Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hangthis log analysis requuest #246

Closed
kiruthick56 opened this issue Feb 26, 2024 · 17 comments
Closed

Hangthis log analysis requuest #246

kiruthick56 opened this issue Feb 26, 2024 · 17 comments
Labels
Cure PC

Comments

@kiruthick56
Copy link

kiruthick56 commented Feb 26, 2024
edited
Loading

my laptop keeps crashing and freezing without any response then i ran Hangthis and i got this report which i cannot comprehend can anyone help?
CollectionLog-2024.02.26-12.21.zip
With the correct log now
@Sandor-Helper
Copy link

Hi,
If you need our assistance:

Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics. Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

@kiruthick56
Copy link
Author

Hey i have uploaded the correct log now

@Sandor-Helper
Copy link

Thank you.

Please fix in HiJackThis only these:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = localhost
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyServer] = hxxp://127.0.0.1:8892 (disabled)
O1 - Hosts: Reset contents to default
O17 - DHCP DNS 1: 127.0.2.2
O17 - DHCP DNS 2: 127.0.2.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{4cf1609d-ffbf-4e0d-bdf4-e6178a540947}: [NameServer] = 127.0.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4cf1609d-ffbf-4e0d-bdf4-e6178a540947}: [NameServer] = 127.0.2.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [NameServer] = 127.0.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [NameServer] = 127.0.2.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{db484304-db04-6aa0-a33d-7236836b364d}: [NameServer] = 127.0.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{db484304-db04-6aa0-a33d-7236836b364d}: [NameServer] = 127.0.2.3

Restart your PC.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please attach the logs back here.

@kiruthick56
Copy link
Author

If possible can you tell what are all those hosts are and what are the function of the stuff you mentioned to fix?

@Sandor-Helper
Copy link

Sandor-Helper commented Feb 26, 2024
edited
Loading

can you tell what do all those hosts functions?

My phrase "fix in HiJackThis" is a link to the manual. Please read it.

@kiruthick56
Copy link
Author

Addition.txt
FRST.txt
Here you go

@Sandor-Helper
Copy link

Temporarily turn off any antivirus.
Highlight following code:

Start::
SystemRestore: On
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [NameServer] 127.0.2.2,127.0.2.3
Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\4594053554D29424: [NameServer] 127.0.2.2,127.0.2.3
Tcpip\..\Interfaces\{db484304-db04-6aa0-a33d-7236836b364d}: [NameServer] 127.0.2.2,127.0.2.3
Tcpip\..\Interfaces\{e8f43b21-f6be-43e8-8e80-1ae36480cea0}: [NameServer] 127.0.2.2,127.0.2.3
S3 cpuz158; C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [44576 2024-02-23] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
AlternateDataStreams: C:\Users\kirut\Downloads\utweb_installer.exe:MBAM.Zone.Identifier [61]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8738]
FirewallRules: [{D5CE834C-B3F6-4517-90B0-9589A83268F7}] => (Allow) C:\Users\kirut\MediaGet2\QtWebEngineProcess.exe => No File
FirewallRules: [{51B8DB77-9575-4EBF-9BF1-99E216D0BE8C}] => (Allow) C:\Users\kirut\MediaGet2\QtWebEngineProcess.exe => No File
FirewallRules: [{4E6EAE97-568D-48E3-BB04-3341C70E40F0}] => (Allow) C:\Users\kirut\MediaGet2\mediaget.exe => No File
FirewallRules: [{0DDEC348-5071-4EE5-ABDE-76FC04A985A5}] => (Allow) C:\Users\kirut\MediaGet2\mediaget.exe => No File
FirewallRules: [{82359418-8D19-4223-B24E-82AEE2DD1251}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{FAAF757A-F572-4651-A536-E0E284CE2DA7}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{C89333A4-77B4-467A-95BC-85A14594E198}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe => No File
FirewallRules: [{B89AF589-C254-4F4A-ADA8-8876C8A08ECB}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe => No File
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

Several errors in the system log caused by Cloudflare WARP. Can you uninstall this application and see what happened?
Also, please zip this file

C:\WINDOWS\Minidump\022624-11359-01.dmp

and attach it to your next message.

@kiruthick56
Copy link
Author

Here you go
022624-11359-01.zip
Fixlog.txt

@Sandor-Helper
Copy link

You don't have to run fix twice. It was unnecessary.
Does the issue you've mentioned first is still persist?

@kiruthick56
Copy link
Author

uh not until now ill use the laptop and inform when reappears thanks for your help.

@kiruthick56 kiruthick56 reopened this Feb 26, 2024
@kiruthick56
Copy link
Author

hey my laptop displayed the BSOD again today
IRQL_NOT_LESS_OR_EQUAL
What failed:ntoskrnl.exe

@Sandor-Helper
Copy link

Yes, I saw this error in your mini dump. Try to update the system, go to the Control Panel - Windows update. Check for new, download and install all of the available updates.
Tell me if it helps.

@kiruthick56
Copy link
Author

I tried and it did not work
I also got another error named SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

@Sandor-Helper
Copy link

I'm sorry, but this is already a problem with the system and is beyond the scope of this forum.
There weren't obvious signs of infection at the very start. We just cleaned out some trash and orphans.

@kiruthick56
Copy link
Author

should i try a clean install?

@Sandor-Helper
Copy link

Yes, clean install could help in most cases.

@kiruthick56
Copy link
Author

i tried a clean install keeping all my apps and files lets hope this works
i have given up on warp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Cure PC
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dragokas @Sandor-Helper @kiruthick56