hjt mbam won't run

[burnlast]

Hjt wont install. Loaded mbam to desktop,renamed it installer.com. It runs 2 seconds and closes and won't restart a second time.Did get Avira antivirus to install.Antivir guard goes crazy stopping trojans.Avira system scan is not complete and won't run again,but when it did run a couple of nasties got put in quarantine. Avira did update.Had to shut off Antivir guard to do anything on computer.

[LonnyRJ]

Are you seeing this error message burnlast ?

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."

[burnlast]

When I click on desktop icon, I get nothing.If i go to mbam folder and click on mbam.exe(or any other rename) I get message you describe.Also since first post I've lost my desktop.Avira AntiVir guard is going nuts with Alureon BF2trojan,TR/PCK.Tdss.y33,TR/downloader.gen,TR/crypt,PEPM.gen.I'm limping along here and really appreciate your help and time.

[LonnyRJ]

If your able to >

Download (dont run yet) this tool

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

http://ad13.geekstogo.com/Win32kDiag.exe

Place it on your desktop.

Go start run copy then paste in the line below and press enter

"%userprofile%\desktop\Win32kDiag.exe" -r -f

A log should open when it is finished, post it please.

~~~~~

Visit the webpage below for instructions for downloading and running ComboFix:

But proir to running Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This is because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it.

Please visit HERE if you don't know how. http://www.bleepingcomputer.com/forums/topic114351.html

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post combofix's log which will open automaticly when complete, if not it is located here. C:\combofix.txt

Note: If windows auto-update comes up cancel it for now.

[burnlast]

I did get win32k to download.I can't get Avira shut down. the only thing on my desktop is a window such as when you click start,computer.I have a black screen otherwise with no task bar to shut it down.Is there some other way to get it shut off ?Also not really sure where to paste line you posted.Do I include -r -f or just what is between quotation marks?

[LonnyRJ]

Does task manager work ? (press ctrl alt del at the same time)

What operating system is on your PC ?

Can you uninstall Avira (for now) ?

[burnlast]

I'm running Windows Vista Home Premium.I've got Avira uninstalled.Yes, I can get task manager to work.

[LonnyRJ]

Good

Open task manager go file > new task and paste in the entire line below, or type it in.

"%userprofile%\desktop\Win32kDiag.exe" -r -f

A log should open when it is complete, post it.

Is combofix on your desktop ?

If so use task manager to start it, file > new task

"%userprofile%\desktop\combofix.exe"

A log should open when it is complete, post it.

[burnlast]

Here is win32 log. Combofix will not run.

[burnlast]

Sorry I messed up on last entry.Here is win32 log. Combofix will not run.

[attachment=7250:Win32kDiag.txt]

Win32kDiag.txt

[LonnyRJ]

Try re-downloading combofix but rename as you do so

rename to iexplorer.com then modify that new task item to fit like so >

use task manager to start it, file > new task

"%userprofile%\desktop\iexplorer.com"

A log should open when it is complete, post it.

[burnlast]

Reloaded combofix.It ran but come up with:

PEV.cfxxehas stopped working. I closed this message.

Combo fix ran a bit and then come up:

Combofix has detected rootkit activity and needs to reboot.It said to write down this info:

C:windows\system32\drivers\UACtcwwevpvfn.sys

C:windows\system32\UACuttbaybqtw.dll

C:windows\system32\UACeipxlqcxyp.dll

C:windows\system32\UACmhqwgebtch.dat

C:windows\system32\UACturcmghevm.dll

C:windows\system32\UACdsrincocft.log

C:windows\system32\UACtecryyexce.dll

C:windows\system32\drivers\gxvcdmqcutxwirxuwrhicoqeifubpwjbtgvm.sys

C:windows\system32\gxvxcjttmusrqpsscrcthevtpsnwwvqtmjiyr.dll

C:windows\system32\drivers\rotscxvqfrsgwq.sys

I let it reboot,nothing restarted,so I restarted combofix.It came up with same messages.I hope I haven't mistyped something above.Sometimes I can't read my own writing.

[LonnyRJ]

Is your desktop back ?

Lets get a gmer scan log

Download and run gmer (use the download exe button) from here >

http://www.gmer.net/#files

Double click GMER. If asked to allow gmer.sys driver to load, please consent .

If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Uncheck[]Sections

Uncheck[]IAT/EAT

Uncheck[]Files

Uncheck[]Drives/Partition other than Systemdrive (typically C:\)

Uncheck[]Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

save the log to a handy location close gmer and post that log.

[burnlast]

Desktop is not back.here is GMER log:

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit scan 2009-09-17 22:53:18

Windows 6.0.6001 Service Pack 1

Running: 37lwfips.exe; Driver: C:\Users\THEDAD~1\AppData\Local\Temp\fxlyyaog.sys

---- System - GMER 1.0.15 ----

Code 88052068 ZwEnumerateKey

Code 87F7B2D0 ZwFlushInstructionCache

---- Services - GMER 1.0.15 ----

Service C:\Windows\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\rotscxvqfrsgwq.sys (*** hidden *** ) [sYSTEM] rotscxttutnbsn <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcdmqcutxwirxuwrhieoqeifvbpwjbtgvm.sys

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcdmqcutxwirxuwrhieoqeifvbpwjbtgvm.sys

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcjttmvsrqpsscrcthvetpsnwwvatmjiyr.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main\injector@* rotscxwsp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtcwwevpvfn.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtcwwevpvfn.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACuttbqybqtw.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACeipxlqcxyp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACmhqwgebtch.dat

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACturcmghevm.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACdsrincocft.log

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACteeryyexce.dll

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\main\injector@* rotscxwsp.dll

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\ControlSet002\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main\delete

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main\injector

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main\injector@* rotscxwsp8.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main\tasks

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxwsp8.dll \systemroot\system32\rotscxtqvwdfnw.dll

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn@start 1

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\main\injector@* rotscxwsp.dll

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\ControlSet004\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn@start 1

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\main\injector@* rotscxwsp.dll

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\ControlSet005\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn@start 1

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main\injector@* rotscxwsp8.dll

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxwsp8.dll \systemroot\system32\rotscxtqvwdfnw.dll

---- EOF - GMER 1.0.15 ----

[LonnyRJ]

Run Gmer rightclick this item and choose disable (not the other ALG)

Service C:\Windows\system32\drivers\rotscxvqfrsgwq.sys (*** hidden *** ) [sYSTEM] rotscxttutnbsn <-- ROOTKIT !!!

In gmer click the arrow tab > click the proccess tab and use the restart button.

Once the PC has fully started do another gmer scan as before and post another log please.

[burnlast]

I used same settings on gmer as previous post.I guessed that was how you wanted gmer set up.If not let me know.Here is the log:

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit scan 2009-09-18 00:50:24

Windows 6.0.6001 Service Pack 1

Running: 37lwfips.exe; Driver: C:\Users\THEDAD~1\AppData\Local\Temp\fxlyyaog.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2144] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2428] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2600] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3860] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3868] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3948] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3980] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!SetWindowsHookExW 76AB7B69 5 Bytes JMP 6F3A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!CallNextHookEx 76AB8C33 5 Bytes JMP 6F39CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!GetAsyncKeyState 76AB8DF4 5 Bytes JMP 6F2C8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!DialogBoxIndirectParamW 76ABBD25 5 Bytes JMP 6F4A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!SendInput 76ABBEE7 5 Bytes JMP 6F4A4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!EndDialog 76ABC178 5 Bytes JMP 6F2D7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!EnableWindow 76ABDC79 5 Bytes JMP 6F3AD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!CreateWindowExW 76AC3D67 5 Bytes JMP 6F3AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!GetKeyState 76AC87C7 5 Bytes JMP 6F3ACB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!IsDialogMessageW 76AC99AE 5 Bytes JMP 6F2D570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!CreateDialogParamA 76AD16FD 5 Bytes JMP 6F4A4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!IsDialogMessage 76AD179A 5 Bytes JMP 6F4A4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!DialogBoxParamW 76AD1FD5 5 Bytes JMP 6F2D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!CreateDialogIndirectParamA 76AD27CD 5 Bytes JMP 6F4A4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!CreateDialogIndirectParamW 76AD9AFA 5 Bytes JMP 6F4A488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!UnhookWindowsHookEx 76AE08BE 5 Bytes JMP 6F3143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!CreateDialogParamW 76AE1C58 5 Bytes JMP 6F3AD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!SetKeyboardState 76AE1ECE 5 Bytes JMP 6F4A4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!DialogBoxParamA 76AF80B2 5 Bytes JMP 6F4A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!DialogBoxIndirectParamA 76AF83DD 5 Bytes JMP 6F4A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!MessageBoxIndirectA 76B0D471 5 Bytes JMP 6F4A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!MessageBoxIndirectW 76B0D56B 5 Bytes JMP 6F4A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!MessageBoxExA 76B0D5D1 5 Bytes JMP 6F4A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!MessageBoxExW 76B0D5F5 5 Bytes JMP 6F4A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!keybd_event 76B0D93C 5 Bytes JMP 6F4A5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] SHELL32.dll!SHRestricted + DFD 75998390 4 Bytes [bD, 30, 39, 74]

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] SHELL32.dll!SHRestricted + E05 75998398 8 Bytes [CA, 2F, 39, 74, 6A, 5C, 38, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] ole32.dll!OleLoadFromStream 756C9726 5 Bytes JMP 6F4A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4084] ole32.dll!CoCreateInstance 756FE188 5 Bytes JMP 6F3AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!

Service C:\Windows\system32\drivers\rotscxvqfrsgwq.sys (*** hidden *** ) [DISABLED] rotscxttutnbsn <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcdmqcutxwirxuwrhieoqeifvbpwjbtgvm.sys

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcdmqcutxwirxuwrhieoqeifvbpwjbtgvm.sys

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcjttmvsrqpsscrcthvetpsnwwvatmjiyr.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main\injector@* rotscxwsp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtcwwevpvfn.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtcwwevpvfn.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACuttbqybqtw.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACeipxlqcxyp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACmhqwgebtch.dat

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACturcmghevm.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACdsrincocft.log

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACteeryyexce.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn@start 4

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main\delete

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main\injector

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main\injector@* rotscxwsp8.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\main\tasks

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\rotscxttutnbsn\modules@rotscxwsp8.dll \systemroot\system32\rotscxtqvwdfnw.dll

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn@start 1

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn@type 1

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn@group file system

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn@imagepath \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main@aid 10003

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main@sid 0

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main\injector@* rotscxwsp8.dll

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxvqfrsgwq.sys

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxcmd.dll \systemroot\system32\rotscxiekpdlmq.dll

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxlog.dat \systemroot\system32\rotscxaddimtyk.dat

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxwsp.dll \systemroot\system32\rotscxpmdcllgu.dll

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscx.dat \systemroot\system32\rotscxcrkqbnxt.dat

Reg HKLM\SYSTEM\ControlSet006\Services\rotscxttutnbsn\modules@rotscxwsp8.dll \systemroot\system32\rotscxtqvwdfnw.dll

---- EOF - GMER 1.0.15 ----

[LonnyRJ]

Good

run gmer again, its quick scan should show this item

Service C:\Windows\system32\drivers\rotscxvqfrsgwq.sys (*** hidden *** ) [DISABLED] rotscxttutnbsn <-- ROOTKIT !!!

Right click and this time choose deleteand at next prompt yes.

Close gmer

See if combox will run for you know., takes a bit dont assume its not working.

[burnlast]

WOO HOO!!!Desk top is back!!!! Here is combofix log:

ComboFix 09-09-17.04 - The Dad 09/18/2009 1:23.1.2 - NTFSx86

Microsoft

[LonnyRJ]

Looking better

Copy this file

c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

and place it in c:\windows\system32\

Restart the PC

I think its time to reinstall avira update and do a full system scan.

Let me know if it has problems with any paticular file and if so its name and location.

Combofix's quorantine is here c:\qoobox\, not to worry about those.

Also uninstall reboot then install again Mbam, do a full scan, take action on items found and reboot if it suggests doing so.

[burnlast]

Where do I copy this file from?

[LonnyRJ]

From here c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

and place it in c:\windows\system32\

[burnlast]

A little lost here.Would you tell me how to navigate to system 32 folder?Is there something to download or does this get copied and pasted into system32?If somethig is to be downloaded the link posted isn't working.

[LonnyRJ]

Hi

You should be able to open an explorer to that location byt pasteing this line into the run box

c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\

Find cngaudit.dll righclick and copy

open an explorer folder to C:\windows\system32\

righclick an empty area and choose paste

[burnlast]

Many THANKS for your help tonight.I see a little glimmer of light at the end of the tunnel.I think I got the file you requested copied to where it needs to be.I am getting ready to run Avira and then mbam.When I get those logs I'll post them.Thanks again.

[burnlast]

AVIRA found TR/Dldr.IFrame.asu .What action do I want to take with this?