Need help interpreting report and removing problems

[Gman]

Hello,
I recently tried to install Teamviewer and Malwarebytes. Both processes failed to install. I came across your software and downloaded. I have the report but have no idea what it means. Would appreciate some help with this.

 Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Grahams Laptop [Administrator]
Mode : Scan -- Date : 11/19/2014  10:27:16

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 18 (Driver: Loaded) ¤¤¤
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x3a90670
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x3a906f0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x3a906d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x3a90650
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x3a90710
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x3a90730
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x3a90750
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x3a90690
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x3a906b0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x3060050
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x30600d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x30600b0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x3060030
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x30600f0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x3060110
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x3060130
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x3060070
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x3060090

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] 983e04d4beab6cd277cc397d39fced64
[BSP] 42ffbd40dff2404068f33784a88b98d1 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 673742 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1382897664 | Size: 26105 MB
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1436360704 | Size: 14056 MB
User = LL1 ... OK
User = LL2 ... OK

[Tigzy]

mmh there's somethign highly suspicious.
I'd stop making online banking for now.

Can you check what Gmer is telling? http://www.gmer.net/

[Gman]

I just ran the Gmer scan and this is the report:



GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-11-19 13:53:11
Windows 6.1.7601 Service Pack 1
Running: o0gfggjo.exe; Driver: C:\Users\GRAHAM~1\AppData\Local\Temp\kxlirkog.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                         3676
Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                     
Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@043DDB67                             271
Reg  HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9DD0A3C6-F550-11E0-8B35-806E6F6E6963}  3328894752

---- EOF - GMER 2.1 ----

[Tigzy]

I think you need to click on "start scan", it's much longer

[Gman]

Ok, I think this is what you are looking for:
I've attached as a .txt file

[Tigzy]

Yes it is, but Gmer doesn't find the same hooks.
Could you make a dump of iexplorer.exe (with Process Hacker) and upload it to Dropbox/Google drive? (attach the link here, or if you prefer to keep it private send it through the contact link of adlice.com and mention this forum thread)

[Tigzy]

Are you able to reproduce the same log with RogueKiller?
I don't see anything in the dump...