GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-07-14 11:57:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005f SAMSUNG_ rev.2AJ1 298,09GB
Running: u97hjh5c.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\AVG\AVG2015\avgui.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000077d01465 2 bytes [D0, 77]
.text   C:\Program Files (x86)\AVG\AVG2015\avgui.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               0000000077d014bb 2 bytes [D0, 77]
.text   ...                                                                                                                       * 2
.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077d01465 2 bytes [D0, 77]
.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077d014bb 2 bytes [D0, 77]
.text   ...                                                                                                                       * 2
?       C:\Windows\system32\mssprxy.dll [2244] entry point in ".rdata" section                                                    0000000070a171e6
.text   C:\Windows\system32\SearchIndexer.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                              0000000077ba1590 5 bytes JMP 0000000077d00128
.text   C:\Windows\system32\SearchIndexer.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                            0000000077ba16b0 5 bytes JMP 0000000077d00018
.text   C:\Windows\system32\SearchIndexer.exe[2516] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                       000000007794e7b0 5 bytes JMP 0000000077d000a0
.text   C:\Windows\system32\svchost.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    0000000077ba1590 5 bytes JMP 0000000177b40128
.text   C:\Windows\system32\svchost.exe[2180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000077ba16b0 5 bytes JMP 0000000177b40018
.text   C:\Windows\system32\svchost.exe[2180] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                             000000007794e7b0 5 bytes JMP 0000000077b400a0
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[3424] C:\Windows\system32\kernel32.dll!CreateProcessInternalW          000000007794e7b0 5 bytes JMP 0000000077d000a0
.text   C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    0000000077ba1590 5 bytes JMP 0000000177b40128
.text   C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000077ba16b0 5 bytes JMP 0000000177b40018
.text   C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                             000000007794e7b0 5 bytes JMP 0000000077b400a0
.text   C:\Windows\System32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    0000000077ba1590 5 bytes JMP 0000000177b40128
.text   C:\Windows\System32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000077ba16b0 5 bytes JMP 0000000177b40018
.text   C:\Windows\System32\svchost.exe[1796] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                             000000007794e7b0 5 bytes JMP 0000000077b400a0
.text   C:\Windows\system32\WUDFHost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                   0000000077ba1590 5 bytes JMP 0000000077d00128
.text   C:\Windows\system32\WUDFHost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                 0000000077ba16b0 5 bytes JMP 0000000077d00018
.text   C:\Windows\system32\WUDFHost.exe[1412] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                            000000007794e7b0 5 bytes JMP 0000000077d000a0
.text   C:\Windows\system32\NOTEPAD.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    0000000077ba1590 5 bytes JMP 0000000077d00128
.text   C:\Windows\system32\NOTEPAD.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000077ba16b0 5 bytes JMP 0000000077d00018
.text   C:\Windows\system32\NOTEPAD.EXE[3608] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                             000000007794e7b0 5 bytes JMP 0000000077d000a0

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3424:3908]                                                            000007fefb0e2ab8
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2368:2144]                                                    0000000077917587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2368:3920]                                                    000000006f47758a
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2368:3328]                                                    0000000077d741f3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2368:2976]                                                    0000000077d76679
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2368:1748]                                                    0000000077d76679

---- EOF - GMER 2.1 ----