nv4_disp page fault in non paged area ,gura.exe and sysproc32.sys

Ok so i got a bsod today while viewing an image, the bsod was about NV4_disp_Driver.dll and Page Fault Found In A Non Paged Area i’ve tried updating drivers but the problem exists still

i looked in my event viewer and found this 20 seconds before the bsod

Source BITS
Event 16384

The administrator NT AUTHORITY\SYSTEM canceled job “D:\WINDOWS\TEMP\GUR2.exe” on behalf of HOME-38D73EF425\Ryan. The job ID was {179EDDF7-5789-4AA3-BE43-03D46B3CFA91}.

what could this be? ive never heard of gur2.exe before

I’m having the same issue. Unfortunately I have nothing to contribute toward the solution. Just a “me too-er”.

H ratchetclan4 & mbrinson,

The infection is a Trojan: TR/Crypt.ZPACK.Gen
First read this helpful page: http://forums.majorgeeks.com/showthread.php?t=187883

Now do a scan with MBAM from here: http://www.malwarebytes.org/mbam-download.php
Perform an update for MBAM via Update click button Check for Updates
Run a QuickScan
Give us a complete logfile as an added txtfile…

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Finally checking the manual removal procedure:

To remove Crypt.ZPACK.Gen, you must first stop any Crypt.ZPACK.Gen processes that are running in your computer’s memory. To stop all Crypt.ZPACK.Gen processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the “Processes” tab, search for Crypt.ZPACK.Gen, then right-click it and select “End Process” key.

To delete Crypt.ZPACK.Gen registry keys, open the Windows Registry Editor by clicking on the Windows “Start” button and selecting “Run.” Type “regedit” into the box and click “OK.” Once the Registry Editor is open, search for the registry key “HKEY_LOCAL_MACHINE\Software\Crypt.ZPACK.Gen.” Right-click this registry key and select “Delete.” Before doing this make a copy of your existing registry first…

Finally, to completely get rid of Crypt.ZPACK.Gen, you must manually remove other Crypt.ZPACK.Gen files. These Crypt.ZPACK.Gen files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, Crypt.ZPACK.Gen might create a file like
%PROGRAM_FILES%\Crypt.ZPACK.Gen\Crypt.ZPACK.Gen.exe. Locate and remove these files,

polonus

kind of rebumping this old thread but, this problem is still plauging me except it likes to change its name the most current one is

The administrator NT AUTHORITY\SYSTEM canceled job “D:\WINDOWS\TEMP\GURA.exe” on behalf of HOME-38D73EF425\Ryan. The job ID was {CECBBF4C-BFDE-48A6-A61A-54C403543F29}.

and this happens before or after the nv4_disp.dll page_fault_in_nonpaged_area blue screen,
i know its not ram related as i have ran memtest86 on 7 passes with 0 errors which took 17hours


as requested in the last post here is the malware bytes log attached

seems i have 4 backdoor.bots
and 5 trojan.agents
also a maleware.trace in network\uid (proberly whats causing my tcip errors when trying to connect to my wireless)

i cannot find any TR/Crypt.ZPACK.Gen process on my computer

i’ve attached a hijack this log so you can see my running process’s