GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-25 12:43:16
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HI rev.1AG01118
Running: 6gt2x60m.exe; Driver: C:\Users\Joanna\AppData\Local\Temp\pgloqpod.sys


---- System - GMER 1.0.15 ----

SSDT   \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwCreateThread [0x906F17F0]
SSDT   \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwLoadDriver [0x906F18B0]
SSDT   \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwSetSystemInformation [0x906F1870]
SSDT   \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwSystemDebugControl [0x906F1830]

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!KeSetTimerEx + 454                                                                       828C6A78 4 Bytes  [F0, 17, 6F, 90]
.text  ntkrnlpa.exe!KeSetTimerEx + 5B0                                                                       828C6BD4 4 Bytes  [B0, 18, 6F, 90] {MOV AL, 0x18; OUTSD ; NOP }
.text  ntkrnlpa.exe!KeSetTimerEx + 810                                                                       828C6E34 4 Bytes  [70, 18, 6F, 90] {JO 0x1a; OUTSD ; NOP }
.text  ntkrnlpa.exe!KeSetTimerEx + 84C                                                                       828C6E70 4 Bytes  [30, 18, 6F, 90] {XOR [EAX], BL; OUTSD ; NOP }

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1920] kernel32.dll!SetUnhandledExceptionFilter    7759700D 4 Bytes  [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                 [74B188B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                  [74B598A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]              [74B1B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]        [74B0FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                  [74B17A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]               [74B0EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]   [74B4B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]      [74B1BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]              [74B1074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]               [74B106B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                [74B071B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]        [74B9D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]           [74B37379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]              [74B0E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                        [74B0697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                       [74B069A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]          [74B12465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0x41 0x62 0xDB 0x47 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0x41 0x62 0xDB 0x47 ...

---- EOF - GMER 1.0.15 ----