GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2014-01-12 22:29:46
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f ST320LT020-9YG142 rev.0002HPM1 298,09GB
Running: wsj7t1pl.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\uxdoypod.sys


---- User code sections - GMER 2.1 ----

?       C:\Windows\SYSTEM32\BsHelpCSps.dll [1460] entry point in ".data" section                                                                       0000000001105055
.text   C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe[1880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                  00007ff85b6e169a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe[1880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                  00007ff85b6e16a2 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe[1880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                     00007ff85b6e181a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe[1880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                     00007ff85b6e1832 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2016] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506  00007ff85b6e169a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2016] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514  00007ff85b6e16a2 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2016] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118     00007ff85b6e181a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2016] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142     00007ff85b6e1832 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1380] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506               00007ff85b6e169a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1380] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514               00007ff85b6e16a2 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1380] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                  00007ff85b6e181a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1380] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                  00007ff85b6e1832 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1704] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                     00007ff85b6e169a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1704] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                     00007ff85b6e16a2 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1704] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                        00007ff85b6e181a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1704] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                        00007ff85b6e1832 4 bytes [6E, 5B, F8, 7F]
.text   C:\Windows\System32\igfxpers.exe[4564] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                  00007ff85b6e169a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Windows\System32\igfxpers.exe[4564] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                  00007ff85b6e16a2 4 bytes [6E, 5B, F8, 7F]
.text   C:\Windows\System32\igfxpers.exe[4564] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                     00007ff85b6e181a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Windows\System32\igfxpers.exe[4564] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                     00007ff85b6e1832 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                     00007ff85b6e169a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                     00007ff85b6e16a2 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                        00007ff85b6e181a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                        00007ff85b6e1832 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\NetWorx\networx.exe[4800] C:\WINDOWS\SYSTEM32\wsock32.dll!setsockopt + 194                                                    00007ff84fff1f6a 4 bytes [FF, 4F, F8, 7F]
.text   C:\Program Files\NetWorx\networx.exe[4800] C:\WINDOWS\SYSTEM32\wsock32.dll!setsockopt + 218                                                    00007ff84fff1f82 4 bytes [FF, 4F, F8, 7F]
.text   C:\Program Files\NetWorx\networx.exe[4800] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                              00007ff85b6e169a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\NetWorx\networx.exe[4800] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                              00007ff85b6e16a2 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\NetWorx\networx.exe[4800] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                                 00007ff85b6e181a 4 bytes [6E, 5B, F8, 7F]
.text   C:\Program Files\NetWorx\networx.exe[4800] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                                 00007ff85b6e1832 4 bytes [6E, 5B, F8, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4852] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                  00007ff85b6e169a 4 bytes [6E, 5B, F8, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4852] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                  00007ff85b6e16a2 4 bytes [6E, 5B, F8, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4852] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                     00007ff85b6e181a 4 bytes [6E, 5B, F8, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4852] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                     00007ff85b6e1832 4 bytes [6E, 5B, F8, 7F]
?       C:\Windows\SYSTEM32\BsHelpCSps.dll [2728] entry point in ".data" section                                                                       0000000001c75055
?       C:\Windows\SYSTEM32\BlueSoleilCSps.dll [2728] entry point in ".rdata" section                                                                  0000000004134085

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [576:584]                                                                                                        fffff960008174d0
Thread  C:\WINDOWS\system32\svchost.exe [936:704]                                                                                                      00007ff848eb38e0
Thread  C:\WINDOWS\system32\svchost.exe [936:3672]                                                                                                     00007ff84ade11b0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----