correct log now

[Sandor-Helper]

Hi, If you need our assistance:

• Read carefully: How to make a request for help in the PC cure section
• Attach 'Collection-[Date].zip' log created by AutoLogger

Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics. Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

[kiruthick56]

Hey i have uploaded the correct log now

[Sandor-Helper]

Thank you.

Please fix in HiJackThis only these:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = localhost
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyServer] = hxxp://127.0.0.1:8892 (disabled)
O1 - Hosts: Reset contents to default
O17 - DHCP DNS 1: 127.0.2.2
O17 - DHCP DNS 2: 127.0.2.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{4cf1609d-ffbf-4e0d-bdf4-e6178a540947}: [NameServer] = 127.0.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4cf1609d-ffbf-4e0d-bdf4-e6178a540947}: [NameServer] = 127.0.2.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [NameServer] = 127.0.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [NameServer] = 127.0.2.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{db484304-db04-6aa0-a33d-7236836b364d}: [NameServer] = 127.0.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{db484304-db04-6aa0-a33d-7236836b364d}: [NameServer] = 127.0.2.3

Restart your PC.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please attach the logs back here.

[kiruthick56]

If possible can you tell what are all those hosts are and what are the function of the stuff you mentioned to fix?

[Sandor-Helper]

can you tell what do all those hosts functions?

My phrase "fix in HiJackThis" is a link to the manual. Please read it.

[kiruthick56]

Addition.txt FRST.txt Here you go

[Sandor-Helper]

Temporarily turn off any antivirus. Highlight following code:

Start::
SystemRestore: On
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [NameServer] 127.0.2.2,127.0.2.3
Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\4594053554D29424: [NameServer] 127.0.2.2,127.0.2.3
Tcpip\..\Interfaces\{db484304-db04-6aa0-a33d-7236836b364d}: [NameServer] 127.0.2.2,127.0.2.3
Tcpip\..\Interfaces\{e8f43b21-f6be-43e8-8e80-1ae36480cea0}: [NameServer] 127.0.2.2,127.0.2.3
S3 cpuz158; C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [44576 2024-02-23] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
AlternateDataStreams: C:\Users\kirut\Downloads\utweb_installer.exe:MBAM.Zone.Identifier [61]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8738]
FirewallRules: [{D5CE834C-B3F6-4517-90B0-9589A83268F7}] => (Allow) C:\Users\kirut\MediaGet2\QtWebEngineProcess.exe => No File
FirewallRules: [{51B8DB77-9575-4EBF-9BF1-99E216D0BE8C}] => (Allow) C:\Users\kirut\MediaGet2\QtWebEngineProcess.exe => No File
FirewallRules: [{4E6EAE97-568D-48E3-BB04-3341C70E40F0}] => (Allow) C:\Users\kirut\MediaGet2\mediaget.exe => No File
FirewallRules: [{0DDEC348-5071-4EE5-ABDE-76FC04A985A5}] => (Allow) C:\Users\kirut\MediaGet2\mediaget.exe => No File
FirewallRules: [{82359418-8D19-4223-B24E-82AEE2DD1251}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{FAAF757A-F572-4651-A536-E0E284CE2DA7}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{C89333A4-77B4-467A-95BC-85A14594E198}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe => No File
FirewallRules: [{B89AF589-C254-4F4A-ADA8-8876C8A08ECB}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe => No File
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy). Run FRST (FRST64) as Administrator. Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

Several errors in the system log caused by Cloudflare WARP. Can you uninstall this application and see what happened? Also, please zip this file

C:\WINDOWS\Minidump\022624-11359-01.dmp

and attach it to your next message.

[kiruthick56]

Here you go 022624-11359-01.zip Fixlog.txt

[Sandor-Helper]

You don't have to run fix twice. It was unnecessary. Does the issue you've mentioned first is still persist?

[kiruthick56]

uh not until now ill use the laptop and inform when reappears thanks for your help.

[kiruthick56]

hey my laptop displayed the BSOD again today IRQL_NOT_LESS_OR_EQUAL What failed:ntoskrnl.exe

[Sandor-Helper]

Yes, I saw this error in your mini dump. Try to update the system, go to the Control Panel - Windows update. Check for new, download and install all of the available updates. Tell me if it helps.

[kiruthick56]

I tried and it did not work I also got another error named SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

[Sandor-Helper]

I'm sorry, but this is already a problem with the system and is beyond the scope of this forum. There weren't obvious signs of infection at the very start. We just cleaned out some trash and orphans.

[kiruthick56]

should i try a clean install?

[Sandor-Helper]

Yes, clean install could help in most cases.

[kiruthick56]

i tried a clean install keeping all my apps and files lets hope this works i have given up on warp