Ok so just recently my computer has been acting up, like freezing and not letting me move my mouse for 2-3 seconds or crashing to a nv4_disp.dll Page_fault_in_nonpaged_area bluescreen while playing games, i also have trouble connecting to my wireless, with TcPip spamming my event viewer --------------------------------------------------------- The Nv4_disp.dll Problem Ok so randomly while playing games i crash to this, i have tested my ram with memtest86, i let it do 7 full passes and it came back with 0 errors i've tried updating my nvidia drivers but the problem keeps arising.... ----------------------------------------------------------- The Gura.exe Problem in my event viewer, before or right after these Bluescreens i get The administrator NT AUTHORITY\SYSTEM canceled job "D:\WINDOWS\TEMP\GURA.exe" on behalf of HOME-38D73EF425\Ryan. The job ID was {CECBBF4C-BFDE-48A6-A61A-54C403543F29}. It used to be called GUR2.exe but has changed recently... its source is BITS and its event is 16384 ----------------------------------------------------- Tcpip Problem i have trouble connecting to my wireless sometimes with The system detected that network adapter Ralink...LAN Card - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. being spammed in my event viewer about 40 times, its event is 4201 i believe this might be linked to a malware.trace in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid ------------------- i have attached a HIJACK this log, and a MALWAREBYTES LOG, as my malware bytes has found 5 trojan.agents and 4 backdoor.bots one of which trojan is sysproc86 , sysproc64 , and sysproc32 MBAM log Malwarebytes' Anti-Malware 1.44 Database version: 3747 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 16/02/2010 7:38:08 PM mbam-log-2010-02-16 (19-38-03).txt Scan type: Quick Scan Objects scanned: 132585 Time elapsed: 10 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 2 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken. Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: D:\Documents and Settings\LocalService\Application Data\sysproc64 (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> No action taken. Files Infected: D:\Documents and Settings\LocalService\Application Data\sysproc64\sysproc32.sys (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> No action taken. HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:46:44 PM, on 16/02/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Alwil Software\Avast5\AvastSvc.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\cisvc.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Kontiki\KService.exe D:\WINDOWS\system32\PnkBstrB.exe D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\System32\TUProgSt.exe D:\WINDOWS\system32\atwtusb.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\atwtusb.exe D:\Program Files\TortoiseSVN\bin\TSVNCache.exe D:\Program Files\PowerISO\PWRISOVM.EXE D:\Program Files\Unlocker\UnlockerAssistant.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\WTMKM.exe D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\system32\RunDll32.exe D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe D:\Program Files\COMODO\COMODO Internet Security\cfp.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\nerds.de\LoopBe1\loopBeMon.exe D:\Program Files\RALINK\Common\RaUI.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe D:\Program Files\Thoosje\thoosje vista sidebar\Thoosje Sidebar.exe D:\Documents and Settings\Ryan\My Documents\Winflip\WinFlip.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\mmc.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Java\jre6\bin\jucheck.exe D:\WINDOWS\system32\cidaemon.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\Documents and Settings\Ryan\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [unlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Thoosje Sidebar.lnk = D:\Program Files\Thoosje\thoosje vista sidebar\Thoosje Sidebar.exe O4 - Startup: WinFlip.lnk = D:\Documents and Settings\Ryan\My Documents\Winflip\WinFlip.exe O4 - Global Startup: LoopBe1 Monitor.lnk = D:\Program Files\nerds.de\LoopBe1\loopBeMon.exe O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199300685734 O17 - HKLM\System\CCS\Services\Tcpip\..\{8DDBA5D9-4A76-442D-B5C3-CD93D7CF3D01}: NameServer = 192.168.1.254 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca217f867ce258) (gupdate1ca217f867ce258) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe O23 - Service: WTService - Unknown owner - D:\WINDOWS\system32\atwtusb.exe -- End of file - 9101 bytes