GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-03-03 18:28:44
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000022 TOSHIBA_MQ01ABF050 rev.AM003M 465,76GB
Running: z4vq2skb.exe; Driver: C:\Users\ALESSA~1\AppData\Local\Temp\kwwirpog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1608] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                00007ffa5c93169a 4 bytes [93, 5C, FA, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1608] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                00007ffa5c9316a2 4 bytes [93, 5C, FA, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1608] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                   00007ffa5c93181a 4 bytes [93, 5C, FA, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1608] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                   00007ffa5c931832 4 bytes [93, 5C, FA, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6640] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                             00007ffa5c93169a 4 bytes [93, 5C, FA, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6640] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                             00007ffa5c9316a2 4 bytes [93, 5C, FA, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6640] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                00007ffa5c93181a 4 bytes [93, 5C, FA, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6640] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                00007ffa5c931832 4 bytes [93, 5C, FA, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [7000:2592]                                                                                                                                                                                                 fffff96000835b90
---- Processes - GMER 2.1 ----

Library  C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c\Microsoft.PerfTrack.dll (*** suspicious ***) @ C:\WINDOWS\syswow64\wwahost.exe [2100] (Microsoft.PerfTrack.dll/Microsoft Corporation)(2014-09-24 14:55:32)  0000000068520000
Library  C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c\LibWrap.dll (*** suspicious ***) @ C:\WINDOWS\syswow64\wwahost.exe [2100] (Microsoft Skype/Microsoft Corporation)(2014-12-15 18:58:23)                      0000000064b20000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                     unknown MBR code

---- EOF - GMER 2.1 ----